Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/wMnJEt5TUdaTagepWSUvVcbLWMA.roa
File:                     wMnJEt5TUdaTagepWSUvVcbLWMA.roa (raw, json)
Hash identifier:          iC2O0u+qufL+gjQvOe+p6two79hyFtPZrep1AomzSTI=
Subject key identifier:   C0:C9:C9:12:DE:53:51:D6:93:6A:07:A9:59:25:2F:55:C6:CB:58:C0
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019EBCCC633416E3825FA8023B03DB1D735E
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/wMnJEt5TUdaTagepWSUvVcbLWMA.roa
Signing time:             Fri 12 Jun 2026 17:06:11 +0000
ROA not before:           Fri 12 Jun 2026 17:06:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208450
IP address blocks:        77.67.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:cc:63:34:16:e3:82:5f:a8:02:3b:03:db:1d:73:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun 12 17:06:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0c9c912de5351d6936a07a959252f55c6cb58c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ff:8b:66:87:e2:cf:f1:0b:b2:d4:f2:4a:a8:
                    c5:15:43:b7:33:23:64:25:53:6e:c4:f6:6a:1e:c8:
                    76:f0:94:5c:eb:33:47:dd:27:8c:40:74:9f:3c:a2:
                    5a:1f:07:a7:7b:04:2e:af:99:9d:f1:4d:75:e3:89:
                    ef:17:9e:3c:14:12:79:2f:46:13:b0:6f:06:c7:3f:
                    75:fd:75:e3:43:93:5c:84:36:b1:9a:38:c5:e6:ee:
                    a3:68:85:4c:5b:05:c6:f7:6f:d5:d0:8f:58:d6:e4:
                    5f:ee:04:f5:74:a4:f6:d3:d3:7c:1d:73:f4:6c:9a:
                    60:9e:9d:5d:4a:40:8e:f4:dd:5b:80:ab:27:89:c1:
                    58:89:45:a1:f5:26:a7:c4:94:65:8a:44:9d:87:57:
                    b4:7f:4b:24:e9:c4:fe:a8:b5:7b:9d:d2:4b:44:28:
                    15:55:4e:64:35:81:81:d5:db:37:eb:5a:14:c2:49:
                    2f:db:4b:c6:55:0b:04:b6:93:98:a0:d4:ca:b7:72:
                    58:c8:d2:00:d8:4c:88:40:e7:f9:d5:d0:46:96:37:
                    0e:c9:11:4f:5c:6e:55:2c:8a:bb:c9:91:2d:02:36:
                    3f:ae:7c:f2:bb:fc:a4:28:80:dd:27:99:49:d2:2c:
                    4d:e0:58:9e:fd:4f:cb:8b:5a:00:52:51:54:0f:15:
                    ae:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C9:C9:12:DE:53:51:D6:93:6A:07:A9:59:25:2F:55:C6:CB:58:C0
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/wMnJEt5TUdaTagepWSUvVcbLWMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.67.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:4e:9e:61:e5:70:ab:8e:6a:f7:ba:21:54:ae:de:3d:c7:80:
         7f:4e:0b:78:98:6c:59:55:77:40:56:9c:0e:32:a9:d0:2a:e4:
         39:f8:4e:92:55:e5:cd:51:df:c0:38:c7:67:16:2b:7f:fd:9b:
         3a:99:8c:17:e6:fc:35:e7:19:d4:8d:1e:80:54:4f:0d:95:81:
         c8:b5:24:40:a9:ce:e4:ad:9d:9a:83:06:f7:22:7d:62:32:cd:
         ba:55:06:fc:56:8c:16:89:0a:f0:37:5d:f8:99:92:a8:20:ab:
         64:52:a0:f8:e7:96:48:c1:b7:4a:4d:b8:f7:ad:da:0f:94:6a:
         b2:ab:38:e5:f8:34:1e:68:0b:a8:a7:bb:b8:97:bc:c9:07:4b:
         40:17:8e:4e:ba:16:7f:46:f4:1c:ef:db:4b:d9:11:8b:d6:e1:
         07:50:6e:57:75:13:e5:5f:69:b5:45:3a:2b:2c:c5:52:0a:03:
         30:8c:40:73:00:2a:56:f9:1e:7e:9c:15:73:a9:32:05:8f:b5:
         41:45:5a:98:d2:f4:23:ea:a9:13:be:ad:7d:0b:5a:49:b9:d6:
         f1:fa:5e:d0:2f:c3:9c:32:7b:2c:0b:5f:bd:1a:0e:d5:40:07:
         58:e1:3d:91:2a:31:e2:c1:2c:38:d3:2e:22:e5:18:67:f0:bb:
         bb:fc:d5:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ68zGM0FuOCX6gCOwPbHXNeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjEyMTcwNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGM5YzkxMmRlNTM1MWQ2OTM2YTA3YTk1OTI1MmY1NWM2Y2I1OGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5v+LZofiz/ELstTySqjFFUO3MyNk
JVNuxPZqHsh28JRc6zNH3SeMQHSfPKJaHwenewQur5md8U1144nvF548FBJ5L0YT
sG8Gxz91/XXjQ5NchDaxmjjF5u6jaIVMWwXG92/V0I9Y1uRf7gT1dKT209N8HXP0
bJpgnp1dSkCO9N1bgKsnicFYiUWh9SanxJRlikSdh1e0f0sk6cT+qLV7ndJLRCgV
VU5kNYGB1ds361oUwkkv20vGVQsEtpOYoNTKt3JYyNIA2EyIQOf51dBGljcOyRFP
XG5VLIq7yZEtAjY/rnzyu/ykKIDdJ5lJ0ixN4Fie/U/Li1oAUlFUDxWuYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDJyRLeU1HWk2oHqVklL1XGy1jAMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvd01uSkV0NVRVZGFUYWdlcFdTVXZWY2JMV01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUMIMA0G
CSqGSIb3DQEBCwUAA4IBAQCwTp5h5XCrjmr3uiFUrt49x4B/Tgt4mGxZVXdAVpwO
MqnQKuQ5+E6SVeXNUd/AOMdnFit//Zs6mYwX5vw15xnUjR6AVE8NlYHItSRAqc7k
rZ2agwb3In1iMs26VQb8VowWiQrwN134mZKoIKtkUqD455ZIwbdKTbj3rdoPlGqy
qzjl+DQeaAuop7u4l7zJB0tAF45OuhZ/RvQc79tL2RGL1uEHUG5XdRPlX2m1RTor
LMVSCgMwjEBzACpW+R5+nBVzqTIFj7VBRVqY0vQj6qkTvq19C1pJudbx+l7QL8Oc
MnssC1+9Gg7VQAdY4T2RKjHiwSw40y4i5Rhn8Lu7/NXe
-----END CERTIFICATE-----