Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/2ZG1OxPA9lJyGthfBpRD7jHaL_Q.roa
File:                     2ZG1OxPA9lJyGthfBpRD7jHaL_Q.roa (raw, json)
Hash identifier:          IHbK3thySVU9Np8f+PMKh3PQZI2WcY5GEAykoMyFvfA=
Subject key identifier:   D9:91:B5:3B:13:C0:F6:52:72:1A:D8:5F:06:94:43:EE:31:DA:2F:F4
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       019C3074E4CFA5D249063AD32C533F1D384E
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/2ZG1OxPA9lJyGthfBpRD7jHaL_Q.roa
Signing time:             Fri 06 Feb 2026 00:58:12 +0000
ROA not before:           Fri 06 Feb 2026 00:58:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215826
IP address blocks:        77.91.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:30:74:e4:cf:a5:d2:49:06:3a:d3:2c:53:3f:1d:38:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Feb  6 00:58:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d991b53b13c0f652721ad85f069443ee31da2ff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:39:8c:05:d3:26:91:ea:2b:e7:78:58:b4:79:
                    75:59:03:55:5b:5f:a3:d2:aa:ed:a9:86:b8:c4:23:
                    74:a3:36:c5:6b:b7:30:ff:49:6c:f0:3e:13:6e:52:
                    e4:8b:08:96:38:88:df:c8:1a:e0:df:9d:48:88:c5:
                    78:c6:83:ca:51:53:3b:78:ee:b6:a4:ea:8e:7f:6f:
                    f2:a3:78:c7:5b:55:13:2e:0f:bd:4c:7a:40:7b:f6:
                    45:3d:a2:e8:59:ac:7d:25:30:00:46:d3:8a:30:f7:
                    fe:3f:39:e1:cf:10:50:15:34:bb:ae:29:7e:73:cc:
                    65:ce:b1:81:ef:b5:d8:e1:34:6f:be:10:a0:b9:81:
                    3f:f3:92:c9:96:b6:59:eb:6b:41:42:82:e5:03:73:
                    d5:ef:5b:4b:ed:d9:5b:51:07:5e:81:50:09:b7:ad:
                    49:45:ea:4b:d3:72:25:96:f3:18:74:59:75:d3:3e:
                    64:c4:7e:36:68:0f:8a:39:11:48:3d:d5:5b:c7:72:
                    5a:17:9d:a3:b8:1e:1e:0b:7d:71:27:0d:96:a1:ee:
                    97:41:f9:a4:3c:fd:d7:98:0e:4e:61:88:2d:0b:97:
                    d5:11:fd:2e:99:a3:94:4f:94:ef:4a:6b:c9:4d:3b:
                    51:41:7a:6a:33:b2:f9:46:ab:d4:af:36:d9:6f:a8:
                    0c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:91:B5:3B:13:C0:F6:52:72:1A:D8:5F:06:94:43:EE:31:DA:2F:F4
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/2ZG1OxPA9lJyGthfBpRD7jHaL_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:16:00:cc:99:c1:67:f7:1c:1f:9c:43:2e:19:d7:44:e8:17:
         dd:81:2f:23:ee:b4:94:1c:a6:9a:e9:d1:9c:97:69:45:38:c1:
         66:95:6c:0f:60:85:b8:04:15:14:2e:80:74:05:19:d6:6c:73:
         19:0d:2c:0d:2a:ac:f7:ce:ba:57:26:f7:1e:6d:27:bb:40:dd:
         cf:27:33:1b:74:e7:6c:cf:1a:77:53:58:61:3f:34:16:5c:09:
         b6:f3:9c:ad:98:5b:8b:3d:b1:05:ce:ae:65:5a:60:58:bd:0f:
         49:5b:ee:ad:70:cb:b5:28:54:c5:84:21:0a:f2:8d:43:b8:f7:
         6b:69:5f:2a:70:fb:c9:cf:0a:27:f6:3b:bc:13:a0:84:fc:38:
         46:c9:5d:49:d8:8a:c2:54:70:94:bf:7d:ef:b7:72:f5:a4:96:
         1c:dd:4f:dc:12:50:6d:6c:1a:b2:11:68:82:7c:44:05:8e:37:
         27:ea:68:84:83:90:31:3c:b0:34:e8:bc:8f:2b:8d:f2:ba:f6:
         32:5d:fc:4f:4f:b4:eb:5a:78:61:f3:ab:f2:30:b8:7f:e8:c6:
         3f:6a:8e:e4:98:60:83:92:bc:ae:cd:d8:ff:03:de:2e:4d:bc:
         3b:5d:9f:09:03:c1:ad:9e:3f:53:82:82:af:90:67:f0:f9:5e:
         dd:fc:8d:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwwdOTPpdJJBjrTLFM/HThOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjYwMjA2MDA1ODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTkxYjUzYjEzYzBmNjUyNzIxYWQ4NWYwNjk0NDNlZTMxZGEyZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DmMBdMmkeor53hYtHl1WQNVW1+j
0qrtqYa4xCN0ozbFa7cw/0ls8D4TblLkiwiWOIjfyBrg351IiMV4xoPKUVM7eO62
pOqOf2/yo3jHW1UTLg+9THpAe/ZFPaLoWax9JTAARtOKMPf+PznhzxBQFTS7ril+
c8xlzrGB77XY4TRvvhCguYE/85LJlrZZ62tBQoLlA3PV71tL7dlbUQdegVAJt61J
RepL03IllvMYdFl10z5kxH42aA+KORFIPdVbx3JaF52juB4eC31xJw2Woe6XQfmk
PP3XmA5OYYgtC5fVEf0umaOUT5TvSmvJTTtRQXpqM7L5RqvUrzbZb6gM4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmRtTsTwPZSchrYXwaUQ+4x2i/0MB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvMlpHMU94UEE5bEp5R3RoZkJwUkQ3akhhTF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtBMA0G
CSqGSIb3DQEBCwUAA4IBAQAqFgDMmcFn9xwfnEMuGddE6BfdgS8j7rSUHKaa6dGc
l2lFOMFmlWwPYIW4BBUULoB0BRnWbHMZDSwNKqz3zrpXJvcebSe7QN3PJzMbdOds
zxp3U1hhPzQWXAm285ytmFuLPbEFzq5lWmBYvQ9JW+6tcMu1KFTFhCEK8o1DuPdr
aV8qcPvJzwon9ju8E6CE/DhGyV1J2IrCVHCUv33vt3L1pJYc3U/cElBtbBqyEWiC
fEQFjjcn6miEg5AxPLA06LyPK43yuvYyXfxPT7TrWnhh86vyMLh/6MY/ao7kmGCD
kryuzdj/A94uTbw7XZ8JA8Gtnj9TgoKvkGfw+V7d/I1S
-----END CERTIFICATE-----