Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/YcoX0FswwtJDNeSfLbzKnpX_Ncg.roa
File:                     YcoX0FswwtJDNeSfLbzKnpX_Ncg.roa (raw, json)
Hash identifier:          bSifOwZU31nSn4HWPxK/P+Uoua0/V7duu8jXadJB22w=
Subject key identifier:   61:CA:17:D0:5B:30:C2:D2:43:35:E4:9F:2D:BC:CA:9E:95:FF:35:C8
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       019C6D8C8B8095067DEBDD08106EBEED55B7
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/YcoX0FswwtJDNeSfLbzKnpX_Ncg.roa
Signing time:             Tue 17 Feb 2026 21:40:53 +0000
ROA not before:           Tue 17 Feb 2026 21:40:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216127
IP address blocks:        77.91.76.0/24 maxlen: 24
                          77.91.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6d:8c:8b:80:95:06:7d:eb:dd:08:10:6e:be:ed:55:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Feb 17 21:40:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=61ca17d05b30c2d24335e49f2dbcca9e95ff35c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4d:56:4a:3a:ae:69:c1:d0:d9:18:c7:1c:73:
                    c9:71:f6:a2:2e:da:71:57:28:f6:f9:0c:5e:22:22:
                    ac:c1:7d:94:fc:47:8c:f4:f4:31:60:4c:47:06:61:
                    0c:f1:12:7d:ec:f9:5a:48:ab:02:77:a4:98:8f:60:
                    0f:8a:eb:4d:71:af:4a:14:52:10:4c:29:8d:13:a3:
                    90:70:1d:e9:7d:74:a8:d2:85:68:9a:15:79:98:d8:
                    02:bf:36:18:37:a6:56:b2:4c:15:e7:a4:45:1a:af:
                    c1:55:55:4c:26:b5:f7:99:c7:5a:9f:ac:64:48:d8:
                    fa:57:55:68:5b:92:1f:ea:1c:a5:b3:8d:44:20:cf:
                    50:93:eb:e1:65:f5:2b:66:1a:f6:c1:00:86:e5:b9:
                    ce:34:5e:f0:18:e4:09:63:29:1e:d0:f7:d3:17:da:
                    b6:7a:28:d4:07:a2:52:6d:97:60:59:73:3a:19:8e:
                    52:3d:73:a7:cb:a4:95:92:e4:8b:35:78:80:2b:61:
                    2b:89:42:63:a1:f5:ce:71:ba:41:7d:b3:65:17:39:
                    1a:15:62:0c:09:fc:03:18:9a:d9:ae:4f:b7:48:91:
                    74:f6:25:ff:ea:99:c9:85:86:23:9e:6d:a0:96:3c:
                    ff:d7:d0:da:33:d2:b9:dc:a7:31:72:8c:95:be:7f:
                    fe:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:CA:17:D0:5B:30:C2:D2:43:35:E4:9F:2D:BC:CA:9E:95:FF:35:C8
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/YcoX0FswwtJDNeSfLbzKnpX_Ncg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.76.0/24
                  77.91.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:be:1f:b5:25:5d:5e:57:11:48:85:33:77:bc:1b:ac:d4:c5:
         f8:29:57:fb:6d:7b:51:e6:cd:7d:8a:a7:cf:71:fb:ef:70:be:
         e8:bc:e7:eb:71:0a:18:fe:bc:f7:09:a4:a5:77:63:92:ae:c0:
         cb:1d:8b:17:22:30:4d:8d:92:fa:d1:49:0b:57:56:57:dc:10:
         ed:03:5b:2b:e9:a1:df:91:92:e4:a3:62:79:a8:0d:48:8c:d4:
         39:fc:10:87:64:6f:35:89:38:4f:25:31:5a:cd:62:c0:bd:08:
         8e:c8:40:20:62:52:bc:c8:61:e8:01:aa:ec:68:12:64:37:0e:
         da:d2:ef:e0:13:58:b9:1f:42:9e:70:7c:a8:87:71:15:fb:90:
         db:65:4f:c5:34:75:03:31:b1:39:81:53:e1:8c:84:94:5c:66:
         68:58:b5:9d:34:1d:5f:a3:1f:9d:56:a4:eb:db:c3:1e:a7:72:
         18:ad:74:9d:53:8c:ef:cc:b8:cf:20:b7:0a:58:f8:81:01:63:
         de:83:b5:8e:3e:1d:7b:f6:59:29:a6:ca:5d:08:13:b2:12:14:
         08:91:9a:2b:40:b1:97:ff:86:d1:31:a1:64:16:8d:39:ea:de:
         15:e6:97:57:bc:0a:49:be:ea:ed:e9:97:e6:c0:22:c4:05:b0:
         4c:4b:e8:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxtjIuAlQZ9690IEG6+7VW3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjYwMjE3MjE0MDUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWNhMTdkMDViMzBjMmQyNDMzNWU0OWYyZGJjY2E5ZTk1ZmYzNWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvU1WSjquacHQ2RjHHHPJcfaiLtpx
Vyj2+QxeIiKswX2U/EeM9PQxYExHBmEM8RJ97PlaSKsCd6SYj2APiutNca9KFFIQ
TCmNE6OQcB3pfXSo0oVomhV5mNgCvzYYN6ZWskwV56RFGq/BVVVMJrX3mcdan6xk
SNj6V1VoW5If6hyls41EIM9Qk+vhZfUrZhr2wQCG5bnONF7wGOQJYyke0PfTF9q2
eijUB6JSbZdgWXM6GY5SPXOny6SVkuSLNXiAK2EriUJjofXOcbpBfbNlFzkaFWIM
CfwDGJrZrk+3SJF09iX/6pnJhYYjnm2gljz/19DaM9K53KcxcoyVvn/+bQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGHKF9BbMMLSQzXkny28yp6V/zXIMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvWWNvWDBGc3d3dEpETmVTZkxiektucFhfTmNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVtMAwQA
TVtOMA0GCSqGSIb3DQEBCwUAA4IBAQCbvh+1JV1eVxFIhTN3vBus1MX4KVf7bXtR
5s19iqfPcfvvcL7ovOfrcQoY/rz3CaSld2OSrsDLHYsXIjBNjZL60UkLV1ZX3BDt
A1sr6aHfkZLko2J5qA1IjNQ5/BCHZG81iThPJTFazWLAvQiOyEAgYlK8yGHoAars
aBJkNw7a0u/gE1i5H0KecHyoh3EV+5DbZU/FNHUDMbE5gVPhjISUXGZoWLWdNB1f
ox+dVqTr28Mep3IYrXSdU4zvzLjPILcKWPiBAWPeg7WOPh179lkppspdCBOyEhQI
kZorQLGX/4bRMaFkFo056t4V5pdXvApJvurt6ZfmwCLEBbBMS+h/
-----END CERTIFICATE-----