Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/dhgQMv5d9CMtFJpDdBdVdbTFSgs.roa
File:                     dhgQMv5d9CMtFJpDdBdVdbTFSgs.roa (raw, json)
Hash identifier:          b2TvzpSS1aAj+1tdL7elB6HMEo7lO6B9iw17wuzVv+k=
Subject key identifier:   76:18:10:32:FE:5D:F4:23:2D:14:9A:43:74:17:55:75:B4:C5:4A:0B
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       019C9C0CBF2C8870ADCA774D482BE7FD80B3
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/dhgQMv5d9CMtFJpDdBdVdbTFSgs.roa
Signing time:             Thu 26 Feb 2026 22:23:26 +0000
ROA not before:           Thu 26 Feb 2026 22:23:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205775
IP address blocks:        77.91.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9c:0c:bf:2c:88:70:ad:ca:77:4d:48:2b:e7:fd:80:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Feb 26 22:23:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76181032fe5df4232d149a4374175575b4c54a0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4c:d7:75:f6:b3:31:e2:67:04:25:71:85:9c:
                    c7:0b:b2:79:cf:eb:82:21:5d:63:a6:d4:b5:70:0a:
                    fd:62:a1:1c:32:5e:e6:8a:ee:ae:29:e5:de:4a:f1:
                    ea:5a:e7:2f:33:9a:b8:d1:f9:d8:84:a3:96:a8:26:
                    1d:88:84:f0:d9:51:00:cc:75:70:4b:2c:93:c0:3d:
                    93:8f:8b:4f:50:32:fd:c0:83:a7:c5:86:8c:08:66:
                    f4:21:fc:70:d9:98:0a:40:3b:8c:42:74:1c:29:8a:
                    c0:c5:58:d9:25:bc:85:50:48:48:59:3d:2a:a1:74:
                    73:94:ea:a3:e2:15:07:2e:7a:88:dc:40:5f:c3:2f:
                    ab:34:ab:fc:16:72:51:31:22:32:9f:5b:2a:c2:41:
                    ff:e4:7b:eb:c7:69:34:62:42:75:3e:e6:6a:3f:58:
                    3d:f4:1d:96:25:67:7e:71:3f:d9:c2:02:b0:12:c6:
                    2a:9f:09:42:37:b4:52:47:23:e6:2d:c0:bf:62:cf:
                    71:eb:44:94:49:9f:6a:b9:79:dc:c5:ab:c1:7a:a0:
                    71:c5:c4:0f:e6:de:a0:75:40:42:69:d4:d7:08:3a:
                    81:b7:fa:88:44:de:88:42:89:c5:30:96:6a:2d:0f:
                    7e:31:3a:fe:94:67:f0:67:8e:a1:8d:15:c8:38:95:
                    92:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:18:10:32:FE:5D:F4:23:2D:14:9A:43:74:17:55:75:B4:C5:4A:0B
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/dhgQMv5d9CMtFJpDdBdVdbTFSgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:6a:37:70:c7:fa:05:15:36:cd:9b:6f:1e:38:77:0c:3d:8e:
         f8:86:dd:90:30:3a:da:72:d0:95:56:24:52:de:c6:d1:4e:a2:
         d0:ba:6f:f6:03:c0:37:a8:cf:02:8b:b3:11:db:0d:19:38:8d:
         6c:f7:e4:ad:1b:c6:df:65:49:40:d5:2f:86:86:e8:a7:13:54:
         5d:03:59:03:56:d5:4d:71:12:7b:7c:23:1a:37:1c:38:6d:e2:
         5e:b3:32:2d:72:20:7d:b0:6a:df:24:51:14:8d:97:1d:af:0c:
         00:39:24:74:7c:f9:0a:91:3a:87:87:33:f3:fd:74:b6:fb:fa:
         50:77:02:d8:a4:53:9b:bb:f9:fa:40:6c:44:1f:82:2b:07:6c:
         26:7d:e7:bf:98:14:71:77:30:02:25:f2:54:83:3d:ef:08:82:
         37:ad:81:75:a5:1c:46:40:73:1c:cc:a8:30:8b:1a:26:c5:76:
         e6:da:f9:d3:23:4a:ff:35:2b:f7:c1:c4:b5:e0:cf:17:6a:df:
         6d:db:40:3c:28:5d:f9:eb:4b:f7:40:2c:22:eb:63:e1:3f:74:
         32:e4:67:08:44:b6:b2:74:02:f6:bd:3b:d9:a0:08:30:d0:64:
         f6:88:54:c0:73:74:41:2f:91:d0:9d:cf:ed:79:7a:ca:06:13:
         86:32:7e:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZycDL8siHCtyndNSCvn/YCzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjYwMjI2MjIyMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjE4MTAzMmZlNWRmNDIzMmQxNDlhNDM3NDE3NTU3NWI0YzU0YTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUzXdfazMeJnBCVxhZzHC7J5z+uC
IV1jptS1cAr9YqEcMl7miu6uKeXeSvHqWucvM5q40fnYhKOWqCYdiITw2VEAzHVw
SyyTwD2Tj4tPUDL9wIOnxYaMCGb0Ifxw2ZgKQDuMQnQcKYrAxVjZJbyFUEhIWT0q
oXRzlOqj4hUHLnqI3EBfwy+rNKv8FnJRMSIyn1sqwkH/5Hvrx2k0YkJ1PuZqP1g9
9B2WJWd+cT/ZwgKwEsYqnwlCN7RSRyPmLcC/Ys9x60SUSZ9quXncxavBeqBxxcQP
5t6gdUBCadTXCDqBt/qIRN6IQonFMJZqLQ9+MTr+lGfwZ46hjRXIOJWSvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYYEDL+XfQjLRSaQ3QXVXW0xUoLMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvZGhnUU12NWQ5Q010RkpwRGRCZFZkYlRGU2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtBMA0G
CSqGSIb3DQEBCwUAA4IBAQCyajdwx/oFFTbNm28eOHcMPY74ht2QMDractCVViRS
3sbRTqLQum/2A8A3qM8Ci7MR2w0ZOI1s9+StG8bfZUlA1S+GhuinE1RdA1kDVtVN
cRJ7fCMaNxw4beJeszItciB9sGrfJFEUjZcdrwwAOSR0fPkKkTqHhzPz/XS2+/pQ
dwLYpFObu/n6QGxEH4IrB2wmfee/mBRxdzACJfJUgz3vCII3rYF1pRxGQHMczKgw
ixomxXbm2vnTI0r/NSv3wcS14M8Xat9t20A8KF3560v3QCwi62PhP3Qy5GcIRLay
dAL2vTvZoAgw0GT2iFTAc3RBL5HQnc/teXrKBhOGMn6+
-----END CERTIFICATE-----