Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/7935bb-b014-4255-9a0c-a2bc72b159d7/1/40MGzFSmxhQmZ9z9Cr7j9kE1tv8.roa
File:                     40MGzFSmxhQmZ9z9Cr7j9kE1tv8.roa (raw, json)
Hash identifier:          bavnt0dg+vb1MILd4J2Ncb0MCiwl3VmV6Ojco6sCOTI=
Subject key identifier:   E3:43:06:CC:54:A6:C6:14:26:67:DC:FD:0A:BE:E3:F6:41:35:B6:FF
Certificate issuer:       /CN=dd6c3dd8ddeffd9ae4c855c5f94838047dc9ad71
Certificate serial:       019B7F15C4BB77678EE59CB066E897F1A7C2
Authority key identifier: DD:6C:3D:D8:DD:EF:FD:9A:E4:C8:55:C5:F9:48:38:04:7D:C9:AD:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Ww92N3v_ZrkyFXF-Ug4BH3JrXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/7935bb-b014-4255-9a0c-a2bc72b159d7/1/40MGzFSmxhQmZ9z9Cr7j9kE1tv8.roa
Signing time:             Fri 02 Jan 2026 14:21:31 +0000
ROA not before:           Fri 02 Jan 2026 14:21:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205410
IP address blocks:        77.74.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/7935bb-b014-4255-9a0c-a2bc72b159d7/1/3Ww92N3v_ZrkyFXF-Ug4BH3JrXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/7935bb-b014-4255-9a0c-a2bc72b159d7/1/3Ww92N3v_ZrkyFXF-Ug4BH3JrXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Ww92N3v_ZrkyFXF-Ug4BH3JrXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:c4:bb:77:67:8e:e5:9c:b0:66:e8:97:f1:a7:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd6c3dd8ddeffd9ae4c855c5f94838047dc9ad71
        Validity
            Not Before: Jan  2 14:21:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e34306cc54a6c6142667dcfd0abee3f64135b6ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c8:9c:86:27:84:a8:16:43:ef:2c:8e:2b:03:
                    2a:f0:88:55:d7:ce:82:fa:06:8f:81:cc:2a:14:54:
                    0c:04:a9:33:b2:f2:b1:4f:e2:39:82:3a:95:60:c2:
                    35:5b:80:dd:b0:4a:29:6f:68:b1:66:3a:27:5c:3b:
                    c9:6f:a4:b6:72:0c:c6:07:b4:d4:e3:d1:0e:30:e1:
                    10:c7:f9:b1:f1:cc:66:94:29:49:77:e2:3b:a9:41:
                    31:a9:d1:5b:ec:ff:60:da:cf:b4:3e:b0:a7:7f:5f:
                    1f:a0:ba:53:f6:a9:66:0b:53:d9:dd:4f:b5:4e:9b:
                    c6:0b:f9:4d:92:fd:fb:1a:9e:4f:0c:43:d8:1a:3b:
                    1c:72:06:33:79:c4:dd:30:ae:b8:75:d1:2c:e0:fe:
                    6d:6d:b4:7c:66:31:ad:ed:1b:37:c4:74:c2:82:34:
                    87:5e:85:d9:27:f8:37:bf:b4:60:2b:25:2d:8a:78:
                    af:24:95:c7:3b:18:e6:e0:06:3e:3f:5b:15:d2:e4:
                    63:b0:56:92:7e:a5:38:5a:9e:93:51:c7:b8:0d:b0:
                    0d:c4:3a:c8:0d:ee:14:80:c4:ae:ea:7e:65:28:30:
                    84:7b:2b:56:61:c4:bb:8e:33:f6:67:46:34:e8:0b:
                    7d:59:42:9f:83:03:7d:e5:f0:ac:05:95:1d:5e:c5:
                    8c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:43:06:CC:54:A6:C6:14:26:67:DC:FD:0A:BE:E3:F6:41:35:B6:FF
            X509v3 Authority Key Identifier:
                keyid:DD:6C:3D:D8:DD:EF:FD:9A:E4:C8:55:C5:F9:48:38:04:7D:C9:AD:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Ww92N3v_ZrkyFXF-Ug4BH3JrXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/7935bb-b014-4255-9a0c-a2bc72b159d7/1/40MGzFSmxhQmZ9z9Cr7j9kE1tv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/7935bb-b014-4255-9a0c-a2bc72b159d7/1/3Ww92N3v_ZrkyFXF-Ug4BH3JrXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.74.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:43:06:a8:73:1e:d2:c9:0d:5b:3d:77:f0:62:a4:29:e9:30:
         25:05:48:69:cf:fe:2e:15:dc:c6:fd:b9:27:fe:d8:84:67:64:
         ad:63:e6:4a:a8:fa:d8:8c:a9:ee:05:13:43:1e:76:b4:18:36:
         dc:9e:48:82:71:55:b2:f3:c2:d8:58:22:b0:18:4b:ce:9e:55:
         dd:e1:5a:a7:21:41:d6:15:0f:3f:82:f2:4e:e1:ed:14:ee:c3:
         cf:0c:8d:40:2f:43:a6:71:61:14:61:54:f9:af:81:43:45:8c:
         73:6b:7e:0a:a3:ff:d5:1e:2b:17:cf:fd:bb:fc:cf:15:70:e8:
         e1:86:e3:bb:3a:4f:64:84:3a:cb:ef:15:7f:7d:e0:41:a6:3f:
         1b:a1:57:d1:c0:9c:49:67:dd:08:b8:06:b0:ca:a1:c3:ef:d9:
         43:47:e4:1e:67:43:7d:4a:24:e2:b6:6c:e5:19:e5:08:10:ab:
         55:a6:00:13:82:bf:f6:d4:17:71:b6:a7:0a:7e:17:a6:f9:10:
         20:b6:6b:18:e8:31:44:a2:d3:9a:65:20:64:c2:79:21:c0:0a:
         27:1f:e0:7b:65:4d:12:5f:1f:12:17:49:7e:e5:34:03:4e:28:
         e5:2a:e1:7d:dd:c8:34:6a:a5:50:da:45:21:b8:9b:f2:29:2e:
         3a:7e:8a:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FcS7d2eO5ZywZuiX8afCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNmMzZGQ4ZGRlZmZkOWFlNGM4NTVjNWY5NDgzODA0N2Rj
OWFkNzEwHhcNMjYwMTAyMTQyMTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzQzMDZjYzU0YTZjNjE0MjY2N2RjZmQwYWJlZTNmNjQxMzViNmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MichieEqBZD7yyOKwMq8IhV186C
+gaPgcwqFFQMBKkzsvKxT+I5gjqVYMI1W4DdsEopb2ixZjonXDvJb6S2cgzGB7TU
49EOMOEQx/mx8cxmlClJd+I7qUExqdFb7P9g2s+0PrCnf18foLpT9qlmC1PZ3U+1
TpvGC/lNkv37Gp5PDEPYGjsccgYzecTdMK64ddEs4P5tbbR8ZjGt7Rs3xHTCgjSH
XoXZJ/g3v7RgKyUtinivJJXHOxjm4AY+P1sV0uRjsFaSfqU4Wp6TUce4DbANxDrI
De4UgMSu6n5lKDCEeytWYcS7jjP2Z0Y06At9WUKfgwN95fCsBZUdXsWMbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONDBsxUpsYUJmfc/Qq+4/ZBNbb/MB8GA1UdIwQY
MBaAFN1sPdjd7/2a5MhVxflIOAR9ya1xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1d3OTJOM3ZfWnJreUZYRi1VZzRCSDNKclhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS83OTM1YmItYjAxNC00MjU1LTlhMGMt
YTJiYzcyYjE1OWQ3LzEvNDBNR3pGU214aFFtWjl6OUNyN2o5a0UxdHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS83OTM1YmItYjAxNC00MjU1LTlhMGMtYTJiYzcyYjE1OWQ3
LzEvM1d3OTJOM3ZfWnJreUZYRi1VZzRCSDNKclhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUrLMA0G
CSqGSIb3DQEBCwUAA4IBAQCcQwaocx7SyQ1bPXfwYqQp6TAlBUhpz/4uFdzG/bkn
/tiEZ2StY+ZKqPrYjKnuBRNDHna0GDbcnkiCcVWy88LYWCKwGEvOnlXd4VqnIUHW
FQ8/gvJO4e0U7sPPDI1AL0OmcWEUYVT5r4FDRYxza34Ko//VHisXz/27/M8VcOjh
huO7Ok9khDrL7xV/feBBpj8boVfRwJxJZ90IuAawyqHD79lDR+QeZ0N9SiTitmzl
GeUIEKtVpgATgr/21BdxtqcKfhem+RAgtmsY6DFEotOaZSBkwnkhwAonH+B7ZU0S
Xx8SF0l+5TQDTijlKuF93cg0aqVQ2kUhuJvyKS46foqy
-----END CERTIFICATE-----