Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/x9TO6RwGUL7GyKWIona89gWLkBk.roa
File:                     x9TO6RwGUL7GyKWIona89gWLkBk.roa (raw, json)
Hash identifier:          rs1sQg/khvedRdl/5GF7Swh1+aku6g5MC49xtRbm74U=
Subject key identifier:   C7:D4:CE:E9:1C:06:50:BE:C6:C8:A5:88:A2:76:BC:F6:05:8B:90:19
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019D2A34D245B7AAF46BEC15875DE2D9DE72
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/x9TO6RwGUL7GyKWIona89gWLkBk.roa
Signing time:             Thu 26 Mar 2026 12:53:17 +0000
ROA not before:           Thu 26 Mar 2026 12:53:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     274218
IP address blocks:        201.77.54.0/24 maxlen: 24
                          217.76.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:34:d2:45:b7:aa:f4:6b:ec:15:87:5d:e2:d9:de:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 26 12:53:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7d4cee91c0650bec6c8a588a276bcf6058b9019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f3:fe:2e:bf:9e:a3:81:df:b1:da:61:70:64:
                    7c:e3:1a:9d:38:4a:8a:ad:10:57:08:d6:d3:cb:fc:
                    f0:2e:07:3f:24:cc:55:8a:3b:53:50:bb:64:c4:f7:
                    60:29:55:ac:34:15:7d:11:bd:17:92:94:f4:ae:55:
                    59:1d:64:6b:5a:93:b3:29:5c:c9:8b:a7:b9:5f:ba:
                    0c:8f:38:e7:84:3e:d9:71:ad:d0:4d:60:31:05:55:
                    e8:1f:8d:9e:05:5c:17:bb:19:e9:9c:22:85:d5:b3:
                    ce:6d:9c:c4:62:c9:cc:62:e0:33:f9:0d:ad:c3:6d:
                    27:e2:68:4f:34:b7:73:49:14:60:11:5c:b7:35:a8:
                    a2:16:61:8f:0b:60:e2:1c:d5:b4:ae:c3:01:94:32:
                    3b:8c:a3:ed:c3:19:c6:43:0c:99:30:ca:1a:41:aa:
                    a7:a8:dc:55:61:0c:0b:64:0d:6a:c6:75:80:fd:b4:
                    bf:c7:72:32:43:05:47:5c:cd:77:9b:df:f1:f3:be:
                    5a:d6:59:bd:f0:99:08:f1:0f:01:64:68:fd:e8:d8:
                    b9:66:7f:e4:1e:c2:48:1d:27:3f:ce:a7:67:92:10:
                    66:16:bd:e7:35:25:e7:40:bf:d9:f9:fc:dc:20:cf:
                    35:d0:dc:c4:f0:41:b0:fd:b3:15:8d:ef:02:0a:51:
                    f2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:D4:CE:E9:1C:06:50:BE:C6:C8:A5:88:A2:76:BC:F6:05:8B:90:19
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/x9TO6RwGUL7GyKWIona89gWLkBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.54.0/24
                  217.76.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:f2:4c:b8:f3:8f:f3:aa:f9:9b:83:17:ee:f4:45:3b:de:75:
         31:41:60:60:f1:55:e7:0c:75:7d:02:a1:7b:3b:86:85:74:8b:
         8f:59:11:88:39:7f:7c:33:2a:d1:03:b0:f4:76:71:2e:53:ff:
         d3:e2:97:d5:ec:1f:2e:af:91:de:a5:eb:5e:93:a1:7b:65:e9:
         d3:66:5b:8f:2c:d1:fa:c5:6c:d8:19:c0:6a:2d:a6:cd:16:44:
         a1:67:3b:8f:fa:46:9c:66:cc:d6:d8:84:30:3f:9e:72:b3:fb:
         79:67:f5:e4:8a:3d:3e:3e:f2:1c:65:2d:4a:98:9f:08:f2:92:
         fe:fc:f4:b5:51:f5:83:e1:a4:76:85:19:ed:8c:96:8b:5f:41:
         6b:d2:2d:6c:15:76:69:60:9e:c9:69:1d:7f:77:b1:27:4c:f4:
         3b:0f:90:93:d6:6c:1b:13:69:c9:0c:05:6d:d8:09:ed:89:a0:
         1f:fb:d1:56:92:b5:db:17:8d:06:ea:93:ec:65:28:e8:73:39:
         50:5c:e2:4a:e3:8d:13:68:20:6f:e4:2f:12:33:c8:6e:2d:e1:
         e9:d7:99:a2:3f:f1:b2:7f:d8:e4:34:27:81:ac:3e:79:30:90:
         e0:e0:b1:b1:2b:a7:13:c2:da:64:4f:b5:76:95:7b:61:e9:3d:
         61:2c:b5:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0qNNJFt6r0a+wVh13i2d5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzI2MTI1MzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Q0Y2VlOTFjMDY1MGJlYzZjOGE1ODhhMjc2YmNmNjA1OGI5MDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvP+Lr+eo4HfsdphcGR84xqdOEqK
rRBXCNbTy/zwLgc/JMxVijtTULtkxPdgKVWsNBV9Eb0XkpT0rlVZHWRrWpOzKVzJ
i6e5X7oMjzjnhD7Zca3QTWAxBVXoH42eBVwXuxnpnCKF1bPObZzEYsnMYuAz+Q2t
w20n4mhPNLdzSRRgEVy3NaiiFmGPC2DiHNW0rsMBlDI7jKPtwxnGQwyZMMoaQaqn
qNxVYQwLZA1qxnWA/bS/x3IyQwVHXM13m9/x875a1lm98JkI8Q8BZGj96Ni5Zn/k
HsJIHSc/zqdnkhBmFr3nNSXnQL/Z+fzcIM810NzE8EGw/bMVje8CClHy1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMfUzukcBlC+xsiliKJ2vPYFi5AZMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEveDlUTzZSd0dVTDdHeUtXSW9uYTg5Z1dMa0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAyU02AwQA
2Uz3MA0GCSqGSIb3DQEBCwUAA4IBAQBh8ky484/zqvmbgxfu9EU73nUxQWBg8VXn
DHV9AqF7O4aFdIuPWRGIOX98MyrRA7D0dnEuU//T4pfV7B8ur5Hepetek6F7ZenT
ZluPLNH6xWzYGcBqLabNFkShZzuP+kacZszW2IQwP55ys/t5Z/Xkij0+PvIcZS1K
mJ8I8pL+/PS1UfWD4aR2hRntjJaLX0Fr0i1sFXZpYJ7JaR1/d7EnTPQ7D5CT1mwb
E2nJDAVt2AntiaAf+9FWkrXbF40G6pPsZSjoczlQXOJK440TaCBv5C8SM8huLeHp
15miP/Gyf9jkNCeBrD55MJDg4LGxK6cTwtpkT7V2lXth6T1hLLWU
-----END CERTIFICATE-----