Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/d07c07-b962-4f4b-a3a0-b51b35def6de/1/yJ2MXHIuwnlLBfSQT_c_ui7bxZ8.roa
File:                     yJ2MXHIuwnlLBfSQT_c_ui7bxZ8.roa (raw, json)
Hash identifier:          bKb0mrONqrCtemohnhY7UQM4/Wb2IQBdRvBQnmw2e9Q=
Subject key identifier:   C8:9D:8C:5C:72:2E:C2:79:4B:05:F4:90:4F:F7:3F:BA:2E:DB:C5:9F
Certificate issuer:       /CN=fbed9439a4e4b2d32e4bee647f3b61055b169e3d
Certificate serial:       019B78351DC1CEB4FC6E399A42CFC0FED70C
Authority key identifier: FB:ED:94:39:A4:E4:B2:D3:2E:4B:EE:64:7F:3B:61:05:5B:16:9E:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1--2UOaTkstMuS-5kfzthBVsWnj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/d07c07-b962-4f4b-a3a0-b51b35def6de/1/yJ2MXHIuwnlLBfSQT_c_ui7bxZ8.roa
Signing time:             Thu 01 Jan 2026 06:18:25 +0000
ROA not before:           Thu 01 Jan 2026 06:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205016
IP address blocks:        77.111.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/d07c07-b962-4f4b-a3a0-b51b35def6de/1/1--2UOaTkstMuS-5kfzthBVsWnj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/d07c07-b962-4f4b-a3a0-b51b35def6de/1/1--2UOaTkstMuS-5kfzthBVsWnj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1--2UOaTkstMuS-5kfzthBVsWnj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:1d:c1:ce:b4:fc:6e:39:9a:42:cf:c0:fe:d7:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbed9439a4e4b2d32e4bee647f3b61055b169e3d
        Validity
            Not Before: Jan  1 06:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c89d8c5c722ec2794b05f4904ff73fba2edbc59f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:18:cf:cc:1c:be:51:c5:59:18:aa:6a:36:80:
                    12:eb:8e:22:b4:cb:c0:14:a9:82:c7:1b:b3:90:5d:
                    22:44:1d:87:11:51:eb:45:70:e7:09:f0:79:fa:5d:
                    8b:7a:b4:65:fc:b9:78:e4:4e:e3:35:d0:c0:07:85:
                    a2:1c:64:c2:ac:8d:83:8d:3b:f4:8c:71:3b:a3:1c:
                    eb:d4:52:89:c6:d6:d1:67:43:c3:68:c7:45:ab:a4:
                    45:ac:d6:a1:fd:67:b2:84:0d:30:22:42:29:2c:0d:
                    d4:4b:d3:22:3f:3b:a2:23:f5:94:f7:e2:c0:9a:a3:
                    3d:23:ce:42:54:4a:4e:f3:81:c5:f4:a2:53:c5:b2:
                    9c:95:16:b7:a8:c6:c1:3a:b5:20:6c:5e:bb:31:4e:
                    ea:57:4b:37:21:c7:9d:98:6c:13:21:a8:cd:00:6d:
                    26:76:8b:16:ab:39:0b:02:5b:8a:04:a1:f7:0f:ac:
                    db:c4:52:78:ff:a2:5b:1b:27:5a:ac:29:36:1d:a1:
                    b9:11:00:0f:27:ab:1c:ac:51:b3:67:ce:4b:0e:e0:
                    cf:14:3b:0d:e6:a9:d1:39:d9:9b:e2:15:98:4a:3b:
                    5d:80:4f:09:e1:23:ad:19:ee:ce:aa:db:32:53:ed:
                    5f:6f:d2:59:f3:b8:b9:f0:49:7d:f6:ec:91:6d:7c:
                    ab:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:9D:8C:5C:72:2E:C2:79:4B:05:F4:90:4F:F7:3F:BA:2E:DB:C5:9F
            X509v3 Authority Key Identifier:
                keyid:FB:ED:94:39:A4:E4:B2:D3:2E:4B:EE:64:7F:3B:61:05:5B:16:9E:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1--2UOaTkstMuS-5kfzthBVsWnj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/d07c07-b962-4f4b-a3a0-b51b35def6de/1/yJ2MXHIuwnlLBfSQT_c_ui7bxZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/d07c07-b962-4f4b-a3a0-b51b35def6de/1/1--2UOaTkstMuS-5kfzthBVsWnj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:5d:57:50:0c:12:97:c2:47:e8:72:76:e6:9a:ae:dd:7a:8f:
         f0:56:c8:ae:01:a2:d4:ad:04:b9:ee:40:f6:55:06:d2:29:a6:
         f5:17:19:67:c2:ea:00:cf:60:06:be:28:f1:9b:1f:5f:96:c4:
         81:56:4b:df:f3:55:23:99:76:b6:50:5a:fe:1b:1d:9c:1b:cb:
         b2:9d:a1:54:3e:ae:9c:7d:e8:c1:f9:c5:16:b3:7f:28:ee:d3:
         1d:18:aa:fc:25:0f:d1:27:b8:a2:eb:a7:9f:16:57:09:04:25:
         39:f9:2a:cf:7c:10:21:42:20:7a:16:81:af:51:ec:b0:e2:68:
         69:2c:f4:9c:e9:43:b9:cc:f7:73:41:06:4d:83:b2:9a:e9:e4:
         1e:08:01:64:e9:fe:21:0d:3a:ad:d5:b0:c8:70:52:08:4f:e3:
         c2:3f:53:bf:49:33:9a:2e:5e:78:88:b5:74:9d:3e:62:7c:3e:
         03:0a:61:af:11:85:90:c1:9b:ac:28:51:3e:cf:6d:49:b2:35:
         62:5e:cf:88:55:91:56:f5:37:bf:1b:59:8f:1a:f9:a1:6b:39:
         2d:70:c1:88:c5:77:b6:26:24:58:db:3c:87:54:d5:c5:5c:7b:
         3e:54:9a:82:11:18:5c:d0:af:11:15:70:bd:54:ae:8e:40:3d:
         b8:14:03:82
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt4NR3BzrT8bjmaQs/A/tcMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZWQ5NDM5YTRlNGIyZDMyZTRiZWU2NDdmM2I2MTA1NWIx
NjllM2QwHhcNMjYwMTAxMDYxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODlkOGM1YzcyMmVjMjc5NGIwNWY0OTA0ZmY3M2ZiYTJlZGJjNTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxjPzBy+UcVZGKpqNoAS644itMvA
FKmCxxuzkF0iRB2HEVHrRXDnCfB5+l2LerRl/Ll45E7jNdDAB4WiHGTCrI2DjTv0
jHE7oxzr1FKJxtbRZ0PDaMdFq6RFrNah/WeyhA0wIkIpLA3US9MiPzuiI/WU9+LA
mqM9I85CVEpO84HF9KJTxbKclRa3qMbBOrUgbF67MU7qV0s3IcedmGwTIajNAG0m
dosWqzkLAluKBKH3D6zbxFJ4/6JbGydarCk2HaG5EQAPJ6scrFGzZ85LDuDPFDsN
5qnROdmb4hWYSjtdgE8J4SOtGe7OqtsyU+1fb9JZ87i58El99uyRbXyryQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMidjFxyLsJ5SwX0kE/3P7ou28WfMB8GA1UdIwQY
MBaAFPvtlDmk5LLTLkvuZH87YQVbFp49MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0tMlVPYVRrc3RNdVMtNWtmenRoQlZzV25qMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAvZDA3YzA3LWI5NjItNGY0Yi1hM2Ew
LWI1MWIzNWRlZjZkZS8xL3lKMk1YSEl1d25sTEJmU1FUX2NfdWk3YnhaOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTAvZDA3YzA3LWI5NjItNGY0Yi1hM2EwLWI1MWIzNWRlZjZk
ZS8xLzEtLTJVT2FUa3N0TXVTLTVrZnp0aEJWc1duajAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJNb/Qw
DQYJKoZIhvcNAQELBQADggEBACxdV1AMEpfCR+hyduaart16j/BWyK4BotStBLnu
QPZVBtIppvUXGWfC6gDPYAa+KPGbH1+WxIFWS9/zVSOZdrZQWv4bHZwby7KdoVQ+
rpx96MH5xRazfyju0x0YqvwlD9EnuKLrp58WVwkEJTn5Ks98ECFCIHoWga9R7LDi
aGks9JzpQ7nM93NBBk2Dsprp5B4IAWTp/iENOq3VsMhwUghP48I/U79JM5ouXniI
tXSdPmJ8PgMKYa8RhZDBm6woUT7PbUmyNWJez4hVkVb1N78bWY8a+aFrOS1wwYjF
d7YmJFjbPIdU1cVcez5UmoIRGFzQrxEVcL1Uro5APbgUA4I=
-----END CERTIFICATE-----