Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/AHlPOn0Qib_wJIW66ddXuyJjfCE.roa
File:                     AHlPOn0Qib_wJIW66ddXuyJjfCE.roa (raw, json)
Hash identifier:          yQg+n6qV5FpQdhBVTxyS432zZ8vWKSmOgzEpXjNwCzk=
Subject key identifier:   00:79:4F:3A:7D:10:89:BF:F0:24:85:BA:E9:D7:57:BB:22:63:7C:21
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       019EB5F98F8383DA666F4C90A21EB91778E7
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/AHlPOn0Qib_wJIW66ddXuyJjfCE.roa
Signing time:             Thu 11 Jun 2026 09:18:11 +0000
ROA not before:           Thu 11 Jun 2026 09:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        77.246.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 06:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:f9:8f:83:83:da:66:6f:4c:90:a2:1e:b9:17:78:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Jun 11 09:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00794f3a7d1089bff02485bae9d757bb22637c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:11:17:82:0e:ab:44:07:e2:9d:1f:64:2d:e1:
                    e5:d8:08:69:a5:7e:28:1d:0c:59:dd:39:a4:35:91:
                    bb:1d:43:40:c0:c8:65:e8:f9:42:21:f8:51:dc:86:
                    a1:62:33:a4:17:21:81:2c:cf:d9:24:e6:2a:e8:ec:
                    ef:5d:8c:12:16:0c:24:84:03:78:ae:e2:73:ba:fa:
                    bc:b7:98:b9:25:21:cd:b3:cc:5f:ac:7d:3f:2c:8d:
                    80:72:c7:9c:ec:2f:fc:4f:4c:63:9c:19:6c:d6:eb:
                    42:26:aa:6c:58:8e:e7:2d:2e:9d:1c:43:63:cc:5d:
                    a3:07:22:b3:ff:f6:e2:df:88:76:9e:18:d7:be:e1:
                    47:14:a2:1b:37:d0:49:3d:e6:02:55:06:d3:b0:a3:
                    fc:a3:d9:df:41:eb:74:8b:d3:5a:c4:1a:f4:83:55:
                    96:0c:33:67:15:33:fc:38:f7:9d:c4:e3:25:8b:0b:
                    fb:03:d9:e7:50:5d:53:9e:73:69:3b:1e:be:28:c7:
                    97:08:8a:30:a3:aa:01:07:56:c7:27:83:46:47:3d:
                    61:cf:6c:aa:5e:61:9b:c6:26:ae:03:ba:e2:da:2d:
                    ff:fe:48:8b:aa:ca:2f:82:27:58:c9:ec:58:56:72:
                    d2:56:08:71:7f:f5:08:d0:8f:e3:60:b0:a3:dd:22:
                    e7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:79:4F:3A:7D:10:89:BF:F0:24:85:BA:E9:D7:57:BB:22:63:7C:21
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/AHlPOn0Qib_wJIW66ddXuyJjfCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:76:3a:5a:be:2f:37:57:21:2e:7d:f8:25:6f:2c:66:34:ed:
         e5:47:11:3d:a4:7b:01:7d:2d:18:68:b0:6f:e2:f5:f3:f0:70:
         34:0a:9b:4a:f0:0c:59:0e:93:ae:ba:18:1a:78:e9:bd:c1:62:
         be:2c:64:7c:3c:4f:bf:a7:ca:7a:ec:f3:c8:47:a3:cf:4f:a6:
         28:bf:e9:05:09:c1:a2:68:bb:0a:d2:25:65:5f:9e:bc:8a:15:
         c2:ed:62:f4:9e:dc:bc:12:04:44:8b:c6:16:df:a4:bb:82:cc:
         4f:f8:7d:fa:33:c0:92:ba:1e:35:f4:64:e6:57:96:29:6a:b4:
         68:6b:e4:fa:5c:59:f8:a3:3d:1d:fb:fa:8b:1e:57:4f:32:ca:
         67:7e:5d:61:95:94:8b:91:fd:45:08:24:e4:da:df:5a:c1:70:
         1d:f2:4d:94:d5:99:1d:0f:cc:e0:f4:0f:b8:f3:06:10:b8:04:
         90:27:de:25:01:ad:d5:39:fa:19:e2:f0:24:05:a8:22:51:c2:
         52:c3:cf:2f:e6:28:f3:e2:28:3f:5f:a5:0c:80:74:a5:a3:fe:
         dd:e6:29:8e:79:10:35:b9:b8:ec:b0:93:db:b7:e2:f4:8f:dd:
         d0:8a:ff:f1:5a:5b:1d:28:9e:cb:56:f7:b4:84:6b:cb:b2:a9:
         08:a7:c1:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ61+Y+Dg9pmb0yQoh65F3jnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjYwNjExMDkxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDc5NGYzYTdkMTA4OWJmZjAyNDg1YmFlOWQ3NTdiYjIyNjM3YzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBEXgg6rRAfinR9kLeHl2AhppX4o
HQxZ3TmkNZG7HUNAwMhl6PlCIfhR3IahYjOkFyGBLM/ZJOYq6OzvXYwSFgwkhAN4
ruJzuvq8t5i5JSHNs8xfrH0/LI2Acsec7C/8T0xjnBls1utCJqpsWI7nLS6dHENj
zF2jByKz//bi34h2nhjXvuFHFKIbN9BJPeYCVQbTsKP8o9nfQet0i9NaxBr0g1WW
DDNnFTP8OPedxOMliwv7A9nnUF1TnnNpOx6+KMeXCIowo6oBB1bHJ4NGRz1hz2yq
XmGbxiauA7ri2i3//kiLqsovgidYyexYVnLSVghxf/UI0I/jYLCj3SLnoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAB5Tzp9EIm/8CSFuunXV7siY3whMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvQUhsUE9uMFFpYl93SklXNjZkZFh1eUpqZkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbdMA0G
CSqGSIb3DQEBCwUAA4IBAQCXdjpavi83VyEuffglbyxmNO3lRxE9pHsBfS0YaLBv
4vXz8HA0CptK8AxZDpOuuhgaeOm9wWK+LGR8PE+/p8p67PPIR6PPT6Yov+kFCcGi
aLsK0iVlX568ihXC7WL0nty8EgREi8YW36S7gsxP+H36M8CSuh419GTmV5YparRo
a+T6XFn4oz0d+/qLHldPMspnfl1hlZSLkf1FCCTk2t9awXAd8k2U1ZkdD8zg9A+4
8wYQuASQJ94lAa3VOfoZ4vAkBagiUcJSw88v5ijz4ig/X6UMgHSlo/7d5imOeRA1
ubjssJPbt+L0j93Qiv/xWlsdKJ7LVve0hGvLsqkIp8Hx
-----END CERTIFICATE-----