Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/MaG66KPENn9bx0eAYChp8R8dAs4.roa
File:                     MaG66KPENn9bx0eAYChp8R8dAs4.roa (raw, json)
Hash identifier:          593eGOu2FOVFWhkjJjWzF/kjBgyQkqsd6b/vqPJ4bN4=
Subject key identifier:   31:A1:BA:E8:A3:C4:36:7F:5B:C7:47:80:60:28:69:F1:1F:1D:02:CE
Certificate issuer:       /CN=1ebe3e521407f597f255f3fb4e0b569c32083552
Certificate serial:       019B79102BE8676E15F05AB74813BF3EAA08
Authority key identifier: 1E:BE:3E:52:14:07:F5:97:F2:55:F3:FB:4E:0B:56:9C:32:08:35:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/MaG66KPENn9bx0eAYChp8R8dAs4.roa
Signing time:             Thu 01 Jan 2026 10:17:41 +0000
ROA not before:           Thu 01 Jan 2026 10:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43346
IP address blocks:        77.87.168.0/21 maxlen: 21
                          91.198.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:2b:e8:67:6e:15:f0:5a:b7:48:13:bf:3e:aa:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ebe3e521407f597f255f3fb4e0b569c32083552
        Validity
            Not Before: Jan  1 10:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31a1bae8a3c4367f5bc74780602869f11f1d02ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9e:d4:b4:82:0f:50:39:31:c7:60:69:9c:8e:
                    83:3a:b4:33:34:8e:d6:ac:46:46:92:02:a5:ec:48:
                    f2:d2:34:f2:8e:be:f4:72:2f:68:0b:cd:c3:78:48:
                    d7:c8:1d:1f:b4:cb:de:41:60:00:61:e4:75:1f:25:
                    3d:57:74:b3:76:e2:17:d0:6f:b6:db:33:dd:b1:d8:
                    9c:f3:c9:e8:71:41:e7:56:19:55:a5:09:50:75:ae:
                    31:49:1b:7c:af:bc:13:55:ce:6c:6a:3f:b9:d0:e0:
                    c3:8d:41:a7:93:37:7b:ac:13:5c:7c:50:a6:a8:92:
                    06:3e:f4:1b:86:58:cb:c5:96:10:9e:75:61:76:5a:
                    33:4b:49:fc:11:d0:de:7e:12:16:68:4d:33:7c:17:
                    ee:3e:9a:fb:6a:b6:73:18:91:ea:c7:98:7f:06:0f:
                    27:cb:19:27:81:59:37:7d:26:bb:5e:c3:bf:00:c6:
                    c9:56:1d:94:07:14:1e:d9:07:83:4b:c1:b5:ff:f7:
                    ec:59:c7:22:85:cf:fe:5b:8a:18:43:ef:8d:c2:67:
                    27:e4:6b:c0:e7:93:76:8b:d8:59:45:80:2a:32:82:
                    95:60:c7:d8:c2:d7:f8:76:7a:02:27:86:c9:19:78:
                    55:74:2b:f8:1c:d3:43:1b:88:46:66:5f:58:ad:4c:
                    1e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:A1:BA:E8:A3:C4:36:7F:5B:C7:47:80:60:28:69:F1:1F:1D:02:CE
            X509v3 Authority Key Identifier:
                keyid:1E:BE:3E:52:14:07:F5:97:F2:55:F3:FB:4E:0B:56:9C:32:08:35:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/MaG66KPENn9bx0eAYChp8R8dAs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.168.0/21
                  91.198.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:e8:49:74:c2:b8:22:48:04:b3:e9:ff:14:a2:93:22:28:eb:
         f6:4c:40:2e:eb:26:c1:99:33:47:42:03:dc:24:60:6b:9f:a3:
         62:ef:fc:e8:42:ad:b1:06:04:f4:18:88:df:d7:b2:7f:2a:30:
         a9:78:13:1b:93:32:e4:71:c7:e5:e6:5c:f7:58:0d:53:3e:15:
         d8:09:12:8c:6e:09:43:5a:72:49:a5:39:01:af:96:fd:c3:d5:
         1d:6b:28:2f:59:d3:6e:de:a1:a7:9c:c2:46:da:fd:09:8d:cc:
         f1:71:ca:4f:73:ce:f0:8a:fb:d5:03:02:7c:6c:58:87:51:d1:
         01:c0:3e:46:5c:52:b2:64:fb:f2:e2:8e:0b:d4:51:5c:2b:02:
         40:0f:fc:d7:72:1d:18:50:14:b7:23:79:54:73:d9:7f:1e:a8:
         78:8b:58:d9:2f:6a:fe:c3:fb:30:aa:e7:08:30:13:91:39:1c:
         0c:9d:94:ca:0a:90:16:56:61:33:a8:cf:d2:c5:cf:9e:0a:fc:
         2e:25:31:e7:83:a0:48:cb:26:bf:6e:13:06:a9:ef:50:89:4b:
         32:b5:86:2c:5d:b0:5b:25:b7:5a:5d:66:5f:64:d9:56:34:a6:
         2c:10:b3:8d:1c:71:eb:8d:aa:5e:a9:65:8d:d9:33:74:0c:16:
         a0:2a:6c:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt5ECvoZ24V8Fq3SBO/PqoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYmUzZTUyMTQwN2Y1OTdmMjU1ZjNmYjRlMGI1NjljMzIw
ODM1NTIwHhcNMjYwMTAxMTAxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWExYmFlOGEzYzQzNjdmNWJjNzQ3ODA2MDI4NjlmMTFmMWQwMmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp7UtIIPUDkxx2BpnI6DOrQzNI7W
rEZGkgKl7Ejy0jTyjr70ci9oC83DeEjXyB0ftMveQWAAYeR1HyU9V3SzduIX0G+2
2zPdsdic88nocUHnVhlVpQlQda4xSRt8r7wTVc5saj+50ODDjUGnkzd7rBNcfFCm
qJIGPvQbhljLxZYQnnVhdlozS0n8EdDefhIWaE0zfBfuPpr7arZzGJHqx5h/Bg8n
yxkngVk3fSa7XsO/AMbJVh2UBxQe2QeDS8G1//fsWccihc/+W4oYQ++Nwmcn5GvA
55N2i9hZRYAqMoKVYMfYwtf4dnoCJ4bJGXhVdCv4HNNDG4hGZl9YrUwe9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDGhuuijxDZ/W8dHgGAoafEfHQLOMB8GA1UdIwQY
MBaAFB6+PlIUB/WX8lXz+04LVpwyCDVSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHI0LVVoUUg5WmZ5VmZQN1RndFduRElJTlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8xMjRhYzgtZmE5My00YzIzLWJkNjIt
NWI0YWZmN2E2Mzk4LzEvTWFHNjZLUEVObjlieDBlQVlDaHA4UjhkQXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8xMjRhYzgtZmE5My00YzIzLWJkNjItNWI0YWZmN2E2Mzk4
LzEvSHI0LVVoUUg5WmZ5VmZQN1RndFduRElJTlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDTVeoAwQA
W8ZLMA0GCSqGSIb3DQEBCwUAA4IBAQAi6El0wrgiSASz6f8UopMiKOv2TEAu6ybB
mTNHQgPcJGBrn6Ni7/zoQq2xBgT0GIjf17J/KjCpeBMbkzLkccfl5lz3WA1TPhXY
CRKMbglDWnJJpTkBr5b9w9UdaygvWdNu3qGnnMJG2v0JjczxccpPc87wivvVAwJ8
bFiHUdEBwD5GXFKyZPvy4o4L1FFcKwJAD/zXch0YUBS3I3lUc9l/Hqh4i1jZL2r+
w/swqucIMBORORwMnZTKCpAWVmEzqM/Sxc+eCvwuJTHng6BIyya/bhMGqe9QiUsy
tYYsXbBbJbdaXWZfZNlWNKYsELONHHHrjapeqWWN2TN0DBagKmyt
-----END CERTIFICATE-----