Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/1fa038-31ce-4a2e-9d45-fef24c395f91/1/XGNPOjmgdTFuH0d_BqCPt5RDDjY.roa
File:                     XGNPOjmgdTFuH0d_BqCPt5RDDjY.roa (raw, json)
Hash identifier:          Yzmgyo+pVHv+AN+UC1lB8YlcAzsH4KJR08k7WUnfwVo=
Subject key identifier:   5C:63:4F:3A:39:A0:75:31:6E:1F:47:7F:06:A0:8F:B7:94:43:0E:36
Certificate issuer:       /CN=2dd5ea3c7530fd08c299d808753f47b8dfb84e0b
Certificate serial:       019C85E8B7CDECCEADCD1D9A6BB9E4248C47
Authority key identifier: 2D:D5:EA:3C:75:30:FD:08:C2:99:D8:08:75:3F:47:B8:DF:B8:4E:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LdXqPHUw_QjCmdgIdT9HuN-4Tgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/1fa038-31ce-4a2e-9d45-fef24c395f91/1/XGNPOjmgdTFuH0d_BqCPt5RDDjY.roa
Signing time:             Sun 22 Feb 2026 15:12:27 +0000
ROA not before:           Sun 22 Feb 2026 15:12:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202168
IP address blocks:        77.73.10.0/24 maxlen: 24
                          2a0f:2340::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/1fa038-31ce-4a2e-9d45-fef24c395f91/1/LdXqPHUw_QjCmdgIdT9HuN-4Tgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/1fa038-31ce-4a2e-9d45-fef24c395f91/1/LdXqPHUw_QjCmdgIdT9HuN-4Tgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LdXqPHUw_QjCmdgIdT9HuN-4Tgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:85:e8:b7:cd:ec:ce:ad:cd:1d:9a:6b:b9:e4:24:8c:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dd5ea3c7530fd08c299d808753f47b8dfb84e0b
        Validity
            Not Before: Feb 22 15:12:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c634f3a39a075316e1f477f06a08fb794430e36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:79:1f:a8:8a:fb:c4:ad:8c:73:8a:e5:8b:73:
                    99:05:b7:ba:08:95:11:f5:3c:dd:5f:31:8a:94:89:
                    4e:ce:e4:a5:27:94:96:45:eb:01:fe:d5:39:6c:13:
                    ef:e3:f2:91:3d:0c:5c:bd:29:47:5c:03:0d:5f:ad:
                    a4:f4:dd:83:5e:aa:21:1d:86:24:b8:85:95:3f:47:
                    e3:21:b6:72:db:2f:57:cf:f3:1f:ba:64:40:91:8e:
                    4e:77:3b:ed:ff:4f:37:72:19:69:5f:cd:75:d4:77:
                    d0:16:86:1f:b4:89:ea:d8:3d:f7:d4:9e:4f:42:cd:
                    f8:5c:16:ab:bb:00:af:36:9f:0f:7b:99:c2:84:07:
                    9f:48:a5:b8:ad:1a:c1:52:fa:79:c1:92:91:36:09:
                    2b:b6:91:9c:a2:45:6a:97:c8:2a:7a:92:27:70:57:
                    f6:3e:57:02:d4:2e:84:22:4a:60:84:ff:b4:e7:17:
                    f3:32:e9:12:4a:e1:89:13:90:4d:02:6a:bf:02:d6:
                    19:36:45:f4:da:ca:a8:51:de:33:44:d0:24:b8:33:
                    45:c5:04:aa:33:36:23:c6:ef:6d:d2:57:e6:d6:06:
                    7c:4f:d3:d0:a5:88:d8:f7:f5:e2:40:e8:b6:e5:45:
                    19:65:08:0c:76:23:77:68:3e:03:99:19:ba:aa:a0:
                    37:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:63:4F:3A:39:A0:75:31:6E:1F:47:7F:06:A0:8F:B7:94:43:0E:36
            X509v3 Authority Key Identifier:
                keyid:2D:D5:EA:3C:75:30:FD:08:C2:99:D8:08:75:3F:47:B8:DF:B8:4E:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LdXqPHUw_QjCmdgIdT9HuN-4Tgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/1fa038-31ce-4a2e-9d45-fef24c395f91/1/XGNPOjmgdTFuH0d_BqCPt5RDDjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/1fa038-31ce-4a2e-9d45-fef24c395f91/1/LdXqPHUw_QjCmdgIdT9HuN-4Tgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.10.0/24
                IPv6:
                  2a0f:2340::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:bb:3b:cc:6f:05:5b:cc:b4:37:67:be:fe:86:48:1d:be:5a:
         c5:18:ee:74:cd:7a:b9:f0:ff:6e:01:4a:09:e9:bc:a1:f4:9d:
         51:99:82:4b:a2:4c:ae:a6:c5:79:e7:2f:f1:de:09:c3:0f:15:
         1b:ce:3a:f3:d5:6c:1f:6c:a9:21:4b:fb:79:c8:18:18:0d:3f:
         9e:de:35:fa:46:58:7b:b4:fe:87:85:58:b8:45:f9:f6:d1:1a:
         b7:4a:13:74:1f:00:6a:45:67:55:84:9d:8f:23:3b:9c:ae:be:
         8b:87:a1:60:0b:b6:08:2b:cc:4a:86:dc:9a:81:93:d7:38:e7:
         cf:5c:5f:4c:5e:c8:1a:39:95:90:23:fb:32:78:8f:9c:ab:b7:
         f3:52:1c:85:03:60:b2:91:c0:42:0a:33:54:08:73:0c:ab:c7:
         a5:c6:f6:bd:58:54:94:0c:a2:74:ad:06:73:dc:49:30:e2:2c:
         b1:44:4a:11:23:b1:5d:23:5e:93:1f:c1:7e:38:22:3a:d2:0b:
         a1:b3:3e:bd:ee:02:93:7c:57:e3:3e:dd:fe:f9:0b:51:16:8f:
         da:bc:7b:45:c8:66:94:74:ff:39:70:0d:cc:57:49:ff:ff:08:
         76:e5:5e:df:c2:cf:2a:28:bd:9c:93:e3:5b:64:f9:e2:89:56:
         32:e9:7f:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyF6LfN7M6tzR2aa7nkJIxHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZDVlYTNjNzUzMGZkMDhjMjk5ZDgwODc1M2Y0N2I4ZGZi
ODRlMGIwHhcNMjYwMjIyMTUxMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzYzNGYzYTM5YTA3NTMxNmUxZjQ3N2YwNmEwOGZiNzk0NDMwZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnkfqIr7xK2Mc4rli3OZBbe6CJUR
9TzdXzGKlIlOzuSlJ5SWResB/tU5bBPv4/KRPQxcvSlHXAMNX62k9N2DXqohHYYk
uIWVP0fjIbZy2y9Xz/MfumRAkY5Odzvt/083chlpX8111HfQFoYftInq2D331J5P
Qs34XBaruwCvNp8Pe5nChAefSKW4rRrBUvp5wZKRNgkrtpGcokVql8gqepIncFf2
PlcC1C6EIkpghP+05xfzMukSSuGJE5BNAmq/AtYZNkX02sqoUd4zRNAkuDNFxQSq
MzYjxu9t0lfm1gZ8T9PQpYjY9/XiQOi25UUZZQgMdiN3aD4DmRm6qqA3bQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFxjTzo5oHUxbh9Hfwagj7eUQw42MB8GA1UdIwQY
MBaAFC3V6jx1MP0IwpnYCHU/R7jfuE4LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGRYcVBIVXdfUWpDbWRnSWRUOUh1Ti00VGdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy8xZmEwMzgtMzFjZS00YTJlLTlkNDUt
ZmVmMjRjMzk1ZjkxLzEvWEdOUE9qbWdkVEZ1SDBkX0JxQ1B0NVJERGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy8xZmEwMzgtMzFjZS00YTJlLTlkNDUtZmVmMjRjMzk1Zjkx
LzEvTGRYcVBIVXdfUWpDbWRnSWRUOUh1Ti00VGdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQATUkKMA0E
AgACMAcDBQAqDyNAMA0GCSqGSIb3DQEBCwUAA4IBAQBMuzvMbwVbzLQ3Z77+hkgd
vlrFGO50zXq58P9uAUoJ6byh9J1RmYJLokyupsV55y/x3gnDDxUbzjrz1WwfbKkh
S/t5yBgYDT+e3jX6Rlh7tP6HhVi4Rfn20Rq3ShN0HwBqRWdVhJ2PIzucrr6Lh6Fg
C7YIK8xKhtyagZPXOOfPXF9MXsgaOZWQI/syeI+cq7fzUhyFA2CykcBCCjNUCHMM
q8elxva9WFSUDKJ0rQZz3Ekw4iyxREoRI7FdI16TH8F+OCI60guhsz697gKTfFfj
Pt3++QtRFo/avHtFyGaUdP85cA3MV0n//wh25V7fws8qKL2ck+NbZPniiVYy6X85
-----END CERTIFICATE-----