Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/f9tprzn73NPBvx0H90-TwMxhyIM.roa
File:                     f9tprzn73NPBvx0H90-TwMxhyIM.roa (raw, json)
Hash identifier:          dYV4lQF2uey+ETFDptmt+QtnWsUqIvYU1FjU0+ewYLw=
Subject key identifier:   7F:DB:69:AF:39:FB:DC:D3:C1:BF:1D:07:F7:4F:93:C0:CC:61:C8:83
Certificate issuer:       /CN=da4a3ec07b97858e6834a5a1f88eb8fe31bf7b20
Certificate serial:       019B7BA383285006577F6873485B64793046
Authority key identifier: DA:4A:3E:C0:7B:97:85:8E:68:34:A5:A1:F8:8E:B8:FE:31:BF:7B:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ko-wHuXhY5oNKWh-I64_jG_eyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/f9tprzn73NPBvx0H90-TwMxhyIM.roa
Signing time:             Thu 01 Jan 2026 22:17:52 +0000
ROA not before:           Thu 01 Jan 2026 22:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42838
IP address blocks:        77.87.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/2ko-wHuXhY5oNKWh-I64_jG_eyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/2ko-wHuXhY5oNKWh-I64_jG_eyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ko-wHuXhY5oNKWh-I64_jG_eyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:83:28:50:06:57:7f:68:73:48:5b:64:79:30:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da4a3ec07b97858e6834a5a1f88eb8fe31bf7b20
        Validity
            Not Before: Jan  1 22:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7fdb69af39fbdcd3c1bf1d07f74f93c0cc61c883
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:90:9c:7e:6f:02:4f:2a:3d:2d:e1:7d:95:c0:
                    ce:c1:25:76:0b:b2:92:80:2d:c1:f5:a3:59:b6:7b:
                    f4:5f:ee:88:8f:55:2b:6d:8d:23:da:2d:71:da:68:
                    28:47:e2:27:e1:a5:cf:32:57:89:8b:69:d7:4e:30:
                    8b:ec:a5:45:16:05:b6:5e:60:3e:f0:09:1d:ab:ed:
                    de:2a:58:fc:9a:48:cd:2d:99:e4:09:ae:a5:e6:94:
                    34:5a:77:dc:ba:21:1d:7a:3d:5f:b1:06:35:57:45:
                    df:d4:9c:81:ee:7b:d0:38:a1:b6:d1:41:80:15:1e:
                    0c:a4:12:48:66:46:0a:10:47:c9:8f:c7:88:27:ed:
                    5f:73:3c:ad:dd:6c:62:e7:89:2d:78:f1:eb:c8:c8:
                    a4:5b:15:a8:01:bb:99:26:44:d5:be:d8:00:63:b6:
                    4c:27:90:f1:b7:09:da:b6:6b:b2:3f:59:5a:94:66:
                    87:8b:64:b3:6a:0b:eb:c8:c3:55:f0:e2:00:4d:18:
                    56:5b:f5:eb:5f:3b:60:14:90:4e:2f:05:6e:ef:8a:
                    f1:54:1d:02:88:4c:86:3d:c3:bb:6c:eb:55:44:33:
                    58:53:0c:47:a7:17:e8:a8:dc:0b:bb:8d:9a:ef:ce:
                    21:0f:f1:b8:03:89:7e:f5:df:1c:73:89:e3:1f:32:
                    03:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:DB:69:AF:39:FB:DC:D3:C1:BF:1D:07:F7:4F:93:C0:CC:61:C8:83
            X509v3 Authority Key Identifier:
                keyid:DA:4A:3E:C0:7B:97:85:8E:68:34:A5:A1:F8:8E:B8:FE:31:BF:7B:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ko-wHuXhY5oNKWh-I64_jG_eyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/f9tprzn73NPBvx0H90-TwMxhyIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/2ko-wHuXhY5oNKWh-I64_jG_eyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:6d:92:c4:f2:28:a2:d7:dc:ba:56:57:4b:73:07:5f:fc:40:
         0e:cf:38:ae:85:3a:0b:9a:02:4c:c6:eb:fd:ae:42:83:04:7e:
         ac:ed:a0:e8:b5:da:65:5c:9b:61:fc:59:0c:1f:fc:f3:7a:1f:
         c7:c0:53:f6:e0:7d:d3:0d:54:f2:d5:0d:c7:91:7d:21:5f:45:
         d7:52:05:e7:86:17:d6:fc:3a:6d:29:84:01:46:77:13:45:e2:
         b8:b1:8c:db:65:37:d6:df:61:04:54:6e:1a:44:35:06:d9:f9:
         52:2d:b3:06:98:de:9c:0d:81:ef:3c:44:ca:12:bb:54:6e:b7:
         c7:62:e0:fd:e1:60:9f:72:4d:be:bb:45:22:b7:5b:c1:1a:77:
         49:5f:10:ca:db:e1:b2:88:7f:b9:35:77:21:83:68:f7:1e:98:
         f3:ba:8a:d4:f8:d7:f4:16:bc:2c:bd:d0:59:64:7a:f8:03:b1:
         c6:fd:f9:6e:ee:b7:73:48:6d:06:fa:9b:21:27:2e:10:8b:3f:
         97:72:72:15:7a:49:58:3b:4e:24:cf:c6:7e:b0:fa:43:5f:a0:
         78:14:a2:6d:ac:1d:53:e0:00:b9:9e:fa:0c:1d:6c:10:68:4e:
         90:5e:11:96:26:dc:6d:a8:3b:e7:b9:21:11:8d:19:41:c4:46:
         6c:e7:0d:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o4MoUAZXf2hzSFtkeTBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNGEzZWMwN2I5Nzg1OGU2ODM0YTVhMWY4OGViOGZlMzFi
ZjdiMjAwHhcNMjYwMTAxMjIxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmRiNjlhZjM5ZmJkY2QzYzFiZjFkMDdmNzRmOTNjMGNjNjFjODgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZCcfm8CTyo9LeF9lcDOwSV2C7KS
gC3B9aNZtnv0X+6Ij1UrbY0j2i1x2mgoR+In4aXPMleJi2nXTjCL7KVFFgW2XmA+
8Akdq+3eKlj8mkjNLZnkCa6l5pQ0WnfcuiEdej1fsQY1V0Xf1JyB7nvQOKG20UGA
FR4MpBJIZkYKEEfJj8eIJ+1fczyt3Wxi54ktePHryMikWxWoAbuZJkTVvtgAY7ZM
J5DxtwnatmuyP1lalGaHi2SzagvryMNV8OIATRhWW/XrXztgFJBOLwVu74rxVB0C
iEyGPcO7bOtVRDNYUwxHpxfoqNwLu42a784hD/G4A4l+9d8cc4njHzIDGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/baa85+9zTwb8dB/dPk8DMYciDMB8GA1UdIwQY
MBaAFNpKPsB7l4WOaDSlofiOuP4xv3sgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmtvLXdIdVhoWTVvTktXaC1JNjRfakdfZXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mZTAzMDYtYWY4NC00ZThlLTg4ODUt
Yjg0YTk4MTllYWQ2LzEvZjl0cHJ6bjczTlBCdngwSDkwLVR3TXhoeUlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mZTAzMDYtYWY4NC00ZThlLTg4ODUtYjg0YTk4MTllYWQ2
LzEvMmtvLXdIdVhoWTVvTktXaC1JNjRfakdfZXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTVcQMA0G
CSqGSIb3DQEBCwUAA4IBAQApbZLE8iii19y6VldLcwdf/EAOzziuhToLmgJMxuv9
rkKDBH6s7aDotdplXJth/FkMH/zzeh/HwFP24H3TDVTy1Q3HkX0hX0XXUgXnhhfW
/DptKYQBRncTReK4sYzbZTfW32EEVG4aRDUG2flSLbMGmN6cDYHvPETKErtUbrfH
YuD94WCfck2+u0Uit1vBGndJXxDK2+GyiH+5NXchg2j3HpjzuorU+Nf0FrwsvdBZ
ZHr4A7HG/flu7rdzSG0G+pshJy4Qiz+XcnIVeklYO04kz8Z+sPpDX6B4FKJtrB1T
4AC5nvoMHWwQaE6QXhGWJtxtqDvnuSERjRlBxEZs5w2o
-----END CERTIFICATE-----