Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/gWUoPtKu4Ygknkyrez4F7XlU7JU.roa
File:                     gWUoPtKu4Ygknkyrez4F7XlU7JU.roa (raw, json)
Hash identifier:          9nDIkHs65Wge6gpKCtTP63Y9gCXb0tsZlxUtihUCR5E=
Subject key identifier:   81:65:28:3E:D2:AE:E1:88:24:9E:4C:AB:7B:3E:05:ED:79:54:EC:95
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       019C5CE6266F5F0D37FD8AFE312B6623BAB1
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/gWUoPtKu4Ygknkyrez4F7XlU7JU.roa
Signing time:             Sat 14 Feb 2026 16:05:12 +0000
ROA not before:           Sat 14 Feb 2026 16:05:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     996
IP address blocks:        77.111.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:5c:e6:26:6f:5f:0d:37:fd:8a:fe:31:2b:66:23:ba:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Feb 14 16:05:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8165283ed2aee188249e4cab7b3e05ed7954ec95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3d:b8:e2:13:0b:82:cf:48:d7:92:a5:31:ff:
                    33:52:25:67:97:fb:96:31:34:a1:67:44:42:3e:52:
                    8c:e7:60:d8:32:87:b4:8b:da:79:cc:f4:bc:d4:28:
                    c1:d2:73:55:93:18:e6:4f:0a:74:3e:0e:2f:f7:3b:
                    64:f8:f9:c5:af:88:ba:6e:8a:08:ec:b2:1c:99:d6:
                    32:68:a7:2f:c8:d2:61:dd:6a:0b:a3:92:8f:57:77:
                    25:90:13:6f:b7:85:c2:bf:ea:e4:0a:e2:ca:0e:c5:
                    5e:d2:72:8a:51:89:61:76:b3:5b:6e:df:06:5c:ec:
                    16:a7:d4:ae:dd:e9:d7:2a:f9:c4:95:89:b6:4a:01:
                    fe:87:16:c3:4b:84:48:9d:57:3d:28:b4:f8:4a:10:
                    2d:00:82:85:67:06:b3:af:95:24:5a:23:cd:fe:16:
                    92:5c:98:fc:ac:59:94:fd:5e:3c:bb:7c:3d:6d:7a:
                    3c:06:78:47:2c:fa:d1:f4:b5:40:fa:50:0b:94:0b:
                    c4:c8:ee:62:e2:cc:e8:de:99:b1:2a:37:48:97:4e:
                    c5:f7:dc:08:1f:ab:a5:66:76:7b:d5:0c:01:64:8f:
                    30:32:81:bc:b4:c9:e3:43:ab:ef:fa:1a:e6:49:da:
                    ad:96:3d:f6:3e:11:bb:a8:5f:e5:2c:a1:2b:88:a2:
                    c8:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:65:28:3E:D2:AE:E1:88:24:9E:4C:AB:7B:3E:05:ED:79:54:EC:95
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/gWUoPtKu4Ygknkyrez4F7XlU7JU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:10:d8:db:d6:de:8f:b8:79:74:64:5d:a3:11:c9:48:f7:43:
         0a:26:9a:1a:bf:bc:b3:52:11:22:10:b3:5e:60:bd:ac:3c:1b:
         d8:49:86:1a:0a:a7:3b:32:16:13:1f:68:81:b1:8e:e3:16:5b:
         00:6d:31:cc:06:f1:0f:5a:28:ac:b3:bf:1e:7f:da:c6:2d:df:
         df:9e:89:a1:12:00:51:9b:f0:1f:07:84:e2:3a:a5:e0:ec:5a:
         ca:52:0f:76:4a:f1:60:28:f8:58:4d:dc:58:7f:89:c7:a7:fd:
         93:9c:8b:9b:68:de:a1:f4:85:e2:20:ff:ef:32:26:ca:31:0e:
         4c:7b:90:42:75:7a:14:09:b6:03:49:24:27:5c:c6:95:fd:e8:
         ae:e1:dd:07:7b:3c:4d:df:ce:04:24:63:f2:ae:c9:4a:76:39:
         d3:01:4e:b2:04:17:44:e5:8a:64:e9:36:91:a3:d9:ac:f9:c2:
         37:6f:41:4b:f4:35:a1:1d:29:d5:33:fd:ab:78:e8:88:ec:c0:
         93:c8:7b:b5:3d:d1:11:26:05:90:6e:55:9a:54:3e:40:74:be:
         2e:aa:f6:d9:6f:22:06:17:51:35:2f:90:ee:2c:e4:7a:d9:a4:
         03:12:04:3a:0f:9e:75:b2:44:d2:0e:51:f4:a5:51:fd:24:37:
         3f:94:0d:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxc5iZvXw03/Yr+MStmI7qxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjYwMjE0MTYwNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTY1MjgzZWQyYWVlMTg4MjQ5ZTRjYWI3YjNlMDVlZDc5NTRlYzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtj244hMLgs9I15KlMf8zUiVnl/uW
MTShZ0RCPlKM52DYMoe0i9p5zPS81CjB0nNVkxjmTwp0Pg4v9ztk+PnFr4i6booI
7LIcmdYyaKcvyNJh3WoLo5KPV3clkBNvt4XCv+rkCuLKDsVe0nKKUYlhdrNbbt8G
XOwWp9Su3enXKvnElYm2SgH+hxbDS4RInVc9KLT4ShAtAIKFZwazr5UkWiPN/haS
XJj8rFmU/V48u3w9bXo8BnhHLPrR9LVA+lALlAvEyO5i4szo3pmxKjdIl07F99wI
H6ulZnZ71QwBZI8wMoG8tMnjQ6vv+hrmSdqtlj32PhG7qF/lLKEriKLISQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFlKD7SruGIJJ5Mq3s+Be15VOyVMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvZ1dVb1B0S3U0WWdrbmt5cmV6NEY3WGxVN0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW93MA0G
CSqGSIb3DQEBCwUAA4IBAQAoENjb1t6PuHl0ZF2jEclI90MKJpoav7yzUhEiELNe
YL2sPBvYSYYaCqc7MhYTH2iBsY7jFlsAbTHMBvEPWiiss78ef9rGLd/fnomhEgBR
m/AfB4TiOqXg7FrKUg92SvFgKPhYTdxYf4nHp/2TnIubaN6h9IXiIP/vMibKMQ5M
e5BCdXoUCbYDSSQnXMaV/eiu4d0HezxN384EJGPyrslKdjnTAU6yBBdE5Ypk6TaR
o9ms+cI3b0FL9DWhHSnVM/2reOiI7MCTyHu1PdERJgWQblWaVD5AdL4uqvbZbyIG
F1E1L5DuLOR62aQDEgQ6D551skTSDlH0pVH9JDc/lA3/
-----END CERTIFICATE-----