Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/61ed42-f722-4ba0-bd89-b549ffa04046/1/zrY1kiCbt_RCBDyoPeb6Gt-rfXI.roa
File:                     zrY1kiCbt_RCBDyoPeb6Gt-rfXI.roa (raw, json)
Hash identifier:          99km0sbg09Xs5uX9uuCKMjDG2dbDXHFkyqnyOKsmuE4=
Subject key identifier:   CE:B6:35:92:20:9B:B7:F4:42:04:3C:A8:3D:E6:FA:1A:DF:AB:7D:72
Certificate issuer:       /CN=5ea9fffaf09249b20cf7f567c3ccb9958b4f3110
Certificate serial:       019C04F105E1B79E1082CE1335EE363B3C6C
Authority key identifier: 5E:A9:FF:FA:F0:92:49:B2:0C:F7:F5:67:C3:CC:B9:95:8B:4F:31:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xqn_-vCSSbIM9_Vnw8y5lYtPMRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/61ed42-f722-4ba0-bd89-b549ffa04046/1/zrY1kiCbt_RCBDyoPeb6Gt-rfXI.roa
Signing time:             Wed 28 Jan 2026 14:10:30 +0000
ROA not before:           Wed 28 Jan 2026 14:10:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21396
IP address blocks:        77.95.218.0/24 maxlen: 24
                          2a05:98c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/61ed42-f722-4ba0-bd89-b549ffa04046/1/Xqn_-vCSSbIM9_Vnw8y5lYtPMRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/61ed42-f722-4ba0-bd89-b549ffa04046/1/Xqn_-vCSSbIM9_Vnw8y5lYtPMRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xqn_-vCSSbIM9_Vnw8y5lYtPMRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 05:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:04:f1:05:e1:b7:9e:10:82:ce:13:35:ee:36:3b:3c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ea9fffaf09249b20cf7f567c3ccb9958b4f3110
        Validity
            Not Before: Jan 28 14:10:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ceb63592209bb7f442043ca83de6fa1adfab7d72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:83:3d:9f:9d:43:6a:b7:40:d9:b1:8c:42:6e:
                    7d:e8:57:6b:18:40:2f:99:c6:8c:ab:90:81:7f:9f:
                    14:a3:7b:fe:b6:65:19:7a:7f:74:44:c1:fa:d3:c5:
                    83:30:fa:87:a6:13:0f:9d:ad:d0:6e:6a:dd:8c:5a:
                    75:48:df:12:a1:c3:59:9b:75:61:28:6d:c4:8b:b1:
                    46:29:77:45:a1:7d:43:64:a7:81:0e:70:88:f5:f5:
                    31:2b:0b:2e:31:ed:81:0e:9f:f7:1c:e0:f0:b8:e2:
                    55:35:77:cf:36:50:4f:7e:ff:60:9a:f1:d2:f1:62:
                    f7:a2:88:d8:2f:ba:02:a7:fd:b3:10:3a:22:70:13:
                    75:5a:98:51:f1:d5:43:cb:77:1c:cf:a9:c8:43:61:
                    f0:83:c1:0c:56:ed:4c:72:25:2c:dc:7f:3f:0f:95:
                    6f:af:bd:bd:f3:2d:de:7a:9d:14:e8:6b:2b:40:76:
                    6e:24:8c:be:0d:2f:39:f8:58:96:6f:7a:4b:f1:ad:
                    67:ad:4a:d3:97:a1:22:79:ea:51:dd:85:83:b8:d6:
                    d4:95:46:f2:c2:8d:12:bf:ae:9d:30:d1:27:50:ca:
                    5c:b7:3c:3e:d8:a3:5a:2d:34:78:79:ad:71:c8:e4:
                    34:2f:f5:45:e9:4f:4f:c7:3f:e0:62:29:8d:e3:07:
                    35:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B6:35:92:20:9B:B7:F4:42:04:3C:A8:3D:E6:FA:1A:DF:AB:7D:72
            X509v3 Authority Key Identifier:
                keyid:5E:A9:FF:FA:F0:92:49:B2:0C:F7:F5:67:C3:CC:B9:95:8B:4F:31:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xqn_-vCSSbIM9_Vnw8y5lYtPMRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/61ed42-f722-4ba0-bd89-b549ffa04046/1/zrY1kiCbt_RCBDyoPeb6Gt-rfXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/61ed42-f722-4ba0-bd89-b549ffa04046/1/Xqn_-vCSSbIM9_Vnw8y5lYtPMRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.218.0/24
                IPv6:
                  2a05:98c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:98:fd:c7:68:dc:d9:f8:96:e8:48:89:50:37:0f:bb:a6:90:
         44:9c:4b:0c:02:3c:f6:f2:d2:86:80:6e:a2:cd:24:ee:de:a4:
         06:52:2a:49:53:0c:1c:ab:86:36:a8:22:d9:4e:ef:87:11:71:
         c0:a0:34:d3:15:ca:6a:24:b9:40:4a:c3:a2:da:df:ef:cc:c3:
         7c:d0:b2:50:80:2b:96:b8:f9:91:2d:5f:28:8d:f7:88:ba:90:
         86:aa:2e:b2:28:ae:d8:78:81:ac:2f:0f:6a:96:02:6d:f7:7e:
         74:b9:e8:a8:ce:cc:62:df:ef:45:6d:e1:b7:1a:8a:20:48:a0:
         81:1a:db:44:44:05:ac:32:47:58:ee:60:1c:30:95:c6:b3:db:
         2d:79:d9:54:2d:1a:e3:c0:94:70:3a:76:d0:00:01:a6:39:d1:
         c8:df:48:b3:ab:b5:a1:1c:40:2e:7f:c9:3f:15:70:08:7c:7f:
         ea:3e:e6:18:d8:0e:77:99:41:2d:c8:54:97:c7:d6:74:a2:d7:
         9c:07:04:78:8d:06:8c:d3:80:15:4b:66:76:0a:b0:c4:b3:6e:
         68:72:08:83:05:b0:f2:30:43:44:de:44:b3:bf:16:f4:e6:fe:
         96:ef:44:28:56:8a:94:b0:c3:3c:b3:9b:ef:38:84:e9:97:3d:
         9c:81:da:71
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZwE8QXht54Qgs4TNe42OzxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYTlmZmZhZjA5MjQ5YjIwY2Y3ZjU2N2MzY2NiOTk1OGI0
ZjMxMTAwHhcNMjYwMTI4MTQxMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWI2MzU5MjIwOWJiN2Y0NDIwNDNjYTgzZGU2ZmExYWRmYWI3ZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYM9n51DardA2bGMQm596FdrGEAv
mcaMq5CBf58Uo3v+tmUZen90RMH608WDMPqHphMPna3QbmrdjFp1SN8SocNZm3Vh
KG3Ei7FGKXdFoX1DZKeBDnCI9fUxKwsuMe2BDp/3HODwuOJVNXfPNlBPfv9gmvHS
8WL3oojYL7oCp/2zEDoicBN1WphR8dVDy3ccz6nIQ2Hwg8EMVu1MciUs3H8/D5Vv
r7298y3eep0U6GsrQHZuJIy+DS85+FiWb3pL8a1nrUrTl6EieepR3YWDuNbUlUby
wo0Sv66dMNEnUMpctzw+2KNaLTR4ea1xyOQ0L/VF6U9Pxz/gYimN4wc1xwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM62NZIgm7f0QgQ8qD3m+hrfq31yMB8GA1UdIwQY
MBaAFF6p//rwkkmyDPf1Z8PMuZWLTzEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHFuXy12Q1NTYklNOV9Wbnc4eTVsWXRQTVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82MWVkNDItZjcyMi00YmEwLWJkODkt
YjU0OWZmYTA0MDQ2LzEvenJZMWtpQ2J0X1JDQkR5b1BlYjZHdC1yZlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82MWVkNDItZjcyMi00YmEwLWJkODktYjU0OWZmYTA0MDQ2
LzEvWHFuXy12Q1NTYklNOV9Wbnc4eTVsWXRQTVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQATV/aMA0E
AgACMAcDBQMqBZjAMA0GCSqGSIb3DQEBCwUAA4IBAQCDmP3HaNzZ+JboSIlQNw+7
ppBEnEsMAjz28tKGgG6izSTu3qQGUipJUwwcq4Y2qCLZTu+HEXHAoDTTFcpqJLlA
SsOi2t/vzMN80LJQgCuWuPmRLV8ojfeIupCGqi6yKK7YeIGsLw9qlgJt9350ueio
zsxi3+9FbeG3GoogSKCBGttERAWsMkdY7mAcMJXGs9stedlULRrjwJRwOnbQAAGm
OdHI30izq7WhHEAuf8k/FXAIfH/qPuYY2A53mUEtyFSXx9Z0otecBwR4jQaM04AV
S2Z2CrDEs25ocgiDBbDyMENE3kSzvxb05v6W70QoVoqUsMM8s5vvOITplz2cgdpx
-----END CERTIFICATE-----