Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/qk4P-ShbIUszUZ3eawMDtsRg7tc.roa
File:                     qk4P-ShbIUszUZ3eawMDtsRg7tc.roa (raw, json)
Hash identifier:          +N2IDtopIma7I39gXcMi4uOgHoRzGLXkf14n2SLetxs=
Subject key identifier:   AA:4E:0F:F9:28:5B:21:4B:33:51:9D:DE:6B:03:03:B6:C4:60:EE:D7
Certificate issuer:       /CN=7df904ab14066c7a9fe61a521d5492a0e52965ca
Certificate serial:       019DF4A5A34D7E0BF1878F6B12FD28A9DDFB
Authority key identifier: 7D:F9:04:AB:14:06:6C:7A:9F:E6:1A:52:1D:54:92:A0:E5:29:65:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/qk4P-ShbIUszUZ3eawMDtsRg7tc.roa
Signing time:             Mon 04 May 2026 20:19:49 +0000
ROA not before:           Mon 04 May 2026 20:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61597
IP address blocks:        77.111.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f4:a5:a3:4d:7e:0b:f1:87:8f:6b:12:fd:28:a9:dd:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df904ab14066c7a9fe61a521d5492a0e52965ca
        Validity
            Not Before: May  4 20:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa4e0ff9285b214b33519dde6b0303b6c460eed7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a5:b3:33:1d:06:12:dc:26:3b:01:62:7e:4d:
                    a9:fc:b3:ba:9d:0a:2b:e3:2b:ca:5f:98:a6:00:58:
                    26:94:6e:8f:a6:c7:98:dd:4b:2e:ab:c0:a4:37:88:
                    79:f3:a0:4a:fb:bf:c1:cc:39:55:ce:bf:14:27:08:
                    63:bb:76:df:c8:fa:7f:bc:4c:c4:f9:a8:08:e0:31:
                    1d:27:aa:9a:d8:46:a2:9a:06:35:94:47:8c:6b:30:
                    85:91:a7:93:4a:cc:cc:57:d2:fe:33:d9:df:dd:65:
                    9a:77:02:fc:94:b2:2c:13:a1:14:df:c6:1d:18:66:
                    0f:33:ec:a3:6c:56:40:15:4a:3a:86:81:11:0a:22:
                    20:a2:54:36:02:c9:b9:10:f6:f3:78:5c:28:ed:b2:
                    e4:00:47:f6:79:d6:3b:7f:af:6b:dd:25:bf:06:5a:
                    9a:2e:e1:10:55:5d:62:1a:66:17:02:09:3d:e8:64:
                    3e:23:84:88:8f:06:3a:87:17:aa:eb:0b:94:8e:30:
                    65:1c:5f:35:60:ca:3b:1d:c0:0c:66:5b:aa:06:cf:
                    bd:6d:03:9c:5c:9f:11:24:ce:48:99:4e:c1:2c:2a:
                    89:96:be:3f:b6:b3:9c:55:63:03:9c:a8:19:6a:03:
                    e9:bc:1c:36:a2:c0:df:69:4c:20:ac:a2:f9:dd:19:
                    67:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:4E:0F:F9:28:5B:21:4B:33:51:9D:DE:6B:03:03:B6:C4:60:EE:D7
            X509v3 Authority Key Identifier:
                keyid:7D:F9:04:AB:14:06:6C:7A:9F:E6:1A:52:1D:54:92:A0:E5:29:65:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/qk4P-ShbIUszUZ3eawMDtsRg7tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:c9:3e:73:fe:1a:9d:ec:a2:c5:3c:c1:83:c8:ca:2f:6c:d2:
         52:44:90:53:32:c0:d4:c9:e4:5b:a2:60:68:e3:9d:2e:83:d6:
         67:88:cd:12:a7:13:dc:5f:c5:9b:2a:fb:f3:dc:00:04:bb:df:
         5b:b7:89:5c:ee:2a:9e:40:30:9e:b2:79:fe:18:1a:87:01:bf:
         52:b8:f0:91:4c:d4:eb:48:92:4a:77:92:41:fc:70:ec:a6:7b:
         0c:b6:97:fa:44:20:92:17:53:17:dc:ef:15:6a:d9:df:0a:ab:
         8b:66:62:19:71:eb:e7:e4:3f:4a:fb:1b:20:c7:de:31:fd:81:
         9d:7d:6e:82:03:7f:9c:f9:e7:be:c1:c2:e4:e3:04:6b:63:15:
         8a:c7:bf:8d:7d:1b:a0:20:b6:96:c9:41:7b:70:e1:0f:94:95:
         35:5e:2e:00:7d:c7:b3:5b:13:d8:c3:f1:3b:99:fa:5d:b0:d7:
         9e:ee:7c:0d:fb:a5:1f:23:3d:5e:8d:c6:17:b3:72:bb:3f:6b:
         53:1c:6c:18:7e:b5:6c:c6:3d:03:60:ad:42:1a:69:2b:b8:34:
         a8:87:ba:17:ad:1d:9c:64:d3:bd:6d:7f:a0:c3:67:db:fa:95:
         a4:eb:a6:e2:7a:27:e3:63:1e:44:30:cb:9b:ec:60:2a:7f:8d:
         3c:f4:96:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ30paNNfgvxh49rEv0oqd37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjkwNGFiMTQwNjZjN2E5ZmU2MWE1MjFkNTQ5MmEwZTUy
OTY1Y2EwHhcNMjYwNTA0MjAxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTRlMGZmOTI4NWIyMTRiMzM1MTlkZGU2YjAzMDNiNmM0NjBlZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6WzMx0GEtwmOwFifk2p/LO6nQor
4yvKX5imAFgmlG6PpseY3Usuq8CkN4h586BK+7/BzDlVzr8UJwhju3bfyPp/vEzE
+agI4DEdJ6qa2EaimgY1lEeMazCFkaeTSszMV9L+M9nf3WWadwL8lLIsE6EU38Yd
GGYPM+yjbFZAFUo6hoERCiIgolQ2Asm5EPbzeFwo7bLkAEf2edY7f69r3SW/Blqa
LuEQVV1iGmYXAgk96GQ+I4SIjwY6hxeq6wuUjjBlHF81YMo7HcAMZluqBs+9bQOc
XJ8RJM5ImU7BLCqJlr4/trOcVWMDnKgZagPpvBw2osDfaUwgrKL53RlnXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpOD/koWyFLM1Gd3msDA7bEYO7XMB8GA1UdIwQY
MBaAFH35BKsUBmx6n+YaUh1UkqDlKWXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZrRXF4UUdiSHFmNWhwU0hWU1NvT1VwWmNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS81M2ZiMzQtMjVkYi00Njg0LTk4NGYt
M2I0NDVmMjlmNWI3LzEvcWs0UC1TaGJJVXN6VVozZWF3TUR0c1JnN3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS81M2ZiMzQtMjVkYi00Njg0LTk4NGYtM2I0NDVmMjlmNWI3
LzEvZmZrRXF4UUdiSHFmNWhwU0hWU1NvT1VwWmNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTW9UMA0G
CSqGSIb3DQEBCwUAA4IBAQBsyT5z/hqd7KLFPMGDyMovbNJSRJBTMsDUyeRbomBo
450ug9ZniM0SpxPcX8WbKvvz3AAEu99bt4lc7iqeQDCesnn+GBqHAb9SuPCRTNTr
SJJKd5JB/HDspnsMtpf6RCCSF1MX3O8VatnfCquLZmIZcevn5D9K+xsgx94x/YGd
fW6CA3+c+ee+wcLk4wRrYxWKx7+NfRugILaWyUF7cOEPlJU1Xi4AfcezWxPYw/E7
mfpdsNee7nwN+6UfIz1ejcYXs3K7P2tTHGwYfrVsxj0DYK1CGmkruDSoh7oXrR2c
ZNO9bX+gw2fb+pWk66bieifjYx5EMMub7GAqf4089JZ7
-----END CERTIFICATE-----