Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/drScQuu8h2g_2se7dOHArknd4Ds.roa
File:                     drScQuu8h2g_2se7dOHArknd4Ds.roa (raw, json)
Hash identifier:          fUimuz4hJDq1Gab0dPaysUI05hg+xTKYKa8TOAWvSRc=
Subject key identifier:   76:B4:9C:42:EB:BC:87:68:3F:DA:C7:BB:74:E1:C0:AE:49:DD:E0:3B
Certificate issuer:       /CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
Certificate serial:       019D175B41A16E493706BE4BAF7B7F33DB48
Authority key identifier: D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/drScQuu8h2g_2se7dOHArknd4Ds.roa
Signing time:             Sun 22 Mar 2026 21:02:29 +0000
ROA not before:           Sun 22 Mar 2026 21:02:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55154
IP address blocks:        77.110.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:17:5b:41:a1:6e:49:37:06:be:4b:af:7b:7f:33:db:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
        Validity
            Not Before: Mar 22 21:02:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76b49c42ebbc87683fdac7bb74e1c0ae49dde03b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:11:af:c8:bd:ba:8b:66:6f:68:50:1d:ec:d6:
                    51:f7:5f:a8:59:65:66:96:6c:21:9d:3c:18:65:5b:
                    13:be:6f:77:ed:69:f9:72:a4:46:bc:e3:14:b8:67:
                    6b:c1:00:43:12:7d:8b:99:9c:f1:56:b2:0e:be:86:
                    b6:4e:c3:99:c7:0c:81:35:17:9a:02:16:23:47:7e:
                    83:d7:e3:b7:5f:00:ea:51:a9:5f:19:e8:f0:c6:7f:
                    27:f6:6c:37:74:f2:56:84:10:d3:27:cc:14:48:42:
                    0b:6b:89:c3:13:54:53:1b:3b:9b:43:df:df:14:c5:
                    b5:59:09:4a:e9:fa:47:b8:01:8e:4c:74:83:d9:42:
                    ac:db:fa:c6:33:f5:82:8a:46:41:aa:37:61:db:cb:
                    a3:49:8d:f9:7c:ab:63:8e:e7:78:d0:c3:29:fe:f6:
                    a1:cd:f2:29:ee:ac:89:85:08:1b:39:f9:13:bf:c1:
                    3b:6c:d3:07:f2:a4:89:5f:c7:60:b9:48:74:59:78:
                    b2:7e:6a:e2:7e:ff:63:de:81:a1:dc:64:7f:b4:f3:
                    93:90:e2:62:2e:f4:e7:a3:33:4f:9b:fa:47:59:0e:
                    7d:f0:d0:19:1e:73:03:d4:a0:f5:af:0b:65:88:cb:
                    0f:ba:18:e3:49:ec:69:0e:b4:6b:c6:ce:06:cb:4f:
                    e0:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:B4:9C:42:EB:BC:87:68:3F:DA:C7:BB:74:E1:C0:AE:49:DD:E0:3B
            X509v3 Authority Key Identifier:
                keyid:D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/drScQuu8h2g_2se7dOHArknd4Ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.110.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:5f:76:89:09:cf:ad:d9:fc:ef:1c:36:7b:9d:7f:88:91:6d:
         fd:f9:bb:ec:d4:25:2d:39:2d:b3:fc:7e:52:4f:98:26:fa:13:
         dc:07:14:85:4c:7e:77:6b:d5:de:c4:6d:b4:86:20:b1:4b:d3:
         ea:c6:1f:41:64:39:c8:37:31:c2:46:0d:b9:fa:42:b7:bd:46:
         5e:9f:f1:02:5f:87:d2:14:a3:84:41:55:12:43:3a:d5:15:f4:
         e5:55:46:e7:2b:72:16:7f:16:f8:9f:9a:27:85:37:49:31:27:
         31:6d:41:2c:87:63:5b:e1:8d:50:c6:59:6b:b4:64:0d:f8:51:
         a7:98:7a:b2:4b:f1:bb:86:02:95:7d:38:35:54:1b:5c:79:05:
         9e:12:7c:a3:ce:d0:f1:ec:33:e0:5c:ce:a1:d9:ce:e9:f8:25:
         8f:fa:23:07:bd:a2:92:75:a5:ba:30:a8:c0:6b:d5:9e:70:b6:
         fe:b3:e8:28:1e:72:ca:8a:4a:84:7a:f0:b1:95:4b:c3:7c:af:
         ee:5a:09:4f:2a:60:2e:22:cd:38:29:ae:fa:3b:fa:32:e9:23:
         f6:33:ed:fb:18:d9:dd:c9:15:51:55:bd:fe:81:fa:69:5c:45:
         2d:37:27:34:1b:b9:66:b1:fb:6d:28:93:6c:25:f1:c1:1e:d8:
         1c:44:11:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0XW0Ghbkk3Br5Lr3t/M9tIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Y2UyYmYwMDAxY2Q0MzBlOTI3N2ZiMDBlZDFhYmU1MWMw
YjVjN2MwHhcNMjYwMzIyMjEwMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmI0OWM0MmViYmM4NzY4M2ZkYWM3YmI3NGUxYzBhZTQ5ZGRlMDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRGvyL26i2ZvaFAd7NZR91+oWWVm
lmwhnTwYZVsTvm937Wn5cqRGvOMUuGdrwQBDEn2LmZzxVrIOvoa2TsOZxwyBNRea
AhYjR36D1+O3XwDqUalfGejwxn8n9mw3dPJWhBDTJ8wUSEILa4nDE1RTGzubQ9/f
FMW1WQlK6fpHuAGOTHSD2UKs2/rGM/WCikZBqjdh28ujSY35fKtjjud40MMp/vah
zfIp7qyJhQgbOfkTv8E7bNMH8qSJX8dguUh0WXiyfmrifv9j3oGh3GR/tPOTkOJi
LvTnozNPm/pHWQ598NAZHnMD1KD1rwtliMsPuhjjSexpDrRrxs4Gy0/g5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHa0nELrvIdoP9rHu3ThwK5J3eA7MB8GA1UdIwQY
MBaAFNTOK/AAHNQw6Sd/sA7Rq+UcC1x8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEt
MWY1NDMxZTJhNWFmLzEvZHJTY1F1dThoMmdfMnNlN2RPSEFya25kNERzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEtMWY1NDMxZTJhNWFm
LzEvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW5CMA0G
CSqGSIb3DQEBCwUAA4IBAQBYX3aJCc+t2fzvHDZ7nX+IkW39+bvs1CUtOS2z/H5S
T5gm+hPcBxSFTH53a9XexG20hiCxS9Pqxh9BZDnINzHCRg25+kK3vUZen/ECX4fS
FKOEQVUSQzrVFfTlVUbnK3IWfxb4n5onhTdJMScxbUEsh2Nb4Y1QxllrtGQN+FGn
mHqyS/G7hgKVfTg1VBtceQWeEnyjztDx7DPgXM6h2c7p+CWP+iMHvaKSdaW6MKjA
a9WecLb+s+goHnLKikqEevCxlUvDfK/uWglPKmAuIs04Ka76O/oy6SP2M+37GNnd
yRVRVb3+gfppXEUtNyc0G7lmsfttKJNsJfHBHtgcRBGH
-----END CERTIFICATE-----