Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/a--bYgGL-XVIoB4j9s2ZcaOhHQE.roa
File:                     a--bYgGL-XVIoB4j9s2ZcaOhHQE.roa (raw, json)
Hash identifier:          Ve3i2f1MUbm0uzhDZGK/VqGiEifq40uI/vozbJbHVjw=
Subject key identifier:   6B:EF:9B:62:01:8B:F9:75:48:A0:1E:23:F6:CD:99:71:A3:A1:1D:01
Certificate issuer:       /CN=e8bd26dce48161c7fbf9ff67b907f1e605c25a66
Certificate serial:       019CD72CEAB617A8BFE9EB305222DDECDF73
Authority key identifier: E8:BD:26:DC:E4:81:61:C7:FB:F9:FF:67:B9:07:F1:E6:05:C2:5A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/a--bYgGL-XVIoB4j9s2ZcaOhHQE.roa
Signing time:             Tue 10 Mar 2026 09:56:10 +0000
ROA not before:           Tue 10 Mar 2026 09:56:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35133
IP address blocks:        77.73.114.0/24 maxlen: 24
                          217.18.95.0/24 maxlen: 32
                          2a07:5500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:2c:ea:b6:17:a8:bf:e9:eb:30:52:22:dd:ec:df:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8bd26dce48161c7fbf9ff67b907f1e605c25a66
        Validity
            Not Before: Mar 10 09:56:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bef9b62018bf97548a01e23f6cd9971a3a11d01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:d6:b9:f1:4f:80:3c:58:45:51:e8:f2:a9:00:
                    10:c8:f5:83:36:3f:b1:5e:08:e7:32:e6:8f:69:9c:
                    07:0b:e2:c5:56:eb:88:c8:e8:b5:60:c2:0e:ee:e1:
                    83:fb:08:2a:cc:e7:9b:3d:9b:0b:0f:7b:d2:69:e2:
                    88:58:60:77:65:34:9f:c8:a1:cc:84:8e:94:57:ef:
                    5c:ed:65:c8:06:2d:39:ef:76:50:ed:77:07:3f:90:
                    20:5e:b6:53:44:7b:8b:e3:c0:83:63:37:14:2a:aa:
                    d6:31:2f:a9:9e:24:a7:72:89:37:a2:2d:5f:68:a9:
                    b2:6c:52:c5:eb:b0:8d:30:01:53:f5:54:18:2d:f6:
                    42:9b:d0:9d:e3:ca:eb:b6:47:ac:13:23:fc:b7:d1:
                    f6:d4:69:30:da:2e:3a:e7:c8:dc:a9:11:18:3d:d5:
                    a9:ab:0c:5f:f9:a0:91:f1:c7:c0:cf:2b:b4:e5:a8:
                    7d:71:c9:7e:dc:6a:eb:53:eb:f0:03:56:09:c2:a2:
                    76:69:6b:c2:69:5d:e8:ff:63:be:39:0f:d6:bf:41:
                    93:d6:16:da:30:44:03:79:f9:64:a6:fd:ca:95:45:
                    83:5d:63:15:9d:de:85:cf:d7:7f:b8:30:84:ae:aa:
                    f6:a5:e3:0f:6d:d1:f8:c6:d8:cd:c8:0b:c9:44:5f:
                    05:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:EF:9B:62:01:8B:F9:75:48:A0:1E:23:F6:CD:99:71:A3:A1:1D:01
            X509v3 Authority Key Identifier:
                keyid:E8:BD:26:DC:E4:81:61:C7:FB:F9:FF:67:B9:07:F1:E6:05:C2:5A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/a--bYgGL-XVIoB4j9s2ZcaOhHQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.114.0/24
                  217.18.95.0/24
                IPv6:
                  2a07:5500::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:25:c7:47:22:bc:49:9a:3d:cc:e9:f7:52:b0:75:fa:6b:6e:
         c9:c7:a4:07:65:a5:68:15:6a:98:7d:d2:f7:42:31:70:62:e5:
         5f:ab:48:9d:d7:1c:b9:ca:05:6a:ce:c6:c7:ad:a6:73:c6:49:
         44:a1:38:eb:fa:1c:f8:93:4b:1c:dc:d5:a4:1d:d8:e4:2f:64:
         af:a1:d0:e1:a0:81:df:7d:09:e2:61:42:58:18:01:ae:b2:07:
         e4:3e:7a:bc:50:3f:a7:36:08:f5:69:f4:61:e0:43:e3:95:46:
         d6:0a:1f:7e:c9:8e:2f:70:b5:bb:fc:a0:64:f9:95:87:ef:65:
         7d:51:92:ac:2c:e8:50:cd:b3:de:2d:8c:e7:b1:bb:41:53:35:
         a5:0f:24:a2:ef:00:00:29:2d:58:b4:39:3d:d8:21:ae:94:7e:
         3a:67:a8:c5:f9:aa:51:d4:b3:aa:ff:25:83:5e:64:4c:9f:5c:
         1b:0f:09:d6:11:31:4f:c1:61:b7:cd:9b:19:9d:ab:dd:bd:fa:
         04:31:98:f2:55:e1:30:b1:31:bb:5d:67:16:2f:d4:4b:cf:f2:
         bd:f4:c1:3b:8b:fd:9f:8c:b9:1f:63:2b:d7:f6:bf:fc:82:7e:
         d8:dc:b8:7e:58:00:c2:b7:94:ee:11:81:d2:0a:9c:41:d4:36:
         09:38:3b:88
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZzXLOq2F6i/6eswUiLd7N9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YmQyNmRjZTQ4MTYxYzdmYmY5ZmY2N2I5MDdmMWU2MDVj
MjVhNjYwHhcNMjYwMzEwMDk1NjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmVmOWI2MjAxOGJmOTc1NDhhMDFlMjNmNmNkOTk3MWEzYTExZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59a58U+APFhFUejyqQAQyPWDNj+x
XgjnMuaPaZwHC+LFVuuIyOi1YMIO7uGD+wgqzOebPZsLD3vSaeKIWGB3ZTSfyKHM
hI6UV+9c7WXIBi0573ZQ7XcHP5AgXrZTRHuL48CDYzcUKqrWMS+pniSncok3oi1f
aKmybFLF67CNMAFT9VQYLfZCm9Cd48rrtkesEyP8t9H21Gkw2i4658jcqREYPdWp
qwxf+aCR8cfAzyu05ah9ccl+3GrrU+vwA1YJwqJ2aWvCaV3o/2O+OQ/Wv0GT1hba
MEQDeflkpv3KlUWDXWMVnd6Fz9d/uDCErqr2peMPbdH4xtjNyAvJRF8FmwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGvvm2IBi/l1SKAeI/bNmXGjoR0BMB8GA1UdIwQY
MBaAFOi9JtzkgWHH+/n/Z7kH8eYFwlpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkwwbTNPU0JZY2Y3LWY5bnVRZng1Z1hDV21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iZDljYTgtMTc5Yi00MzIyLWEwOTQt
NTBkZDNhNTgxNTRiLzEvYS0tYllnR0wtWFZJb0I0ajlzMlpjYU9oSFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iZDljYTgtMTc5Yi00MzIyLWEwOTQtNTBkZDNhNTgxNTRi
LzEvNkwwbTNPU0JZY2Y3LWY5bnVRZng1Z1hDV21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQATUlyAwQA
2RJfMA0EAgACMAcDBQMqB1UAMA0GCSqGSIb3DQEBCwUAA4IBAQAeJcdHIrxJmj3M
6fdSsHX6a27Jx6QHZaVoFWqYfdL3QjFwYuVfq0id1xy5ygVqzsbHraZzxklEoTjr
+hz4k0sc3NWkHdjkL2SvodDhoIHffQniYUJYGAGusgfkPnq8UD+nNgj1afRh4EPj
lUbWCh9+yY4vcLW7/KBk+ZWH72V9UZKsLOhQzbPeLYznsbtBUzWlDySi7wAAKS1Y
tDk92CGulH46Z6jF+apR1LOq/yWDXmRMn1wbDwnWETFPwWG3zZsZnavdvfoEMZjy
VeEwsTG7XWcWL9RLz/K99ME7i/2fjLkfYyvX9r/8gn7Y3Lh+WADCt5TuEYHSCpxB
1DYJODuI
-----END CERTIFICATE-----