Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/_VHpXcuxCNgWVUFdEL6JjYzFdvc.roa
File:                     _VHpXcuxCNgWVUFdEL6JjYzFdvc.roa (raw, json)
Hash identifier:          egMfawhK+jcJ0v0KX4LlR7Y7XWXtaJR0Baa6miCKt6s=
Subject key identifier:   FD:51:E9:5D:CB:B1:08:D8:16:55:41:5D:10:BE:89:8D:8C:C5:76:F7
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       019CFB4949935A2249B0A6D82DA3D2B3167D
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/_VHpXcuxCNgWVUFdEL6JjYzFdvc.roa
Signing time:             Tue 17 Mar 2026 10:13:30 +0000
ROA not before:           Tue 17 Mar 2026 10:13:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54339
IP address blocks:        77.47.180.0/22 maxlen: 24
                          212.111.211.0/24 maxlen: 24
                          212.111.218.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:49:49:93:5a:22:49:b0:a6:d8:2d:a3:d2:b3:16:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Mar 17 10:13:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd51e95dcbb108d81655415d10be898d8cc576f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:59:6e:ee:22:24:59:2e:27:42:fa:dd:cf:05:
                    f9:86:fb:38:1e:28:58:0b:33:38:43:6d:11:aa:0e:
                    51:3a:fb:a9:ba:aa:23:ee:f2:7f:84:08:e9:54:d6:
                    ea:3f:51:d9:e2:95:d0:0e:a6:5c:bd:21:ec:06:c6:
                    c5:0b:d4:02:f8:d9:e4:03:98:25:90:4d:31:0a:24:
                    f2:ce:8f:c7:d3:8d:83:c1:c4:e9:38:d4:36:28:38:
                    e9:ac:9b:09:07:f8:0e:6e:ae:ba:74:f9:7f:7f:98:
                    e9:92:f0:66:a5:fa:8b:61:46:db:f9:51:69:44:da:
                    34:2a:48:c0:69:d6:e1:76:d5:ea:9d:54:3e:a5:28:
                    c9:31:5f:bc:f2:3d:5d:ba:8c:2d:9a:12:c0:7c:42:
                    45:86:b2:f3:8f:21:5c:2b:f0:5d:46:0b:00:f9:b8:
                    73:82:7e:e1:17:ae:3f:d4:76:ab:fd:24:c0:e7:bc:
                    2b:04:db:68:a4:ba:58:7e:36:b4:00:c1:c6:37:b5:
                    ec:53:49:fa:a1:6a:e1:e1:d6:7e:02:cc:5e:85:0b:
                    b3:0e:dc:ff:d4:df:e9:63:ae:f3:6c:dc:f5:55:72:
                    3b:9d:4e:54:a9:29:0c:ed:c6:c5:79:ac:7c:c0:f7:
                    09:13:07:3a:dd:71:70:ad:76:b0:4f:39:9b:64:6c:
                    87:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:51:E9:5D:CB:B1:08:D8:16:55:41:5D:10:BE:89:8D:8C:C5:76:F7
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/_VHpXcuxCNgWVUFdEL6JjYzFdvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.180.0/22
                  212.111.211.0/24
                  212.111.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:8d:c8:35:cc:9d:b4:cd:c9:c6:3a:15:06:d1:55:a1:19:44:
         d6:94:f4:44:0f:7e:c1:58:b5:5d:15:38:7b:d5:4f:fd:f3:0d:
         aa:64:28:92:1f:81:fa:2c:93:d4:e3:5a:19:84:6f:be:5c:5a:
         39:87:38:ad:a6:df:8f:f0:af:f7:e6:73:09:d1:e4:b6:c6:77:
         0b:50:0c:1b:f9:61:4d:e0:44:33:03:09:19:97:7b:5a:80:1d:
         df:b0:3e:a5:5a:6d:42:9b:44:8b:6c:8d:44:95:2d:11:c7:de:
         53:81:fc:fc:bc:17:6f:89:15:98:83:3c:85:2e:0d:ea:aa:e0:
         ec:c3:b2:b7:be:81:8f:8b:1e:23:5c:cd:04:71:c1:d7:df:a5:
         fe:75:83:80:e5:64:e1:c9:d2:f7:24:02:d8:25:6e:c1:46:69:
         b4:c8:2e:f2:5f:45:b0:a8:e5:89:4c:95:66:bd:de:14:6f:68:
         9f:3e:90:95:c5:1e:ac:43:60:06:cc:18:a2:79:af:d7:57:fd:
         9c:a1:c3:5e:69:d7:ce:73:40:7e:f0:0c:26:4f:6b:71:05:9b:
         f4:b6:7e:9e:a9:e3:f4:9a:88:67:fd:67:c2:3c:64:89:db:97:
         6c:2c:dc:30:ed:70:40:e2:6e:19:a7:8a:d4:7a:14:d1:49:4c:
         9c:c5:f7:d8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZz7SUmTWiJJsKbYLaPSsxZ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjYwMzE3MTAxMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDUxZTk1ZGNiYjEwOGQ4MTY1NTQxNWQxMGJlODk4ZDhjYzU3NmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Flu7iIkWS4nQvrdzwX5hvs4HihY
CzM4Q20Rqg5ROvupuqoj7vJ/hAjpVNbqP1HZ4pXQDqZcvSHsBsbFC9QC+NnkA5gl
kE0xCiTyzo/H042DwcTpONQ2KDjprJsJB/gObq66dPl/f5jpkvBmpfqLYUbb+VFp
RNo0KkjAadbhdtXqnVQ+pSjJMV+88j1duowtmhLAfEJFhrLzjyFcK/BdRgsA+bhz
gn7hF64/1Har/STA57wrBNtopLpYfja0AMHGN7XsU0n6oWrh4dZ+AsxehQuzDtz/
1N/pY67zbNz1VXI7nU5UqSkM7cbFeax8wPcJEwc63XFwrXawTzmbZGyHcwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP1R6V3LsQjYFlVBXRC+iY2MxXb3MB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvX1ZIcFhjdXhDTmdXVlVGZEVMNkpqWXpGZHZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCTS+0AwQA
1G/TAwQB1G/aMA0GCSqGSIb3DQEBCwUAA4IBAQBLjcg1zJ20zcnGOhUG0VWhGUTW
lPRED37BWLVdFTh71U/98w2qZCiSH4H6LJPU41oZhG++XFo5hzitpt+P8K/35nMJ
0eS2xncLUAwb+WFN4EQzAwkZl3tagB3fsD6lWm1Cm0SLbI1ElS0Rx95Tgfz8vBdv
iRWYgzyFLg3qquDsw7K3voGPix4jXM0EccHX36X+dYOA5WThydL3JALYJW7BRmm0
yC7yX0WwqOWJTJVmvd4Ub2ifPpCVxR6sQ2AGzBiiea/XV/2cocNeadfOc0B+8Awm
T2txBZv0tn6eqeP0mohn/WfCPGSJ25dsLNww7XBA4m4Zp4rUehTRSUycxffY
-----END CERTIFICATE-----