Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/anhbdbW2BKr13LtvDNh8IMXtKME.roa
File:                     anhbdbW2BKr13LtvDNh8IMXtKME.roa (raw, json)
Hash identifier:          IvANWWq/RPUPNEwnIgNxi7AAT4rrjYWYXt7Gd02vmwc=
Subject key identifier:   6A:78:5B:75:B5:B6:04:AA:F5:DC:BB:6F:0C:D8:7C:20:C5:ED:28:C1
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       019DF8A31B69D6AE9A4810755DB02E548F0D
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/anhbdbW2BKr13LtvDNh8IMXtKME.roa
Signing time:             Tue 05 May 2026 14:55:32 +0000
ROA not before:           Tue 05 May 2026 14:55:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203273
IP address blocks:        77.221.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:a3:1b:69:d6:ae:9a:48:10:75:5d:b0:2e:54:8f:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: May  5 14:55:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a785b75b5b604aaf5dcbb6f0cd87c20c5ed28c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:85:b4:77:ae:dc:c8:1e:14:af:8c:0a:e5:88:
                    13:62:fc:ba:15:7c:94:14:e7:07:36:5f:44:af:d3:
                    d8:8e:75:5d:9e:99:9a:de:8d:04:05:79:de:b5:b5:
                    c5:f2:c7:8d:0b:84:c0:29:58:30:0a:74:a7:5b:ca:
                    ec:9f:e6:f3:ea:c6:bf:8d:fc:4a:37:c5:42:3b:4e:
                    78:25:c3:4c:4f:63:7c:94:41:ca:46:f4:ee:e8:2b:
                    87:87:26:5b:12:e7:19:a0:0e:78:7a:35:76:3e:e0:
                    e5:27:8a:bb:05:ef:b4:37:40:6b:3a:97:d0:5a:16:
                    e3:cf:d9:8f:36:e5:46:28:27:89:03:c4:6c:76:35:
                    04:cc:cc:86:c2:bd:87:ff:1d:b1:ee:95:4f:54:09:
                    13:12:4a:6f:76:5a:9f:4d:0c:b2:f8:d6:ca:d6:80:
                    a8:dc:8b:62:5d:9a:a1:73:2b:4b:51:fb:8f:9c:a2:
                    eb:f1:cb:4f:ed:7f:bf:0a:f5:47:77:8d:0b:81:70:
                    45:f8:45:d3:1a:0c:65:9c:36:d2:a2:d1:82:8d:e3:
                    c1:54:62:28:6a:09:76:8c:c1:bb:d4:b5:5a:3f:1f:
                    f8:1c:1b:5d:9b:95:0b:70:bf:28:3f:bd:36:53:f3:
                    9f:4d:d7:1f:6f:68:e3:fc:29:4f:7f:28:fe:60:b6:
                    e2:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:78:5B:75:B5:B6:04:AA:F5:DC:BB:6F:0C:D8:7C:20:C5:ED:28:C1
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/anhbdbW2BKr13LtvDNh8IMXtKME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:44:87:c0:97:a4:4f:d1:a1:c9:e7:32:1b:0a:6f:5b:2c:c2:
         71:90:43:2c:54:c5:5b:b6:6b:77:05:27:df:11:07:a1:18:87:
         24:58:cc:97:bb:0c:55:b3:12:80:93:ac:29:ec:f3:93:32:e0:
         9b:ec:12:c5:c0:78:e7:49:db:9f:69:ba:a9:e7:cf:80:12:62:
         fc:7b:38:51:34:3c:51:d6:ff:2f:c1:f5:f1:86:a5:7f:26:db:
         1c:8e:52:a4:66:e3:f5:89:03:72:64:11:7d:0d:92:7a:a3:3a:
         36:2b:3a:0b:16:45:61:ad:4b:35:69:4d:ef:31:34:df:ad:0f:
         f8:74:46:b2:ea:6b:9f:2c:43:da:b5:c8:67:19:fe:17:a3:01:
         95:17:cf:62:a6:6b:50:69:c4:46:4e:6b:97:d3:5c:34:52:90:
         36:65:f3:94:2d:58:af:d8:8a:1d:6a:ee:f0:d2:99:59:3e:9e:
         00:c1:16:ad:b7:3c:ba:f3:e1:55:59:30:5c:34:c2:57:83:09:
         00:9d:e7:3d:ed:10:e4:0f:4a:47:f9:6a:6c:a0:af:eb:c1:53:
         fe:9d:3c:06:90:3e:5b:a4:d0:68:dd:e3:bd:26:dc:b3:31:0d:
         3c:8f:8c:6a:9d:8d:e3:31:65:08:44:65:5d:b4:7f:2f:29:e8:
         d0:5c:ad:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ34oxtp1q6aSBB1XbAuVI8NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjYwNTA1MTQ1NTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTc4NWI3NWI1YjYwNGFhZjVkY2JiNmYwY2Q4N2MyMGM1ZWQyOGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroW0d67cyB4Ur4wK5YgTYvy6FXyU
FOcHNl9Er9PYjnVdnpma3o0EBXnetbXF8seNC4TAKVgwCnSnW8rsn+bz6sa/jfxK
N8VCO054JcNMT2N8lEHKRvTu6CuHhyZbEucZoA54ejV2PuDlJ4q7Be+0N0BrOpfQ
Whbjz9mPNuVGKCeJA8RsdjUEzMyGwr2H/x2x7pVPVAkTEkpvdlqfTQyy+NbK1oCo
3ItiXZqhcytLUfuPnKLr8ctP7X+/CvVHd40LgXBF+EXTGgxlnDbSotGCjePBVGIo
agl2jMG71LVaPx/4HBtdm5ULcL8oP702U/OfTdcfb2jj/ClPfyj+YLbi/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGp4W3W1tgSq9dy7bwzYfCDF7SjBMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvYW5oYmRiVzJCS3IxM0x0dkROaDhJTVh0S01FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATd2VMA0G
CSqGSIb3DQEBCwUAA4IBAQCHRIfAl6RP0aHJ5zIbCm9bLMJxkEMsVMVbtmt3BSff
EQehGIckWMyXuwxVsxKAk6wp7POTMuCb7BLFwHjnSdufabqp58+AEmL8ezhRNDxR
1v8vwfXxhqV/JtscjlKkZuP1iQNyZBF9DZJ6ozo2KzoLFkVhrUs1aU3vMTTfrQ/4
dEay6mufLEPatchnGf4XowGVF89ipmtQacRGTmuX01w0UpA2ZfOULViv2Iodau7w
0plZPp4AwRattzy68+FVWTBcNMJXgwkAnec97RDkD0pH+WpsoK/rwVP+nTwGkD5b
pNBo3eO9JtyzMQ08j4xqnY3jMWUIRGVdtH8vKejQXK2p
-----END CERTIFICATE-----