Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/jGagtRqA9CMwevvOayuvnNz4KwM.roa
File:                     jGagtRqA9CMwevvOayuvnNz4KwM.roa (raw, json)
Hash identifier:          kS54BwGaOwHdhiGggMVmEHB31IpaCOROdvckOMfQt9E=
Subject key identifier:   8C:66:A0:B5:1A:80:F4:23:30:7A:FB:CE:6B:2B:AF:9C:DC:F8:2B:03
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019D17F9A4D5D1F983FE8BA0F24352D70E62
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/jGagtRqA9CMwevvOayuvnNz4KwM.roa
Signing time:             Sun 22 Mar 2026 23:55:29 +0000
ROA not before:           Sun 22 Mar 2026 23:55:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199580
IP address blocks:        2a03:5840:f4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:17:f9:a4:d5:d1:f9:83:fe:8b:a0:f2:43:52:d7:0e:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Mar 22 23:55:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c66a0b51a80f423307afbce6b2baf9cdcf82b03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:58:e3:0f:88:ec:bf:2c:7e:ce:2f:74:d1:95:
                    ab:e3:df:8c:c4:83:cb:e1:0e:e5:4b:a9:c1:83:fc:
                    0c:ef:21:80:d3:af:05:18:cc:bd:a0:3a:9f:60:18:
                    e1:9d:c5:89:47:fc:d4:82:01:9b:5d:ad:cc:f0:c8:
                    35:8d:80:76:fe:8f:c1:23:f4:db:e9:b8:23:4a:73:
                    e9:5a:c6:62:f8:fd:4c:44:b5:27:5d:19:27:5b:1f:
                    e7:d4:c7:e0:4e:07:9b:b9:74:fc:96:01:46:73:54:
                    0a:50:89:7c:a1:6f:04:3f:19:7a:b0:ff:8d:bb:32:
                    c9:26:36:c2:c8:a9:48:f5:a2:23:cc:45:a2:ff:f9:
                    f6:39:09:5b:f7:fa:98:14:d4:90:81:e2:4b:02:1c:
                    d4:76:68:e1:81:e4:62:fb:ad:a5:ab:fd:3b:a5:ab:
                    2f:48:d3:91:69:e1:95:7d:1d:42:a1:14:58:d7:8c:
                    45:91:34:9c:44:a3:00:4d:91:a3:dc:9a:94:81:0e:
                    a0:b9:2a:f2:b6:2a:f7:d4:09:ac:f6:43:cd:0d:a8:
                    e6:3b:1c:b5:18:d2:7a:41:14:3d:58:0a:e1:fd:10:
                    26:77:ad:c9:6b:48:22:f6:6c:f9:82:cb:6b:1f:11:
                    82:e3:2a:a5:3b:02:af:e2:96:25:02:84:99:11:cd:
                    c9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:66:A0:B5:1A:80:F4:23:30:7A:FB:CE:6B:2B:AF:9C:DC:F8:2B:03
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/jGagtRqA9CMwevvOayuvnNz4KwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:a4:d9:28:32:c1:e3:45:ce:1e:79:f2:dd:99:00:da:69:8a:
         bc:13:dc:30:ac:84:63:ca:b9:56:86:68:b7:08:d6:23:1c:fa:
         35:df:5b:e8:1a:4a:93:95:12:7d:c6:55:31:20:54:4d:ea:2e:
         80:38:b5:67:75:49:d4:63:40:98:37:06:bb:84:76:f1:be:12:
         8d:f0:c6:31:e2:37:58:02:98:83:5e:81:36:8e:a4:dc:9d:20:
         ae:d0:58:db:bb:d7:3e:a4:95:a3:ac:50:69:cb:74:6d:eb:05:
         7e:70:4b:30:35:0f:ff:a6:a5:91:ca:d4:ab:a6:0c:bb:ee:94:
         36:31:18:80:7e:db:94:6a:39:68:f7:93:f1:8c:ee:1e:cb:55:
         64:63:6d:27:06:72:56:85:12:1d:dd:cb:0c:7f:b1:86:52:4b:
         97:42:bd:6b:4c:8f:a6:ea:0b:7a:b1:69:2d:86:a1:4f:1b:d8:
         a3:f2:a3:cc:2a:2a:2c:9b:fc:ed:2a:54:88:14:c5:48:91:0c:
         58:b7:cd:22:30:92:99:92:ff:d2:65:60:c6:70:dc:69:f5:c2:
         8e:69:74:69:57:9d:ed:5f:ff:3e:aa:bf:4c:c1:b5:20:a0:b7:
         a0:91:df:22:7c:fc:2d:fc:7b:f5:c2:ca:8c:7a:a0:15:34:df:
         be:c1:c9:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0X+aTV0fmD/oug8kNS1w5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjYwMzIyMjM1NTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzY2YTBiNTFhODBmNDIzMzA3YWZiY2U2YjJiYWY5Y2RjZjgyYjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ljjD4jsvyx+zi900ZWr49+MxIPL
4Q7lS6nBg/wM7yGA068FGMy9oDqfYBjhncWJR/zUggGbXa3M8Mg1jYB2/o/BI/Tb
6bgjSnPpWsZi+P1MRLUnXRknWx/n1MfgTgebuXT8lgFGc1QKUIl8oW8EPxl6sP+N
uzLJJjbCyKlI9aIjzEWi//n2OQlb9/qYFNSQgeJLAhzUdmjhgeRi+62lq/07pasv
SNORaeGVfR1CoRRY14xFkTScRKMATZGj3JqUgQ6guSrytir31Ams9kPNDajmOxy1
GNJ6QRQ9WArh/RAmd63Ja0gi9mz5gstrHxGC4yqlOwKv4pYlAoSZEc3JNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIxmoLUagPQjMHr7zmsrr5zc+CsDMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvakdhZ3RScUE5Q013ZXZ2T2F5dXZuTno0S3dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAD0
MA0GCSqGSIb3DQEBCwUAA4IBAQCVpNkoMsHjRc4eefLdmQDaaYq8E9wwrIRjyrlW
hmi3CNYjHPo131voGkqTlRJ9xlUxIFRN6i6AOLVndUnUY0CYNwa7hHbxvhKN8MYx
4jdYApiDXoE2jqTcnSCu0Fjbu9c+pJWjrFBpy3Rt6wV+cEswNQ//pqWRytSrpgy7
7pQ2MRiAftuUajlo95PxjO4ey1VkY20nBnJWhRId3csMf7GGUkuXQr1rTI+m6gt6
sWkthqFPG9ij8qPMKiosm/ztKlSIFMVIkQxYt80iMJKZkv/SZWDGcNxp9cKOaXRp
V53tX/8+qr9MwbUgoLegkd8ifPwt/Hv1wsqMeqAVNN++wcl5
-----END CERTIFICATE-----