Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Tf9d5yLerE8Exlr6KtWWjWxRxR0.roa
File:                     Tf9d5yLerE8Exlr6KtWWjWxRxR0.roa (raw, json)
Hash identifier:          PvHZ/fcGYKB8h5an6FjN2znZlwFWWCPF04CCZkDvunE=
Subject key identifier:   4D:FF:5D:E7:22:DE:AC:4F:04:C6:5A:FA:2A:D5:96:8D:6C:51:C5:1D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E014BC607766F7388B2885469A757190F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Tf9d5yLerE8Exlr6KtWWjWxRxR0.roa
Signing time:             Thu 07 May 2026 07:16:43 +0000
ROA not before:           Thu 07 May 2026 07:16:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154284
IP address blocks:        77.93.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:4b:c6:07:76:6f:73:88:b2:88:54:69:a7:57:19:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  7 07:16:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4dff5de722deac4f04c65afa2ad5968d6c51c51d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:da:f7:2e:7d:e5:da:79:b1:6b:28:fd:ea:20:
                    a0:05:b4:c8:66:f8:7c:48:28:02:c5:90:4f:40:e8:
                    de:d6:44:67:f0:89:60:8b:ef:c1:cb:63:2d:21:81:
                    08:e0:aa:65:f5:75:f1:7c:0b:93:a4:b8:db:ff:55:
                    bd:5c:89:42:b7:a6:62:ea:83:1a:52:ae:20:34:3a:
                    ec:25:83:ad:13:48:6d:ba:80:1f:a9:06:62:eb:80:
                    04:0f:56:fa:69:91:d3:8c:da:fe:1b:40:f5:e7:9c:
                    c9:26:83:ef:fb:b0:9f:79:75:4f:4b:6a:e7:07:d5:
                    32:4f:7f:9a:f9:8c:a1:0e:80:96:33:df:34:9b:e6:
                    1d:0e:ba:09:9b:d4:4b:71:ba:72:71:09:5b:61:a7:
                    62:96:28:d2:87:4e:e9:22:0f:7b:66:5e:ef:dd:d3:
                    c2:cf:52:ef:03:8e:03:54:a1:7c:9d:5c:7d:0d:a1:
                    3f:3d:35:c4:2d:b8:96:56:d1:20:e0:49:71:14:b4:
                    aa:dc:4f:8e:10:c7:6b:d9:28:36:1b:ea:99:7d:c6:
                    e0:ce:b2:07:41:ee:5c:7c:4f:6c:a5:26:78:3c:b9:
                    d7:77:4e:ad:66:2c:5a:c3:d7:89:2d:7a:e2:26:f5:
                    1a:75:23:25:87:2e:19:84:92:71:22:ca:1b:df:77:
                    ae:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:FF:5D:E7:22:DE:AC:4F:04:C6:5A:FA:2A:D5:96:8D:6C:51:C5:1D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Tf9d5yLerE8Exlr6KtWWjWxRxR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ee:4a:b6:b9:35:ec:72:fd:05:43:13:0b:eb:ac:9c:b0:87:
         ea:8d:73:2d:84:e9:4c:d4:60:6f:de:d7:94:af:b1:2e:ca:90:
         c6:e8:5f:94:30:2f:89:f2:7b:c2:e1:d6:54:cd:ac:04:eb:e4:
         fa:a4:e2:ee:ee:51:23:05:9c:62:b5:67:ed:1b:65:77:a3:36:
         19:71:53:0a:64:4c:22:c5:9b:16:29:e8:c9:6d:18:11:c5:c0:
         d1:fe:e1:48:82:07:33:70:5c:80:eb:da:ed:32:66:57:2d:1f:
         4d:6a:fa:74:58:06:20:76:e2:71:c4:75:15:17:b8:1c:36:72:
         d3:10:a8:c4:38:91:10:fe:13:11:91:91:4e:e6:1c:b0:c3:0c:
         20:63:0f:53:3e:99:64:0e:b5:ec:d6:65:cf:91:1a:6b:af:79:
         e5:23:d7:a6:9b:2e:82:d3:d4:58:94:c7:75:6e:75:1f:39:e2:
         23:c4:52:7b:77:70:bd:b6:b9:a6:24:cb:f9:52:4d:06:3f:2b:
         d7:90:b2:cd:4e:96:16:8f:da:d9:4b:2e:62:f4:78:9b:d9:36:
         78:26:c1:c1:58:87:bd:93:14:5f:05:1e:23:c5:70:55:1a:0f:
         82:96:60:5e:ef:f5:7d:78:93:fa:d9:53:44:95:ae:ad:e9:4b:
         fe:6c:9e:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4BS8YHdm9ziLKIVGmnVxkPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTA3MDcxNjQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGZmNWRlNzIyZGVhYzRmMDRjNjVhZmEyYWQ1OTY4ZDZjNTFjNTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNr3Ln3l2nmxayj96iCgBbTIZvh8
SCgCxZBPQOje1kRn8Ilgi+/By2MtIYEI4Kpl9XXxfAuTpLjb/1W9XIlCt6Zi6oMa
Uq4gNDrsJYOtE0htuoAfqQZi64AED1b6aZHTjNr+G0D155zJJoPv+7CfeXVPS2rn
B9UyT3+a+YyhDoCWM980m+YdDroJm9RLcbpycQlbYadilijSh07pIg97Zl7v3dPC
z1LvA44DVKF8nVx9DaE/PTXELbiWVtEg4ElxFLSq3E+OEMdr2Sg2G+qZfcbgzrIH
Qe5cfE9spSZ4PLnXd06tZixaw9eJLXriJvUadSMlhy4ZhJJxIsob33euiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3/Xeci3qxPBMZa+irVlo1sUcUdMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVGY5ZDV5TGVyRThFeGxyNkt0V1dqV3hSeFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATV2FMA0G
CSqGSIb3DQEBCwUAA4IBAQBc7kq2uTXscv0FQxML66ycsIfqjXMthOlM1GBv3teU
r7EuypDG6F+UMC+J8nvC4dZUzawE6+T6pOLu7lEjBZxitWftG2V3ozYZcVMKZEwi
xZsWKejJbRgRxcDR/uFIggczcFyA69rtMmZXLR9Navp0WAYgduJxxHUVF7gcNnLT
EKjEOJEQ/hMRkZFO5hywwwwgYw9TPplkDrXs1mXPkRprr3nlI9emmy6C09RYlMd1
bnUfOeIjxFJ7d3C9trmmJMv5Uk0GPyvXkLLNTpYWj9rZSy5i9Hib2TZ4JsHBWIe9
kxRfBR4jxXBVGg+ClmBe7/V9eJP62VNEla6t6Uv+bJ78
-----END CERTIFICATE-----