Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/bToR6umJYInit4YmCjsW758Knfc.roa
File:                     bToR6umJYInit4YmCjsW758Knfc.roa (raw, json)
Hash identifier:          37BGec+qdTp+UnRV0AER+V8DA3MB50nkwTf82xMXRJw=
Subject key identifier:   6D:3A:11:EA:E9:89:60:89:E2:B7:86:26:0A:3B:16:EF:9F:0A:9D:F7
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       019CE8323318CA0DBA52549C59BC5EC02518
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/bToR6umJYInit4YmCjsW758Knfc.roa
Signing time:             Fri 13 Mar 2026 17:15:29 +0000
ROA not before:           Fri 13 Mar 2026 17:15:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203054
IP address blocks:        77.246.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e8:32:33:18:ca:0d:ba:52:54:9c:59:bc:5e:c0:25:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Mar 13 17:15:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d3a11eae9896089e2b786260a3b16ef9f0a9df7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:c5:ae:f0:6b:89:30:04:9c:97:be:19:92:48:
                    f6:00:2d:f5:d4:57:4c:93:da:da:81:c8:ca:a4:2f:
                    94:e2:28:e7:83:9f:11:d5:88:4e:a6:7f:d4:d9:6d:
                    f8:ee:ed:18:01:62:32:8f:7a:00:b4:20:83:61:d3:
                    a0:1a:d9:8a:ee:6f:e2:e8:8d:bd:23:b8:ce:33:a0:
                    a2:94:1f:68:c4:f9:ed:1b:21:a2:1c:17:6e:4e:73:
                    2a:6b:d2:e0:61:b1:c4:3c:a1:51:d8:78:e4:2f:ed:
                    2e:3e:6e:2a:18:48:cf:c9:2f:34:d2:49:36:55:fd:
                    92:17:ab:47:c1:90:e8:71:aa:04:3c:78:67:46:9e:
                    a0:04:a5:51:cd:23:cb:52:64:a2:a2:92:9f:22:dd:
                    6e:b9:fd:a2:43:55:21:5f:a2:64:66:f8:8c:76:2f:
                    8c:5d:58:bb:bd:a5:1a:1c:c2:b3:43:33:39:57:91:
                    90:dc:03:ae:f1:10:05:d7:8a:a9:ee:64:f7:48:45:
                    ec:d4:b2:db:de:95:bf:23:22:21:42:f4:fb:5a:64:
                    4d:80:56:8e:96:f7:98:93:3b:d4:da:33:ee:02:d9:
                    ec:1e:42:81:4f:c5:3a:9d:c7:4b:2c:26:8c:91:d9:
                    54:fb:66:cc:d3:f9:b0:6a:df:ef:68:97:b4:41:aa:
                    df:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:3A:11:EA:E9:89:60:89:E2:B7:86:26:0A:3B:16:EF:9F:0A:9D:F7
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/bToR6umJYInit4YmCjsW758Knfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:bf:d6:39:73:b7:f3:80:6b:e9:7f:83:e1:c3:20:5f:73:83:
         69:69:d2:5a:b2:c3:4d:2d:3d:e3:5a:3a:9b:ea:61:2a:a9:b8:
         d6:a9:98:8f:83:93:7c:56:1b:9c:8d:b1:73:2d:da:83:b6:4b:
         e3:bc:8e:82:41:59:b1:1e:56:52:a4:06:ef:ef:b8:cd:ae:44:
         7e:2e:5f:76:d6:ea:c3:f4:3e:67:2a:2a:29:6f:75:8e:3d:5c:
         69:c7:87:14:7e:df:53:3e:09:3d:34:71:64:b2:c3:f4:46:62:
         41:e2:7f:3d:9a:49:82:00:5d:ff:51:25:cf:79:b0:11:d7:d4:
         9b:e1:00:ac:13:e8:bb:41:9f:60:c8:f8:2c:45:dc:f9:fa:05:
         c8:c8:f5:8a:2a:9f:49:26:b8:6a:13:21:e6:38:08:74:87:d8:
         51:94:22:e7:8a:98:cb:87:cf:cc:cb:e9:64:99:0b:c4:52:e4:
         46:c0:50:7b:91:5c:02:9f:14:6a:35:c7:99:32:60:c8:9f:19:
         05:ea:50:12:79:4d:35:8e:aa:ad:f4:d5:06:50:45:c8:a1:f1:
         a6:ac:ea:3b:1d:d4:08:62:ff:51:8c:7d:4f:fb:6f:a8:0c:80:
         02:1a:3c:5b:8e:1b:91:fb:bb:3b:d7:12:4c:79:ef:fb:56:21:
         db:91:96:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzoMjMYyg26UlScWbxewCUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjYwMzEzMTcxNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDNhMTFlYWU5ODk2MDg5ZTJiNzg2MjYwYTNiMTZlZjlmMGE5ZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28Wu8GuJMAScl74Zkkj2AC311FdM
k9ragcjKpC+U4ijng58R1YhOpn/U2W347u0YAWIyj3oAtCCDYdOgGtmK7m/i6I29
I7jOM6CilB9oxPntGyGiHBduTnMqa9LgYbHEPKFR2HjkL+0uPm4qGEjPyS800kk2
Vf2SF6tHwZDocaoEPHhnRp6gBKVRzSPLUmSiopKfIt1uuf2iQ1UhX6JkZviMdi+M
XVi7vaUaHMKzQzM5V5GQ3AOu8RAF14qp7mT3SEXs1LLb3pW/IyIhQvT7WmRNgFaO
lveYkzvU2jPuAtnsHkKBT8U6ncdLLCaMkdlU+2bM0/mwat/vaJe0QarftQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG06EerpiWCJ4reGJgo7Fu+fCp33MB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvYlRvUjZ1bUpZSW5pdDRZbUNqc1c3NThLbmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbfMA0G
CSqGSIb3DQEBCwUAA4IBAQCBv9Y5c7fzgGvpf4PhwyBfc4NpadJassNNLT3jWjqb
6mEqqbjWqZiPg5N8VhucjbFzLdqDtkvjvI6CQVmxHlZSpAbv77jNrkR+Ll921urD
9D5nKiopb3WOPVxpx4cUft9TPgk9NHFkssP0RmJB4n89mkmCAF3/USXPebAR19Sb
4QCsE+i7QZ9gyPgsRdz5+gXIyPWKKp9JJrhqEyHmOAh0h9hRlCLnipjLh8/My+lk
mQvEUuRGwFB7kVwCnxRqNceZMmDInxkF6lASeU01jqqt9NUGUEXIofGmrOo7HdQI
Yv9RjH1P+2+oDIACGjxbjhuR+7s71xJMee/7ViHbkZYk
-----END CERTIFICATE-----