Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/ZjMYC0UoF-rr4Yr68ciz53_Avuk.roa
File:                     ZjMYC0UoF-rr4Yr68ciz53_Avuk.roa (raw, json)
Hash identifier:          XSFfC2tpTl7pGI7s34smkuOaa4jrXUiaCPuucJLlqxI=
Subject key identifier:   66:33:18:0B:45:28:17:EA:EB:E1:8A:FA:F1:C8:B3:E7:7F:C0:BE:E9
Certificate issuer:       /CN=f2e160f0ce5e035af3cb21f4dfd04eab9ea7ee51
Certificate serial:       019DD9FF20A832C8D9E8F7BC9B284937D889
Authority key identifier: F2:E1:60:F0:CE:5E:03:5A:F3:CB:21:F4:DF:D0:4E:AB:9E:A7:EE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/ZjMYC0UoF-rr4Yr68ciz53_Avuk.roa
Signing time:             Wed 29 Apr 2026 16:07:49 +0000
ROA not before:           Wed 29 Apr 2026 16:07:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209896
IP address blocks:        77.91.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 18:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d9:ff:20:a8:32:c8:d9:e8:f7:bc:9b:28:49:37:d8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2e160f0ce5e035af3cb21f4dfd04eab9ea7ee51
        Validity
            Not Before: Apr 29 16:07:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6633180b452817eaebe18afaf1c8b3e77fc0bee9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a8:03:2f:cf:56:f8:29:5f:49:49:5e:77:67:
                    d6:72:ad:24:8f:61:37:17:0e:dc:93:04:d7:ad:be:
                    49:b0:40:66:3b:0c:d8:04:93:e1:60:73:bb:b2:f5:
                    c0:32:d9:c5:f2:21:d9:9d:f5:91:b1:7b:13:d4:f0:
                    0d:76:da:dc:f9:21:08:23:b6:4a:24:44:d3:ce:24:
                    c5:c2:04:bf:c8:99:7d:ea:ac:62:b7:65:6b:dd:47:
                    a9:7b:6d:99:73:78:aa:28:87:01:87:95:14:3a:5c:
                    d1:3e:35:3e:78:ed:c3:5d:77:aa:e4:a0:ae:57:09:
                    de:51:c7:d1:7c:99:0c:7c:a2:16:97:95:de:dc:34:
                    46:a5:66:bd:97:92:12:20:d6:f8:e9:81:7b:fb:9c:
                    d4:bd:78:c5:59:49:ee:82:52:d5:d7:72:0e:f5:0c:
                    d8:af:ba:9e:4b:27:4c:d6:32:89:4d:73:16:be:cb:
                    a1:d4:46:21:35:9c:b5:db:36:5b:39:04:26:a4:e6:
                    8c:f7:09:c7:1c:67:99:8d:3c:9e:cd:d8:3f:fa:68:
                    84:a6:5c:a4:2f:8c:14:64:56:fb:b5:80:61:d7:45:
                    a7:f9:60:e3:ac:7d:94:f0:a2:7d:94:2f:0f:66:b5:
                    ba:dd:49:b9:b5:6c:37:60:f7:af:0a:79:1d:66:50:
                    bb:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:33:18:0B:45:28:17:EA:EB:E1:8A:FA:F1:C8:B3:E7:7F:C0:BE:E9
            X509v3 Authority Key Identifier:
                keyid:F2:E1:60:F0:CE:5E:03:5A:F3:CB:21:F4:DF:D0:4E:AB:9E:A7:EE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8uFg8M5eA1rzyyH039BOq56n7lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/ZjMYC0UoF-rr4Yr68ciz53_Avuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3b1544-4b50-4684-ab75-fce214c6ffda/1/8uFg8M5eA1rzyyH039BOq56n7lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:16:27:a4:1a:dd:b5:a2:b0:b3:db:48:37:41:c7:24:65:35:
         f7:86:33:9f:a9:e4:20:80:ab:84:f9:18:e4:ff:3d:d3:f1:1f:
         55:3f:da:66:a3:ce:0b:02:a6:a4:4f:55:3a:9a:e6:af:44:2d:
         83:2c:54:4e:df:fe:76:99:93:4a:48:7e:2d:01:ce:5c:93:e8:
         b2:db:2f:87:d9:77:49:02:f1:c3:3d:c3:9a:f4:77:5e:8a:10:
         11:78:ce:74:cd:89:af:26:b7:26:e4:e8:cc:79:e3:91:ec:10:
         18:db:e6:49:79:42:87:04:6a:de:18:04:7a:70:85:15:9c:51:
         fb:67:69:e8:56:39:c9:2d:2c:dc:26:0b:45:c9:4a:10:ac:e2:
         b4:41:d1:f0:45:cf:90:d1:7a:60:16:3f:dc:25:04:4a:b8:36:
         ed:d4:92:c6:d6:cb:96:aa:c0:69:9d:1c:9b:d9:9d:56:fb:0d:
         f7:0d:2e:ee:87:6e:7f:b4:9b:6f:84:8d:45:00:50:f6:a2:70:
         fe:08:2c:df:f5:71:2c:3a:10:09:57:d3:1a:f1:34:1e:30:f5:
         dc:ce:a2:8f:e5:10:c2:90:66:bd:cf:1f:5e:c5:50:f2:85:80:
         68:05:02:5b:7a:f1:42:96:cd:07:f8:ec:b0:0c:a6:d8:45:cd:
         f4:a7:79:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Z/yCoMsjZ6Pe8myhJN9iJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZTE2MGYwY2U1ZTAzNWFmM2NiMjFmNGRmZDA0ZWFiOWVh
N2VlNTEwHhcNMjYwNDI5MTYwNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjMzMTgwYjQ1MjgxN2VhZWJlMThhZmFmMWM4YjNlNzdmYzBiZWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqgDL89W+ClfSUled2fWcq0kj2E3
Fw7ckwTXrb5JsEBmOwzYBJPhYHO7svXAMtnF8iHZnfWRsXsT1PANdtrc+SEII7ZK
JETTziTFwgS/yJl96qxit2Vr3Uepe22Zc3iqKIcBh5UUOlzRPjU+eO3DXXeq5KCu
VwneUcfRfJkMfKIWl5Xe3DRGpWa9l5ISINb46YF7+5zUvXjFWUnuglLV13IO9QzY
r7qeSydM1jKJTXMWvsuh1EYhNZy12zZbOQQmpOaM9wnHHGeZjTyezdg/+miEplyk
L4wUZFb7tYBh10Wn+WDjrH2U8KJ9lC8PZrW63Um5tWw3YPevCnkdZlC7oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYzGAtFKBfq6+GK+vHIs+d/wL7pMB8GA1UdIwQY
MBaAFPLhYPDOXgNa88sh9N/QTquep+5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHVGZzhNNWVBMXJ6eXlIMDM5Qk9xNTZuN2xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zYjE1NDQtNGI1MC00Njg0LWFiNzUt
ZmNlMjE0YzZmZmRhLzEvWmpNWUMwVW9GLXJyNFlyNjhjaXo1M19BdnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zYjE1NDQtNGI1MC00Njg0LWFiNzUtZmNlMjE0YzZmZmRh
LzEvOHVGZzhNNWVBMXJ6eXlIMDM5Qk9xNTZuN2xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVt2MA0G
CSqGSIb3DQEBCwUAA4IBAQChFiekGt21orCz20g3QcckZTX3hjOfqeQggKuE+Rjk
/z3T8R9VP9pmo84LAqakT1U6muavRC2DLFRO3/52mZNKSH4tAc5ck+iy2y+H2XdJ
AvHDPcOa9HdeihAReM50zYmvJrcm5OjMeeOR7BAY2+ZJeUKHBGreGAR6cIUVnFH7
Z2noVjnJLSzcJgtFyUoQrOK0QdHwRc+Q0XpgFj/cJQRKuDbt1JLG1suWqsBpnRyb
2Z1W+w33DS7uh25/tJtvhI1FAFD2onD+CCzf9XEsOhAJV9Ma8TQeMPXczqKP5RDC
kGa9zx9exVDyhYBoBQJbevFCls0H+OywDKbYRc30p3kw
-----END CERTIFICATE-----