Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/q1K3mBP6tAwWbGS6T7xJBkYKSz8.roa
File:                     q1K3mBP6tAwWbGS6T7xJBkYKSz8.roa (raw, json)
Hash identifier:          wr5HNzjC8IUzrQZPy+nMV2gYW00yPWdfWqjJEkjh148=
Subject key identifier:   AB:52:B7:98:13:FA:B4:0C:16:6C:64:BA:4F:BC:49:06:46:0A:4B:3F
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019CF89AA2DF98210D149CA3DC68EF80EE6A
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/q1K3mBP6tAwWbGS6T7xJBkYKSz8.roa
Signing time:             Mon 16 Mar 2026 21:43:29 +0000
ROA not before:           Mon 16 Mar 2026 21:43:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207483
IP address blocks:        77.83.203.0/24 maxlen: 24
                          2a13:a440:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f8:9a:a2:df:98:21:0d:14:9c:a3:dc:68:ef:80:ee:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Mar 16 21:43:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab52b79813fab40c166c64ba4fbc4906460a4b3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f2:49:ab:aa:7b:f9:94:eb:64:ef:3e:6a:af:
                    61:bb:4f:4b:2d:ff:cd:62:c1:e7:42:9c:23:e1:3b:
                    b8:b8:09:65:d1:2b:04:71:a7:b8:21:60:19:37:0d:
                    93:38:4a:0a:64:b5:cd:c9:b4:b7:e9:b0:f7:f8:eb:
                    5d:75:d6:d6:8c:ff:35:ad:73:45:d3:03:a1:b6:7b:
                    f4:11:45:ef:3d:0a:cd:f2:aa:c1:d0:d6:eb:49:df:
                    96:76:03:c0:79:e6:f3:8b:c5:99:18:ee:9d:75:6b:
                    b6:35:0b:67:8d:a5:40:64:28:c4:6a:96:3f:c9:0f:
                    e9:57:2e:62:20:18:43:08:2f:b1:ce:9c:7f:6b:38:
                    4f:f7:89:9d:2e:d5:90:f5:61:91:04:ea:91:97:49:
                    64:22:1a:8c:0f:1d:2a:f2:05:b8:56:5b:88:54:0f:
                    79:f9:a1:85:e3:c1:04:7b:ea:5d:d1:8a:e9:bf:b1:
                    3f:01:d7:7e:cb:18:3d:41:31:f5:e8:71:6d:85:22:
                    42:96:3e:08:04:65:90:1a:fb:b0:9a:57:a4:cf:b8:
                    76:0d:2c:2c:0c:67:3d:c8:77:84:ac:0d:f7:96:b0:
                    ea:75:3b:89:97:d6:b2:7d:61:49:75:ff:84:3f:7c:
                    bd:13:15:06:67:5b:7d:8d:99:36:73:20:94:37:27:
                    ee:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:52:B7:98:13:FA:B4:0C:16:6C:64:BA:4F:BC:49:06:46:0A:4B:3F
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/q1K3mBP6tAwWbGS6T7xJBkYKSz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.203.0/24
                IPv6:
                  2a13:a440:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:14:a5:c0:dc:83:b5:64:10:11:f8:2e:b4:73:29:f3:dc:51:
         a6:8a:fd:ed:5a:54:71:90:9b:5b:bc:35:88:ce:e6:10:74:71:
         80:5c:f1:af:f7:d1:28:3f:6e:71:bb:b9:29:ba:88:73:65:28:
         68:de:da:a8:89:ef:b8:96:d9:65:b5:fb:24:d9:42:32:62:f1:
         fb:75:28:19:86:01:4b:be:c1:1b:a7:9b:ac:28:d1:51:cd:0c:
         5a:1f:b8:83:aa:59:ca:ff:cd:9d:a6:b7:fc:92:73:41:ea:7e:
         b6:25:c3:8a:17:96:6c:69:e2:9b:95:ef:ed:09:52:51:64:9f:
         16:d4:7a:7a:eb:ea:7c:00:d7:5a:59:cd:e1:15:13:32:fe:4e:
         3e:6a:b6:2a:75:53:db:9d:d0:53:d8:23:be:bd:c4:ff:ba:38:
         25:e8:4c:d0:cc:27:06:84:ad:cc:76:3a:c9:ba:d7:b4:fa:9e:
         0c:4b:d7:59:19:8e:8b:b0:66:a5:86:82:c0:8d:14:56:74:fb:
         ed:23:22:dd:ce:71:e1:00:82:5b:e2:9e:af:1d:ec:a3:27:31:
         0e:57:7e:f9:47:41:d7:b7:29:48:28:01:f7:13:46:a6:e7:fe:
         28:3f:ff:3a:74:cd:8c:92:43:a5:f3:e8:da:6c:62:85:53:56:
         05:90:93:c2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZz4mqLfmCENFJyj3GjvgO5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwMzE2MjE0MzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjUyYjc5ODEzZmFiNDBjMTY2YzY0YmE0ZmJjNDkwNjQ2MGE0YjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/JJq6p7+ZTrZO8+aq9hu09LLf/N
YsHnQpwj4Tu4uAll0SsEcae4IWAZNw2TOEoKZLXNybS36bD3+OtdddbWjP81rXNF
0wOhtnv0EUXvPQrN8qrB0NbrSd+WdgPAeebzi8WZGO6ddWu2NQtnjaVAZCjEapY/
yQ/pVy5iIBhDCC+xzpx/azhP94mdLtWQ9WGRBOqRl0lkIhqMDx0q8gW4VluIVA95
+aGF48EEe+pd0Yrpv7E/Add+yxg9QTH16HFthSJClj4IBGWQGvuwmlekz7h2DSws
DGc9yHeErA33lrDqdTuJl9ayfWFJdf+EP3y9ExUGZ1t9jZk2cyCUNyfuQQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKtSt5gT+rQMFmxkuk+8SQZGCks/MB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvcTFLM21CUDZ0QXdXYkdTNlQ3eEpCa1lLU3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQATVPLMA8E
AgACMAkDBwAqE6RAAAkwDQYJKoZIhvcNAQELBQADggEBAKQUpcDcg7VkEBH4LrRz
KfPcUaaK/e1aVHGQm1u8NYjO5hB0cYBc8a/30Sg/bnG7uSm6iHNlKGje2qiJ77iW
2WW1+yTZQjJi8ft1KBmGAUu+wRunm6wo0VHNDFofuIOqWcr/zZ2mt/ySc0HqfrYl
w4oXlmxp4puV7+0JUlFknxbUenrr6nwA11pZzeEVEzL+Tj5qtip1U9ud0FPYI769
xP+6OCXoTNDMJwaErcx2Osm617T6ngxL11kZjouwZqWGgsCNFFZ0++0jIt3OceEA
glvinq8d7KMnMQ5XfvlHQde3KUgoAfcTRqbn/ig//zp0zYySQ6Xz6NpsYoVTVgWQ
k8I=
-----END CERTIFICATE-----