Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/Ft-8xYXFXF_pxWdqchjDObURQAQ.roa
File:                     Ft-8xYXFXF_pxWdqchjDObURQAQ.roa (raw, json)
Hash identifier:          Bbe7isVG2thClqzLz0laVwUWwhKyZ8mXmscJ7ADBYEc=
Subject key identifier:   16:DF:BC:C5:85:C5:5C:5F:E9:C5:67:6A:72:18:C3:39:B5:11:40:04
Certificate issuer:       /CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
Certificate serial:       0199AB10FA54A379C8B9790C5CCD4DF5C0C9
Authority key identifier: D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/Ft-8xYXFXF_pxWdqchjDObURQAQ.roa
Signing time:             Fri 03 Oct 2025 17:14:00 +0000
ROA not before:           Fri 03 Oct 2025 17:14:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216246
IP address blocks:        77.110.104.0/24 maxlen: 24
                          77.110.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ab:10:fa:54:a3:79:c8:b9:79:0c:5c:cd:4d:f5:c0:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
        Validity
            Not Before: Oct  3 17:14:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16dfbcc585c55c5fe9c5676a7218c339b5114004
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:07:8f:b2:f5:7c:08:e8:75:e9:90:a6:48:c0:
                    17:d1:d4:f7:89:95:08:f9:6f:fd:2b:be:05:fa:bc:
                    b1:88:81:73:66:f5:e4:51:cb:55:81:44:99:c1:03:
                    22:ec:92:9f:92:09:36:4f:0f:56:49:be:95:fe:bb:
                    fe:27:2a:38:a2:68:bd:a6:1a:91:4c:8c:2e:18:4b:
                    e1:83:3b:d6:31:61:aa:be:a8:8e:44:90:f1:53:d1:
                    9e:02:f5:b6:8d:2d:3d:f6:7f:0e:14:0f:df:a4:22:
                    bf:2d:65:20:05:f1:cb:2c:ce:76:21:36:38:ff:b7:
                    6c:a6:47:0f:ea:14:ee:f4:d3:4e:dd:19:07:a5:87:
                    de:3a:c0:99:99:39:b5:aa:82:27:13:0f:c3:59:76:
                    53:a5:8c:43:93:c9:05:45:f1:c1:7f:2f:e2:c8:02:
                    22:bd:d9:fd:85:0c:c2:c1:0b:d6:6a:01:81:c8:a7:
                    02:a2:37:96:70:b5:b4:e2:6c:40:55:82:04:6b:c9:
                    6f:fe:3b:b3:54:de:f6:75:3b:f1:0e:06:83:b4:06:
                    85:98:54:0d:fa:ec:37:1e:cd:ec:e6:9f:d1:7d:ba:
                    b1:21:a0:f4:5e:39:7a:e3:d0:ff:d4:9a:13:98:23:
                    dc:e1:d8:a0:0d:06:a2:eb:7e:92:ac:00:9d:57:fd:
                    c4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:DF:BC:C5:85:C5:5C:5F:E9:C5:67:6A:72:18:C3:39:B5:11:40:04
            X509v3 Authority Key Identifier:
                keyid:D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/Ft-8xYXFXF_pxWdqchjDObURQAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.110.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:2f:b3:4c:fb:c4:98:f1:cb:e1:be:83:d7:72:29:b6:11:32:
         6e:49:ce:95:71:44:d4:eb:d9:aa:e9:6c:45:36:26:d8:5f:ef:
         96:4e:66:fc:b7:e3:d2:35:6f:cb:8f:ba:1c:00:f5:dc:3f:a8:
         b8:43:75:aa:c3:1b:f1:e2:77:d7:75:53:3a:54:ed:b1:7f:4a:
         ba:f1:75:e5:91:89:12:49:82:2b:15:13:5f:b9:e9:d0:11:64:
         4d:eb:ee:31:a8:37:a3:0b:01:5e:b9:3c:83:b5:9e:cc:76:e7:
         10:aa:3c:bc:f1:71:05:2b:a5:f2:af:8d:1b:30:df:d8:8a:40:
         65:d4:0c:9c:1a:db:9d:bc:1b:ef:04:c4:31:63:be:b4:a8:c0:
         cf:f6:08:3a:2d:45:55:ec:2f:7d:5b:ed:0f:d3:3c:a9:69:43:
         c5:6f:fa:8e:19:ab:f4:84:ce:61:6e:aa:db:57:88:9e:0d:db:
         96:c7:14:37:f7:a8:95:80:60:93:7d:01:13:9f:ca:5d:01:5f:
         3b:44:17:89:67:84:5f:2d:ff:e1:1a:19:2b:3a:e1:8f:d7:96:
         75:bb:86:39:59:5f:f3:92:22:9d:9e:ea:97:f5:70:d6:36:be:
         b8:68:78:f7:6f:8c:2f:31:36:09:b1:18:01:a7:4c:cf:ae:a0:
         18:2b:31:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmrEPpUo3nIuXkMXM1N9cDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Y2UyYmYwMDAxY2Q0MzBlOTI3N2ZiMDBlZDFhYmU1MWMw
YjVjN2MwHhcNMjUxMDAzMTcxNDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmRmYmNjNTg1YzU1YzVmZTljNTY3NmE3MjE4YzMzOWI1MTE0MDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wePsvV8COh16ZCmSMAX0dT3iZUI
+W/9K74F+ryxiIFzZvXkUctVgUSZwQMi7JKfkgk2Tw9WSb6V/rv+Jyo4omi9phqR
TIwuGEvhgzvWMWGqvqiORJDxU9GeAvW2jS099n8OFA/fpCK/LWUgBfHLLM52ITY4
/7dspkcP6hTu9NNO3RkHpYfeOsCZmTm1qoInEw/DWXZTpYxDk8kFRfHBfy/iyAIi
vdn9hQzCwQvWagGByKcCojeWcLW04mxAVYIEa8lv/juzVN72dTvxDgaDtAaFmFQN
+uw3Hs3s5p/RfbqxIaD0Xjl649D/1JoTmCPc4digDQai636SrACdV/3EuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbfvMWFxVxf6cVnanIYwzm1EUAEMB8GA1UdIwQY
MBaAFNTOK/AAHNQw6Sd/sA7Rq+UcC1x8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEt
MWY1NDMxZTJhNWFmLzEvRnQtOHhZWEZYRl9weFdkcWNoakRPYlVSUUFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEtMWY1NDMxZTJhNWFm
LzEvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTW5oMA0G
CSqGSIb3DQEBCwUAA4IBAQBlL7NM+8SY8cvhvoPXcim2ETJuSc6VcUTU69mq6WxF
NibYX++WTmb8t+PSNW/Lj7ocAPXcP6i4Q3Wqwxvx4nfXdVM6VO2xf0q68XXlkYkS
SYIrFRNfuenQEWRN6+4xqDejCwFeuTyDtZ7MducQqjy88XEFK6Xyr40bMN/YikBl
1AycGtudvBvvBMQxY760qMDP9gg6LUVV7C99W+0P0zypaUPFb/qOGav0hM5hbqrb
V4ieDduWxxQ396iVgGCTfQETn8pdAV87RBeJZ4RfLf/hGhkrOuGP15Z1u4Y5WV/z
kiKdnuqX9XDWNr64aHj3b4wvMTYJsRgBp0zPrqAYKzGR
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:38 2025 by rpki-client