Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/_zKodDelYzkycuOaCvmIVNehVaU.roa
File:                     _zKodDelYzkycuOaCvmIVNehVaU.roa (raw, json)
Hash identifier:          06Jd/JDGW6Xe4+7xG76Qs6GUdZwHdMuLomnrIM9Qkbg=
Subject key identifier:   FF:32:A8:74:37:A5:63:39:32:72:E3:9A:0A:F9:88:54:D7:A1:55:A5
Certificate issuer:       /CN=23259da3b1b38ca0939f490fb9043fcd89cfd062
Certificate serial:       0199B9C949A507B027361F2D5D82966C25F7
Authority key identifier: 23:25:9D:A3:B1:B3:8C:A0:93:9F:49:0F:B9:04:3F:CD:89:CF:D0:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/_zKodDelYzkycuOaCvmIVNehVaU.roa
Signing time:             Mon 06 Oct 2025 13:50:00 +0000
ROA not before:           Mon 06 Oct 2025 13:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47493
IP address blocks:        77.237.128.0/19 maxlen: 19
                          2a0a:4080::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b9:c9:49:a5:07:b0:27:36:1f:2d:5d:82:96:6c:25:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23259da3b1b38ca0939f490fb9043fcd89cfd062
        Validity
            Not Before: Oct  6 13:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff32a87437a563393272e39a0af98854d7a155a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:12:66:e3:d1:e7:5c:3e:7d:03:e3:b7:10:18:
                    a6:f5:00:ee:76:05:09:4a:22:4f:86:24:4c:c6:5f:
                    62:f7:31:ff:6d:18:e6:d7:b5:0d:83:9f:5b:d5:e2:
                    3d:ef:60:a3:77:6e:fa:34:21:34:ef:1b:0a:e9:8b:
                    ef:ad:49:80:26:39:f4:b7:33:9e:68:51:16:81:55:
                    45:b7:3e:1b:4f:ce:57:96:ed:a2:07:dd:c6:9e:7b:
                    33:e5:6a:5f:da:74:f1:99:95:4d:64:38:1d:d9:46:
                    1f:50:63:89:74:41:40:80:5b:bb:5b:c3:98:e7:dd:
                    b7:9d:49:33:b3:ae:cb:a1:cf:68:7f:61:52:2d:63:
                    3f:85:b2:57:ca:e4:ac:07:55:31:12:cd:88:90:80:
                    eb:bb:c5:3d:a5:00:95:09:76:9c:a2:c2:8d:a8:9c:
                    9c:68:3b:75:9c:97:29:66:17:43:f6:be:f4:eb:ba:
                    7a:6c:34:19:5b:a2:d9:d1:3d:99:9e:4a:1e:b9:ac:
                    45:ef:64:7d:9e:16:1b:df:84:d3:e1:1d:84:3a:21:
                    d2:65:25:39:76:53:a1:52:cd:23:c4:b7:54:a7:13:
                    14:5c:d2:75:33:a4:03:ae:7c:49:52:e3:be:91:77:
                    95:6b:c3:61:1d:0a:16:74:aa:e6:58:43:97:61:93:
                    6f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:32:A8:74:37:A5:63:39:32:72:E3:9A:0A:F9:88:54:D7:A1:55:A5
            X509v3 Authority Key Identifier:
                keyid:23:25:9D:A3:B1:B3:8C:A0:93:9F:49:0F:B9:04:3F:CD:89:CF:D0:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/_zKodDelYzkycuOaCvmIVNehVaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.237.128.0/19
                IPv6:
                  2a0a:4080::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:f1:57:cb:4e:a8:5e:49:21:c3:50:42:71:fd:5c:d0:59:76:
         09:90:7a:5e:bd:f5:12:52:48:9c:93:ee:56:ad:13:88:b6:6f:
         17:27:a7:bc:c0:34:c6:fc:47:9a:94:84:bd:66:c3:e6:70:b9:
         cb:f4:8f:70:7e:08:64:c6:63:ec:7e:fa:cf:ee:db:7f:9d:b0:
         4f:7e:45:d1:fd:93:ea:4a:b3:37:3f:5d:45:20:09:a1:30:71:
         ca:c9:34:4a:9b:53:6a:36:82:91:a5:79:bf:58:ac:5d:c3:f1:
         b1:ea:c6:32:05:01:23:2f:9b:08:4a:de:ca:da:ff:c5:34:08:
         d6:c8:9f:f3:6b:27:11:76:24:9f:8a:14:0b:55:9a:68:2b:b4:
         f4:18:3d:97:1b:a3:32:f2:0c:4f:c6:b8:0b:b8:4b:84:0c:b9:
         12:43:ef:3a:3b:9a:28:cf:03:2a:be:47:eb:eb:aa:b0:20:19:
         6f:33:ef:dd:18:a5:95:a8:59:f9:d6:a5:a5:99:1f:3c:33:9f:
         22:b4:31:89:70:f6:6e:a3:11:10:e2:d6:c2:fa:db:9e:d9:54:
         8d:70:a1:cb:eb:79:56:fc:2e:b6:ac:6a:17:2e:59:4c:fc:b3:
         5f:a0:cb:02:f5:56:b0:24:34:bc:b7:ba:d0:f8:53:da:66:25:
         98:d9:a4:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZm5yUmlB7AnNh8tXYKWbCX3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMjU5ZGEzYjFiMzhjYTA5MzlmNDkwZmI5MDQzZmNkODlj
ZmQwNjIwHhcNMjUxMDA2MTM1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjMyYTg3NDM3YTU2MzM5MzI3MmUzOWEwYWY5ODg1NGQ3YTE1NWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBJm49HnXD59A+O3EBim9QDudgUJ
SiJPhiRMxl9i9zH/bRjm17UNg59b1eI972Cjd276NCE07xsK6YvvrUmAJjn0tzOe
aFEWgVVFtz4bT85Xlu2iB93Gnnsz5Wpf2nTxmZVNZDgd2UYfUGOJdEFAgFu7W8OY
5923nUkzs67Loc9of2FSLWM/hbJXyuSsB1UxEs2IkIDru8U9pQCVCXacosKNqJyc
aDt1nJcpZhdD9r7067p6bDQZW6LZ0T2ZnkoeuaxF72R9nhYb34TT4R2EOiHSZSU5
dlOhUs0jxLdUpxMUXNJ1M6QDrnxJUuO+kXeVa8NhHQoWdKrmWEOXYZNvoQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP8yqHQ3pWM5MnLjmgr5iFTXoVWlMB8GA1UdIwQY
MBaAFCMlnaOxs4ygk59JD7kEP82Jz9BiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXlXZG83R3pqS0NUbjBrUHVRUV96WW5QMEdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy85MWE1ZmQtZTU2Yy00ZDg3LWJkNzUt
NjU0ZGQ2NDQyY2U0LzEvX3pLb2REZWxZemt5Y3VPYUN2bUlWTmVoVmFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy85MWE1ZmQtZTU2Yy00ZDg3LWJkNzUtNjU0ZGQ2NDQyY2U0
LzEvSXlXZG83R3pqS0NUbjBrUHVRUV96WW5QMEdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFTe2AMA0E
AgACMAcDBQAqCkCAMA0GCSqGSIb3DQEBCwUAA4IBAQCT8VfLTqheSSHDUEJx/VzQ
WXYJkHpevfUSUkick+5WrROItm8XJ6e8wDTG/EealIS9ZsPmcLnL9I9wfghkxmPs
fvrP7tt/nbBPfkXR/ZPqSrM3P11FIAmhMHHKyTRKm1NqNoKRpXm/WKxdw/Gx6sYy
BQEjL5sISt7K2v/FNAjWyJ/zaycRdiSfihQLVZpoK7T0GD2XG6My8gxPxrgLuEuE
DLkSQ+86O5oozwMqvkfr66qwIBlvM+/dGKWVqFn51qWlmR88M58itDGJcPZuoxEQ
4tbC+tue2VSNcKHL63lW/C62rGoXLllM/LNfoMsC9VawJDS8t7rQ+FPaZiWY2aRp
-----END CERTIFICATE-----