Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/ERxqIdM_UPOc7aqvyezCxC2KNX0.roa
File:                     ERxqIdM_UPOc7aqvyezCxC2KNX0.roa (raw, json)
Hash identifier:          Mivyw8tTEifAUZHv31FqUM6igMhDr6lHOwrJETS4yqA=
Subject key identifier:   11:1C:6A:21:D3:3F:50:F3:9C:ED:AA:AF:C9:EC:C2:C4:2D:8A:35:7D
Certificate issuer:       /CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
Certificate serial:       019971860FFE0CA9DD332E6B6F37DC51A86D
Authority key identifier: 77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/ERxqIdM_UPOc7aqvyezCxC2KNX0.roa
Signing time:             Mon 22 Sep 2025 13:03:55 +0000
ROA not before:           Mon 22 Sep 2025 13:03:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197075
IP address blocks:        5.152.154.0/24 maxlen: 24
                          5.152.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:71:86:0f:fe:0c:a9:dd:33:2e:6b:6f:37:dc:51:a8:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
        Validity
            Not Before: Sep 22 13:03:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=111c6a21d33f50f39cedaaafc9ecc2c42d8a357d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:56:96:57:4b:dd:de:c0:c8:b6:0c:fe:77:05:
                    da:bd:59:54:d0:d5:bb:68:75:40:c8:27:fd:74:4f:
                    bb:bf:50:9e:b4:b8:ee:14:a0:9e:be:36:be:2d:9b:
                    b0:f6:fb:3b:d5:9b:83:a2:ea:e7:5c:ce:05:2a:20:
                    56:82:3a:70:a0:fe:91:b3:73:cd:8a:af:e3:0c:fb:
                    0b:44:81:a3:e6:bf:21:c5:da:62:51:6f:68:eb:ff:
                    7a:0b:91:ef:42:64:c2:18:a9:7d:27:74:6c:b8:d7:
                    e7:e8:a4:9f:9a:4a:8c:32:b3:e2:5e:ff:12:6b:97:
                    52:78:43:b6:f9:06:4b:9b:4c:d7:5a:1c:e3:eb:32:
                    aa:51:5e:11:07:eb:a5:28:66:ab:9b:7b:6f:b3:e4:
                    c3:d9:c0:6e:ca:27:32:d5:75:f2:66:65:5d:db:2e:
                    c4:01:86:4d:10:38:91:b0:19:36:a1:2b:b2:38:3d:
                    9d:a4:7a:8a:06:68:ac:8a:50:e0:7c:1b:35:e3:13:
                    fc:f3:4c:07:e0:5c:27:9a:41:dd:ed:90:45:de:58:
                    1f:78:9a:64:9d:ca:20:f5:16:31:12:7d:ee:de:f8:
                    b9:0c:47:fe:2f:95:aa:c5:5b:44:ba:d3:04:04:4e:
                    60:8d:33:b0:44:7c:63:7f:0c:fa:8a:05:d9:6d:eb:
                    02:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:1C:6A:21:D3:3F:50:F3:9C:ED:AA:AF:C9:EC:C2:C4:2D:8A:35:7D
            X509v3 Authority Key Identifier:
                keyid:77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/ERxqIdM_UPOc7aqvyezCxC2KNX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.152.154.0/24
                  5.152.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:d1:36:9b:65:bc:80:b0:a5:45:a6:eb:20:52:0a:38:06:08:
         cb:c7:1b:a7:e3:69:ab:a9:fa:bd:6e:ce:c1:1e:f6:36:43:05:
         e3:f3:98:6f:f4:36:ef:37:c7:f4:ab:0e:76:24:7e:f2:83:a8:
         81:8e:07:1d:d1:59:36:18:03:03:ac:80:90:30:98:f0:e8:a5:
         38:cb:0e:94:77:b8:1e:9b:68:22:81:48:7a:e8:31:aa:7f:0a:
         57:12:7b:1f:84:c9:fb:d7:6e:1e:4f:ec:fe:08:07:a9:24:a8:
         75:fe:1d:f4:e4:69:46:86:2b:04:36:93:74:3c:3c:12:af:b4:
         db:02:1f:0a:3d:d7:9e:29:a2:d6:f4:1c:e3:9d:99:59:0e:2a:
         eb:97:ed:25:03:78:37:ab:9f:35:0a:c5:30:1e:34:01:f3:4c:
         fe:32:49:10:15:8f:9e:57:60:ab:ae:68:87:e2:99:bc:b4:59:
         1d:d4:7a:93:79:c2:9b:7e:4a:15:ec:7a:86:a3:18:a2:42:c8:
         5e:d6:78:8a:0c:e3:e8:8d:04:ef:44:3f:94:2e:d4:45:6c:9a:
         ee:d3:67:96:28:6f:af:db:29:bf:73:f0:f0:80:5f:ae:08:ee:
         0f:1c:70:f0:84:7b:8c:5f:db:23:37:92:29:51:a5:c6:5d:e3:
         43:ca:78:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlxhg/+DKndMy5rbzfcUahtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjhlN2ZiZDRhYjY5NTA3ZmIxZmUzNTc5YWYzNDNhNTY2
MzkwODYwHhcNMjUwOTIyMTMwMzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTFjNmEyMWQzM2Y1MGYzOWNlZGFhYWZjOWVjYzJjNDJkOGEzNTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FaWV0vd3sDItgz+dwXavVlU0NW7
aHVAyCf9dE+7v1CetLjuFKCevja+LZuw9vs71ZuDournXM4FKiBWgjpwoP6Rs3PN
iq/jDPsLRIGj5r8hxdpiUW9o6/96C5HvQmTCGKl9J3RsuNfn6KSfmkqMMrPiXv8S
a5dSeEO2+QZLm0zXWhzj6zKqUV4RB+ulKGarm3tvs+TD2cBuyicy1XXyZmVd2y7E
AYZNEDiRsBk2oSuyOD2dpHqKBmisilDgfBs14xP880wH4FwnmkHd7ZBF3lgfeJpk
ncog9RYxEn3u3vi5DEf+L5WqxVtEutMEBE5gjTOwRHxjfwz6igXZbesC7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBEcaiHTP1DznO2qr8nswsQtijV9MB8GA1UdIwQY
MBaAFHf45/vUq2lQf7H+NXmvNDpWY5CGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1Njgt
NzdmNmU5NGUzZGNjLzEvRVJ4cUlkTV9VUE9jN2FxdnllekN4QzJLTlgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1NjgtNzdmNmU5NGUzZGNj
LzEvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABZiaAwQA
BZicMA0GCSqGSIb3DQEBCwUAA4IBAQBi0TabZbyAsKVFpusgUgo4BgjLxxun42mr
qfq9bs7BHvY2QwXj85hv9DbvN8f0qw52JH7yg6iBjgcd0Vk2GAMDrICQMJjw6KU4
yw6Ud7gem2gigUh66DGqfwpXEnsfhMn7124eT+z+CAepJKh1/h305GlGhisENpN0
PDwSr7TbAh8KPdeeKaLW9BzjnZlZDirrl+0lA3g3q581CsUwHjQB80z+MkkQFY+e
V2CrrmiH4pm8tFkd1HqTecKbfkoV7HqGoxiiQshe1niKDOPojQTvRD+ULtRFbJru
02eWKG+v2ym/c/DwgF+uCO4PHHDwhHuMX9sjN5IpUaXGXeNDynij
-----END CERTIFICATE-----