Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/4mgRR-mIQ5PvuNgR0kuuFTl95tg.roa
File:                     4mgRR-mIQ5PvuNgR0kuuFTl95tg.roa (raw, json)
Hash identifier:          F5E/3tNWxdjdKVX4kM8dLjMMhS4nHNtwM5gysBuetn8=
Subject key identifier:   E2:68:11:47:E9:88:43:93:EF:B8:D8:11:D2:4B:AE:15:39:7D:E6:D8
Certificate issuer:       /CN=cea79dcd5a3dee450eaf3f93152ed6da806bbf71
Certificate serial:       0199F2A0A7B5732C773F397437C2332CAFBE
Authority key identifier: CE:A7:9D:CD:5A:3D:EE:45:0E:AF:3F:93:15:2E:D6:DA:80:6B:BF:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zqedzVo97kUOrz-TFS7W2oBrv3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/4mgRR-mIQ5PvuNgR0kuuFTl95tg.roa
Signing time:             Fri 17 Oct 2025 14:43:58 +0000
ROA not before:           Fri 17 Oct 2025 14:43:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44970
IP address blocks:        77.88.234.0/24 maxlen: 24
                          77.88.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/zqedzVo97kUOrz-TFS7W2oBrv3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/zqedzVo97kUOrz-TFS7W2oBrv3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zqedzVo97kUOrz-TFS7W2oBrv3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:a0:a7:b5:73:2c:77:3f:39:74:37:c2:33:2c:af:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cea79dcd5a3dee450eaf3f93152ed6da806bbf71
        Validity
            Not Before: Oct 17 14:43:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2681147e9884393efb8d811d24bae15397de6d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:3f:35:9b:f0:c9:47:86:9d:c8:a6:96:09:d7:
                    2b:19:b6:83:9a:6d:65:8a:d9:b0:44:73:9b:cb:f9:
                    9f:c6:c8:d0:56:ea:da:9b:15:45:e2:d8:f2:e1:c4:
                    3f:5e:08:f8:b5:c5:8f:2a:15:bf:11:e3:c7:5a:70:
                    2f:89:c9:0e:98:99:d0:cd:6f:08:95:4f:40:3c:8a:
                    bd:ff:f9:02:66:9f:40:a0:9f:38:f2:e9:5f:49:d7:
                    ca:bd:6d:2a:ac:eb:fa:e2:a1:7d:36:9b:dd:2d:f9:
                    2d:5d:bd:8f:9b:7a:80:70:11:7a:48:08:25:c6:2e:
                    4e:c1:ba:58:ae:e9:82:37:97:58:79:69:58:82:c0:
                    e6:a9:3a:7e:65:73:32:5f:0c:d5:88:1a:bc:8b:96:
                    3e:b0:c9:25:d9:64:35:00:3f:f3:2a:c3:41:d9:7e:
                    b0:f4:22:8e:c5:67:a0:87:b8:df:3c:fd:a6:2c:29:
                    91:19:b7:09:10:b3:03:5f:df:34:75:21:1b:ff:06:
                    d7:da:f9:c2:59:5e:0c:d6:b2:f3:ef:14:82:0b:cf:
                    83:6d:45:c9:0b:5d:76:3c:21:fa:56:8f:be:3e:3b:
                    11:79:26:62:91:1f:87:67:0f:81:73:f7:17:f8:17:
                    f2:27:fc:8a:27:bf:01:68:33:3d:8c:c6:cd:82:99:
                    ef:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:68:11:47:E9:88:43:93:EF:B8:D8:11:D2:4B:AE:15:39:7D:E6:D8
            X509v3 Authority Key Identifier:
                keyid:CE:A7:9D:CD:5A:3D:EE:45:0E:AF:3F:93:15:2E:D6:DA:80:6B:BF:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zqedzVo97kUOrz-TFS7W2oBrv3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/4mgRR-mIQ5PvuNgR0kuuFTl95tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f819cc-b294-460e-8be4-86e24260516f/1/zqedzVo97kUOrz-TFS7W2oBrv3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.88.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:52:2c:74:49:b1:d0:5e:c5:56:c6:c2:14:74:56:98:0a:7f:
         6d:d4:46:f2:e8:78:39:1b:1b:ba:b8:49:38:73:b8:f5:8f:5b:
         d3:53:96:28:af:17:97:fb:d4:aa:91:55:20:f1:78:74:20:75:
         51:2b:8f:47:9c:ba:67:4c:32:81:ff:49:2d:0a:96:45:61:0c:
         e6:19:9a:34:56:fb:99:47:57:2c:bd:5a:fc:f8:60:73:d7:f2:
         5d:d5:dc:67:1c:20:56:2a:b4:00:4b:c6:99:de:4b:cd:27:9e:
         d5:d0:68:8c:16:c5:97:ca:6d:6c:fe:c0:b8:4b:77:a2:02:f3:
         87:7c:06:1b:9b:40:89:73:33:23:d9:ad:34:fb:ca:54:9f:e5:
         d0:0c:a2:2f:f0:75:5a:2a:d6:dc:e2:d5:36:82:28:59:3e:0d:
         95:4c:e9:46:10:98:ec:88:b2:8b:6e:40:52:0b:5a:f2:1d:81:
         09:8e:47:fa:cd:a2:a2:a2:5a:47:c7:28:f9:89:d3:07:9a:09:
         3c:44:85:0e:a8:dd:bb:a9:e3:88:64:0b:e1:d5:c9:89:c4:3b:
         a3:f9:77:3f:cd:02:2f:7c:5d:03:9c:82:2b:4b:fa:7a:47:93:
         49:39:0a:c6:55:3e:17:19:ad:27:27:96:44:28:6c:de:37:d9:
         8b:97:8e:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnyoKe1cyx3Pzl0N8IzLK++MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYTc5ZGNkNWEzZGVlNDUwZWFmM2Y5MzE1MmVkNmRhODA2
YmJmNzEwHhcNMjUxMDE3MTQ0MzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjY4MTE0N2U5ODg0MzkzZWZiOGQ4MTFkMjRiYWUxNTM5N2RlNmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiT81m/DJR4adyKaWCdcrGbaDmm1l
itmwRHOby/mfxsjQVuramxVF4tjy4cQ/Xgj4tcWPKhW/EePHWnAvickOmJnQzW8I
lU9APIq9//kCZp9AoJ848ulfSdfKvW0qrOv64qF9NpvdLfktXb2Pm3qAcBF6SAgl
xi5OwbpYrumCN5dYeWlYgsDmqTp+ZXMyXwzViBq8i5Y+sMkl2WQ1AD/zKsNB2X6w
9CKOxWegh7jfPP2mLCmRGbcJELMDX980dSEb/wbX2vnCWV4M1rLz7xSCC8+DbUXJ
C112PCH6Vo++PjsReSZikR+HZw+Bc/cX+BfyJ/yKJ78BaDM9jMbNgpnvEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJoEUfpiEOT77jYEdJLrhU5febYMB8GA1UdIwQY
MBaAFM6nnc1aPe5FDq8/kxUu1tqAa79xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenFlZHpWbzk3a1VPcnotVEZTN1cyb0JydjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9mODE5Y2MtYjI5NC00NjBlLThiZTQt
ODZlMjQyNjA1MTZmLzEvNG1nUlItbUlRNVB2dU5nUjBrdXVGVGw5NXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9mODE5Y2MtYjI5NC00NjBlLThiZTQtODZlMjQyNjA1MTZm
LzEvenFlZHpWbzk3a1VPcnotVEZTN1cyb0JydjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTVjqMA0G
CSqGSIb3DQEBCwUAA4IBAQCoUix0SbHQXsVWxsIUdFaYCn9t1Eby6Hg5Gxu6uEk4
c7j1j1vTU5YorxeX+9SqkVUg8Xh0IHVRK49HnLpnTDKB/0ktCpZFYQzmGZo0VvuZ
R1csvVr8+GBz1/Jd1dxnHCBWKrQAS8aZ3kvNJ57V0GiMFsWXym1s/sC4S3eiAvOH
fAYbm0CJczMj2a00+8pUn+XQDKIv8HVaKtbc4tU2gihZPg2VTOlGEJjsiLKLbkBS
C1ryHYEJjkf6zaKiolpHxyj5idMHmgk8RIUOqN27qeOIZAvh1cmJxDuj+Xc/zQIv
fF0DnIIrS/p6R5NJOQrGVT4XGa0nJ5ZEKGzeN9mLl45G
-----END CERTIFICATE-----