Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/fPSZP8slBnM3nSGAFaRQqfblguQ.roa
File:                     fPSZP8slBnM3nSGAFaRQqfblguQ.roa (raw, json)
Hash identifier:          blLgu2v1K5L5bFcrSgTETqeQaxD8GwJMq27CaonXujI=
Subject key identifier:   7C:F4:99:3F:CB:25:06:73:37:9D:21:80:15:A4:50:A9:F6:E5:82:E4
Certificate issuer:       /CN=1ebe3e521407f597f255f3fb4e0b569c32083552
Certificate serial:       01997613F5856756558DC4614436F0CEAA42
Authority key identifier: 1E:BE:3E:52:14:07:F5:97:F2:55:F3:FB:4E:0B:56:9C:32:08:35:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/fPSZP8slBnM3nSGAFaRQqfblguQ.roa
Signing time:             Tue 23 Sep 2025 10:17:23 +0000
ROA not before:           Tue 23 Sep 2025 10:17:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43346
IP address blocks:        77.87.168.0/21 maxlen: 21
                          91.198.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:13:f5:85:67:56:55:8d:c4:61:44:36:f0:ce:aa:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ebe3e521407f597f255f3fb4e0b569c32083552
        Validity
            Not Before: Sep 23 10:17:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cf4993fcb250673379d218015a450a9f6e582e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:03:b1:ef:48:a3:73:60:c4:40:7d:6a:65:c3:
                    ad:ca:e7:e5:36:54:9e:5f:ac:44:e8:26:4e:be:71:
                    f5:7f:a2:63:a6:0a:fe:0b:bb:9b:e0:aa:8f:32:47:
                    f2:76:f2:39:e3:d5:1a:40:a9:b8:07:ac:4b:d2:3f:
                    71:7a:bd:c7:47:c0:f4:0c:76:bf:7c:bd:17:e8:40:
                    70:bf:5d:7e:17:da:6f:30:6f:00:de:16:20:c9:55:
                    05:87:6a:b1:d6:cc:a8:0b:63:d1:26:16:ec:03:59:
                    6b:5a:63:81:3f:a0:a9:dd:f0:29:2e:69:6d:99:a5:
                    fb:49:42:3a:9a:db:04:25:90:02:28:cc:b3:be:74:
                    7e:8c:e1:aa:29:71:9d:c5:74:4a:a6:03:b2:8c:c8:
                    cc:f0:ae:b3:14:ef:a4:bb:b0:20:ba:d7:fa:f3:b4:
                    51:5b:44:b0:21:d5:5e:a4:17:8d:3c:70:59:8b:61:
                    4a:60:27:98:ba:13:5b:25:8d:0c:54:45:39:59:91:
                    f1:84:1a:a4:2e:89:b1:31:2d:69:9e:39:9b:c7:27:
                    c2:9a:39:f9:0e:29:78:c0:91:be:07:65:b6:87:a0:
                    53:85:a7:48:82:ba:5b:ea:34:bc:04:ab:a1:dc:03:
                    f8:26:13:25:31:78:27:6d:2c:ea:ab:25:3d:4d:f4:
                    76:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F4:99:3F:CB:25:06:73:37:9D:21:80:15:A4:50:A9:F6:E5:82:E4
            X509v3 Authority Key Identifier:
                keyid:1E:BE:3E:52:14:07:F5:97:F2:55:F3:FB:4E:0B:56:9C:32:08:35:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/fPSZP8slBnM3nSGAFaRQqfblguQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.168.0/21
                  91.198.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:80:ae:f7:ad:7f:4e:e6:9d:32:14:a0:7a:12:e6:09:42:48:
         50:f8:e9:a6:08:62:6b:d5:a2:b0:92:e8:03:3f:fc:28:06:41:
         df:86:40:51:17:5b:9d:5a:72:8a:1d:51:0b:80:64:49:a4:97:
         0b:1a:88:88:99:a3:d1:92:88:9b:75:0a:93:48:eb:19:52:d1:
         4a:62:32:1b:cb:8a:00:5a:ba:a2:ea:bc:61:a3:ae:71:10:d8:
         cd:82:bf:63:fe:32:f0:eb:d1:0c:46:b1:06:79:dd:ba:22:94:
         af:8c:8e:e9:fb:77:19:26:6f:44:fd:8d:0f:bc:3f:a4:54:43:
         b9:93:9a:f8:d6:26:38:84:61:68:37:df:30:62:62:00:22:fc:
         37:e0:14:bf:aa:7f:f4:5e:27:9b:b6:5f:3f:92:ce:5e:0d:b2:
         a7:ed:0e:51:c6:c1:91:44:14:ce:da:d2:e4:4b:83:d1:6d:01:
         59:d4:26:ed:61:f5:22:d5:ab:7b:1d:4c:3b:e2:ac:88:f9:5b:
         6a:d8:cd:3c:a3:ad:66:45:17:70:0c:68:b5:88:23:cd:2e:30:
         e1:bb:0e:77:2b:83:21:29:eb:4a:e4:80:4e:6b:e2:5e:fd:df:
         e1:f3:b3:6c:01:9f:2c:b4:ad:fe:74:8d:f7:96:76:23:ae:0d:
         4e:9b:a9:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl2E/WFZ1ZVjcRhRDbwzqpCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYmUzZTUyMTQwN2Y1OTdmMjU1ZjNmYjRlMGI1NjljMzIw
ODM1NTIwHhcNMjUwOTIzMTAxNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Y0OTkzZmNiMjUwNjczMzc5ZDIxODAxNWE0NTBhOWY2ZTU4MmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQOx70ijc2DEQH1qZcOtyuflNlSe
X6xE6CZOvnH1f6Jjpgr+C7ub4KqPMkfydvI549UaQKm4B6xL0j9xer3HR8D0DHa/
fL0X6EBwv11+F9pvMG8A3hYgyVUFh2qx1syoC2PRJhbsA1lrWmOBP6Cp3fApLmlt
maX7SUI6mtsEJZACKMyzvnR+jOGqKXGdxXRKpgOyjMjM8K6zFO+ku7Agutf687RR
W0SwIdVepBeNPHBZi2FKYCeYuhNbJY0MVEU5WZHxhBqkLomxMS1pnjmbxyfCmjn5
Dil4wJG+B2W2h6BThadIgrpb6jS8BKuh3AP4JhMlMXgnbSzqqyU9TfR2TwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHz0mT/LJQZzN50hgBWkUKn25YLkMB8GA1UdIwQY
MBaAFB6+PlIUB/WX8lXz+04LVpwyCDVSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHI0LVVoUUg5WmZ5VmZQN1RndFduRElJTlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8xMjRhYzgtZmE5My00YzIzLWJkNjIt
NWI0YWZmN2E2Mzk4LzEvZlBTWlA4c2xCbk0zblNHQUZhUlFxZmJsZ3VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8xMjRhYzgtZmE5My00YzIzLWJkNjItNWI0YWZmN2E2Mzk4
LzEvSHI0LVVoUUg5WmZ5VmZQN1RndFduRElJTlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDTVeoAwQA
W8ZLMA0GCSqGSIb3DQEBCwUAA4IBAQAGgK73rX9O5p0yFKB6EuYJQkhQ+OmmCGJr
1aKwkugDP/woBkHfhkBRF1udWnKKHVELgGRJpJcLGoiImaPRkoibdQqTSOsZUtFK
YjIby4oAWrqi6rxho65xENjNgr9j/jLw69EMRrEGed26IpSvjI7p+3cZJm9E/Y0P
vD+kVEO5k5r41iY4hGFoN98wYmIAIvw34BS/qn/0Xiebtl8/ks5eDbKn7Q5RxsGR
RBTO2tLkS4PRbQFZ1CbtYfUi1at7HUw74qyI+Vtq2M08o61mRRdwDGi1iCPNLjDh
uw53K4MhKetK5IBOa+Je/d/h87NsAZ8stK3+dI33lnYjrg1Om6kF
-----END CERTIFICATE-----