Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/up9aTXGTu3ADzcv5qInbkewu-1w.roa
File:                     up9aTXGTu3ADzcv5qInbkewu-1w.roa (raw, json)
Hash identifier:          91EsBDEwQXOTu21RhlDjU3sKcr3Zi6i0xCDeA7ULnnk=
Subject key identifier:   BA:9F:5A:4D:71:93:BB:70:03:CD:CB:F9:A8:89:DB:91:EC:2E:FB:5C
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       01977CC70FCDD8B88997F044D3FFC3C7A0E8
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/up9aTXGTu3ADzcv5qInbkewu-1w.roa
Signing time:             Tue 17 Jun 2025 07:25:09 +0000
ROA not before:           Tue 17 Jun 2025 07:25:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        195.76.240.0/24 maxlen: 24
                          195.76.241.0/24 maxlen: 24
                          195.77.198.0/24 maxlen: 24
                          195.77.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7c:c7:0f:cd:d8:b8:89:97:f0:44:d3:ff:c3:c7:a0:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jun 17 07:25:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba9f5a4d7193bb7003cdcbf9a889db91ec2efb5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:31:59:8d:49:53:d6:48:5f:dd:fe:45:d1:5d:
                    84:72:ab:61:bc:03:a3:a0:5d:e8:d2:2d:ef:0c:d6:
                    93:0f:8b:8b:c0:78:77:50:18:dd:16:11:7e:6a:ed:
                    74:3d:74:e2:78:75:0c:2e:c6:59:cc:a1:2e:a6:52:
                    d0:67:ed:f1:3c:81:5d:25:64:8d:92:65:7b:34:d0:
                    0d:7e:fe:71:a3:40:86:66:a0:57:8f:80:1d:6e:52:
                    c3:3c:47:d6:0e:9f:87:a0:b0:d5:ba:ce:9f:62:06:
                    43:bb:75:65:36:03:20:38:1a:6a:bf:36:5e:96:89:
                    c9:4c:95:c8:d6:99:be:a2:b6:8f:8d:a9:a8:3e:53:
                    42:d5:7e:29:f9:eb:5d:76:ff:cd:4f:fc:e7:b1:57:
                    f7:be:10:df:d8:1e:38:d0:51:f5:d3:97:01:bb:1a:
                    5a:0f:2b:a9:e3:a8:a2:62:bb:01:a7:12:a7:ad:40:
                    d9:23:b8:40:93:55:17:18:01:76:50:30:25:15:e3:
                    74:42:27:d9:bb:4d:e4:a2:7b:6d:30:59:76:3e:0c:
                    7d:d8:14:e3:ac:c4:ba:d5:c6:cd:6f:eb:dd:d4:0e:
                    b9:96:a3:25:af:32:34:1b:9d:0a:a7:77:bf:f3:1a:
                    6a:a8:0b:ff:60:5a:50:bb:a0:c4:5a:7a:39:c7:a8:
                    34:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:9F:5A:4D:71:93:BB:70:03:CD:CB:F9:A8:89:DB:91:EC:2E:FB:5C
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/up9aTXGTu3ADzcv5qInbkewu-1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.76.240.0/23
                  195.77.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:97:f6:8f:c3:0a:d3:5a:c8:ea:3f:cc:02:d1:59:66:4b:62:
         b4:82:97:93:b6:05:73:22:9e:24:5c:d6:75:bb:71:da:2c:f9:
         12:30:86:92:1d:9c:5c:79:0f:d1:86:12:d8:56:7c:4f:a5:41:
         7a:dc:e8:29:a7:36:9e:38:e3:4c:c6:6b:ed:a1:49:a3:6a:47:
         a9:41:b5:78:20:d3:eb:e5:9d:56:0d:b5:4a:c5:0b:19:07:51:
         d7:23:3e:19:b8:80:6c:c5:18:4e:53:cb:70:64:94:fa:38:04:
         f1:f4:7c:8f:6a:1c:1c:34:8a:76:4d:50:1d:69:40:39:d0:a9:
         d0:50:40:c1:ef:f8:b2:f1:db:68:04:32:9f:2b:22:3d:01:86:
         c9:6f:31:ff:93:57:5b:50:ee:bd:c1:12:31:a1:54:e5:1f:c9:
         51:99:ce:ff:49:2f:0c:84:81:b8:26:f3:13:1f:1b:95:bf:fb:
         32:23:37:23:3b:0e:fe:70:bc:77:0d:58:ad:62:5a:ea:23:af:
         55:97:0d:47:26:8c:af:19:2c:10:86:46:77:cc:23:27:30:e6:
         d7:a5:ae:28:91:b9:bc:04:54:0d:f8:bd:27:69:98:fc:1f:03:
         d6:cc:04:dc:a0:85:af:29:ce:95:71:55:41:0d:5d:aa:96:2f:
         b2:14:b6:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZd8xw/N2LiJl/BE0//Dx6DoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjUwNjE3MDcyNTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTlmNWE0ZDcxOTNiYjcwMDNjZGNiZjlhODg5ZGI5MWVjMmVmYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDFZjUlT1khf3f5F0V2EcqthvAOj
oF3o0i3vDNaTD4uLwHh3UBjdFhF+au10PXTieHUMLsZZzKEuplLQZ+3xPIFdJWSN
kmV7NNANfv5xo0CGZqBXj4AdblLDPEfWDp+HoLDVus6fYgZDu3VlNgMgOBpqvzZe
lonJTJXI1pm+oraPjamoPlNC1X4p+etddv/NT/znsVf3vhDf2B440FH105cBuxpa
Dyup46iiYrsBpxKnrUDZI7hAk1UXGAF2UDAlFeN0QifZu03konttMFl2Pgx92BTj
rMS61cbNb+vd1A65lqMlrzI0G50Kp3e/8xpqqAv/YFpQu6DEWno5x6g0/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLqfWk1xk7twA83L+aiJ25HsLvtcMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvdXA5YVRYR1R1M0FEemN2NXFJbmJrZXd1LTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw0zwAwQB
w03GMA0GCSqGSIb3DQEBCwUAA4IBAQBrl/aPwwrTWsjqP8wC0VlmS2K0gpeTtgVz
Ip4kXNZ1u3HaLPkSMIaSHZxceQ/RhhLYVnxPpUF63OgppzaeOONMxmvtoUmjakep
QbV4INPr5Z1WDbVKxQsZB1HXIz4ZuIBsxRhOU8twZJT6OATx9HyPahwcNIp2TVAd
aUA50KnQUEDB7/iy8dtoBDKfKyI9AYbJbzH/k1dbUO69wRIxoVTlH8lRmc7/SS8M
hIG4JvMTHxuVv/syIzcjOw7+cLx3DVitYlrqI69Vlw1HJoyvGSwQhkZ3zCMnMObX
pa4okbm8BFQN+L0naZj8HwPWzATcoIWvKc6VcVVBDV2qli+yFLYE
-----END CERTIFICATE-----