Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/1-fKYH7NxhQKRhWFUhdeZIQJCx4I.roa
File:                     1-fKYH7NxhQKRhWFUhdeZIQJCx4I.roa (raw, json)
Hash identifier:          hiw+Pi/4f+TeDv6TkBewfREUIC+lofxlXNwz+z+uPDE=
Subject key identifier:   F9:F2:98:1F:B3:71:85:02:91:85:61:54:85:D7:99:21:02:42:C7:82
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       01967B7A8A93FFF24131258777B29DED9BD5
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/1-fKYH7NxhQKRhWFUhdeZIQJCx4I.roa
Signing time:             Mon 28 Apr 2025 08:19:10 +0000
ROA not before:           Mon 28 Apr 2025 08:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209699
IP address blocks:        77.93.88.0/22 maxlen: 24
                          2a14:7dc0:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:7a:8a:93:ff:f2:41:31:25:87:77:b2:9d:ed:9b:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Apr 28 08:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9f2981fb37185029185615485d799210242c782
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fa:3f:0d:2b:d6:f0:08:f0:dc:95:3b:da:81:
                    24:10:cc:12:8f:29:a5:85:1c:9e:a1:91:3e:59:75:
                    dd:0c:9a:63:b5:78:f3:e4:c4:69:bc:20:97:e4:18:
                    8b:f6:09:3b:18:de:ad:74:81:f1:f3:65:59:1a:6c:
                    5e:a3:80:ed:0e:ba:f9:b1:1a:4b:2f:7f:20:73:27:
                    81:ad:2b:14:95:73:15:8f:11:ce:3f:e2:2d:4f:96:
                    92:b7:9c:5b:b2:b5:b5:91:70:6f:fe:62:97:90:75:
                    6e:52:7c:77:69:b9:c4:58:b6:f9:5c:05:a3:8f:09:
                    89:fa:43:d8:54:0d:0f:0e:f0:f7:fc:ee:04:1b:2d:
                    9b:ec:69:cd:05:64:c0:f7:7b:f1:c1:12:9e:a6:36:
                    c2:1e:92:f4:c1:60:dd:dd:28:a0:5d:8c:1e:28:5d:
                    84:e2:ff:9c:40:50:08:8f:af:c9:f7:77:ae:37:d2:
                    00:01:57:55:e9:77:b9:47:5a:92:e4:32:b6:37:b0:
                    ae:13:08:33:49:14:d6:12:88:10:44:17:58:de:99:
                    8d:63:9f:ec:c1:d2:b2:f2:2b:07:e9:c6:75:59:2f:
                    8b:db:a1:fa:4b:f3:2d:15:02:8b:7d:2e:aa:c0:85:
                    2e:15:69:11:29:2f:6e:94:10:e2:c7:7b:d9:c4:32:
                    b8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F2:98:1F:B3:71:85:02:91:85:61:54:85:D7:99:21:02:42:C7:82
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/1-fKYH7NxhQKRhWFUhdeZIQJCx4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.88.0/22
                IPv6:
                  2a14:7dc0:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         62:0c:d1:e2:a9:98:c3:5f:c8:30:db:2b:9a:75:b1:65:44:35:
         22:25:0e:02:34:1d:3a:ac:4a:6d:a3:56:1f:f9:60:52:ed:72:
         1b:31:78:10:80:db:ba:65:a7:2a:ec:b7:ec:41:6d:16:c9:9d:
         cf:15:f9:11:7f:0a:76:d3:8e:f2:da:c3:71:6c:17:bb:04:29:
         ed:fe:7b:87:0a:7f:bc:35:3c:33:db:17:34:9a:8b:1b:67:ab:
         f0:2f:2e:57:62:bb:09:a8:29:97:10:0d:71:5a:31:21:99:b8:
         48:34:33:93:1f:e4:ff:eb:cf:e2:a7:5a:14:2a:9a:27:6d:6c:
         e1:35:62:27:ac:89:84:50:c7:b1:70:1e:34:23:02:93:7e:24:
         67:c3:d8:44:72:32:31:7c:e6:cf:c2:27:29:22:1a:aa:8a:10:
         99:ee:47:c6:7c:0c:45:d3:4b:b9:ba:62:d6:52:bd:a8:c8:6f:
         5a:4c:25:b7:da:e6:57:8d:08:a4:48:5d:5b:7b:66:27:5f:98:
         b7:8e:32:5a:ae:e5:22:9c:6e:c9:da:23:34:56:f8:35:25:0f:
         85:c1:fc:b2:84:5f:65:4c:03:da:71:35:77:70:ad:4f:44:8e:
         a8:ea:ec:8b:a4:74:88:ea:5c:ad:92:6b:a7:6c:fa:fe:f6:60:
         5d:a9:c3:e9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZZ7eoqT//JBMSWHd7Kd7ZvVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjUwNDI4MDgxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWYyOTgxZmIzNzE4NTAyOTE4NTYxNTQ4NWQ3OTkyMTAyNDJjNzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/o/DSvW8Ajw3JU72oEkEMwSjyml
hRyeoZE+WXXdDJpjtXjz5MRpvCCX5BiL9gk7GN6tdIHx82VZGmxeo4DtDrr5sRpL
L38gcyeBrSsUlXMVjxHOP+ItT5aSt5xbsrW1kXBv/mKXkHVuUnx3abnEWLb5XAWj
jwmJ+kPYVA0PDvD3/O4EGy2b7GnNBWTA93vxwRKepjbCHpL0wWDd3SigXYweKF2E
4v+cQFAIj6/J93euN9IAAVdV6Xe5R1qS5DK2N7CuEwgzSRTWEogQRBdY3pmNY5/s
wdKy8isH6cZ1WS+L26H6S/MtFQKLfS6qwIUuFWkRKS9ulBDix3vZxDK4cwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPnymB+zcYUCkYVhVIXXmSECQseCMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvMS1mS1lIN054aFFLUmhXRlVoZGVaSVFKQ3g0SS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzkvM2MwNzZiLWFlYTEtNGEzMy1hOWU5LTk5MTI4YmY2YTg0
MS8xLzJOUEtMQ01hX2ZPd05WeDNwOHV5SnZnYmRONC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAvBggrBgEFBQcBBwEB/wQgMB4wDAQCAAEwBgMEAk1dWDAO
BAIAAjAIAwYAKhR9wAEwDQYJKoZIhvcNAQELBQADggEBAGIM0eKpmMNfyDDbK5p1
sWVENSIlDgI0HTqsSm2jVh/5YFLtchsxeBCA27plpyrst+xBbRbJnc8V+RF/CnbT
jvLaw3FsF7sEKe3+e4cKf7w1PDPbFzSaixtnq/AvLldiuwmoKZcQDXFaMSGZuEg0
M5Mf5P/rz+KnWhQqmidtbOE1YiesiYRQx7FwHjQjApN+JGfD2ERyMjF85s/CJyki
GqqKEJnuR8Z8DEXTS7m6YtZSvajIb1pMJbfa5leNCKRIXVt7ZidfmLeOMlqu5SKc
bsnaIzRW+DUlD4XB/LKEX2VMA9pxNXdwrU9Ejqjq7IukdIjqXK2Sa6ds+v72YF2p
w+k=
-----END CERTIFICATE-----