Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/7YxrmczVFpaeBMBQOkdecPyU13g.roa
File:                     7YxrmczVFpaeBMBQOkdecPyU13g.roa (raw, json)
Hash identifier:          ldyrR2pk0wwrAcATlluvhy35oOBdxvxckCQpFcLrUa0=
Subject key identifier:   ED:8C:6B:99:CC:D5:16:96:9E:04:C0:50:3A:47:5E:70:FC:94:D7:78
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       0198B6B04EC8F9D1BD1F95E290BE2FD9CC68
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/7YxrmczVFpaeBMBQOkdecPyU13g.roa
Signing time:             Sun 17 Aug 2025 06:21:04 +0000
ROA not before:           Sun 17 Aug 2025 06:21:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63150
IP address blocks:        77.93.89.0/24 maxlen: 24
                          77.93.90.0/24 maxlen: 24
                          2a14:7dc0:200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b6:b0:4e:c8:f9:d1:bd:1f:95:e2:90:be:2f:d9:cc:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Aug 17 06:21:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed8c6b99ccd516969e04c0503a475e70fc94d778
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f2:fe:13:f3:26:4e:5a:67:e1:b7:c4:fa:df:
                    27:7f:02:0b:91:54:18:91:cc:0b:06:f0:a6:85:e4:
                    f3:01:31:aa:f9:de:75:4b:42:8d:69:9e:7a:f3:df:
                    c2:e9:a6:89:ce:6b:bc:70:47:89:37:ad:ad:2d:44:
                    55:85:96:87:a4:44:64:aa:2c:eb:a9:ed:6e:fc:ab:
                    d4:ef:dd:3d:13:08:1e:75:bd:72:75:82:7d:79:dc:
                    25:71:0a:6a:4b:dd:7d:d9:a6:07:96:7d:a7:da:b6:
                    4f:ac:7e:d8:6a:0d:92:32:a8:25:31:8d:31:1c:e9:
                    3d:a0:2b:22:cc:b9:7d:83:b5:1e:e6:f2:a4:d1:ff:
                    25:59:fe:51:4e:a8:c4:bd:c3:2b:8c:4d:93:8e:83:
                    2d:96:5a:04:88:52:47:d9:db:91:4e:43:37:87:82:
                    a0:6b:7f:cb:f4:fd:63:d8:96:57:87:ac:dd:52:6b:
                    30:6e:7c:b5:e5:2e:fd:0c:d5:67:85:2c:40:89:94:
                    43:15:c2:b4:71:98:98:14:fa:a5:03:37:1b:fd:9c:
                    e5:25:5c:b0:02:ba:94:29:d5:65:2f:9b:77:37:77:
                    97:a2:3e:18:bf:40:aa:17:90:bc:0a:4b:46:61:64:
                    38:70:67:0b:ea:84:bd:25:47:4f:ba:bf:75:8c:67:
                    ba:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:8C:6B:99:CC:D5:16:96:9E:04:C0:50:3A:47:5E:70:FC:94:D7:78
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/7YxrmczVFpaeBMBQOkdecPyU13g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.89.0-77.93.90.255
                IPv6:
                  2a14:7dc0:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         32:6e:51:94:b1:ef:d4:e5:de:98:39:34:d1:4e:82:e7:41:f5:
         26:1a:a2:9c:e5:d8:1c:9f:99:32:71:95:29:6a:e2:ab:51:b4:
         f9:0e:06:c4:43:c4:db:ae:bb:c7:45:a8:b7:74:e5:4e:51:c7:
         f3:8b:34:c9:6a:8c:7a:d7:21:4f:d1:b6:1b:d0:d8:12:8d:28:
         17:74:a2:7a:04:2f:34:36:3d:cf:14:94:d2:a5:01:86:12:ff:
         e1:19:81:83:aa:82:85:46:50:58:68:80:dc:be:ef:34:51:d9:
         dd:76:06:29:22:d7:75:01:2e:73:e6:fa:f2:b3:bb:49:39:23:
         4a:9f:3b:8f:fd:f0:37:68:71:a9:13:73:21:55:a6:e4:77:87:
         de:bd:39:a0:88:31:53:50:db:ab:28:ff:a5:fd:47:21:18:12:
         2a:06:53:16:eb:26:04:74:7f:77:6b:5d:eb:c0:9b:6b:5f:bd:
         5e:e2:e7:10:a5:6d:7f:77:73:d9:1b:2c:c2:90:fc:67:50:9b:
         7a:7b:78:7e:c3:0a:79:8b:3c:9e:e7:1b:f4:4f:1e:de:4c:01:
         45:7e:be:86:89:4a:1c:93:c1:53:9a:02:bc:a2:b4:b2:f9:aa:
         26:59:5d:48:f0:3f:db:50:0d:ba:42:44:b9:bd:56:54:64:0a:
         02:94:c8:1f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZi2sE7I+dG9H5XikL4v2cxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjUwODE3MDYyMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDhjNmI5OWNjZDUxNjk2OWUwNGMwNTAzYTQ3NWU3MGZjOTRkNzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPL+E/MmTlpn4bfE+t8nfwILkVQY
kcwLBvCmheTzATGq+d51S0KNaZ5689/C6aaJzmu8cEeJN62tLURVhZaHpERkqizr
qe1u/KvU7909Ewgedb1ydYJ9edwlcQpqS9192aYHln2n2rZPrH7Yag2SMqglMY0x
HOk9oCsizLl9g7Ue5vKk0f8lWf5RTqjEvcMrjE2TjoMtlloEiFJH2duRTkM3h4Kg
a3/L9P1j2JZXh6zdUmswbny15S79DNVnhSxAiZRDFcK0cZiYFPqlAzcb/ZzlJVyw
ArqUKdVlL5t3N3eXoj4Yv0CqF5C8CktGYWQ4cGcL6oS9JUdPur91jGe6QQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFO2Ma5nM1RaWngTAUDpHXnD8lNd4MB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvN1l4cm1jelZGcGFlQk1CUU9rZGVjUHlVMTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBABNXVkD
BABNXVowDgQCAAIwCAMGACoUfcACMA0GCSqGSIb3DQEBCwUAA4IBAQAyblGUse/U
5d6YOTTRToLnQfUmGqKc5dgcn5kycZUpauKrUbT5DgbEQ8TbrrvHRai3dOVOUcfz
izTJaox61yFP0bYb0NgSjSgXdKJ6BC80Nj3PFJTSpQGGEv/hGYGDqoKFRlBYaIDc
vu80UdnddgYpItd1AS5z5vrys7tJOSNKnzuP/fA3aHGpE3MhVabkd4fevTmgiDFT
UNurKP+l/UchGBIqBlMW6yYEdH93a13rwJtrX71e4ucQpW1/d3PZGyzCkPxnUJt6
e3h+wwp5izye5xv0Tx7eTAFFfr6GiUock8FTmgK8orSy+aomWV1I8D/bUA26QkS5
vVZUZAoClMgf
-----END CERTIFICATE-----