Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/qpT2fz7gBHouwLsuowbAYvgg-Ig.roa
File:                     qpT2fz7gBHouwLsuowbAYvgg-Ig.roa (raw, json)
Hash identifier:          o0L42Hh+TFiS6tacfIvRtxQ2lA2AeiIQCwPGgLIErJk=
Subject key identifier:   AA:94:F6:7F:3E:E0:04:7A:2E:C0:BB:2E:A3:06:C0:62:F8:20:F8:88
Certificate issuer:       /CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
Certificate serial:       01979CA539D7AC5BE3110D958F0C629998CD
Authority key identifier: E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/qpT2fz7gBHouwLsuowbAYvgg-Ig.roa
Signing time:             Mon 23 Jun 2025 11:56:03 +0000
ROA not before:           Mon 23 Jun 2025 11:56:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215939
IP address blocks:        77.87.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 01:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9c:a5:39:d7:ac:5b:e3:11:0d:95:8f:0c:62:99:98:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
        Validity
            Not Before: Jun 23 11:56:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa94f67f3ee0047a2ec0bb2ea306c062f820f888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:97:97:23:bb:45:22:5d:f5:3c:25:29:1d:10:
                    71:76:c0:4e:6d:16:b7:03:e4:d7:5d:4a:14:93:c4:
                    08:12:54:64:9b:be:63:bf:f6:3a:96:33:67:95:53:
                    d3:bb:a4:3f:c6:1e:83:63:55:66:a4:50:e4:84:02:
                    b1:99:8e:c4:e2:1f:9e:ca:12:fe:de:f4:32:13:9b:
                    da:1d:76:94:17:94:2c:e4:cd:ad:00:b4:a8:84:fc:
                    55:94:6c:23:3d:f8:d1:79:8b:1d:05:87:1e:a7:ed:
                    b7:e1:1d:a3:23:6c:96:93:d0:30:ce:74:9d:55:17:
                    22:44:59:9f:df:0c:5b:d1:7b:6d:e3:81:d3:1c:8f:
                    02:72:b0:79:71:b8:a7:70:84:0f:05:14:e9:3d:99:
                    b3:92:10:52:46:6b:62:b6:b2:97:b2:8c:ce:7c:43:
                    50:5d:a7:b4:e0:02:80:5c:36:8b:ce:28:9f:4c:87:
                    06:d9:e0:32:b1:3d:a4:f8:5b:f4:aa:22:68:b3:db:
                    2f:94:dc:06:48:67:5b:e9:64:f5:c2:3c:05:0e:b7:
                    2e:50:52:86:26:78:02:04:ea:be:2b:e6:45:65:e7:
                    d5:e5:c9:9d:9f:01:dd:1a:5a:75:87:f4:94:49:55:
                    06:fc:ae:cb:f0:7a:05:f1:1c:bd:74:d3:5f:12:d3:
                    51:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:94:F6:7F:3E:E0:04:7A:2E:C0:BB:2E:A3:06:C0:62:F8:20:F8:88
            X509v3 Authority Key Identifier:
                keyid:E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/qpT2fz7gBHouwLsuowbAYvgg-Ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:e0:63:3c:73:c3:1e:3a:4e:d6:c8:92:61:f8:ea:6b:60:72:
         a8:9b:26:5f:43:fe:2d:96:cf:e4:d3:89:30:2e:da:80:78:ff:
         fe:32:87:34:c8:83:a1:3b:e7:f8:ea:de:45:ba:ab:3f:bc:76:
         23:ce:40:1c:20:a6:db:68:66:a7:fa:76:c5:37:38:96:05:1c:
         8c:d1:29:2c:a5:dd:42:55:92:6f:d1:4c:be:8c:33:b2:19:a3:
         b8:b7:72:2d:0c:9c:8f:2c:42:aa:26:20:35:fd:87:26:cb:24:
         86:49:0f:d1:81:34:46:7b:99:96:a2:34:a4:6b:05:43:7d:0f:
         98:ef:1b:73:de:7b:c4:7a:74:18:98:67:14:3d:08:69:f7:5f:
         69:55:0d:c5:07:a8:a1:f6:b1:ee:5c:58:b9:4e:06:6a:9c:ba:
         da:8b:bd:1a:ca:db:19:be:74:a7:e4:6b:e2:62:0a:58:3d:95:
         25:b9:6f:09:60:f0:90:f9:4e:9b:46:65:a6:9a:eb:8f:f5:0f:
         f8:0c:07:1a:44:ec:d4:a3:c8:0c:b3:e5:c3:c5:24:44:46:dc:
         a1:6a:82:a0:3c:29:81:f7:18:e5:16:dd:51:67:2d:61:4a:a8:
         a7:77:a4:17:19:6e:e5:3c:f3:e2:a1:f8:bc:50:f1:ce:10:46:
         65:37:18:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZecpTnXrFvjEQ2VjwximZjNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YzJlMGQzZmRjMjE1YTM4OWM3MDQzY2E1YTFhMDZiZTJj
NTU4ZWYwHhcNMjUwNjIzMTE1NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTk0ZjY3ZjNlZTAwNDdhMmVjMGJiMmVhMzA2YzA2MmY4MjBmODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspeXI7tFIl31PCUpHRBxdsBObRa3
A+TXXUoUk8QIElRkm75jv/Y6ljNnlVPTu6Q/xh6DY1VmpFDkhAKxmY7E4h+eyhL+
3vQyE5vaHXaUF5Qs5M2tALSohPxVlGwjPfjReYsdBYcep+234R2jI2yWk9AwznSd
VRciRFmf3wxb0Xtt44HTHI8CcrB5cbincIQPBRTpPZmzkhBSRmtitrKXsozOfENQ
Xae04AKAXDaLziifTIcG2eAysT2k+Fv0qiJos9svlNwGSGdb6WT1wjwFDrcuUFKG
JngCBOq+K+ZFZefV5cmdnwHdGlp1h/SUSVUG/K7L8HoF8Ry9dNNfEtNRLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqU9n8+4AR6LsC7LqMGwGL4IPiIMB8GA1UdIwQY
MBaAFObC4NP9whWjiccEPKWhoGvixVjvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQt
ZjNlMDUyYmFiMTQ0LzEvcXBUMmZ6N2dCSG91d0xzdW93YkFZdmdnLUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQtZjNlMDUyYmFiMTQ0
LzEvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVd7MA0G
CSqGSIb3DQEBCwUAA4IBAQBJ4GM8c8MeOk7WyJJh+OprYHKomyZfQ/4tls/k04kw
LtqAeP/+Moc0yIOhO+f46t5Fuqs/vHYjzkAcIKbbaGan+nbFNziWBRyM0Skspd1C
VZJv0Uy+jDOyGaO4t3ItDJyPLEKqJiA1/YcmyySGSQ/RgTRGe5mWojSkawVDfQ+Y
7xtz3nvEenQYmGcUPQhp919pVQ3FB6ih9rHuXFi5TgZqnLrai70aytsZvnSn5Gvi
YgpYPZUluW8JYPCQ+U6bRmWmmuuP9Q/4DAcaROzUo8gMs+XDxSRERtyhaoKgPCmB
9xjlFt1RZy1hSqind6QXGW7lPPPiofi8UPHOEEZlNxiM
-----END CERTIFICATE-----