Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/6ce53c-7670-47a7-81ae-54c0ae6176d4/1/2IggjZcKQnsJ27bFYIHqEpYv-GQ.roa
File:                     2IggjZcKQnsJ27bFYIHqEpYv-GQ.roa (raw, json)
Hash identifier:          QiDI9ap52s0p2XMZDDr7ZxsLONOENyLmIWJ6ECFI2k0=
Subject key identifier:   D8:88:20:8D:97:0A:42:7B:09:DB:B6:C5:60:81:EA:12:96:2F:F8:64
Certificate issuer:       /CN=77c8d94bdf37e0f900cd6a8c422cdb14d97ceb46
Certificate serial:       0198C189189097C506D81684F1EBBD98688F
Authority key identifier: 77:C8:D9:4B:DF:37:E0:F9:00:CD:6A:8C:42:2C:DB:14:D9:7C:EB:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d8jZS9834PkAzWqMQizbFNl860Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/6ce53c-7670-47a7-81ae-54c0ae6176d4/1/2IggjZcKQnsJ27bFYIHqEpYv-GQ.roa
Signing time:             Tue 19 Aug 2025 08:54:04 +0000
ROA not before:           Tue 19 Aug 2025 08:54:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        194.53.16.0/20 maxlen: 24
                          194.53.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/6ce53c-7670-47a7-81ae-54c0ae6176d4/1/d8jZS9834PkAzWqMQizbFNl860Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/6ce53c-7670-47a7-81ae-54c0ae6176d4/1/d8jZS9834PkAzWqMQizbFNl860Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d8jZS9834PkAzWqMQizbFNl860Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c1:89:18:90:97:c5:06:d8:16:84:f1:eb:bd:98:68:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77c8d94bdf37e0f900cd6a8c422cdb14d97ceb46
        Validity
            Not Before: Aug 19 08:54:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d888208d970a427b09dbb6c56081ea12962ff864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ed:ed:f1:72:d1:a2:e3:a2:15:d5:60:f3:41:
                    33:a1:0b:da:75:6d:29:66:e0:06:9f:12:69:a0:3c:
                    6d:ae:74:3a:a4:1a:59:7e:fe:0d:e6:f5:25:3f:d9:
                    36:4b:68:61:fd:49:ff:9c:5d:ed:11:fb:50:79:df:
                    b4:c6:2b:09:f5:bf:1a:b2:3c:b4:9a:a2:04:67:8d:
                    b6:59:d9:34:f2:37:a9:c1:0c:77:88:64:06:2e:1b:
                    f1:e1:63:6d:e8:24:e9:fe:e2:5a:a5:c4:e3:a8:d3:
                    41:7f:1a:ef:bc:1f:9e:67:7f:f7:49:16:62:47:7b:
                    5a:f4:92:d1:89:01:3c:97:54:9e:7e:15:92:05:8f:
                    b3:2e:94:3b:1f:dc:ec:fc:4f:43:71:6d:2a:46:34:
                    e4:0b:98:17:49:46:d5:18:25:92:7c:21:ee:0e:22:
                    4e:70:c6:3c:41:8f:ae:83:60:5d:86:2b:5c:ad:45:
                    4f:f0:71:84:60:41:1b:01:62:35:20:a8:b5:b8:1f:
                    16:31:28:d4:92:13:db:09:47:ab:36:f3:c0:8f:a7:
                    08:b9:61:ec:43:ef:ec:a0:43:15:a5:4b:64:75:8d:
                    f0:60:22:91:65:be:78:55:26:4e:fa:4d:72:52:51:
                    0e:23:91:8a:b7:a8:2b:ce:f7:13:a8:94:4c:db:0e:
                    8f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:88:20:8D:97:0A:42:7B:09:DB:B6:C5:60:81:EA:12:96:2F:F8:64
            X509v3 Authority Key Identifier:
                keyid:77:C8:D9:4B:DF:37:E0:F9:00:CD:6A:8C:42:2C:DB:14:D9:7C:EB:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8jZS9834PkAzWqMQizbFNl860Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6ce53c-7670-47a7-81ae-54c0ae6176d4/1/2IggjZcKQnsJ27bFYIHqEpYv-GQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6ce53c-7670-47a7-81ae-54c0ae6176d4/1/d8jZS9834PkAzWqMQizbFNl860Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         72:3f:41:7f:31:e2:4b:5b:f6:44:5a:a8:b3:8b:9e:e9:41:55:
         1d:00:42:36:11:cc:01:bb:9c:6d:ee:8a:f1:4a:fa:e5:16:7f:
         d6:20:e9:2c:64:0a:06:ff:d6:44:13:73:d1:14:86:cd:e8:61:
         7a:4d:96:be:d6:2f:0b:fb:d8:73:b2:f3:3f:a2:3a:b6:f6:17:
         72:3b:6d:84:0f:5b:40:8a:b8:b8:8a:96:d9:2a:ab:4d:d8:a7:
         ab:95:ac:db:8c:85:7f:fe:21:b3:dc:a9:84:0c:c5:02:00:dc:
         20:fc:c5:8d:81:31:22:db:41:f6:b5:9d:72:0a:ff:59:3e:a4:
         33:0e:2e:7a:42:66:a2:7a:73:46:9f:51:2d:16:61:28:be:14:
         c4:83:80:73:df:f2:b6:c8:cc:7f:ec:16:68:c2:3d:e4:37:7f:
         ac:55:d1:ca:e9:91:7c:c2:42:ae:6c:2a:0d:42:59:2a:be:d2:
         9a:d3:57:9c:7d:ba:32:b4:1b:8d:6a:58:23:57:e6:da:7d:96:
         4c:1a:9b:52:c9:52:39:94:51:6d:a7:f5:89:89:99:1a:d1:b4:
         9f:5a:69:f9:88:8f:d6:40:fb:9d:8b:e2:9d:4a:d1:96:62:33:
         5b:70:7e:a5:74:23:17:53:e3:d9:bb:82:cd:09:a7:74:8b:ce:
         43:08:31:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjBiRiQl8UG2BaE8eu9mGiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YzhkOTRiZGYzN2UwZjkwMGNkNmE4YzQyMmNkYjE0ZDk3
Y2ViNDYwHhcNMjUwODE5MDg1NDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODg4MjA4ZDk3MGE0MjdiMDlkYmI2YzU2MDgxZWExMjk2MmZmODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+3t8XLRouOiFdVg80EzoQvadW0p
ZuAGnxJpoDxtrnQ6pBpZfv4N5vUlP9k2S2hh/Un/nF3tEftQed+0xisJ9b8asjy0
mqIEZ422Wdk08jepwQx3iGQGLhvx4WNt6CTp/uJapcTjqNNBfxrvvB+eZ3/3SRZi
R3ta9JLRiQE8l1SefhWSBY+zLpQ7H9zs/E9DcW0qRjTkC5gXSUbVGCWSfCHuDiJO
cMY8QY+ug2BdhitcrUVP8HGEYEEbAWI1IKi1uB8WMSjUkhPbCUerNvPAj6cIuWHs
Q+/soEMVpUtkdY3wYCKRZb54VSZO+k1yUlEOI5GKt6grzvcTqJRM2w6PyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNiIII2XCkJ7Cdu2xWCB6hKWL/hkMB8GA1UdIwQY
MBaAFHfI2UvfN+D5AM1qjEIs2xTZfOtGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDhqWlM5ODM0UGtBeldxTVFpemJGTmw4NjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82Y2U1M2MtNzY3MC00N2E3LTgxYWUt
NTRjMGFlNjE3NmQ0LzEvMklnZ2paY0tRbnNKMjdiRllJSHFFcFl2LUdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82Y2U1M2MtNzY3MC00N2E3LTgxYWUtNTRjMGFlNjE3NmQ0
LzEvZDhqWlM5ODM0UGtBeldxTVFpemJGTmw4NjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwjUQMA0G
CSqGSIb3DQEBCwUAA4IBAQByP0F/MeJLW/ZEWqizi57pQVUdAEI2EcwBu5xt7orx
SvrlFn/WIOksZAoG/9ZEE3PRFIbN6GF6TZa+1i8L+9hzsvM/ojq29hdyO22ED1tA
iri4ipbZKqtN2KerlazbjIV//iGz3KmEDMUCANwg/MWNgTEi20H2tZ1yCv9ZPqQz
Di56QmaienNGn1EtFmEovhTEg4Bz3/K2yMx/7BZowj3kN3+sVdHK6ZF8wkKubCoN
QlkqvtKa01ecfboytBuNalgjV+bafZZMGptSyVI5lFFtp/WJiZka0bSfWmn5iI/W
QPudi+KdStGWYjNbcH6ldCMXU+PZu4LNCad0i85DCDGB
-----END CERTIFICATE-----