Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/s9gMsCeIUPKFPmlu1v4Lg4j8vGA.roa
File:                     s9gMsCeIUPKFPmlu1v4Lg4j8vGA.roa (raw, json)
Hash identifier:          Kzy+iwZJ+TEqTOb757p2g/mLDgJAR1tV9cYhl1pM100=
Subject key identifier:   B3:D8:0C:B0:27:88:50:F2:85:3E:69:6E:D6:FE:0B:83:88:FC:BC:60
Certificate issuer:       /CN=07afdcd5e97ac1c102479c954d5f922b126cbc14
Certificate serial:       0199DCAEAA7AD14CF031398C66FE36B03E71
Authority key identifier: 07:AF:DC:D5:E9:7A:C1:C1:02:47:9C:95:4D:5F:92:2B:12:6C:BC:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/s9gMsCeIUPKFPmlu1v4Lg4j8vGA.roa
Signing time:             Mon 13 Oct 2025 08:27:38 +0000
ROA not before:           Mon 13 Oct 2025 08:27:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214475
IP address blocks:        77.237.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dc:ae:aa:7a:d1:4c:f0:31:39:8c:66:fe:36:b0:3e:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07afdcd5e97ac1c102479c954d5f922b126cbc14
        Validity
            Not Before: Oct 13 08:27:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3d80cb0278850f2853e696ed6fe0b8388fcbc60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4d:82:82:67:57:24:7a:11:8f:d5:5c:64:9e:
                    5a:84:a5:fa:0e:d5:b2:90:32:25:ef:b9:50:68:a2:
                    fb:57:f1:a4:f0:5b:a9:33:78:2a:59:41:15:0e:bd:
                    f5:07:b6:7c:86:5f:4b:31:97:09:00:81:eb:43:b4:
                    40:38:b7:8f:72:08:c6:a3:ea:3d:9c:81:32:3a:03:
                    1c:7a:fb:d1:c0:8e:6c:6a:cc:fa:65:e3:af:01:99:
                    5b:45:39:c2:23:59:86:6f:3c:ca:81:db:9e:9d:60:
                    23:3d:40:d1:2a:b4:bc:e2:03:a6:57:11:0d:0a:a5:
                    a2:6e:dd:d2:c0:01:5d:50:35:34:38:9e:a9:f9:eb:
                    f1:a1:24:52:50:a0:82:20:58:8f:72:61:34:88:85:
                    ec:1b:9d:73:77:3e:19:2e:46:f1:eb:20:8f:df:89:
                    4d:f2:ad:09:02:ba:b6:c9:25:04:07:97:d4:c6:81:
                    77:0b:5a:1e:07:e3:30:70:82:32:69:7a:0e:9f:3e:
                    31:a2:f5:b3:5e:4f:d1:b8:3a:1d:85:f3:3b:4e:a7:
                    74:ab:70:f8:75:59:f7:f8:db:9d:3a:a8:f8:06:ad:
                    ad:ab:74:4d:8e:69:1f:b5:27:09:cf:78:23:65:1d:
                    4d:d7:60:99:e1:fd:93:e8:36:a1:4b:b3:d3:9d:0d:
                    7e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D8:0C:B0:27:88:50:F2:85:3E:69:6E:D6:FE:0B:83:88:FC:BC:60
            X509v3 Authority Key Identifier:
                keyid:07:AF:DC:D5:E9:7A:C1:C1:02:47:9C:95:4D:5F:92:2B:12:6C:BC:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6_c1el6wcECR5yVTV-SKxJsvBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/s9gMsCeIUPKFPmlu1v4Lg4j8vGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/0e2744-f646-4429-a25a-ff68517770e4/1/B6_c1el6wcECR5yVTV-SKxJsvBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.237.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:d5:06:d1:bf:4c:42:f2:95:71:68:bc:61:fe:ee:19:16:93:
         41:a8:cf:39:84:5e:6c:50:ba:de:75:3a:8f:d4:91:d0:e8:a2:
         74:f9:5d:d1:59:d7:b9:31:04:4c:e4:2d:82:0e:12:b3:34:80:
         c8:e0:05:f4:f7:2b:73:f2:b2:ba:22:01:09:93:8d:e1:53:e7:
         70:7a:16:e6:11:d3:21:cf:b4:ad:fb:a5:4e:cc:bf:0c:2e:69:
         f1:36:e1:3b:ea:c7:db:ca:45:9d:59:aa:9a:19:7f:64:8d:7e:
         e8:ff:66:74:7e:86:33:7d:3a:40:6d:51:1c:1d:f7:58:d2:36:
         03:cf:b1:f0:00:a7:62:f8:bf:2e:79:a3:b9:83:eb:a3:9d:f9:
         14:bb:7f:62:62:7c:d6:51:bd:2b:be:2a:9d:7c:7e:e5:3f:92:
         cf:cd:f2:2f:7b:43:fe:50:96:fa:58:cb:42:44:d2:53:92:7f:
         1e:03:f3:4b:8e:81:12:7b:e7:fa:60:f4:e7:71:be:a5:b5:a0:
         da:6c:84:a7:a3:2c:ac:55:0d:f7:83:c8:3e:40:09:ed:6d:ea:
         51:79:a1:49:f2:c0:87:59:e0:ba:9f:5d:3c:21:cb:35:06:70:
         98:4b:b4:cc:6a:56:a5:a9:dd:29:77:d7:69:e9:0a:dd:24:0c:
         5e:7f:69:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZncrqp60UzwMTmMZv42sD5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YWZkY2Q1ZTk3YWMxYzEwMjQ3OWM5NTRkNWY5MjJiMTI2
Y2JjMTQwHhcNMjUxMDEzMDgyNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2Q4MGNiMDI3ODg1MGYyODUzZTY5NmVkNmZlMGI4Mzg4ZmNiYzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmU2CgmdXJHoRj9VcZJ5ahKX6DtWy
kDIl77lQaKL7V/Gk8FupM3gqWUEVDr31B7Z8hl9LMZcJAIHrQ7RAOLePcgjGo+o9
nIEyOgMcevvRwI5sasz6ZeOvAZlbRTnCI1mGbzzKgduenWAjPUDRKrS84gOmVxEN
CqWibt3SwAFdUDU0OJ6p+evxoSRSUKCCIFiPcmE0iIXsG51zdz4ZLkbx6yCP34lN
8q0JArq2ySUEB5fUxoF3C1oeB+MwcIIyaXoOnz4xovWzXk/RuDodhfM7Tqd0q3D4
dVn3+NudOqj4Bq2tq3RNjmkftScJz3gjZR1N12CZ4f2T6DahS7PTnQ1+JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPYDLAniFDyhT5pbtb+C4OI/LxgMB8GA1UdIwQY
MBaAFAev3NXpesHBAkeclU1fkisSbLwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZfYzFlbDZ3Y0VDUjV5VlRWLVNLeEpzdkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8wZTI3NDQtZjY0Ni00NDI5LWEyNWEt
ZmY2ODUxNzc3MGU0LzEvczlnTXNDZUlVUEtGUG1sdTF2NExnNGo4dkdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8wZTI3NDQtZjY0Ni00NDI5LWEyNWEtZmY2ODUxNzc3MGU0
LzEvQjZfYzFlbDZ3Y0VDUjV5VlRWLVNLeEpzdkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATe1PMA0G
CSqGSIb3DQEBCwUAA4IBAQA41QbRv0xC8pVxaLxh/u4ZFpNBqM85hF5sULredTqP
1JHQ6KJ0+V3RWde5MQRM5C2CDhKzNIDI4AX09ytz8rK6IgEJk43hU+dwehbmEdMh
z7St+6VOzL8MLmnxNuE76sfbykWdWaqaGX9kjX7o/2Z0foYzfTpAbVEcHfdY0jYD
z7HwAKdi+L8ueaO5g+ujnfkUu39iYnzWUb0rviqdfH7lP5LPzfIve0P+UJb6WMtC
RNJTkn8eA/NLjoESe+f6YPTncb6ltaDabISnoyysVQ33g8g+QAntbepReaFJ8sCH
WeC6n108Ics1BnCYS7TMalalqd0pd9dp6QrdJAxef2nw
-----END CERTIFICATE-----