Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/493ab8-54c4-42f5-b4af-ddb35b1abad5/1/Wqa4SsP2h_ssNFKOjNzf7n1D1Oc.roa
File:                     Wqa4SsP2h_ssNFKOjNzf7n1D1Oc.roa (raw, json)
Hash identifier:          r8Od7aNV9w5qxKZEsiTyK8JnMXxLB2GhaVrqj9OwkeA=
Subject key identifier:   5A:A6:B8:4A:C3:F6:87:FB:2C:34:52:8E:8C:DC:DF:EE:7D:43:D4:E7
Certificate issuer:       /CN=77c7dd25ca5fb1dc913c2ffb916fa22fb8610b78
Certificate serial:       0199E1FD4D80632991C021EB481C1E979EC3
Authority key identifier: 77:C7:DD:25:CA:5F:B1:DC:91:3C:2F:FB:91:6F:A2:2F:B8:61:0B:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d8fdJcpfsdyRPC_7kW-iL7hhC3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/493ab8-54c4-42f5-b4af-ddb35b1abad5/1/Wqa4SsP2h_ssNFKOjNzf7n1D1Oc.roa
Signing time:             Tue 14 Oct 2025 09:11:38 +0000
ROA not before:           Tue 14 Oct 2025 09:11:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40339
IP address blocks:        81.16.184.0/21 maxlen: 24
                          194.62.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/493ab8-54c4-42f5-b4af-ddb35b1abad5/1/d8fdJcpfsdyRPC_7kW-iL7hhC3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/493ab8-54c4-42f5-b4af-ddb35b1abad5/1/d8fdJcpfsdyRPC_7kW-iL7hhC3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d8fdJcpfsdyRPC_7kW-iL7hhC3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e1:fd:4d:80:63:29:91:c0:21:eb:48:1c:1e:97:9e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77c7dd25ca5fb1dc913c2ffb916fa22fb8610b78
        Validity
            Not Before: Oct 14 09:11:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5aa6b84ac3f687fb2c34528e8cdcdfee7d43d4e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1e:a9:b7:64:d9:85:1a:1d:aa:0c:41:6a:06:
                    b3:71:a6:45:d0:f5:96:33:18:eb:d4:76:ee:55:07:
                    1c:95:83:86:ce:7e:47:89:85:07:9a:c0:a1:02:72:
                    95:ec:61:f4:ed:13:e6:3b:59:0b:95:71:7f:e3:75:
                    ab:a9:f8:d4:2b:9f:8c:4f:29:59:9f:e2:bd:db:3c:
                    44:57:4f:cd:9d:8a:a8:10:5f:45:94:fd:e3:f7:ec:
                    cb:50:06:5b:64:1a:99:1c:83:fc:77:05:5c:84:c2:
                    77:42:04:c6:a2:17:fe:92:45:53:0c:62:14:ab:53:
                    25:04:4d:ba:23:02:d0:5c:3c:58:a0:d7:92:01:1b:
                    40:86:75:f9:2d:dc:9d:da:14:41:be:f0:1c:f3:3c:
                    ad:d4:be:fa:4f:6e:60:b7:a7:78:4d:62:5a:5a:55:
                    c4:bf:dc:a4:e4:e2:eb:91:32:2c:b8:81:87:6e:c8:
                    a5:44:15:e2:b3:57:e9:b6:84:d9:1b:44:5d:c3:24:
                    e9:37:73:cf:15:8a:17:bc:7b:3a:e4:3b:f9:f6:51:
                    6a:91:e0:1b:06:da:26:93:1a:b8:81:28:9d:db:59:
                    88:7b:f5:45:08:f2:cd:90:ed:81:34:4a:51:a7:88:
                    7f:36:37:7e:86:fb:7b:18:06:19:e7:b7:24:15:c9:
                    cf:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:A6:B8:4A:C3:F6:87:FB:2C:34:52:8E:8C:DC:DF:EE:7D:43:D4:E7
            X509v3 Authority Key Identifier:
                keyid:77:C7:DD:25:CA:5F:B1:DC:91:3C:2F:FB:91:6F:A2:2F:B8:61:0B:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8fdJcpfsdyRPC_7kW-iL7hhC3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/493ab8-54c4-42f5-b4af-ddb35b1abad5/1/Wqa4SsP2h_ssNFKOjNzf7n1D1Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/493ab8-54c4-42f5-b4af-ddb35b1abad5/1/d8fdJcpfsdyRPC_7kW-iL7hhC3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.16.184.0/21
                  194.62.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:6b:4c:3f:4b:4d:45:70:bf:c5:12:99:75:be:0b:90:38:24:
         7c:9c:2d:c2:e0:52:00:41:85:12:df:56:b0:1c:e6:26:67:9c:
         2e:b8:de:61:32:09:1f:bb:90:d1:d6:33:c9:dc:06:75:43:d0:
         7c:57:20:bd:8d:36:e7:c2:85:41:e0:c6:11:88:c3:83:46:21:
         b0:76:3c:29:4e:f6:1b:1b:35:b8:95:a7:70:37:c8:bd:bc:e7:
         96:80:76:a5:da:63:52:0e:62:bc:3e:04:2d:27:01:7a:c0:b7:
         52:fa:30:12:35:43:2a:39:6f:19:7e:99:e3:65:6d:d4:8c:e1:
         cb:52:4e:d5:b2:f6:5a:bc:0c:6a:5e:3b:76:ee:26:9a:f4:5f:
         7b:94:0d:e8:48:42:ea:c8:76:58:54:fa:13:7c:9f:8a:31:e5:
         c4:b4:cb:c4:01:7b:75:98:3e:25:01:a2:2d:67:e6:c2:75:52:
         d8:62:58:40:12:8c:ad:07:df:83:5c:8d:0c:4f:88:94:76:43:
         fb:02:ff:fa:6d:93:f9:c0:85:b8:a9:7b:95:ee:3c:3a:24:0d:
         5a:7b:e8:34:0b:fd:93:c7:c2:26:7b:c7:0c:e0:d1:3b:82:2d:
         18:a9:93:2b:bf:b9:09:3b:a8:ed:34:ef:66:6b:c0:80:0a:9a:
         c1:75:f7:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnh/U2AYymRwCHrSBwel57DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YzdkZDI1Y2E1ZmIxZGM5MTNjMmZmYjkxNmZhMjJmYjg2
MTBiNzgwHhcNMjUxMDE0MDkxMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWE2Yjg0YWMzZjY4N2ZiMmMzNDUyOGU4Y2RjZGZlZTdkNDNkNGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvB6pt2TZhRodqgxBagazcaZF0PWW
Mxjr1HbuVQcclYOGzn5HiYUHmsChAnKV7GH07RPmO1kLlXF/43WrqfjUK5+MTylZ
n+K92zxEV0/NnYqoEF9FlP3j9+zLUAZbZBqZHIP8dwVchMJ3QgTGohf+kkVTDGIU
q1MlBE26IwLQXDxYoNeSARtAhnX5Ldyd2hRBvvAc8zyt1L76T25gt6d4TWJaWlXE
v9yk5OLrkTIsuIGHbsilRBXis1fptoTZG0RdwyTpN3PPFYoXvHs65Dv59lFqkeAb
Btomkxq4gSid21mIe/VFCPLNkO2BNEpRp4h/Njd+hvt7GAYZ57ckFcnPxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFqmuErD9of7LDRSjozc3+59Q9TnMB8GA1UdIwQY
MBaAFHfH3SXKX7HckTwv+5Fvoi+4YQt4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDhmZEpjcGZzZHlSUENfN2tXLWlMN2hoQzNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC80OTNhYjgtNTRjNC00MmY1LWI0YWYt
ZGRiMzViMWFiYWQ1LzEvV3FhNFNzUDJoX3NzTkZLT2pOemY3bjFEMU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC80OTNhYjgtNTRjNC00MmY1LWI0YWYtZGRiMzViMWFiYWQ1
LzEvZDhmZEpjcGZzZHlSUENfN2tXLWlMN2hoQzNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDURC4AwQC
wj70MA0GCSqGSIb3DQEBCwUAA4IBAQBca0w/S01FcL/FEpl1vguQOCR8nC3C4FIA
QYUS31awHOYmZ5wuuN5hMgkfu5DR1jPJ3AZ1Q9B8VyC9jTbnwoVB4MYRiMODRiGw
djwpTvYbGzW4ladwN8i9vOeWgHal2mNSDmK8PgQtJwF6wLdS+jASNUMqOW8Zfpnj
ZW3UjOHLUk7VsvZavAxqXjt27iaa9F97lA3oSELqyHZYVPoTfJ+KMeXEtMvEAXt1
mD4lAaItZ+bCdVLYYlhAEoytB9+DXI0MT4iUdkP7Av/6bZP5wIW4qXuV7jw6JA1a
e+g0C/2Tx8Ime8cM4NE7gi0YqZMrv7kJO6jtNO9ma8CACprBdffD
-----END CERTIFICATE-----