Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/e7df1b-7abb-45fb-babe-d2af1cc3fa31/1/Rm4G8KwJAms34HdBJGkkvyGyVeo.roa
File:                     Rm4G8KwJAms34HdBJGkkvyGyVeo.roa (raw, json)
Hash identifier:          /H/EXJlnlnkPcjJyZSTq8hc9wXqmJ/nwbv9HzKcNsm0=
Subject key identifier:   46:6E:06:F0:AC:09:02:6B:37:E0:77:41:24:69:24:BF:21:B2:55:EA
Certificate issuer:       /CN=10f9bd1c716fd2e95ac9d61075d709621ae80600
Certificate serial:       0196802BB571D5FD61C45B4F036144EC8F80
Authority key identifier: 10:F9:BD:1C:71:6F:D2:E9:5A:C9:D6:10:75:D7:09:62:1A:E8:06:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EPm9HHFv0ulaydYQddcJYhroBgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/e7df1b-7abb-45fb-babe-d2af1cc3fa31/1/Rm4G8KwJAms34HdBJGkkvyGyVeo.roa
Signing time:             Tue 29 Apr 2025 06:11:10 +0000
ROA not before:           Tue 29 Apr 2025 06:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42621
IP address blocks:        77.105.64.0/18 maxlen: 18
                          185.138.48.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/e7df1b-7abb-45fb-babe-d2af1cc3fa31/1/EPm9HHFv0ulaydYQddcJYhroBgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/e7df1b-7abb-45fb-babe-d2af1cc3fa31/1/EPm9HHFv0ulaydYQddcJYhroBgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EPm9HHFv0ulaydYQddcJYhroBgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 04 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:80:2b:b5:71:d5:fd:61:c4:5b:4f:03:61:44:ec:8f:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10f9bd1c716fd2e95ac9d61075d709621ae80600
        Validity
            Not Before: Apr 29 06:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=466e06f0ac09026b37e07741246924bf21b255ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ad:88:c9:7d:a3:59:ee:19:8a:ce:b7:29:ea:
                    60:74:ae:39:3a:63:4d:52:a8:a8:aa:1b:89:e0:16:
                    6b:02:83:04:35:dd:38:ee:f3:be:d0:74:4d:68:14:
                    ca:4d:93:cb:12:8b:d9:bc:98:e1:37:dd:29:8f:73:
                    0d:51:0a:e2:d8:42:7e:72:d4:a8:eb:b6:b5:04:52:
                    a5:04:c3:0e:99:0f:a3:d5:ee:db:bc:3c:09:41:d3:
                    a1:a4:7f:58:a0:09:dc:ba:c2:a3:d1:13:28:17:8f:
                    9b:39:ae:b6:d0:21:95:e1:92:aa:44:61:1d:43:4c:
                    df:09:46:63:96:14:da:c5:11:0b:ba:48:f0:58:95:
                    79:ea:0e:93:7c:d6:c0:0d:07:3d:5a:61:2b:1b:ee:
                    a1:ab:b9:91:13:26:a4:2b:c9:34:df:4e:00:96:b0:
                    4d:4f:71:20:70:4c:57:06:8d:84:a7:fb:89:cf:34:
                    89:fd:4d:6a:04:11:4f:3a:74:9c:fd:6b:1f:5d:d5:
                    5a:95:1b:9e:1b:c5:7c:63:46:bd:88:df:95:b7:be:
                    6f:49:99:63:92:25:98:09:b0:ab:e7:31:f0:19:a4:
                    8f:3c:67:d5:40:4d:fb:80:38:16:d6:22:66:17:66:
                    d2:ff:56:b4:1d:21:2b:0c:85:71:fe:65:f1:00:30:
                    be:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:6E:06:F0:AC:09:02:6B:37:E0:77:41:24:69:24:BF:21:B2:55:EA
            X509v3 Authority Key Identifier:
                keyid:10:F9:BD:1C:71:6F:D2:E9:5A:C9:D6:10:75:D7:09:62:1A:E8:06:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EPm9HHFv0ulaydYQddcJYhroBgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e7df1b-7abb-45fb-babe-d2af1cc3fa31/1/Rm4G8KwJAms34HdBJGkkvyGyVeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e7df1b-7abb-45fb-babe-d2af1cc3fa31/1/EPm9HHFv0ulaydYQddcJYhroBgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.64.0/18
                  185.138.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:fa:29:21:dc:9d:34:d7:da:5e:41:c4:cc:1e:99:8a:57:a3:
         42:7b:d9:d8:fb:9a:14:b1:27:ea:63:44:f8:e5:fe:e3:3b:e1:
         a3:5d:2b:5d:ce:01:f6:21:d2:04:0b:8e:41:90:17:6c:0c:6f:
         89:10:ef:c8:1f:51:2a:e9:c1:6b:d6:03:c4:ce:21:dd:15:bc:
         b5:01:8c:0b:e6:21:80:d4:83:cc:bb:7a:b9:44:0d:31:1c:94:
         03:a0:08:08:e2:88:a8:ff:28:1c:0e:cb:61:2e:81:14:1d:1e:
         0a:11:94:f5:a7:84:a9:62:95:5a:c5:78:4b:77:f9:af:d4:78:
         d0:fc:85:4e:d1:4f:16:19:8b:4f:4f:af:da:9d:1e:31:57:f4:
         9f:4a:d9:2a:76:11:c6:2c:72:5c:ef:ef:10:d6:26:2a:84:ab:
         be:f3:1d:3b:81:10:6e:fd:f3:68:5f:2a:af:e1:b5:86:68:87:
         ed:23:d0:20:e4:0a:e9:eb:88:30:01:e9:3a:3e:1d:1e:76:23:
         04:b1:e3:32:e8:15:17:aa:8c:67:6d:eb:06:f5:8e:8e:8c:24:
         b1:e9:37:75:7b:9f:aa:88:93:a3:f3:ce:86:e5:e6:13:45:35:
         08:ea:06:f8:b4:86:ac:f3:df:f3:cd:01:59:5f:70:c0:85:bd:
         00:cb:37:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaAK7Vx1f1hxFtPA2FE7I+AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZjliZDFjNzE2ZmQyZTk1YWM5ZDYxMDc1ZDcwOTYyMWFl
ODA2MDAwHhcNMjUwNDI5MDYxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjZlMDZmMGFjMDkwMjZiMzdlMDc3NDEyNDY5MjRiZjIxYjI1NWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxq2IyX2jWe4Zis63KepgdK45OmNN
UqioqhuJ4BZrAoMENd047vO+0HRNaBTKTZPLEovZvJjhN90pj3MNUQri2EJ+ctSo
67a1BFKlBMMOmQ+j1e7bvDwJQdOhpH9YoAncusKj0RMoF4+bOa620CGV4ZKqRGEd
Q0zfCUZjlhTaxRELukjwWJV56g6TfNbADQc9WmErG+6hq7mREyakK8k0304AlrBN
T3EgcExXBo2Ep/uJzzSJ/U1qBBFPOnSc/WsfXdValRueG8V8Y0a9iN+Vt75vSZlj
kiWYCbCr5zHwGaSPPGfVQE37gDgW1iJmF2bS/1a0HSErDIVx/mXxADC+1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEZuBvCsCQJrN+B3QSRpJL8hslXqMB8GA1UdIwQY
MBaAFBD5vRxxb9LpWsnWEHXXCWIa6AYAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVBtOUhIRnYwdWxheWRZUWRkY0pZaHJvQmdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9lN2RmMWItN2FiYi00NWZiLWJhYmUt
ZDJhZjFjYzNmYTMxLzEvUm00RzhLd0pBbXMzNEhkQkpHa2t2eUd5VmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9lN2RmMWItN2FiYi00NWZiLWJhYmUtZDJhZjFjYzNmYTMx
LzEvRVBtOUhIRnYwdWxheWRZUWRkY0pZaHJvQmdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGTWlAAwQC
uYowMA0GCSqGSIb3DQEBCwUAA4IBAQCW+ikh3J0019peQcTMHpmKV6NCe9nY+5oU
sSfqY0T45f7jO+GjXStdzgH2IdIEC45BkBdsDG+JEO/IH1Eq6cFr1gPEziHdFby1
AYwL5iGA1IPMu3q5RA0xHJQDoAgI4oio/ygcDsthLoEUHR4KEZT1p4SpYpVaxXhL
d/mv1HjQ/IVO0U8WGYtPT6/anR4xV/SfStkqdhHGLHJc7+8Q1iYqhKu+8x07gRBu
/fNoXyqv4bWGaIftI9Ag5Arp64gwAek6Ph0ediMEseMy6BUXqoxnbesG9Y6OjCSx
6Td1e5+qiJOj886G5eYTRTUI6gb4tIas89/zzQFZX3DAhb0AyzdZ
-----END CERTIFICATE-----