Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/fEd0Vti58jC0-fEEXRBAAP8Yuo0.roa
File:                     fEd0Vti58jC0-fEEXRBAAP8Yuo0.roa (raw, json)
Hash identifier:          eLkwSzPfGsVAG6TnKc2OEA1DOlwHU5xndoKlrLnM+qY=
Subject key identifier:   7C:47:74:56:D8:B9:F2:30:B4:F9:F1:04:5D:10:40:00:FF:18:BA:8D
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019763A6AFFA2C9374121B62C6DD67BE2137
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/fEd0Vti58jC0-fEEXRBAAP8Yuo0.roa
Signing time:             Thu 12 Jun 2025 10:19:17 +0000
ROA not before:           Thu 12 Jun 2025 10:19:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197437
IP address blocks:        77.65.225.0/24 maxlen: 24
                          178.16.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:a6:af:fa:2c:93:74:12:1b:62:c6:dd:67:be:21:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jun 12 10:19:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c477456d8b9f230b4f9f1045d104000ff18ba8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:fd:ab:41:fe:ee:ab:7a:6e:89:ec:92:82:01:
                    f1:17:e8:1d:d8:66:3b:af:e0:6e:e6:ff:49:af:f6:
                    58:8b:ab:e0:c5:f1:f2:e6:60:ae:96:d8:8e:2a:a5:
                    fa:4a:87:aa:3c:03:f4:18:c1:2d:93:33:ea:81:6d:
                    c6:00:e3:b5:37:2a:c0:f5:f5:bd:68:03:99:2c:d5:
                    4d:53:09:cc:85:e9:ea:bb:74:06:f7:f2:4d:ef:19:
                    91:27:fa:df:45:33:98:9c:74:34:c7:94:1a:85:a9:
                    22:a9:5f:19:5a:e8:26:5f:18:24:c8:4a:e7:44:e7:
                    59:ec:56:c1:cc:18:bc:02:21:09:4b:b4:d1:fa:c0:
                    61:b5:2a:42:26:dd:a9:c1:d4:b8:68:de:da:20:2e:
                    d9:98:c1:63:47:da:cc:05:5b:c0:d3:3e:c8:59:65:
                    a4:cf:5a:b6:1f:78:8b:d2:4a:be:a1:cb:8e:8f:99:
                    48:f6:18:75:ce:2c:37:6d:1d:f0:a3:38:cc:56:80:
                    89:c1:f8:d4:39:0f:0c:4c:33:9e:1c:3b:2a:b6:9e:
                    90:7c:17:b3:52:6f:ec:6f:ad:09:dc:b1:87:87:b6:
                    ca:53:bd:d5:f2:d0:ac:66:49:5b:a0:17:75:4d:c4:
                    b8:91:04:2b:51:a9:26:e2:79:85:3f:93:9c:d8:c9:
                    62:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:47:74:56:D8:B9:F2:30:B4:F9:F1:04:5D:10:40:00:FF:18:BA:8D
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/fEd0Vti58jC0-fEEXRBAAP8Yuo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.225.0/24
                  178.16.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:f5:20:c5:e9:a4:bc:0a:13:9f:81:c4:fe:63:3d:97:29:af:
         f6:ba:a5:48:80:86:1c:28:1e:26:9e:4e:79:5a:05:77:8c:e6:
         40:74:63:dd:26:cb:9a:42:12:8f:bf:13:d0:7e:da:e8:84:9a:
         df:02:a5:1d:07:19:60:75:5c:c3:7f:5e:8c:f1:3e:57:db:85:
         46:1a:83:65:01:c3:69:ad:66:28:dd:36:1c:2c:dc:8f:6f:c4:
         61:b9:c6:46:59:fe:b0:62:3b:07:c1:59:c8:ea:34:c7:b4:b7:
         73:a5:fc:85:0f:78:1f:2d:97:56:70:ad:a1:c6:33:01:e9:1f:
         27:fd:c0:63:a2:d2:b1:8b:37:43:54:0a:4a:94:2e:4e:4c:ff:
         b0:f6:91:71:a4:24:19:f4:76:92:0c:02:e2:f6:27:5f:97:cf:
         16:ba:61:4c:da:fa:16:92:5a:1e:34:67:e8:48:31:0e:d9:9b:
         38:07:99:bb:44:94:a4:c8:d9:9d:fd:51:e6:a3:6f:6a:f6:49:
         bf:43:4a:41:dd:b9:68:65:30:dd:d1:1e:e7:52:1b:04:67:22:
         ef:ec:dd:3c:46:5f:f6:ed:f6:6c:71:a6:8b:ef:1e:ec:d2:68:
         27:a7:df:aa:e6:f3:4a:6e:57:5f:e4:86:85:6a:ec:ab:9d:73:
         ef:e1:3e:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdjpq/6LJN0Ehtixt1nviE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwNjEyMTAxOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzQ3NzQ1NmQ4YjlmMjMwYjRmOWYxMDQ1ZDEwNDAwMGZmMThiYThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6P2rQf7uq3puieySggHxF+gd2GY7
r+Bu5v9Jr/ZYi6vgxfHy5mCultiOKqX6SoeqPAP0GMEtkzPqgW3GAOO1NyrA9fW9
aAOZLNVNUwnMhenqu3QG9/JN7xmRJ/rfRTOYnHQ0x5QahakiqV8ZWugmXxgkyErn
ROdZ7FbBzBi8AiEJS7TR+sBhtSpCJt2pwdS4aN7aIC7ZmMFjR9rMBVvA0z7IWWWk
z1q2H3iL0kq+ocuOj5lI9hh1ziw3bR3wozjMVoCJwfjUOQ8MTDOeHDsqtp6QfBez
Um/sb60J3LGHh7bKU73V8tCsZklboBd1TcS4kQQrUakm4nmFP5Oc2MliMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHxHdFbYufIwtPnxBF0QQAD/GLqNMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvZkVkMFZ0aTU4akMwLWZFRVhSQkFBUDhZdW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATUHhAwQA
shByMA0GCSqGSIb3DQEBCwUAA4IBAQB49SDF6aS8ChOfgcT+Yz2XKa/2uqVIgIYc
KB4mnk55WgV3jOZAdGPdJsuaQhKPvxPQftrohJrfAqUdBxlgdVzDf16M8T5X24VG
GoNlAcNprWYo3TYcLNyPb8RhucZGWf6wYjsHwVnI6jTHtLdzpfyFD3gfLZdWcK2h
xjMB6R8n/cBjotKxizdDVApKlC5OTP+w9pFxpCQZ9HaSDALi9idfl88WumFM2voW
kloeNGfoSDEO2Zs4B5m7RJSkyNmd/VHmo29q9km/Q0pB3bloZTDd0R7nUhsEZyLv
7N08Rl/27fZscaaL7x7s0mgnp9+q5vNKbldf5IaFauyrnXPv4T5J
-----END CERTIFICATE-----