Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7gyo5bPkwbjkFgnk6oBvk7S9tk0.roa
File:                     7gyo5bPkwbjkFgnk6oBvk7S9tk0.roa (raw, json)
Hash identifier:          5rGkQw/zhLia0aaWSjcnhHSHHZvvcRFWk6PeS9TJMwA=
Subject key identifier:   EE:0C:A8:E5:B3:E4:C1:B8:E4:16:09:E4:EA:80:6F:93:B4:BD:B6:4D
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019A3B3D9685A7CEC911E86DD5801ED47747
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7gyo5bPkwbjkFgnk6oBvk7S9tk0.roa
Signing time:             Fri 31 Oct 2025 17:08:03 +0000
ROA not before:           Fri 31 Oct 2025 17:08:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        77.111.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3b:3d:96:85:a7:ce:c9:11:e8:6d:d5:80:1e:d4:77:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 31 17:08:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee0ca8e5b3e4c1b8e41609e4ea806f93b4bdb64d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:55:ca:bc:bb:ac:bc:2b:17:0d:c7:4c:24:c7:
                    c8:4d:7b:98:af:f5:f1:a6:6a:91:6a:74:c9:74:89:
                    77:08:8a:33:f2:56:d5:94:55:41:05:7e:92:e5:84:
                    2c:28:e6:b2:6e:fe:be:f1:3c:bf:2a:89:c8:20:96:
                    21:62:eb:26:57:0e:01:42:97:f8:88:9c:52:1c:96:
                    da:b8:43:f5:32:15:5c:cf:8f:b4:a8:c8:5a:99:5f:
                    1a:3b:38:18:b1:f0:a4:ea:84:46:3d:04:45:1d:06:
                    89:24:54:11:33:28:27:42:cb:02:b0:20:98:7d:14:
                    79:95:cd:46:78:f7:be:70:cb:18:2d:a9:8b:ec:c4:
                    15:7a:63:b6:c1:2a:f2:68:fb:4a:c0:14:3d:f0:17:
                    23:9d:7c:bb:0b:70:b8:2b:d7:94:13:ab:fd:75:63:
                    69:2a:ce:53:7f:5d:73:a3:7c:9c:1e:48:04:67:62:
                    32:47:d0:8b:0f:f3:ae:8c:97:ef:19:0c:8b:39:d8:
                    a6:b5:40:c8:4f:69:a5:d3:50:fc:04:eb:9d:b5:9e:
                    0d:5d:f2:76:aa:0b:39:17:6e:89:59:36:69:6e:14:
                    c6:ea:6a:a3:94:0d:f7:f8:1c:62:2d:30:a7:2c:f7:
                    bc:94:b4:a4:56:2c:36:0f:32:9f:10:a5:c6:fe:a2:
                    2d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:0C:A8:E5:B3:E4:C1:B8:E4:16:09:E4:EA:80:6F:93:B4:BD:B6:4D
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7gyo5bPkwbjkFgnk6oBvk7S9tk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:79:15:b5:9b:4e:86:d4:ac:6a:da:dd:28:0a:7e:04:4f:bd:
         55:5b:33:c4:94:23:c5:96:46:69:1c:47:c9:bb:ea:b2:8c:99:
         27:35:a7:f8:14:8c:8e:4e:aa:53:03:d5:2f:0c:6f:a1:5a:e1:
         4b:49:10:00:4a:27:98:c0:4d:7d:cb:da:ab:48:f8:87:d1:f7:
         ad:f1:23:ee:5e:41:96:5c:07:f2:8d:c8:c2:a7:65:65:25:d5:
         63:aa:6a:69:98:eb:77:e0:18:0e:a4:02:a0:b2:b2:82:15:41:
         e3:b5:94:b7:d6:92:7d:22:e2:dc:f2:f4:18:77:6a:53:0e:27:
         65:80:ff:16:97:a0:f9:4e:e4:1a:ad:7b:38:b5:d4:27:76:02:
         e4:5c:33:89:af:d9:e5:4d:79:b7:59:26:bf:24:3e:ac:17:d8:
         0d:c5:51:ea:86:41:5f:a0:43:77:c6:f1:67:da:05:6f:7d:ad:
         75:74:7e:91:9b:f5:36:6a:9a:8e:61:f3:fd:52:56:eb:4f:d1:
         a2:e3:27:ad:1c:3d:aa:49:18:78:56:8e:88:10:4c:53:2e:d7:
         ce:ac:8a:cc:f0:aa:04:28:43:c5:9b:5e:37:e5:df:1d:7b:e5:
         c8:74:de:84:01:65:79:89:0d:cd:20:0d:9f:a9:eb:81:16:03:
         40:bf:f2:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo7PZaFp87JEeht1YAe1HdHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUxMDMxMTcwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTBjYThlNWIzZTRjMWI4ZTQxNjA5ZTRlYTgwNmY5M2I0YmRiNjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFXKvLusvCsXDcdMJMfITXuYr/Xx
pmqRanTJdIl3CIoz8lbVlFVBBX6S5YQsKOaybv6+8Ty/KonIIJYhYusmVw4BQpf4
iJxSHJbauEP1MhVcz4+0qMhamV8aOzgYsfCk6oRGPQRFHQaJJFQRMygnQssCsCCY
fRR5lc1GePe+cMsYLamL7MQVemO2wSryaPtKwBQ98BcjnXy7C3C4K9eUE6v9dWNp
Ks5Tf11zo3ycHkgEZ2IyR9CLD/OujJfvGQyLOdimtUDIT2ml01D8BOudtZ4NXfJ2
qgs5F26JWTZpbhTG6mqjlA33+BxiLTCnLPe8lLSkViw2DzKfEKXG/qItLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4MqOWz5MG45BYJ5OqAb5O0vbZNMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvN2d5bzViUGt3YmprRmduazZvQnZrN1M5dGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW9iMA0G
CSqGSIb3DQEBCwUAA4IBAQBpeRW1m06G1Kxq2t0oCn4ET71VWzPElCPFlkZpHEfJ
u+qyjJknNaf4FIyOTqpTA9UvDG+hWuFLSRAASieYwE19y9qrSPiH0fet8SPuXkGW
XAfyjcjCp2VlJdVjqmppmOt34BgOpAKgsrKCFUHjtZS31pJ9IuLc8vQYd2pTDidl
gP8Wl6D5TuQarXs4tdQndgLkXDOJr9nlTXm3WSa/JD6sF9gNxVHqhkFfoEN3xvFn
2gVvfa11dH6Rm/U2apqOYfP9UlbrT9Gi4yetHD2qSRh4Vo6IEExTLtfOrIrM8KoE
KEPFm1435d8de+XIdN6EAWV5iQ3NIA2fqeuBFgNAv/JP
-----END CERTIFICATE-----