Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/HxZyQaGrGtOk8RKg0Mhbl06w1Co.roa
File:                     HxZyQaGrGtOk8RKg0Mhbl06w1Co.roa (raw, json)
Hash identifier:          T6PK192RHox/GMNjjl8t8FiOFdhRf0h3waZVXZOPKpk=
Subject key identifier:   1F:16:72:41:A1:AB:1A:D3:A4:F1:12:A0:D0:C8:5B:97:4E:B0:D4:2A
Certificate issuer:       /CN=29993007c7c92df6178e7cb43183fd7f52a526d8
Certificate serial:       0197EB08C10E767043014633E45517FC3D5C
Authority key identifier: 29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/HxZyQaGrGtOk8RKg0Mhbl06w1Co.roa
Signing time:             Tue 08 Jul 2025 17:15:08 +0000
ROA not before:           Tue 08 Jul 2025 17:15:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        37.77.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:eb:08:c1:0e:76:70:43:01:46:33:e4:55:17:fc:3d:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29993007c7c92df6178e7cb43183fd7f52a526d8
        Validity
            Not Before: Jul  8 17:15:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f167241a1ab1ad3a4f112a0d0c85b974eb0d42a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f6:71:6f:07:e6:69:79:b2:44:da:41:3e:81:
                    ad:fc:0b:19:27:2d:48:35:7a:1d:d5:f7:e1:10:41:
                    b4:2f:f8:b5:9d:a2:c7:b6:aa:d3:76:71:ce:08:c3:
                    46:aa:2f:e2:b9:f9:f8:c9:35:6c:52:7f:df:21:55:
                    70:60:c1:c6:3a:1b:09:0a:00:00:65:b3:f7:a0:bb:
                    65:94:40:7e:15:bc:b7:6e:ac:01:d1:39:08:f5:41:
                    d5:94:eb:b1:fc:c8:30:cc:e7:af:1f:cf:82:54:75:
                    96:7c:4e:d1:31:df:57:09:14:f5:d7:ef:a7:a8:7e:
                    6c:0e:90:c6:51:cd:9b:1b:41:d7:8c:30:bd:80:f4:
                    d9:4d:97:3d:9a:8a:60:1d:75:06:03:f0:8b:8d:b6:
                    72:cd:be:6a:51:ae:52:3c:a4:e9:16:47:f7:06:06:
                    b1:cc:5b:82:60:6e:19:a9:b2:af:32:0e:02:4e:38:
                    f9:a0:d7:0f:15:54:24:b5:92:a8:9b:a6:22:ff:cb:
                    da:6f:a9:f1:d3:15:45:c5:5b:7c:81:ee:b3:5e:69:
                    96:31:f1:5f:ce:91:86:2d:13:db:cf:0c:79:29:1f:
                    c9:3d:a6:d2:2e:99:95:79:c6:4b:4c:7b:2a:5e:5c:
                    97:e7:6a:80:65:19:30:66:d3:80:07:58:4a:d8:8a:
                    33:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:16:72:41:A1:AB:1A:D3:A4:F1:12:A0:D0:C8:5B:97:4E:B0:D4:2A
            X509v3 Authority Key Identifier:
                keyid:29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/HxZyQaGrGtOk8RKg0Mhbl06w1Co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:c1:69:c8:8e:4f:4e:bf:fb:2f:79:04:31:dc:60:51:84:50:
         f9:f2:0f:a9:01:32:11:37:dc:79:a8:67:10:e8:3c:8d:11:af:
         b1:8f:ba:03:b2:55:f2:a3:c4:d2:5f:c5:62:58:b7:46:fa:7e:
         f0:db:b5:85:15:b9:79:18:5a:70:8f:c1:a7:10:20:86:d1:0e:
         92:51:9b:0c:9b:ec:57:26:72:e1:cf:94:8d:d4:40:ce:73:5e:
         c8:9f:a5:69:a6:1f:47:55:b4:48:5d:88:fb:e6:8f:41:77:f6:
         a7:ad:9e:8c:22:2f:e9:e0:da:f6:49:3c:9e:9e:d4:d9:7b:38:
         c1:45:8a:c7:49:cf:2b:45:ac:5f:7c:d2:ac:c9:e4:7d:6c:a2:
         3f:98:a3:53:d5:18:e3:85:a7:7b:1c:c0:34:37:72:b6:8f:d9:
         c2:1d:2f:cf:9b:fc:7b:a5:f1:36:36:1f:02:f5:3b:c3:76:f6:
         0d:f4:a6:b6:76:79:6c:48:13:ba:fc:4c:4d:2c:29:6f:34:a2:
         58:35:33:af:e8:6a:2a:0d:04:07:1e:ed:99:a0:04:82:f0:3a:
         23:63:13:30:b0:c1:89:34:e9:cb:89:41:91:bf:65:34:12:be:
         57:c0:3f:70:73:bc:a5:1b:d7:cc:9f:53:09:63:50:5c:bb:b3:
         22:30:f4:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfrCMEOdnBDAUYz5FUX/D1cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5OTkzMDA3YzdjOTJkZjYxNzhlN2NiNDMxODNmZDdmNTJh
NTI2ZDgwHhcNMjUwNzA4MTcxNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjE2NzI0MWExYWIxYWQzYTRmMTEyYTBkMGM4NWI5NzRlYjBkNDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fZxbwfmaXmyRNpBPoGt/AsZJy1I
NXod1ffhEEG0L/i1naLHtqrTdnHOCMNGqi/iufn4yTVsUn/fIVVwYMHGOhsJCgAA
ZbP3oLtllEB+Fby3bqwB0TkI9UHVlOux/MgwzOevH8+CVHWWfE7RMd9XCRT11++n
qH5sDpDGUc2bG0HXjDC9gPTZTZc9mopgHXUGA/CLjbZyzb5qUa5SPKTpFkf3Bgax
zFuCYG4ZqbKvMg4CTjj5oNcPFVQktZKom6Yi/8vab6nx0xVFxVt8ge6zXmmWMfFf
zpGGLRPbzwx5KR/JPabSLpmVecZLTHsqXlyX52qAZRkwZtOAB1hK2IozsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8WckGhqxrTpPESoNDIW5dOsNQqMB8GA1UdIwQY
MBaAFCmZMAfHyS32F458tDGD/X9SpSbYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODkt
MWU4MjlmZmExYzNhLzEvSHhaeVFhR3JHdE9rOFJLZzBNaGJsMDZ3MUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODktMWU4MjlmZmExYzNh
LzEvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJU0eMA0G
CSqGSIb3DQEBCwUAA4IBAQCBwWnIjk9Ov/sveQQx3GBRhFD58g+pATIRN9x5qGcQ
6DyNEa+xj7oDslXyo8TSX8ViWLdG+n7w27WFFbl5GFpwj8GnECCG0Q6SUZsMm+xX
JnLhz5SN1EDOc17In6Vpph9HVbRIXYj75o9Bd/anrZ6MIi/p4Nr2STyentTZezjB
RYrHSc8rRaxffNKsyeR9bKI/mKNT1Rjjhad7HMA0N3K2j9nCHS/Pm/x7pfE2Nh8C
9TvDdvYN9Ka2dnlsSBO6/ExNLClvNKJYNTOv6GoqDQQHHu2ZoASC8DojYxMwsMGJ
NOnLiUGRv2U0Er5XwD9wc7ylG9fMn1MJY1Bcu7MiMPSE
-----END CERTIFICATE-----