Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/bufSM9AIeCa-WaYVpJMLOnf764U.roa
File:                     bufSM9AIeCa-WaYVpJMLOnf764U.roa (raw, json)
Hash identifier:          z9xIiROa5k0JCzmUTT7rzACAGOUMOn1C05T/vecBPKE=
Subject key identifier:   6E:E7:D2:33:D0:08:78:26:BE:59:A6:15:A4:93:0B:3A:77:FB:EB:85
Certificate issuer:       /CN=7df904ab14066c7a9fe61a521d5492a0e52965ca
Certificate serial:       0197E4608F4086724D6D51966126345E34A2
Authority key identifier: 7D:F9:04:AB:14:06:6C:7A:9F:E6:1A:52:1D:54:92:A0:E5:29:65:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/bufSM9AIeCa-WaYVpJMLOnf764U.roa
Signing time:             Mon 07 Jul 2025 10:13:42 +0000
ROA not before:           Mon 07 Jul 2025 10:13:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        77.111.68.0/22 maxlen: 22
                          77.111.72.0/21 maxlen: 21
                          77.111.80.0/21 maxlen: 21
                          121.127.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e4:60:8f:40:86:72:4d:6d:51:96:61:26:34:5e:34:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df904ab14066c7a9fe61a521d5492a0e52965ca
        Validity
            Not Before: Jul  7 10:13:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ee7d233d0087826be59a615a4930b3a77fbeb85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d5:6b:1f:3f:b6:02:77:ed:5b:e9:a4:be:e4:
                    92:5a:90:72:fd:5f:08:d0:eb:f6:6f:a4:50:51:d4:
                    e6:a9:bd:1d:1a:67:04:fd:a1:15:5e:50:37:24:54:
                    eb:4d:86:b1:c7:2b:70:91:23:4b:76:ef:56:be:b8:
                    bc:f1:34:8c:55:c9:24:4a:8e:d5:24:21:14:94:2f:
                    23:5d:8d:f8:f5:05:18:9f:92:5a:e8:57:7a:be:8c:
                    af:85:23:84:88:f7:41:83:c1:51:72:c9:53:1e:a4:
                    c0:a2:64:11:e2:ad:33:2c:a9:17:b0:43:2f:eb:0f:
                    1b:e9:52:c7:c8:b2:96:1c:d2:36:c1:3c:c0:c5:8f:
                    16:90:1b:5a:09:f2:83:9e:7d:0e:3a:2d:49:f5:34:
                    8e:62:fe:4e:0a:dd:30:55:0f:8c:da:3f:69:79:3f:
                    76:e4:12:26:42:d1:bb:dc:de:89:61:b0:6c:79:6b:
                    a4:67:57:47:13:7b:df:c7:e7:43:f7:2e:c8:41:a8:
                    69:32:a0:83:fd:dd:76:6d:b0:1b:0c:c0:85:fa:c6:
                    43:46:ef:d2:4a:bd:31:af:73:89:5f:bd:c6:91:35:
                    89:a1:c3:01:d0:2a:0c:09:c9:7d:0e:b1:19:93:a4:
                    04:e9:fc:d3:3e:5e:9a:a7:4a:33:64:30:f0:9a:77:
                    bd:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:E7:D2:33:D0:08:78:26:BE:59:A6:15:A4:93:0B:3A:77:FB:EB:85
            X509v3 Authority Key Identifier:
                keyid:7D:F9:04:AB:14:06:6C:7A:9F:E6:1A:52:1D:54:92:A0:E5:29:65:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/bufSM9AIeCa-WaYVpJMLOnf764U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.68.0-77.111.87.255
                  121.127.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         f3:ad:fd:07:14:f1:4c:6a:fe:23:b4:73:a2:72:d3:88:d9:6e:
         76:43:14:42:c7:89:22:98:4d:e9:ee:ce:45:db:02:e1:f6:0a:
         18:b7:ea:b0:0f:da:9d:b0:ee:81:d4:16:f0:fc:2c:53:35:19:
         c3:f4:b2:6c:30:f9:7f:f7:09:b8:93:2e:f5:07:e0:3c:e0:bf:
         52:41:05:13:da:c9:3b:54:7a:df:9c:16:1b:d6:45:6f:3c:d0:
         f1:ef:b6:e4:0a:f1:17:73:95:1a:b9:97:88:d5:1a:9e:51:24:
         06:6a:fa:fb:ee:97:3b:f3:8e:0e:50:1c:b3:77:20:2c:ec:ce:
         b4:63:56:5f:a4:b7:48:a4:e1:c0:92:ad:60:29:52:85:84:a8:
         2a:86:ce:e7:76:1f:67:7e:e8:cd:41:46:80:23:a1:fc:9d:16:
         72:e9:6c:18:d8:ae:85:92:41:a1:78:83:49:a5:f4:05:0f:eb:
         b1:ad:81:6f:8e:81:8a:54:17:fb:f8:3d:3c:e6:17:d1:aa:11:
         11:d5:56:1e:2b:27:01:4b:e8:8d:e2:56:af:7e:1a:20:06:20:
         ef:a2:85:28:79:fa:e2:8e:73:2e:fe:1a:9c:8c:dd:62:63:12:
         9d:a4:08:00:a3:77:90:ee:f9:c2:cf:11:bb:2f:33:44:09:e5:
         d9:88:30:8c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZfkYI9AhnJNbVGWYSY0XjSiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjkwNGFiMTQwNjZjN2E5ZmU2MWE1MjFkNTQ5MmEwZTUy
OTY1Y2EwHhcNMjUwNzA3MTAxMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWU3ZDIzM2QwMDg3ODI2YmU1OWE2MTVhNDkzMGIzYTc3ZmJlYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9VrHz+2AnftW+mkvuSSWpBy/V8I
0Ov2b6RQUdTmqb0dGmcE/aEVXlA3JFTrTYaxxytwkSNLdu9Wvri88TSMVckkSo7V
JCEUlC8jXY349QUYn5Ja6Fd6voyvhSOEiPdBg8FRcslTHqTAomQR4q0zLKkXsEMv
6w8b6VLHyLKWHNI2wTzAxY8WkBtaCfKDnn0OOi1J9TSOYv5OCt0wVQ+M2j9peT92
5BImQtG73N6JYbBseWukZ1dHE3vfx+dD9y7IQahpMqCD/d12bbAbDMCF+sZDRu/S
Sr0xr3OJX73GkTWJocMB0CoMCcl9DrEZk6QE6fzTPl6ap0ozZDDwmne9HQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFG7n0jPQCHgmvlmmFaSTCzp3++uFMB8GA1UdIwQY
MBaAFH35BKsUBmx6n+YaUh1UkqDlKWXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZrRXF4UUdiSHFmNWhwU0hWU1NvT1VwWmNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS81M2ZiMzQtMjVkYi00Njg0LTk4NGYt
M2I0NDVmMjlmNWI3LzEvYnVmU005QUllQ2EtV2FZVnBKTUxPbmY3NjRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS81M2ZiMzQtMjVkYi00Njg0LTk4NGYtM2I0NDVmMjlmNWI3
LzEvZmZrRXF4UUdiSHFmNWhwU0hWU1NvT1VwWmNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAJNb0QD
BANNb1ADBAB5fyQwDQYJKoZIhvcNAQELBQADggEBAPOt/QcU8Uxq/iO0c6Jy04jZ
bnZDFELHiSKYTenuzkXbAuH2Chi36rAP2p2w7oHUFvD8LFM1GcP0smww+X/3CbiT
LvUH4Dzgv1JBBRPayTtUet+cFhvWRW880PHvtuQK8RdzlRq5l4jVGp5RJAZq+vvu
lzvzjg5QHLN3ICzszrRjVl+kt0ik4cCSrWApUoWEqCqGzud2H2d+6M1BRoAjofyd
FnLpbBjYroWSQaF4g0ml9AUP67GtgW+OgYpUF/v4PTzmF9GqERHVVh4rJwFL6I3i
Vq9+GiAGIO+ihSh5+uKOcy7+GpyM3WJjEp2kCACjd5Du+cLPEbsvM0QJ5dmIMIw=
-----END CERTIFICATE-----