Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/p0BVO9Af7Thr9z7m6IM96h1DgmA.roa
File:                     p0BVO9Af7Thr9z7m6IM96h1DgmA.roa (raw, json)
Hash identifier:          M3qrJb8kDeOcqJXYvSqGIOSCSmHqLEZFL25U38otuCQ=
Subject key identifier:   A7:40:55:3B:D0:1F:ED:38:6B:F7:3E:E6:E8:83:3D:EA:1D:43:82:60
Certificate issuer:       /CN=df895a3ee2211b6ee2df7202f09a426680d66269
Certificate serial:       0197EEB993D1580579E886DA84BD4AD4E411
Authority key identifier: DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/p0BVO9Af7Thr9z7m6IM96h1DgmA.roa
Signing time:             Wed 09 Jul 2025 10:27:08 +0000
ROA not before:           Wed 09 Jul 2025 10:27:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        77.105.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:b9:93:d1:58:05:79:e8:86:da:84:bd:4a:d4:e4:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df895a3ee2211b6ee2df7202f09a426680d66269
        Validity
            Not Before: Jul  9 10:27:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a740553bd01fed386bf73ee6e8833dea1d438260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:76:59:d5:c1:da:a5:cd:d3:7a:1a:36:23:c5:
                    c8:01:b6:ae:ed:3a:3a:fc:f7:e1:2b:4b:2c:be:aa:
                    18:d8:ce:6f:c9:67:77:f7:6c:cf:33:89:a8:21:28:
                    d2:cf:57:70:1e:50:92:1c:0c:57:a3:dc:6d:d0:19:
                    d8:ad:a1:75:83:ef:be:f5:01:98:63:4f:dd:33:bd:
                    a4:14:b8:cc:86:20:8b:35:96:5b:ea:7b:8f:d7:9b:
                    af:9d:e8:4c:e0:04:d9:6a:02:1f:4b:94:73:7d:33:
                    e6:86:f0:d6:6d:0c:f7:a8:e7:09:a2:65:06:6d:44:
                    c1:b3:60:e6:23:fb:98:7a:0b:97:36:a5:c3:3f:94:
                    00:5e:64:36:e4:c6:39:97:68:2e:dd:72:0f:81:65:
                    a3:29:4b:99:37:59:a0:a2:a1:0e:3d:be:9f:df:2b:
                    3a:ec:e2:b4:f2:ba:d3:9f:ce:07:77:d0:2e:02:92:
                    90:eb:d3:1a:5f:33:6a:88:b4:46:eb:1a:10:40:82:
                    db:15:1d:43:cb:cd:bf:06:b9:4c:46:ad:0c:57:11:
                    c3:4b:6a:65:db:03:61:4e:ea:cd:9b:ad:68:67:32:
                    e8:98:38:2b:98:05:10:4c:63:bf:1d:46:12:13:6a:
                    55:13:80:3d:97:29:39:19:d4:14:c8:8c:f8:fd:6e:
                    a5:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:40:55:3B:D0:1F:ED:38:6B:F7:3E:E6:E8:83:3D:EA:1D:43:82:60
            X509v3 Authority Key Identifier:
                keyid:DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/p0BVO9Af7Thr9z7m6IM96h1DgmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:6a:e9:29:99:43:0c:73:4e:8d:f0:d0:85:bb:02:4b:89:4d:
         2d:00:16:99:b6:40:81:79:05:34:44:c3:a0:4f:61:68:47:64:
         e4:aa:69:ba:3c:9d:4d:80:3c:63:bb:97:c8:74:27:2b:a5:0c:
         af:b5:2e:64:e4:46:e1:64:0c:f2:d1:93:f6:43:4e:9a:0a:b7:
         01:1f:0a:af:2a:55:8f:ff:86:04:c4:f6:6e:20:9f:79:ad:54:
         5e:43:03:39:60:a0:17:d6:6b:31:ab:65:07:ac:d3:ed:70:6a:
         d9:1b:e2:7f:be:ee:d6:fb:b2:d6:47:c0:75:c4:de:35:b1:17:
         df:b9:ff:ff:b6:47:04:b7:35:9c:ce:97:9a:94:a5:3e:cf:e8:
         6a:25:8c:47:3b:75:b5:2f:61:ba:d8:23:f1:a4:d7:12:2a:21:
         74:3a:a6:5f:4f:0e:3c:a4:fa:c0:86:ef:3a:e4:ea:cf:b2:a6:
         6b:1f:e2:e3:4b:8e:c0:d9:fb:81:19:81:47:97:2b:1f:f4:b0:
         c5:e3:45:68:3d:77:a7:68:01:5f:96:6b:72:4c:6f:3e:3e:e4:
         97:bc:fe:b6:e3:04:72:ff:b2:b6:d0:29:9f:e8:40:2c:ea:53:
         03:19:50:13:19:e7:da:70:9d:e0:13:9b:6c:23:b8:a0:0d:a9:
         90:06:63:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfuuZPRWAV56IbahL1K1OQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmODk1YTNlZTIyMTFiNmVlMmRmNzIwMmYwOWE0MjY2ODBk
NjYyNjkwHhcNMjUwNzA5MTAyNzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzQwNTUzYmQwMWZlZDM4NmJmNzNlZTZlODgzM2RlYTFkNDM4MjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnZZ1cHapc3Teho2I8XIAbau7To6
/PfhK0ssvqoY2M5vyWd392zPM4moISjSz1dwHlCSHAxXo9xt0BnYraF1g+++9QGY
Y0/dM72kFLjMhiCLNZZb6nuP15uvnehM4ATZagIfS5RzfTPmhvDWbQz3qOcJomUG
bUTBs2DmI/uYeguXNqXDP5QAXmQ25MY5l2gu3XIPgWWjKUuZN1mgoqEOPb6f3ys6
7OK08rrTn84Hd9AuApKQ69MaXzNqiLRG6xoQQILbFR1Dy82/BrlMRq0MVxHDS2pl
2wNhTurNm61oZzLomDgrmAUQTGO/HUYSE2pVE4A9lyk5GdQUyIz4/W6lGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdAVTvQH+04a/c+5uiDPeodQ4JgMB8GA1UdIwQY
MBaAFN+JWj7iIRtu4t9yAvCaQmaA1mJpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUt
NzBiMmViZDUxNDM4LzEvcDBCVk85QWY3VGhyOXo3bTZJTTk2aDFEZ21BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUtNzBiMmViZDUxNDM4
LzEvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWmjMA0G
CSqGSIb3DQEBCwUAA4IBAQBAaukpmUMMc06N8NCFuwJLiU0tABaZtkCBeQU0RMOg
T2FoR2Tkqmm6PJ1NgDxju5fIdCcrpQyvtS5k5EbhZAzy0ZP2Q06aCrcBHwqvKlWP
/4YExPZuIJ95rVReQwM5YKAX1msxq2UHrNPtcGrZG+J/vu7W+7LWR8B1xN41sRff
uf//tkcEtzWczpealKU+z+hqJYxHO3W1L2G62CPxpNcSKiF0OqZfTw48pPrAhu86
5OrPsqZrH+LjS47A2fuBGYFHlysf9LDF40VoPXenaAFflmtyTG8+PuSXvP624wRy
/7K20Cmf6EAs6lMDGVATGefacJ3gE5tsI7igDamQBmOw
-----END CERTIFICATE-----