Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/9yaQl2X6f8R0LyGDq06FRh7U7ic.roa
File:                     9yaQl2X6f8R0LyGDq06FRh7U7ic.roa (raw, json)
Hash identifier:          BsdqlWLTtuV24id2FuGkEJezQzcJqrJTegUc29CpP2U=
Subject key identifier:   F7:26:90:97:65:FA:7F:C4:74:2F:21:83:AB:4E:85:46:1E:D4:EE:27
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0197E85931D484F9E469DECAABDE0EC3770A
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/9yaQl2X6f8R0LyGDq06FRh7U7ic.roa
Signing time:             Tue 08 Jul 2025 04:44:08 +0000
ROA not before:           Tue 08 Jul 2025 04:44:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207695
IP address blocks:        5.231.56.0/24 maxlen: 24
                          77.90.41.0/24 maxlen: 24
                          77.90.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e8:59:31:d4:84:f9:e4:69:de:ca:ab:de:0e:c3:77:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul  8 04:44:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f726909765fa7fc4742f2183ab4e85461ed4ee27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f8:e9:9e:45:f0:90:61:f4:6d:cd:ed:57:22:
                    60:86:28:71:79:e3:bd:7e:a0:05:cc:d9:81:58:77:
                    82:e9:e1:87:3f:84:5e:2f:7e:68:55:57:41:5e:6d:
                    a3:a7:d5:48:fb:9a:23:dd:19:2c:a2:45:a0:85:96:
                    11:20:c7:38:68:b4:de:c9:73:79:38:8a:52:61:b7:
                    ae:63:a8:67:af:a4:c9:85:f5:12:84:2f:d9:73:c2:
                    a5:4e:57:af:c0:20:f8:cb:1b:b6:f0:8c:f8:1e:9c:
                    d1:30:e0:0b:95:cd:be:fb:f2:3e:55:23:bc:c9:e7:
                    03:1b:0d:85:50:84:e3:3e:ff:cb:0b:0e:21:2b:e7:
                    42:9c:ac:7e:fa:95:7f:ef:59:77:62:4d:4f:40:87:
                    b5:84:c2:b9:66:75:d1:28:e3:8e:d0:c3:9d:23:c4:
                    9d:cd:f0:d6:ad:93:4f:2e:35:97:11:8c:27:75:18:
                    79:c6:e2:63:9c:63:75:5d:de:64:29:22:02:ca:57:
                    41:47:52:5b:14:9d:40:6b:44:b0:6e:9d:21:e1:36:
                    e6:fb:cd:90:c6:46:63:11:41:a3:16:3e:21:6d:49:
                    ba:77:6c:8c:b6:65:50:e7:f3:b0:9b:98:ba:50:f5:
                    ff:34:e1:48:6e:ff:21:78:60:73:e6:63:8c:98:e9:
                    70:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:26:90:97:65:FA:7F:C4:74:2F:21:83:AB:4E:85:46:1E:D4:EE:27
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/9yaQl2X6f8R0LyGDq06FRh7U7ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.56.0/24
                  77.90.41.0/24
                  77.90.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:60:ce:6a:7d:7d:38:55:cb:45:79:dc:95:55:1b:cc:37:c2:
         96:31:f9:4f:98:90:78:0a:bc:00:78:0f:7d:82:25:3f:3a:3b:
         78:fa:45:10:b9:e0:ce:4c:b4:b2:81:e9:83:fa:74:55:5c:ea:
         39:a0:8c:cc:40:e5:64:23:af:40:9a:04:84:e1:8c:90:df:9a:
         fb:2c:c5:2e:98:89:20:a8:1b:ad:5c:c6:7b:91:1d:47:93:2d:
         00:8f:a8:1a:59:f4:5c:51:9d:ec:b6:d9:01:59:56:ff:3f:06:
         1c:a9:ac:9e:f5:17:de:d3:e9:3f:79:ba:03:ff:a3:a3:67:05:
         9f:13:35:59:9c:7d:6d:37:b4:6e:bc:21:73:0f:08:26:0c:80:
         72:27:ad:76:52:07:3f:be:1e:6d:ba:84:b5:ad:bd:e0:b5:85:
         41:6d:59:f3:e5:92:fa:1b:7a:48:5c:18:af:c9:34:98:f2:fe:
         e1:51:76:c0:60:f6:53:a5:43:8d:3b:76:11:4d:26:4d:91:aa:
         99:ff:61:e6:5c:c1:35:51:f5:db:54:60:ae:91:a2:26:21:12:
         41:3a:f1:c0:11:6f:88:b1:7a:59:45:73:eb:dc:c1:51:55:3a:
         dc:a3:65:09:d1:7e:e4:d1:51:13:d3:e2:7f:99:a3:1d:1f:65:
         82:79:2a:b9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfoWTHUhPnkad7Kq94Ow3cKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzA4MDQ0NDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzI2OTA5NzY1ZmE3ZmM0NzQyZjIxODNhYjRlODU0NjFlZDRlZTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/jpnkXwkGH0bc3tVyJghihxeeO9
fqAFzNmBWHeC6eGHP4ReL35oVVdBXm2jp9VI+5oj3RksokWghZYRIMc4aLTeyXN5
OIpSYbeuY6hnr6TJhfUShC/Zc8KlTlevwCD4yxu28Iz4HpzRMOALlc2++/I+VSO8
yecDGw2FUITjPv/LCw4hK+dCnKx++pV/71l3Yk1PQIe1hMK5ZnXRKOOO0MOdI8Sd
zfDWrZNPLjWXEYwndRh5xuJjnGN1Xd5kKSICyldBR1JbFJ1Aa0Swbp0h4Tbm+82Q
xkZjEUGjFj4hbUm6d2yMtmVQ5/Owm5i6UPX/NOFIbv8heGBz5mOMmOlwyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPcmkJdl+n/EdC8hg6tOhUYe1O4nMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvOXlhUWwyWDZmOFIwTHlHRHEwNkZSaDdVN2ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABec4AwQA
TVopAwQATVo0MA0GCSqGSIb3DQEBCwUAA4IBAQBlYM5qfX04VctFedyVVRvMN8KW
MflPmJB4CrwAeA99giU/Ojt4+kUQueDOTLSygemD+nRVXOo5oIzMQOVkI69AmgSE
4YyQ35r7LMUumIkgqButXMZ7kR1Hky0Aj6gaWfRcUZ3sttkBWVb/PwYcqaye9Rfe
0+k/eboD/6OjZwWfEzVZnH1tN7RuvCFzDwgmDIByJ612Ugc/vh5tuoS1rb3gtYVB
bVnz5ZL6G3pIXBivyTSY8v7hUXbAYPZTpUONO3YRTSZNkaqZ/2HmXME1UfXbVGCu
kaImIRJBOvHAEW+IsXpZRXPr3MFRVTrco2UJ0X7k0VET0+J/maMdH2WCeSq5
-----END CERTIFICATE-----