Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1R3G7bvccsUvMjNzQeCzMbnwxx8.roa
File:                     1R3G7bvccsUvMjNzQeCzMbnwxx8.roa (raw, json)
Hash identifier:          3gwvAlhTdhAdoiexX7qZx2XYaTMqGpvhjzP8WTwlFKk=
Subject key identifier:   D5:1D:C6:ED:BB:DC:72:C5:2F:32:33:73:41:E0:B3:31:B9:F0:C7:1F
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0198081B13A3CAFCB09ABBAF610CA48910E9
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1R3G7bvccsUvMjNzQeCzMbnwxx8.roa
Signing time:             Mon 14 Jul 2025 08:44:08 +0000
ROA not before:           Mon 14 Jul 2025 08:44:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205384
IP address blocks:        77.65.228.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:1b:13:a3:ca:fc:b0:9a:bb:af:61:0c:a4:89:10:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jul 14 08:44:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d51dc6edbbdc72c52f32337341e0b331b9f0c71f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e8:a9:31:d3:19:c0:07:0c:3e:5d:1a:79:f9:
                    3b:e2:df:d9:b6:94:1a:82:18:c8:3a:21:de:cf:90:
                    ba:c1:1f:10:91:ff:54:0c:81:6b:cc:c5:8b:0e:b3:
                    4d:c0:2f:fa:ce:64:f9:a2:ec:f6:16:0a:69:36:70:
                    7c:05:ea:36:cb:ed:0d:31:cb:b4:b6:65:e7:b7:52:
                    e0:ff:ad:ac:97:03:a6:49:3a:ee:bf:1a:eb:7c:3d:
                    9b:04:3c:f3:48:a8:47:5f:a3:7e:fe:af:75:5b:b3:
                    56:25:db:57:e9:20:4b:06:fe:6d:36:88:57:a1:1c:
                    1b:8e:ad:8d:0a:15:b5:0a:fa:d6:26:4b:3f:09:41:
                    ad:fa:df:b6:b5:b5:4c:7c:f4:73:1f:fc:40:61:77:
                    5f:f8:0c:98:aa:33:65:92:8d:ab:b0:7a:1b:26:a0:
                    94:61:51:15:fe:31:c8:88:99:99:44:9e:40:16:28:
                    1c:9b:55:ee:f7:0e:42:12:6a:1a:fd:b8:3c:9a:31:
                    48:78:44:17:5b:1b:d9:4f:17:60:cf:f0:13:aa:97:
                    60:0c:56:52:46:4c:e6:8f:a7:56:78:13:3d:98:35:
                    7b:40:f0:be:a6:5f:e3:f6:b1:ab:91:19:73:cb:04:
                    09:71:3d:0c:a6:73:5f:9a:59:67:b2:ba:5b:c6:2c:
                    76:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:1D:C6:ED:BB:DC:72:C5:2F:32:33:73:41:E0:B3:31:B9:F0:C7:1F
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1R3G7bvccsUvMjNzQeCzMbnwxx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:8e:91:b2:63:cd:b7:1c:99:25:e7:43:a7:21:05:f5:6a:b1:
         85:bd:ae:b6:b7:c3:30:ed:df:70:36:ca:29:aa:40:e3:80:01:
         5d:bf:d1:f2:2b:64:b2:6a:6c:99:f5:c0:2b:ea:5e:86:94:2e:
         4d:3f:2f:19:4f:00:00:eb:61:c6:37:37:c1:a4:3c:bc:0e:28:
         b3:bc:5f:73:7f:63:0b:34:8a:81:38:bf:4b:10:91:71:c4:91:
         bc:3f:8a:fa:10:a7:e0:4c:9f:04:32:99:fa:21:f9:53:2f:ff:
         b8:28:8a:1b:73:e6:e6:df:73:56:35:f5:e2:40:f6:00:4c:08:
         f7:fa:05:89:d4:68:e5:5e:86:2f:41:01:25:4a:d9:13:4e:68:
         9b:eb:fa:ad:f3:20:0d:d5:73:06:56:f7:c0:3a:5b:a0:34:fd:
         6f:9b:ac:d8:02:7f:4a:5c:9c:fd:6d:c5:c2:b8:f2:a3:08:2c:
         41:f3:d7:ed:d4:1c:5b:74:3e:40:b6:d0:09:71:73:44:47:89:
         89:9b:fe:d0:60:11:3e:a5:7b:87:e3:13:e1:d7:94:9c:ef:ab:
         0b:fa:60:25:67:dd:82:fb:e6:88:36:f2:03:d1:01:f5:60:f0:
         36:9d:51:2d:29:05:d0:ca:a7:45:b8:1f:97:d1:31:b1:b9:8f:
         a2:a1:c6:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgIGxOjyvywmruvYQykiRDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwNzE0MDg0NDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTFkYzZlZGJiZGM3MmM1MmYzMjMzNzM0MWUwYjMzMWI5ZjBjNzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveipMdMZwAcMPl0aefk74t/ZtpQa
ghjIOiHez5C6wR8Qkf9UDIFrzMWLDrNNwC/6zmT5ouz2FgppNnB8Beo2y+0NMcu0
tmXnt1Lg/62slwOmSTruvxrrfD2bBDzzSKhHX6N+/q91W7NWJdtX6SBLBv5tNohX
oRwbjq2NChW1CvrWJks/CUGt+t+2tbVMfPRzH/xAYXdf+AyYqjNlko2rsHobJqCU
YVEV/jHIiJmZRJ5AFigcm1Xu9w5CEmoa/bg8mjFIeEQXWxvZTxdgz/ATqpdgDFZS
Rkzmj6dWeBM9mDV7QPC+pl/j9rGrkRlzywQJcT0MpnNfmllnsrpbxix2HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUdxu273HLFLzIzc0HgszG58McfMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvMVIzRzdidmNjc1V2TWpOelFlQ3pNYm53eHg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTUHkMA0G
CSqGSIb3DQEBCwUAA4IBAQCIjpGyY823HJkl50OnIQX1arGFva62t8Mw7d9wNsop
qkDjgAFdv9HyK2SyamyZ9cAr6l6GlC5NPy8ZTwAA62HGNzfBpDy8DiizvF9zf2ML
NIqBOL9LEJFxxJG8P4r6EKfgTJ8EMpn6IflTL/+4KIobc+bm33NWNfXiQPYATAj3
+gWJ1GjlXoYvQQElStkTTmib6/qt8yAN1XMGVvfAOlugNP1vm6zYAn9KXJz9bcXC
uPKjCCxB89ft1BxbdD5AttAJcXNER4mJm/7QYBE+pXuH4xPh15Sc76sL+mAlZ92C
++aINvID0QH1YPA2nVEtKQXQyqdFuB+X0TGxuY+iocbz
-----END CERTIFICATE-----