Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/jeSah0AYaVPkKlFJhlP8bOZnD28.roa
File:                     jeSah0AYaVPkKlFJhlP8bOZnD28.roa (raw, json)
Hash identifier:          UMcRa6RBKPUQaaBfW3b1N03s8KaWhFm00Ptm56oj9wU=
Subject key identifier:   8D:E4:9A:87:40:18:69:53:E4:2A:51:49:86:53:FC:6C:E6:67:0F:6F
Certificate issuer:       /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial:       01981DF61F8DCFB52CC8CC3B2937A0D697C7
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/jeSah0AYaVPkKlFJhlP8bOZnD28.roa
Signing time:             Fri 18 Jul 2025 14:35:25 +0000
ROA not before:           Fri 18 Jul 2025 14:35:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30836
IP address blocks:        77.221.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1d:f6:1f:8d:cf:b5:2c:c8:cc:3b:29:37:a0:d6:97:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
        Validity
            Not Before: Jul 18 14:35:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8de49a8740186953e42a51498653fc6ce6670f6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:cd:78:1c:ca:2e:6a:6b:8d:24:2b:d6:c7:be:
                    66:7e:58:04:cc:26:7f:6b:10:9c:65:23:c1:fd:76:
                    c0:42:5a:84:99:c6:0f:19:fe:7d:34:f8:ff:73:47:
                    06:1a:af:63:d7:06:8e:2d:6b:10:e4:4c:f0:00:91:
                    b0:3e:32:87:30:86:ed:82:36:37:dc:1a:c1:1e:77:
                    32:36:3c:e6:23:c9:fa:2b:8a:5c:7e:e6:a7:53:83:
                    2c:9b:67:ba:3a:14:2d:3a:83:88:06:13:52:b5:94:
                    8d:da:d8:f5:84:c0:f9:8c:9b:66:41:88:a2:a4:e0:
                    3b:a7:e2:fd:8c:a5:53:c9:4c:3a:01:fd:88:06:f2:
                    49:9b:f4:cd:01:39:f2:d4:a7:7a:aa:cc:2f:6b:de:
                    2a:00:3b:b8:4e:4e:4f:44:70:9e:af:a6:51:63:d9:
                    c2:87:22:30:09:05:11:88:88:b7:6f:98:40:c8:cf:
                    1d:10:20:2f:55:88:f4:b3:5d:a3:82:a5:3e:c8:b9:
                    7f:32:35:2f:91:d5:52:90:cf:8a:7b:a1:8f:5d:9a:
                    c2:96:7d:1e:79:c6:48:90:ab:8c:c8:91:b8:68:24:
                    49:07:aa:7f:92:95:f6:bb:ed:f8:db:e4:14:6e:2d:
                    ba:8f:ef:0f:61:ff:40:f1:93:7b:20:13:05:74:32:
                    7b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E4:9A:87:40:18:69:53:E4:2A:51:49:86:53:FC:6C:E6:67:0F:6F
            X509v3 Authority Key Identifier:
                keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/jeSah0AYaVPkKlFJhlP8bOZnD28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:c2:f1:67:f1:7d:6f:17:88:28:eb:84:f7:ed:00:3f:cc:30:
         d2:59:05:6c:fa:07:f4:c3:41:99:46:b7:fe:15:41:90:5d:7b:
         9c:83:4d:d0:01:b2:c1:84:1a:60:ca:08:1b:63:8f:10:37:59:
         fc:fa:2e:b5:6f:57:d8:09:26:24:6c:28:1b:ad:ba:e2:e5:bc:
         6d:bc:d4:c1:31:76:dc:31:65:43:e7:a4:dd:71:d1:4b:04:23:
         39:a1:bd:a8:9b:61:fc:93:9a:5e:5e:86:42:01:7e:65:98:f2:
         8e:75:b1:ab:94:03:9c:6c:b7:b2:ad:2b:b9:7d:a6:7f:2a:17:
         2f:f8:88:d3:08:cf:3f:d6:93:a5:8b:39:dc:6c:04:e9:be:01:
         1b:11:72:18:7f:0a:c2:04:2f:59:7b:2e:ad:e4:8b:66:67:bc:
         77:82:b9:71:e0:27:38:10:0c:de:4d:1b:7a:65:b8:bd:fd:8e:
         55:a3:03:51:54:bc:29:3a:7c:77:f6:8c:75:d7:54:bc:72:74:
         e2:73:5f:a1:2d:d6:fb:8e:03:26:f0:a0:c8:9c:69:cf:9f:92:
         8e:b4:71:89:3a:b3:55:5a:6a:5c:18:13:18:b3:f7:1c:fe:ab:
         4f:98:d7:56:e5:a0:27:94:2b:81:e2:ec:fe:fe:db:34:c6:ce:
         6f:d6:c8:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgd9h+Nz7UsyMw7KTeg1pfHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjUwNzE4MTQzNTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGU0OWE4NzQwMTg2OTUzZTQyYTUxNDk4NjUzZmM2Y2U2NjcwZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8c14HMouamuNJCvWx75mflgEzCZ/
axCcZSPB/XbAQlqEmcYPGf59NPj/c0cGGq9j1waOLWsQ5EzwAJGwPjKHMIbtgjY3
3BrBHncyNjzmI8n6K4pcfuanU4Msm2e6OhQtOoOIBhNStZSN2tj1hMD5jJtmQYii
pOA7p+L9jKVTyUw6Af2IBvJJm/TNATny1Kd6qswva94qADu4Tk5PRHCer6ZRY9nC
hyIwCQURiIi3b5hAyM8dECAvVYj0s12jgqU+yLl/MjUvkdVSkM+Ke6GPXZrCln0e
ecZIkKuMyJG4aCRJB6p/kpX2u+342+QUbi26j+8PYf9A8ZN7IBMFdDJ7aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3kmodAGGlT5CpRSYZT/GzmZw9vMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEvamVTYWgwQVlhVlBrS2xGSmhsUDhiT1puRDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATd0/MA0G
CSqGSIb3DQEBCwUAA4IBAQCCwvFn8X1vF4go64T37QA/zDDSWQVs+gf0w0GZRrf+
FUGQXXucg03QAbLBhBpgyggbY48QN1n8+i61b1fYCSYkbCgbrbri5bxtvNTBMXbc
MWVD56TdcdFLBCM5ob2om2H8k5peXoZCAX5lmPKOdbGrlAOcbLeyrSu5faZ/Khcv
+IjTCM8/1pOlizncbATpvgEbEXIYfwrCBC9Zey6t5ItmZ7x3grlx4Cc4EAzeTRt6
Zbi9/Y5VowNRVLwpOnx39ox111S8cnTic1+hLdb7jgMm8KDInGnPn5KOtHGJOrNV
WmpcGBMYs/cc/qtPmNdW5aAnlCuB4uz+/ts0xs5v1sg8
-----END CERTIFICATE-----