Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/QHaAgYTixdhk1ePZKybxFMUfPdM.roa
File:                     QHaAgYTixdhk1ePZKybxFMUfPdM.roa (raw, json)
Hash identifier:          Jd+34KxJqDnIgGzG2TDhmQ4nztMHifN1bC7dBSLpDiM=
Subject key identifier:   40:76:80:81:84:E2:C5:D8:64:D5:E3:D9:2B:26:F1:14:C5:1F:3D:D3
Certificate issuer:       /CN=e78ba5d98d48cebd5ad04c08bf09082b12a7e3ab
Certificate serial:       0197C11BA0A8583EA9CDECFF0BF7467EDDA0
Authority key identifier: E7:8B:A5:D9:8D:48:CE:BD:5A:D0:4C:08:BF:09:08:2B:12:A7:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/QHaAgYTixdhk1ePZKybxFMUfPdM.roa
Signing time:             Mon 30 Jun 2025 13:51:42 +0000
ROA not before:           Mon 30 Jun 2025 13:51:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202053
IP address blocks:        77.81.0.0/24 maxlen: 24
                          195.144.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c1:1b:a0:a8:58:3e:a9:cd:ec:ff:0b:f7:46:7e:dd:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e78ba5d98d48cebd5ad04c08bf09082b12a7e3ab
        Validity
            Not Before: Jun 30 13:51:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4076808184e2c5d864d5e3d92b26f114c51f3dd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3d:56:2f:73:6b:f3:19:40:2f:08:36:64:c9:
                    7a:78:51:b6:b8:94:d4:f4:39:4e:e7:9f:65:7a:aa:
                    b3:16:37:29:5c:88:a2:6f:1d:93:93:4d:08:8a:d9:
                    c3:47:cc:25:da:3c:32:f6:20:4d:61:c2:d7:44:80:
                    e8:d2:35:42:26:af:9d:96:c3:03:e0:44:7d:bf:95:
                    6f:65:c7:36:9f:94:89:7c:ef:dd:3a:cb:0a:56:ad:
                    bd:00:c5:5e:68:2e:67:c9:af:4e:81:0e:d6:26:8c:
                    58:3e:4c:a9:cc:39:43:c9:ce:91:89:8d:31:2b:f3:
                    9b:21:c0:c9:65:54:22:a8:06:08:e9:42:14:a2:ac:
                    b4:86:77:f9:f8:d0:c7:e6:1c:b0:d3:05:2e:1c:1a:
                    1d:41:0d:16:1d:94:ec:e9:64:4c:d7:1f:8f:36:be:
                    e4:a3:87:f6:e3:36:67:f2:ed:90:bc:14:f9:0d:c4:
                    83:dd:ca:16:da:65:c5:6f:47:ff:4b:21:27:d9:3f:
                    5b:44:f4:29:94:a2:5c:b9:25:07:2f:ba:79:16:f7:
                    14:9c:48:3b:9d:8d:5c:d5:5c:55:3a:7e:92:45:25:
                    12:7e:df:0f:52:99:06:06:30:11:9e:7b:93:d8:47:
                    c7:f9:42:6c:51:d1:3b:e9:4b:63:e9:dc:2f:7b:6a:
                    4d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:76:80:81:84:E2:C5:D8:64:D5:E3:D9:2B:26:F1:14:C5:1F:3D:D3
            X509v3 Authority Key Identifier:
                keyid:E7:8B:A5:D9:8D:48:CE:BD:5A:D0:4C:08:BF:09:08:2B:12:A7:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/QHaAgYTixdhk1ePZKybxFMUfPdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.0.0/24
                  195.144.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:29:3c:e2:bb:dc:3b:12:8d:d5:96:c7:12:22:3d:69:fa:cb:
         aa:ec:0a:e3:40:c4:78:b0:2d:66:14:c1:57:58:8d:2b:26:e4:
         a6:18:7e:42:dd:fd:af:6c:40:56:b4:44:eb:ae:cb:91:bd:48:
         c5:4a:95:00:5c:88:b8:aa:2a:e8:23:0a:94:e8:a2:d4:73:6a:
         4f:68:08:c6:08:82:dc:eb:4c:99:9a:5f:31:8f:a7:f5:e7:c7:
         e3:a1:6f:b2:d0:e7:ab:da:e0:f2:7a:c5:be:fd:e5:d1:51:8c:
         2c:f0:de:52:2d:82:c0:90:5e:bf:7b:46:ed:af:89:d2:a2:b4:
         13:b4:84:ff:4a:d8:b2:50:51:a3:61:03:ea:bd:e4:d3:f2:12:
         2d:47:be:2d:18:b2:b9:f0:c0:44:c7:0d:c3:a8:3a:86:f4:77:
         d5:e1:b5:e2:23:df:82:19:43:a6:dc:7c:0d:03:f3:e3:70:1a:
         65:ee:72:80:81:c9:db:f6:8f:cf:eb:ab:c7:3f:be:13:04:02:
         ce:d0:10:9f:4c:47:4f:ad:f0:dc:b5:c1:e7:9b:31:45:d3:b1:
         97:20:de:e3:65:35:d2:f3:3d:e8:28:52:da:b0:d0:fa:71:5e:
         2e:ed:6f:d4:c3:c4:b0:6a:97:be:9c:b8:48:84:bd:2e:27:e0:
         54:88:1f:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfBG6CoWD6pzez/C/dGft2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OGJhNWQ5OGQ0OGNlYmQ1YWQwNGMwOGJmMDkwODJiMTJh
N2UzYWIwHhcNMjUwNjMwMTM1MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDc2ODA4MTg0ZTJjNWQ4NjRkNWUzZDkyYjI2ZjExNGM1MWYzZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtT1WL3Nr8xlALwg2ZMl6eFG2uJTU
9DlO559leqqzFjcpXIiibx2Tk00IitnDR8wl2jwy9iBNYcLXRIDo0jVCJq+dlsMD
4ER9v5VvZcc2n5SJfO/dOssKVq29AMVeaC5nya9OgQ7WJoxYPkypzDlDyc6RiY0x
K/ObIcDJZVQiqAYI6UIUoqy0hnf5+NDH5hyw0wUuHBodQQ0WHZTs6WRM1x+PNr7k
o4f24zZn8u2QvBT5DcSD3coW2mXFb0f/SyEn2T9bRPQplKJcuSUHL7p5FvcUnEg7
nY1c1VxVOn6SRSUSft8PUpkGBjARnnuT2EfH+UJsUdE76Utj6dwve2pNBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEB2gIGE4sXYZNXj2Ssm8RTFHz3TMB8GA1UdIwQY
MBaAFOeLpdmNSM69WtBMCL8JCCsSp+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTR1bDJZMUl6cjFhMEV3SXZ3a0lLeEtuNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNTIyOTMtMDY3OC00YjQyLThhZTAt
NDg5MTY1M2VlYjY3LzEvUUhhQWdZVGl4ZGhrMWVQWkt5YnhGTVVmUGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNTIyOTMtMDY3OC00YjQyLThhZTAtNDg5MTY1M2VlYjY3
LzEvNTR1bDJZMUl6cjFhMEV3SXZ3a0lLeEtuNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVEAAwQA
w5AFMA0GCSqGSIb3DQEBCwUAA4IBAQBVKTziu9w7Eo3VlscSIj1p+suq7ArjQMR4
sC1mFMFXWI0rJuSmGH5C3f2vbEBWtETrrsuRvUjFSpUAXIi4qiroIwqU6KLUc2pP
aAjGCILc60yZml8xj6f158fjoW+y0Oer2uDyesW+/eXRUYws8N5SLYLAkF6/e0bt
r4nSorQTtIT/StiyUFGjYQPqveTT8hItR74tGLK58MBExw3DqDqG9HfV4bXiI9+C
GUOm3HwNA/PjcBpl7nKAgcnb9o/P66vHP74TBALO0BCfTEdPrfDctcHnmzFF07GX
IN7jZTXS8z3oKFLasND6cV4u7W/Uw8Swape+nLhIhL0uJ+BUiB8j
-----END CERTIFICATE-----