Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/yKlkk126qceORNNApzws5uIc93s.roa
File:                     yKlkk126qceORNNApzws5uIc93s.roa (raw, json)
Hash identifier:          mKSYxXo5NqSatA3b3IazY2+Vo1oI5zbJ9J8Ptl/baeQ=
Subject key identifier:   C8:A9:64:93:5D:BA:A9:C7:8E:44:D3:40:A7:3C:2C:E6:E2:1C:F7:7B
Certificate issuer:       /CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
Certificate serial:       0197EB59531A57A2C256FCAAE24151BEBB54
Authority key identifier: 77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/yKlkk126qceORNNApzws5uIc93s.roa
Signing time:             Tue 08 Jul 2025 18:43:09 +0000
ROA not before:           Tue 08 Jul 2025 18:43:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197075
IP address blocks:        5.152.149.0/24 maxlen: 24
                          5.152.154.0/24 maxlen: 24
                          5.152.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:eb:59:53:1a:57:a2:c2:56:fc:aa:e2:41:51:be:bb:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
        Validity
            Not Before: Jul  8 18:43:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8a964935dbaa9c78e44d340a73c2ce6e21cf77b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d9:16:c5:36:dc:85:71:04:9f:0e:f1:f6:17:
                    94:ff:e3:b3:84:81:0c:8f:26:c6:25:b4:d9:20:be:
                    5c:c7:62:cc:5f:d4:44:bc:54:10:43:bb:1b:4e:ae:
                    b3:d6:f6:24:6d:a8:99:d7:da:30:e6:73:9a:1f:07:
                    84:52:1c:64:60:59:76:89:6b:f7:4d:10:44:fe:50:
                    33:df:ae:73:ff:4b:73:dd:0c:7b:30:77:32:d1:d9:
                    97:2e:2b:6e:7a:3c:d1:d3:be:1b:55:50:ef:03:11:
                    1f:20:f7:02:ad:0d:42:43:c1:5c:7b:89:7e:60:61:
                    c6:76:02:6e:e1:55:7d:81:9a:ed:d8:f7:24:ee:c9:
                    39:12:28:72:39:f1:15:b6:5d:21:53:40:96:65:fb:
                    75:51:48:e5:50:36:98:31:a0:41:67:c7:17:2a:31:
                    46:bc:6a:5b:a6:91:3d:1a:74:6d:ac:78:2f:f4:1c:
                    b8:eb:f1:40:0c:f9:ca:c6:de:66:76:11:49:2e:d2:
                    17:96:21:17:45:e7:89:8c:3d:af:1e:71:fd:cf:6e:
                    99:9a:87:75:7a:fd:c1:94:fd:3e:97:ad:01:39:24:
                    8f:c3:2a:9d:36:f3:ce:1d:20:70:7f:26:81:f6:fd:
                    33:bc:52:88:6e:83:5d:e6:b2:cf:5a:14:be:a1:08:
                    be:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A9:64:93:5D:BA:A9:C7:8E:44:D3:40:A7:3C:2C:E6:E2:1C:F7:7B
            X509v3 Authority Key Identifier:
                keyid:77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/yKlkk126qceORNNApzws5uIc93s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.152.149.0/24
                  5.152.154.0/24
                  5.152.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:3d:99:2c:e4:35:4b:43:df:45:17:02:4b:a2:06:94:76:07:
         81:6f:54:61:8e:aa:ca:31:49:71:06:0e:45:52:ac:61:10:a9:
         c8:ad:b0:b4:ca:cb:3d:7e:bf:81:af:0d:d8:ba:a5:67:fa:46:
         f4:8b:5d:00:ee:a0:1e:55:b7:2e:e6:6e:c3:78:b7:e9:c0:97:
         6e:0e:29:54:bd:14:94:9d:f0:27:97:41:ce:69:94:ec:18:00:
         b1:b0:ae:62:4e:22:0d:69:b5:ca:78:d5:80:0f:1d:2f:6e:48:
         18:9d:fe:9c:ad:99:c2:bb:49:8a:0c:51:97:0b:82:be:21:c0:
         b2:56:25:5f:06:39:a2:1a:be:23:7f:10:06:53:65:39:f8:89:
         4b:8e:21:ef:3e:ef:05:7f:e1:54:12:19:e6:3e:4e:d3:d1:b7:
         5a:66:8a:ee:a1:2d:a3:0e:50:53:cc:a7:61:d2:ea:c8:2c:a4:
         3c:f8:d6:bb:00:a7:fc:e1:53:3c:ce:50:c2:9f:16:73:c7:5b:
         2a:91:cc:3e:d2:d8:15:5c:e2:79:63:a0:a6:f8:80:21:7c:ee:
         ba:b8:52:50:75:ce:cf:db:85:4b:6e:a2:2a:a5:d6:cc:07:bc:
         80:17:b0:54:7e:cf:7d:91:5b:e7:fa:7f:55:67:a3:54:f2:8f:
         f2:d5:3b:2c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfrWVMaV6LCVvyq4kFRvrtUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjhlN2ZiZDRhYjY5NTA3ZmIxZmUzNTc5YWYzNDNhNTY2
MzkwODYwHhcNMjUwNzA4MTg0MzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGE5NjQ5MzVkYmFhOWM3OGU0NGQzNDBhNzNjMmNlNmUyMWNmNzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNkWxTbchXEEnw7x9heU/+OzhIEM
jybGJbTZIL5cx2LMX9REvFQQQ7sbTq6z1vYkbaiZ19ow5nOaHweEUhxkYFl2iWv3
TRBE/lAz365z/0tz3Qx7MHcy0dmXLituejzR074bVVDvAxEfIPcCrQ1CQ8Fce4l+
YGHGdgJu4VV9gZrt2Pck7sk5EihyOfEVtl0hU0CWZft1UUjlUDaYMaBBZ8cXKjFG
vGpbppE9GnRtrHgv9By46/FADPnKxt5mdhFJLtIXliEXReeJjD2vHnH9z26Zmod1
ev3BlP0+l60BOSSPwyqdNvPOHSBwfyaB9v0zvFKIboNd5rLPWhS+oQi+sQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMipZJNduqnHjkTTQKc8LObiHPd7MB8GA1UdIwQY
MBaAFHf45/vUq2lQf7H+NXmvNDpWY5CGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1Njgt
NzdmNmU5NGUzZGNjLzEveUtsa2sxMjZxY2VPUk5OQXB6d3M1dUljOTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1NjgtNzdmNmU5NGUzZGNj
LzEvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABZiVAwQA
BZiaAwQABZicMA0GCSqGSIb3DQEBCwUAA4IBAQA3PZks5DVLQ99FFwJLogaUdgeB
b1RhjqrKMUlxBg5FUqxhEKnIrbC0yss9fr+Brw3YuqVn+kb0i10A7qAeVbcu5m7D
eLfpwJduDilUvRSUnfAnl0HOaZTsGACxsK5iTiINabXKeNWADx0vbkgYnf6crZnC
u0mKDFGXC4K+IcCyViVfBjmiGr4jfxAGU2U5+IlLjiHvPu8Ff+FUEhnmPk7T0bda
ZoruoS2jDlBTzKdh0urILKQ8+Na7AKf84VM8zlDCnxZzx1sqkcw+0tgVXOJ5Y6Cm
+IAhfO66uFJQdc7P24VLbqIqpdbMB7yAF7BUfs99kVvn+n9VZ6NU8o/y1Tss
-----END CERTIFICATE-----