Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/J1p4HbSx9YoNvjErHtTwAUyVgDo.roa
File:                     J1p4HbSx9YoNvjErHtTwAUyVgDo.roa (raw, json)
Hash identifier:          umKZAeg8WGSa+fZsQuR2FqJchnQHVyD2NsdZFLjN3sU=
Subject key identifier:   27:5A:78:1D:B4:B1:F5:8A:0D:BE:31:2B:1E:D4:F0:01:4C:95:80:3A
Certificate issuer:       /CN=7df904ab14066c7a9fe61a521d5492a0e52965ca
Certificate serial:       0195EB665F893569B48B8D11C140B9C72776
Authority key identifier: 7D:F9:04:AB:14:06:6C:7A:9F:E6:1A:52:1D:54:92:A0:E5:29:65:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/J1p4HbSx9YoNvjErHtTwAUyVgDo.roa
Signing time:             Mon 31 Mar 2025 08:51:49 +0000
ROA not before:           Mon 31 Mar 2025 08:51:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        77.111.68.0/22 maxlen: 22
                          77.111.72.0/21 maxlen: 21
                          77.111.80.0/21 maxlen: 21
                          121.127.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:eb:66:5f:89:35:69:b4:8b:8d:11:c1:40:b9:c7:27:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df904ab14066c7a9fe61a521d5492a0e52965ca
        Validity
            Not Before: Mar 31 08:51:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=275a781db4b1f58a0dbe312b1ed4f0014c95803a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ca:d6:da:0c:12:a0:03:a4:8f:2a:8d:f4:e1:
                    83:d2:c3:7c:74:ba:45:b7:73:de:72:44:6c:63:05:
                    35:5f:92:ad:27:9e:d2:72:10:43:02:e4:cd:11:fc:
                    98:dc:c8:f6:76:29:83:16:b0:9b:29:70:f8:24:e6:
                    41:f1:ea:b0:ea:9f:9b:3c:81:83:0c:3f:84:2c:1c:
                    5a:4b:a6:fc:a6:4b:fa:5f:2a:d4:91:1c:bb:30:44:
                    86:a3:5a:36:9f:c2:de:18:19:16:e5:f6:93:4c:bd:
                    f9:eb:3d:2b:6d:a3:96:97:d9:ac:cf:24:b2:9d:62:
                    87:98:84:82:39:c9:23:a9:f7:c4:76:b1:78:7b:c1:
                    e7:21:94:73:26:4e:b6:0e:72:f3:3c:d8:37:a9:91:
                    c0:f5:d8:33:73:34:34:ff:2f:8d:8b:a3:e2:5f:b7:
                    af:67:8c:43:6c:b9:98:d3:99:4a:d6:3a:69:a9:11:
                    b4:20:49:af:0d:e4:f5:9f:6c:a0:0c:da:d0:d2:b5:
                    48:f6:60:f8:af:b7:45:a9:b9:18:57:3d:96:48:a1:
                    93:11:48:dc:48:a3:33:45:43:0a:bc:8b:76:09:97:
                    35:c2:7a:ff:92:ef:ce:12:25:6c:55:bf:4f:e1:68:
                    b9:20:ad:34:79:ae:e0:2b:90:83:c2:9c:52:03:97:
                    e3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:5A:78:1D:B4:B1:F5:8A:0D:BE:31:2B:1E:D4:F0:01:4C:95:80:3A
            X509v3 Authority Key Identifier:
                keyid:7D:F9:04:AB:14:06:6C:7A:9F:E6:1A:52:1D:54:92:A0:E5:29:65:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/J1p4HbSx9YoNvjErHtTwAUyVgDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.68.0-77.111.87.255
                  121.127.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:5c:a2:6d:3f:6d:db:73:ea:67:48:71:72:17:1f:c8:9c:8e:
         f3:d3:ca:48:72:28:16:91:8f:85:80:32:bc:bb:68:a7:1b:7f:
         9b:ba:fb:22:82:1d:15:90:f9:9d:18:ca:c4:d0:9b:e9:90:90:
         db:2d:6a:1f:e2:c2:2e:36:ba:04:9e:20:6f:a1:a8:78:62:45:
         75:90:13:76:cf:a2:43:fa:f1:00:eb:86:75:ce:41:67:3a:0e:
         a7:ce:1d:32:8d:3a:c5:3f:57:72:4a:b1:2a:ff:3d:e6:8b:8c:
         73:0c:7a:4f:ad:d4:6d:c2:2a:cb:4a:b3:e5:d2:75:e3:3c:8e:
         f6:75:19:68:28:7f:03:37:c6:67:ec:ef:4b:c8:78:bf:24:b6:
         26:d8:5d:da:71:58:4c:6e:30:5c:15:0f:fe:4c:e4:05:3c:58:
         d2:d1:a3:51:f3:34:98:a6:d6:9a:b8:76:18:f4:d9:30:a3:b5:
         f6:6e:82:47:d7:73:38:fa:58:a1:6f:2a:f9:cc:60:d0:b6:01:
         12:d5:10:29:48:7f:97:42:3f:29:0a:dd:32:f8:c4:9c:4d:03:
         82:21:bd:65:40:e2:60:6a:5d:3e:79:cb:24:d7:c6:f1:96:5b:
         cf:b8:ff:44:db:70:b1:aa:c5:ac:e3:8f:55:63:a1:23:f5:29:
         b4:26:6c:a9
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZXrZl+JNWm0i40RwUC5xyd2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjkwNGFiMTQwNjZjN2E5ZmU2MWE1MjFkNTQ5MmEwZTUy
OTY1Y2EwHhcNMjUwMzMxMDg1MTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzVhNzgxZGI0YjFmNThhMGRiZTMxMmIxZWQ0ZjAwMTRjOTU4MDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcrW2gwSoAOkjyqN9OGD0sN8dLpF
t3PeckRsYwU1X5KtJ57SchBDAuTNEfyY3Mj2dimDFrCbKXD4JOZB8eqw6p+bPIGD
DD+ELBxaS6b8pkv6XyrUkRy7MESGo1o2n8LeGBkW5faTTL356z0rbaOWl9mszySy
nWKHmISCOckjqffEdrF4e8HnIZRzJk62DnLzPNg3qZHA9dgzczQ0/y+Ni6PiX7ev
Z4xDbLmY05lK1jppqRG0IEmvDeT1n2ygDNrQ0rVI9mD4r7dFqbkYVz2WSKGTEUjc
SKMzRUMKvIt2CZc1wnr/ku/OEiVsVb9P4Wi5IK00ea7gK5CDwpxSA5fjJQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCdaeB20sfWKDb4xKx7U8AFMlYA6MB8GA1UdIwQY
MBaAFH35BKsUBmx6n+YaUh1UkqDlKWXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZrRXF4UUdiSHFmNWhwU0hWU1NvT1VwWmNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS81M2ZiMzQtMjVkYi00Njg0LTk4NGYt
M2I0NDVmMjlmNWI3LzEvSjFwNEhiU3g5WW9OdmpFckh0VHdBVXlWZ0RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS81M2ZiMzQtMjVkYi00Njg0LTk4NGYtM2I0NDVmMjlmNWI3
LzEvZmZrRXF4UUdiSHFmNWhwU0hWU1NvT1VwWmNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAJNb0QD
BANNb1ADBAB5fyQwDQYJKoZIhvcNAQELBQADggEBADdcom0/bdtz6mdIcXIXH8ic
jvPTykhyKBaRj4WAMry7aKcbf5u6+yKCHRWQ+Z0YysTQm+mQkNstah/iwi42ugSe
IG+hqHhiRXWQE3bPokP68QDrhnXOQWc6DqfOHTKNOsU/V3JKsSr/PeaLjHMMek+t
1G3CKstKs+XSdeM8jvZ1GWgofwM3xmfs70vIeL8ktibYXdpxWExuMFwVD/5M5AU8
WNLRo1HzNJim1pq4dhj02TCjtfZugkfXczj6WKFvKvnMYNC2ARLVEClIf5dCPykK
3TL4xJxNA4IhvWVA4mBqXT55yyTXxvGWW8+4/0TbcLGqxazjj1VjoSP1KbQmbKk=
-----END CERTIFICATE-----