Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/tBHwHHkIoWoPQB4e4ej-oFl2fGE.roa
File:                     tBHwHHkIoWoPQB4e4ej-oFl2fGE.roa (raw, json)
Hash identifier:          UbNA7/yGLRJmQHVEHqPxSSssDaT1D3EY/oLFfEqwR8s=
Subject key identifier:   B4:11:F0:1C:79:08:A1:6A:0F:40:1E:1E:E1:E8:FE:A0:59:76:7C:61
Certificate issuer:       /CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
Certificate serial:       019905CC0EA8DB9CD162721A6D52C2D6A6A0
Authority key identifier: D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/tBHwHHkIoWoPQB4e4ej-oFl2fGE.roa
Signing time:             Mon 01 Sep 2025 15:01:23 +0000
ROA not before:           Mon 01 Sep 2025 15:01:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216127
IP address blocks:        77.110.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 11:20:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:05:cc:0e:a8:db:9c:d1:62:72:1a:6d:52:c2:d6:a6:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
        Validity
            Not Before: Sep  1 15:01:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b411f01c7908a16a0f401e1ee1e8fea059767c61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f4:69:26:09:c2:a2:01:af:f7:7c:5e:05:fd:
                    71:80:4a:cb:13:f6:0c:a6:5b:27:1f:a7:96:50:7e:
                    b9:1a:c2:b2:26:9e:ed:5b:c9:d6:d9:2f:7d:5b:41:
                    b0:8b:c0:71:c2:5e:4e:03:c9:7c:97:2d:35:3c:3e:
                    a5:37:1a:f4:68:67:a1:dc:20:08:d3:1a:c2:87:37:
                    ce:4f:49:06:b7:96:e4:9d:53:8c:5c:59:29:67:aa:
                    0f:87:5b:fb:09:3d:10:a1:db:95:3a:9c:ff:81:16:
                    00:fa:1b:10:c5:d1:94:de:98:2a:8a:1b:97:78:6f:
                    4b:b4:3c:be:40:4a:e0:d5:16:ab:23:96:95:0e:5d:
                    11:92:0c:61:ad:16:bd:a1:28:5a:0f:1a:f3:c7:fe:
                    3a:58:ab:58:d3:f5:82:3d:82:38:41:7a:60:07:48:
                    7d:fa:c6:fb:16:5b:2b:cd:24:31:a3:78:f8:ad:63:
                    dd:43:c8:62:26:28:4f:ef:ed:c5:04:b7:60:47:d7:
                    57:07:2a:1c:c8:ab:89:5b:b5:a5:c2:32:ad:28:65:
                    ad:27:73:25:21:a5:74:a1:0a:b8:43:9d:53:31:db:
                    e9:fc:ba:d1:b2:9c:48:84:1a:b7:08:3c:c6:85:d1:
                    95:29:21:17:5f:b9:da:55:f3:eb:a2:f1:40:8f:cf:
                    ca:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:11:F0:1C:79:08:A1:6A:0F:40:1E:1E:E1:E8:FE:A0:59:76:7C:61
            X509v3 Authority Key Identifier:
                keyid:D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/tBHwHHkIoWoPQB4e4ej-oFl2fGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.110.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:52:58:a0:2d:67:9a:a2:06:d8:9c:c8:b8:8c:cc:da:c9:68:
         a4:e1:4b:d2:73:fc:aa:47:22:72:c6:67:4f:9d:4b:62:1e:1d:
         be:72:96:71:7f:36:5c:21:04:3b:e2:10:85:1c:10:3a:14:50:
         0b:98:84:41:d8:02:b0:73:c9:ce:1f:8d:29:cc:fa:67:a3:4f:
         77:3e:33:04:6f:31:e2:36:ac:3f:c8:1e:21:01:f9:bf:cd:78:
         e4:f4:e0:41:7e:6a:b9:7a:d0:42:b3:93:6c:09:af:1f:b9:09:
         83:e0:1b:06:61:a4:6b:3a:b7:ac:94:cf:a3:83:06:54:f7:1e:
         a7:b0:94:de:c7:26:95:b8:da:8e:fd:99:f8:45:7b:c1:88:21:
         9f:74:e3:db:1f:80:84:c3:69:28:e6:0f:49:53:ce:e4:e1:8c:
         d4:b0:54:e2:02:f7:ed:cf:b4:c8:76:75:72:1c:d4:30:e9:80:
         64:ba:4b:10:a9:7a:e1:4f:9b:0f:d5:19:b0:ab:ba:12:63:6b:
         d0:b2:49:5f:15:a4:58:4e:d7:89:ed:36:88:64:17:cb:83:33:
         a8:98:37:e7:33:18:31:38:bc:84:8f:0e:f1:75:dc:4e:35:20:
         59:d6:e1:2e:50:e2:e2:40:7c:3d:fb:89:63:46:d9:fd:2f:9d:
         d1:c6:27:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkFzA6o25zRYnIabVLC1qagMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Y2UyYmYwMDAxY2Q0MzBlOTI3N2ZiMDBlZDFhYmU1MWMw
YjVjN2MwHhcNMjUwOTAxMTUwMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDExZjAxYzc5MDhhMTZhMGY0MDFlMWVlMWU4ZmVhMDU5NzY3YzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPRpJgnCogGv93xeBf1xgErLE/YM
plsnH6eWUH65GsKyJp7tW8nW2S99W0Gwi8Bxwl5OA8l8ly01PD6lNxr0aGeh3CAI
0xrChzfOT0kGt5bknVOMXFkpZ6oPh1v7CT0QoduVOpz/gRYA+hsQxdGU3pgqihuX
eG9LtDy+QErg1RarI5aVDl0RkgxhrRa9oShaDxrzx/46WKtY0/WCPYI4QXpgB0h9
+sb7FlsrzSQxo3j4rWPdQ8hiJihP7+3FBLdgR9dXByocyKuJW7WlwjKtKGWtJ3Ml
IaV0oQq4Q51TMdvp/LrRspxIhBq3CDzGhdGVKSEXX7naVfProvFAj8/KvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQR8Bx5CKFqD0AeHuHo/qBZdnxhMB8GA1UdIwQY
MBaAFNTOK/AAHNQw6Sd/sA7Rq+UcC1x8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEt
MWY1NDMxZTJhNWFmLzEvdEJId0hIa0lvV29QUUI0ZTRlai1vRmwyZkdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEtMWY1NDMxZTJhNWFm
LzEvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW51MA0G
CSqGSIb3DQEBCwUAA4IBAQCRUligLWeaogbYnMi4jMzayWik4UvSc/yqRyJyxmdP
nUtiHh2+cpZxfzZcIQQ74hCFHBA6FFALmIRB2AKwc8nOH40pzPpno093PjMEbzHi
Nqw/yB4hAfm/zXjk9OBBfmq5etBCs5NsCa8fuQmD4BsGYaRrOreslM+jgwZU9x6n
sJTexyaVuNqO/Zn4RXvBiCGfdOPbH4CEw2ko5g9JU87k4YzUsFTiAvftz7TIdnVy
HNQw6YBkuksQqXrhT5sP1Rmwq7oSY2vQsklfFaRYTteJ7TaIZBfLgzOomDfnMxgx
OLyEjw7xddxONSBZ1uEuUOLiQHw9+4ljRtn9L53RxicY
-----END CERTIFICATE-----