Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/uH4Q96FSrbAJToCiDplvC0AoxGM.roa
File:                     uH4Q96FSrbAJToCiDplvC0AoxGM.roa (raw, json)
Hash identifier:          ZFBMMkJxyBTmW13wNGWYNtzNxjcX7yosqF8+xtm6XY0=
Subject key identifier:   B8:7E:10:F7:A1:52:AD:B0:09:4E:80:A2:0E:99:6F:0B:40:28:C4:63
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01991A6DC12C994E7551148A796C1305F486
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/uH4Q96FSrbAJToCiDplvC0AoxGM.roa
Signing time:             Fri 05 Sep 2025 15:10:24 +0000
ROA not before:           Fri 05 Sep 2025 15:10:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209824
IP address blocks:        5.231.72.0/24 maxlen: 24
                          77.90.1.0/24 maxlen: 24
                          77.90.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1a:6d:c1:2c:99:4e:75:51:14:8a:79:6c:13:05:f4:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Sep  5 15:10:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b87e10f7a152adb0094e80a20e996f0b4028c463
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:3d:fe:24:4e:27:91:34:29:4a:23:c9:e4:0f:
                    68:9a:0b:d3:a9:95:45:be:f7:45:bc:cb:87:2b:4c:
                    df:82:22:64:31:96:ad:4e:dc:4d:52:eb:a8:df:71:
                    0b:43:2b:4d:73:4b:d5:94:08:a4:f3:1e:81:de:2f:
                    69:d8:ee:18:1f:49:58:72:e5:fc:04:0c:e6:12:fc:
                    10:0f:10:1b:08:32:fe:2b:0b:63:6f:bb:e4:d6:f4:
                    75:b2:74:35:9c:3b:d2:77:4e:ef:df:49:b4:cb:28:
                    10:b9:58:10:2c:40:74:2f:05:5f:58:0a:8c:dd:02:
                    2a:3b:de:fa:ca:44:9a:2d:de:9c:ee:a0:dc:80:72:
                    da:40:64:0b:a6:32:cc:64:87:88:07:11:ab:84:6b:
                    60:76:14:3b:3c:6c:f0:7f:5f:52:d1:2c:b6:6d:62:
                    b1:b3:bd:d7:88:ea:dd:2b:29:44:a2:d5:6a:ce:e3:
                    fb:10:6c:46:73:a7:f5:18:4f:59:d7:fb:d3:04:2f:
                    71:be:35:c9:55:cd:16:20:8d:2c:8d:56:34:12:63:
                    0f:b4:dd:85:86:d2:03:51:00:4a:c0:c9:2a:a4:57:
                    06:62:b6:16:31:9a:cc:8a:eb:5c:06:cc:7e:0a:da:
                    5f:0c:08:ce:3f:83:9c:ce:c6:f6:eb:12:b2:c5:66:
                    ec:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:7E:10:F7:A1:52:AD:B0:09:4E:80:A2:0E:99:6F:0B:40:28:C4:63
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/uH4Q96FSrbAJToCiDplvC0AoxGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.72.0/24
                  77.90.1.0/24
                  77.90.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:3f:09:fa:a8:21:7a:f8:84:7d:eb:57:c6:4f:97:4f:81:e4:
         00:ff:cc:cd:a6:23:9e:50:40:7f:09:79:30:3f:2e:df:49:d3:
         fa:e7:c2:8a:88:30:12:62:e5:e4:6c:12:b1:54:b2:98:98:fb:
         24:1c:63:33:0d:f7:4e:a0:47:a3:de:84:5d:40:d7:d1:25:1c:
         a2:4e:2d:c1:6f:c9:10:67:5f:8f:ce:4a:63:18:0f:e6:a9:82:
         54:30:e9:7c:84:80:69:e2:50:18:64:bd:35:44:de:e6:c8:1d:
         87:85:a6:99:a5:4f:9e:1c:f6:72:47:0a:11:db:f7:a0:fa:ae:
         6a:3e:51:39:59:7f:68:e3:e7:40:b1:1a:92:8a:10:5f:81:da:
         0d:b6:1c:3a:64:59:8a:50:dd:04:b0:cc:15:f9:e7:fc:d8:9a:
         ee:2b:a0:e2:09:bb:d6:72:20:0b:da:79:e4:85:3f:cb:18:cc:
         a6:f9:12:4f:3b:f2:36:d6:5c:25:56:c4:86:a4:a2:38:6d:6e:
         d2:82:5b:d0:22:b6:56:12:d6:86:37:f5:06:fc:26:6b:40:50:
         5b:4c:bc:dc:4e:a3:bd:73:4c:cf:0b:27:8f:22:65:ae:4c:07:
         16:5e:91:74:2a:74:0f:23:ad:91:4f:dd:d5:66:c6:a9:72:5a:
         d5:9a:88:3d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkabcEsmU51URSKeWwTBfSGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwOTA1MTUxMDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODdlMTBmN2ExNTJhZGIwMDk0ZTgwYTIwZTk5NmYwYjQwMjhjNDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqz3+JE4nkTQpSiPJ5A9omgvTqZVF
vvdFvMuHK0zfgiJkMZatTtxNUuuo33ELQytNc0vVlAik8x6B3i9p2O4YH0lYcuX8
BAzmEvwQDxAbCDL+Kwtjb7vk1vR1snQ1nDvSd07v30m0yygQuVgQLEB0LwVfWAqM
3QIqO976ykSaLd6c7qDcgHLaQGQLpjLMZIeIBxGrhGtgdhQ7PGzwf19S0Sy2bWKx
s73XiOrdKylEotVqzuP7EGxGc6f1GE9Z1/vTBC9xvjXJVc0WII0sjVY0EmMPtN2F
htIDUQBKwMkqpFcGYrYWMZrMiutcBsx+CtpfDAjOP4Oczsb26xKyxWbsjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLh+EPehUq2wCU6Aog6ZbwtAKMRjMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvdUg0UTk2RlNyYkFKVG9DaURwbHZDMEFveEdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABedIAwQA
TVoBAwQATVodMA0GCSqGSIb3DQEBCwUAA4IBAQBEPwn6qCF6+IR961fGT5dPgeQA
/8zNpiOeUEB/CXkwPy7fSdP658KKiDASYuXkbBKxVLKYmPskHGMzDfdOoEej3oRd
QNfRJRyiTi3Bb8kQZ1+PzkpjGA/mqYJUMOl8hIBp4lAYZL01RN7myB2HhaaZpU+e
HPZyRwoR2/eg+q5qPlE5WX9o4+dAsRqSihBfgdoNthw6ZFmKUN0EsMwV+ef82Jru
K6DiCbvWciAL2nnkhT/LGMym+RJPO/I21lwlVsSGpKI4bW7SglvQIrZWEtaGN/UG
/CZrQFBbTLzcTqO9c0zPCyePImWuTAcWXpF0KnQPI62RT93VZsapclrVmog9
-----END CERTIFICATE-----