Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/FH5Q9q8W97sT8KI6dnVLsWRFSWI.roa
File:                     FH5Q9q8W97sT8KI6dnVLsWRFSWI.roa (raw, json)
Hash identifier:          cG5saZlMgIPtVR/sqZPiRHaKVKsi9yK/Kza4DxhSY5I=
Subject key identifier:   14:7E:50:F6:AF:16:F7:BB:13:F0:A2:3A:76:75:4B:B1:64:45:49:62
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       0196A30EAE12EDEC0B2FC808E93481366A95
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/FH5Q9q8W97sT8KI6dnVLsWRFSWI.roa
Signing time:             Tue 06 May 2025 00:46:10 +0000
ROA not before:           Tue 06 May 2025 00:46:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209693
IP address blocks:        77.91.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a3:0e:ae:12:ed:ec:0b:2f:c8:08:e9:34:81:36:6a:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: May  6 00:46:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=147e50f6af16f7bb13f0a23a76754bb164454962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:49:e6:fc:05:77:da:9f:8e:58:48:b6:d0:b6:
                    cf:06:31:af:93:4b:bb:ba:41:39:60:fd:b7:d4:07:
                    6b:fd:f6:7c:dc:cc:76:67:70:b8:42:28:a7:c5:26:
                    ce:d8:60:b5:2a:53:25:e2:98:0d:db:2d:54:0a:86:
                    5f:d1:9c:ae:03:63:8f:c1:64:60:9b:8d:3f:44:9f:
                    df:2a:60:21:84:45:bf:a1:20:aa:f0:8c:8c:ca:1b:
                    c0:ac:99:ed:d5:e8:08:8b:5e:90:39:45:17:c0:fe:
                    27:84:d5:f4:56:d8:d9:aa:58:09:d6:8a:30:8d:44:
                    40:de:3e:04:34:5e:6b:7b:26:bf:70:7f:c8:c5:64:
                    e5:15:d2:cb:28:43:03:c4:82:bf:26:83:d0:84:03:
                    57:7c:e3:74:7a:8d:7c:bb:c4:f9:67:3f:94:65:36:
                    56:ea:29:90:bb:9e:a4:58:a7:a2:41:9b:59:6e:db:
                    e5:ab:10:d4:4b:91:ca:6f:55:56:b3:c6:7b:c6:e7:
                    2e:42:2f:8f:dd:34:05:bf:43:84:1d:db:4a:f2:29:
                    56:9f:23:ce:79:f2:09:8e:18:8c:53:98:b4:db:d2:
                    87:e6:26:78:da:51:df:34:e1:26:02:a5:6a:34:23:
                    c4:a4:5a:55:b1:e4:fe:12:46:ed:1b:28:96:79:be:
                    72:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:7E:50:F6:AF:16:F7:BB:13:F0:A2:3A:76:75:4B:B1:64:45:49:62
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/FH5Q9q8W97sT8KI6dnVLsWRFSWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:ba:9f:7b:0e:51:e8:05:23:06:d8:4d:08:6a:3b:8b:85:73:
         2e:4d:a8:79:63:b3:a6:25:5c:26:42:c9:2d:f0:07:ad:95:89:
         f4:e1:94:ab:22:33:6a:05:83:58:68:56:43:49:59:8b:d2:43:
         bd:49:60:bb:62:dc:36:45:1a:8b:11:d3:63:fc:dd:7c:b6:66:
         20:23:cb:2b:47:14:12:7e:1f:4a:fb:b6:52:88:cf:ba:3c:bd:
         b1:8a:35:ee:2d:9e:ad:86:f7:53:88:93:fa:e9:48:da:67:b2:
         44:30:54:92:02:6b:93:a9:77:98:17:b2:f0:77:ca:9f:9a:04:
         fd:ab:62:7d:b0:ab:f7:92:a8:7c:08:ad:fc:96:c2:7d:08:64:
         81:6e:c0:a2:2c:d3:69:59:80:9c:7a:19:59:2e:b8:00:20:5b:
         fa:07:06:de:9f:43:2d:cf:f9:d7:ee:4d:f7:34:81:60:1a:2e:
         12:d6:06:c5:df:d8:4e:92:1c:61:16:7e:7d:f3:04:42:54:84:
         ac:df:1b:1f:b7:3a:df:33:47:58:da:4a:42:73:de:ba:43:47:
         45:b6:d0:0f:77:42:e7:c5:41:b5:b4:83:a2:32:6e:8f:ec:ea:
         be:7f:f0:ab:74:20:60:2c:45:d4:6c:b2:1b:d1:6f:36:e5:73:
         42:94:e4:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZajDq4S7ewLL8gI6TSBNmqVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjUwNTA2MDA0NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDdlNTBmNmFmMTZmN2JiMTNmMGEyM2E3Njc1NGJiMTY0NDU0OTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEnm/AV32p+OWEi20LbPBjGvk0u7
ukE5YP231Adr/fZ83Mx2Z3C4QiinxSbO2GC1KlMl4pgN2y1UCoZf0ZyuA2OPwWRg
m40/RJ/fKmAhhEW/oSCq8IyMyhvArJnt1egIi16QOUUXwP4nhNX0VtjZqlgJ1oow
jURA3j4ENF5reya/cH/IxWTlFdLLKEMDxIK/JoPQhANXfON0eo18u8T5Zz+UZTZW
6imQu56kWKeiQZtZbtvlqxDUS5HKb1VWs8Z7xucuQi+P3TQFv0OEHdtK8ilWnyPO
efIJjhiMU5i029KH5iZ42lHfNOEmAqVqNCPEpFpVseT+EkbtGyiWeb5yJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBR+UPavFve7E/CiOnZ1S7FkRUliMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvRkg1UTlxOFc5N3NUOEtJNmRuVkxzV1JGU1dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtCMA0G
CSqGSIb3DQEBCwUAA4IBAQAZup97DlHoBSMG2E0IajuLhXMuTah5Y7OmJVwmQskt
8AetlYn04ZSrIjNqBYNYaFZDSVmL0kO9SWC7Ytw2RRqLEdNj/N18tmYgI8srRxQS
fh9K+7ZSiM+6PL2xijXuLZ6thvdTiJP66UjaZ7JEMFSSAmuTqXeYF7Lwd8qfmgT9
q2J9sKv3kqh8CK38lsJ9CGSBbsCiLNNpWYCcehlZLrgAIFv6Bwben0Mtz/nX7k33
NIFgGi4S1gbF39hOkhxhFn598wRCVISs3xsftzrfM0dY2kpCc966Q0dFttAPd0Ln
xUG1tIOiMm6P7Oq+f/CrdCBgLEXUbLIb0W825XNClOTT
-----END CERTIFICATE-----