Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/xSgK9fLOFfBtEQ1GwOtLlJ5fFSc.roa
File:                     xSgK9fLOFfBtEQ1GwOtLlJ5fFSc.roa (raw, json)
Hash identifier:          21NNCvjDiYlOHMOd6bhzk9x3nNYhc0a1y7zhHVR1Jbg=
Subject key identifier:   C5:28:0A:F5:F2:CE:15:F0:6D:11:0D:46:C0:EB:4B:94:9E:5F:15:27
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       0198DB5A4A038338C2A7EFFFEE9F3A748805
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/xSgK9fLOFfBtEQ1GwOtLlJ5fFSc.roa
Signing time:             Sun 24 Aug 2025 09:13:04 +0000
ROA not before:           Sun 24 Aug 2025 09:13:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209847
IP address blocks:        77.91.72.0/24 maxlen: 24
                          77.91.73.0/24 maxlen: 24
                          77.91.74.0/24 maxlen: 24
                          77.91.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:db:5a:4a:03:83:38:c2:a7:ef:ff:ee:9f:3a:74:88:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Aug 24 09:13:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5280af5f2ce15f06d110d46c0eb4b949e5f1527
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:c5:72:83:34:59:96:32:1d:e6:5f:ee:af:31:
                    bf:19:49:61:6c:b1:b4:3b:25:73:78:7a:64:a0:86:
                    99:3e:a0:5a:29:81:ec:8c:4c:56:64:82:ea:0d:6c:
                    36:92:59:52:67:84:48:30:52:62:48:2c:b1:49:9d:
                    26:c4:4b:91:64:81:49:21:a6:14:d9:22:68:03:2d:
                    c2:69:4a:02:3c:d6:62:ce:d4:94:70:d9:2f:44:1c:
                    79:4a:bd:45:c7:39:46:40:25:fa:76:c7:b3:4c:b2:
                    62:d3:f9:99:ed:4e:09:b2:68:e1:b6:02:b9:85:ed:
                    6e:25:95:fe:82:33:30:ba:99:a4:85:ad:d2:cf:ab:
                    04:d0:fe:78:56:dd:03:a2:07:7a:6e:28:fa:59:8e:
                    11:cc:ee:98:c2:77:60:83:1d:16:aa:f3:f6:40:7a:
                    1c:cd:9c:39:86:63:24:34:57:80:a5:fd:2f:05:d4:
                    e4:36:f3:12:f1:44:dc:53:82:06:47:fa:82:e7:82:
                    2c:aa:4a:e2:12:db:dd:a4:07:de:60:44:bd:19:94:
                    86:8f:eb:28:bb:5e:2f:4c:5d:01:fa:03:f9:8f:b5:
                    ff:a0:10:ee:3e:f8:73:d0:11:e4:eb:cd:08:aa:34:
                    ea:d0:37:58:75:db:69:51:3c:b7:f5:ba:49:7b:aa:
                    7b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:28:0A:F5:F2:CE:15:F0:6D:11:0D:46:C0:EB:4B:94:9E:5F:15:27
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/xSgK9fLOFfBtEQ1GwOtLlJ5fFSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:a6:a3:7e:e6:d7:ea:e8:65:97:dc:e9:12:9b:e2:98:25:26:
         9e:72:75:c9:ea:2b:96:c0:e7:4e:f5:4e:05:15:04:71:51:3c:
         fe:ba:dd:d6:61:5c:45:1c:6b:bd:07:63:b6:e2:d1:f7:fd:f8:
         2e:81:b7:e4:43:00:18:6a:62:c7:45:40:1f:b5:cd:76:d3:93:
         19:75:ba:71:30:92:b3:6a:64:14:68:4d:06:9f:53:9d:90:2a:
         a5:57:4d:f9:55:58:1f:ad:34:eb:57:01:a2:cd:70:2d:fb:97:
         24:f0:61:73:1e:3b:7a:d2:c3:1f:ac:ee:97:44:b7:f1:2b:23:
         e9:5d:c5:f5:1b:35:9d:d0:3b:db:01:03:e4:ad:c8:28:2e:10:
         8f:71:2d:74:ae:7d:d8:47:0d:84:17:2b:0f:70:fb:b5:fc:40:
         2b:06:57:7f:fc:94:5e:97:aa:c0:b8:5f:a2:9e:a3:52:60:30:
         da:c3:ce:01:1b:f9:38:af:12:26:4c:17:10:68:e9:e2:42:01:
         33:ec:93:de:43:5a:28:88:79:f2:22:43:20:97:81:0c:9f:81:
         5f:f8:d3:36:2b:40:56:fb:93:fb:bb:69:8f:e1:3d:31:f9:28:
         24:58:d2:87:f3:13:40:cd:8f:19:f0:f6:2b:1a:38:92:6c:1b:
         29:70:6a:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjbWkoDgzjCp+//7p86dIgFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjUwODI0MDkxMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTI4MGFmNWYyY2UxNWYwNmQxMTBkNDZjMGViNGI5NDllNWYxNTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MVygzRZljId5l/urzG/GUlhbLG0
OyVzeHpkoIaZPqBaKYHsjExWZILqDWw2kllSZ4RIMFJiSCyxSZ0mxEuRZIFJIaYU
2SJoAy3CaUoCPNZiztSUcNkvRBx5Sr1FxzlGQCX6dsezTLJi0/mZ7U4JsmjhtgK5
he1uJZX+gjMwupmkha3Sz6sE0P54Vt0Dogd6bij6WY4RzO6Ywndggx0WqvP2QHoc
zZw5hmMkNFeApf0vBdTkNvMS8UTcU4IGR/qC54IsqkriEtvdpAfeYES9GZSGj+so
u14vTF0B+gP5j7X/oBDuPvhz0BHk680IqjTq0DdYddtpUTy39bpJe6p7TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUoCvXyzhXwbRENRsDrS5SeXxUnMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEveFNnSzlmTE9GZkJ0RVExR3dPdExsSjVmRlNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTVtIMA0G
CSqGSIb3DQEBCwUAA4IBAQCdpqN+5tfq6GWX3OkSm+KYJSaecnXJ6iuWwOdO9U4F
FQRxUTz+ut3WYVxFHGu9B2O24tH3/fgugbfkQwAYamLHRUAftc1205MZdbpxMJKz
amQUaE0Gn1OdkCqlV035VVgfrTTrVwGizXAt+5ck8GFzHjt60sMfrO6XRLfxKyPp
XcX1GzWd0DvbAQPkrcgoLhCPcS10rn3YRw2EFysPcPu1/EArBld//JRel6rAuF+i
nqNSYDDaw84BG/k4rxImTBcQaOniQgEz7JPeQ1ooiHnyIkMgl4EMn4Ff+NM2K0BW
+5P7u2mP4T0x+SgkWNKH8xNAzY8Z8PYrGjiSbBspcGol
-----END CERTIFICATE-----