Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/9hwIee2iKDmXri9_fQ5eY0haCLM.roa
File:                     9hwIee2iKDmXri9_fQ5eY0haCLM.roa (raw, json)
Hash identifier:          G8lHAVoCj8lJj6Xnagqlp/q17S/Fw+kEY201Sx1VbeI=
Subject key identifier:   F6:1C:08:79:ED:A2:28:39:97:AE:2F:7F:7D:0E:5E:63:48:5A:08:B3
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0198EC2C060930F36F7A418A198C8AFAA415
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/9hwIee2iKDmXri9_fQ5eY0haCLM.roa
Signing time:             Wed 27 Aug 2025 15:36:04 +0000
ROA not before:           Wed 27 Aug 2025 15:36:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58325
IP address blocks:        77.47.252.0/22 maxlen: 24
                          195.178.128.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 06:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ec:2c:06:09:30:f3:6f:7a:41:8a:19:8c:8a:fa:a4:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Aug 27 15:36:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f61c0879eda2283997ae2f7f7d0e5e63485a08b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c9:35:1b:fe:e0:03:b7:22:a5:fd:18:f6:eb:
                    ce:89:a5:4b:fa:ca:a6:ec:95:78:3a:88:e5:6a:b7:
                    e5:f4:f4:6b:bf:31:f7:09:bf:74:74:da:0e:4d:06:
                    b1:49:ad:70:fc:08:7d:a2:65:58:39:df:d3:24:27:
                    2d:a3:6a:d4:8e:d9:bb:70:ba:78:ba:a8:18:20:14:
                    c3:e5:57:8e:2e:ca:53:7a:8c:53:7e:70:8f:b2:c2:
                    43:de:9c:7b:dc:a7:84:46:aa:4a:13:a5:cf:29:ea:
                    f9:7c:bf:5b:bd:ee:93:93:28:97:7e:1b:33:ee:93:
                    93:ac:98:9c:e9:35:53:3b:39:c5:a8:ff:fd:d2:a3:
                    53:f5:6f:65:c1:d5:36:83:b7:ee:71:19:a7:49:1e:
                    a0:e2:43:41:53:c7:b7:f7:89:1e:91:05:39:46:34:
                    26:03:cb:5b:dc:f5:1b:d3:b9:f0:9a:3b:44:c8:25:
                    ce:84:47:34:26:78:0b:65:e6:e1:be:3c:39:67:c5:
                    ed:c4:90:1d:ab:1e:78:ba:25:b7:7a:65:dc:71:fa:
                    c3:b3:f0:87:db:05:42:06:2a:89:78:50:4b:eb:e5:
                    17:3c:d3:aa:23:1f:69:aa:30:98:d3:6d:71:56:9e:
                    27:88:da:ef:fa:b7:8a:c6:e7:02:ed:4b:73:52:b5:
                    0e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:1C:08:79:ED:A2:28:39:97:AE:2F:7F:7D:0E:5E:63:48:5A:08:B3
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/9hwIee2iKDmXri9_fQ5eY0haCLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.252.0/22
                  195.178.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:cc:eb:32:a2:3d:fc:1f:25:a6:dd:f5:c0:c8:c8:39:86:31:
         e9:b6:92:0e:d5:32:36:86:4c:cc:e5:a4:67:fd:36:d3:78:94:
         a6:a1:a4:ff:c2:1d:ee:99:14:5c:d7:f5:b3:c5:f3:d9:46:86:
         f5:9c:30:cf:6e:54:f8:62:21:d2:f8:05:0d:45:da:04:98:9a:
         f1:9e:aa:19:0f:ea:d0:6b:0a:73:24:b9:1a:7a:9b:93:33:46:
         6c:26:d4:11:56:5b:3a:d5:b4:ca:97:43:a4:d6:f6:e2:47:4b:
         ee:2c:ba:f2:7a:a3:8c:b8:79:6f:e6:82:a5:79:19:99:01:d6:
         be:be:46:3d:1d:f3:e8:d7:4a:8b:33:1d:e2:fb:60:7d:b0:48:
         7e:e7:98:0b:6b:2d:e8:83:32:6f:9e:55:73:45:3a:ae:8f:c3:
         96:e2:7f:b9:b0:1f:20:55:07:87:ff:c0:0c:70:f3:40:88:34:
         ef:2b:34:c8:76:a7:7f:75:ee:65:b1:14:02:9d:a3:d7:ea:62:
         1f:87:ac:57:e5:cb:54:42:95:0f:d2:ab:1b:6d:b4:31:a6:7d:
         ed:07:4c:eb:52:ce:f9:71:ba:3e:b5:3f:9e:f7:03:d4:80:8a:
         e5:5c:10:21:a9:e9:71:cb:22:8e:4a:bb:b1:42:10:43:1f:9d:
         b6:d9:cb:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjsLAYJMPNvekGKGYyK+qQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwODI3MTUzNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjFjMDg3OWVkYTIyODM5OTdhZTJmN2Y3ZDBlNWU2MzQ4NWEwOGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsck1G/7gA7cipf0Y9uvOiaVL+sqm
7JV4Oojlarfl9PRrvzH3Cb90dNoOTQaxSa1w/Ah9omVYOd/TJCcto2rUjtm7cLp4
uqgYIBTD5VeOLspTeoxTfnCPssJD3px73KeERqpKE6XPKer5fL9bve6TkyiXfhsz
7pOTrJic6TVTOznFqP/90qNT9W9lwdU2g7fucRmnSR6g4kNBU8e394kekQU5RjQm
A8tb3PUb07nwmjtEyCXOhEc0JngLZebhvjw5Z8XtxJAdqx54uiW3emXccfrDs/CH
2wVCBiqJeFBL6+UXPNOqIx9pqjCY021xVp4niNrv+reKxucC7UtzUrUOVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPYcCHntoig5l64vf30OXmNIWgizMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvOWh3SWVlMmlLRG1Ycmk5X2ZRNWVZMGhhQ0xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTS/8AwQC
w7KAMA0GCSqGSIb3DQEBCwUAA4IBAQALzOsyoj38HyWm3fXAyMg5hjHptpIO1TI2
hkzM5aRn/TbTeJSmoaT/wh3umRRc1/WzxfPZRob1nDDPblT4YiHS+AUNRdoEmJrx
nqoZD+rQawpzJLkaepuTM0ZsJtQRVls61bTKl0Ok1vbiR0vuLLryeqOMuHlv5oKl
eRmZAda+vkY9HfPo10qLMx3i+2B9sEh+55gLay3ogzJvnlVzRTquj8OW4n+5sB8g
VQeH/8AMcPNAiDTvKzTIdqd/de5lsRQCnaPX6mIfh6xX5ctUQpUP0qsbbbQxpn3t
B0zrUs75cbo+tT+e9wPUgIrlXBAhqelxyyKOSruxQhBDH5222cuR
-----END CERTIFICATE-----