Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/luIF5RSE4UEeRnyDIACAMFK7ptU.roa
File:                     luIF5RSE4UEeRnyDIACAMFK7ptU.roa (raw, json)
Hash identifier:          prVzhZnIZRH6h67iHI2zHii5E9vi8C/WoWfLyxFMxMI=
Subject key identifier:   96:E2:05:E5:14:84:E1:41:1E:46:7C:83:20:00:80:30:52:BB:A6:D5
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0197E901A54ACB53D00366710D1449F4531E
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/luIF5RSE4UEeRnyDIACAMFK7ptU.roa
Signing time:             Tue 08 Jul 2025 07:48:08 +0000
ROA not before:           Tue 08 Jul 2025 07:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     996
IP address blocks:        77.47.180.0/22 maxlen: 24
                          212.111.211.0/24 maxlen: 24
                          212.111.218.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:01:a5:4a:cb:53:d0:03:66:71:0d:14:49:f4:53:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jul  8 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96e205e51484e1411e467c832000803052bba6d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:67:dc:05:2d:1c:cd:ce:15:2b:cc:92:46:ff:
                    c9:cd:e2:d0:b2:80:fa:44:f2:3a:27:09:b0:e4:7c:
                    35:f1:fd:6d:1e:90:4d:bb:97:8e:82:cb:ef:0e:2e:
                    80:a0:20:83:a4:af:d4:89:88:f0:cd:2e:0c:16:c4:
                    2f:e7:4c:19:5a:f7:75:23:33:4f:16:ec:a4:05:42:
                    dc:e8:fb:69:f8:00:36:37:12:44:2a:98:65:2c:67:
                    8f:61:a6:80:6f:90:ae:5e:97:22:3c:9e:80:ab:f2:
                    e4:8d:81:59:63:51:33:27:41:b2:dd:9d:81:c0:a5:
                    36:6b:41:93:de:76:3b:cd:dd:26:35:ae:a5:dc:a6:
                    b4:66:0e:c8:c2:5e:07:21:c9:a9:91:55:31:3b:66:
                    cb:37:d8:4e:56:9a:89:d7:76:41:a7:b2:b8:e9:1a:
                    b3:d4:29:23:4e:8e:57:db:fe:60:f8:07:70:75:e8:
                    ee:8a:a6:9b:de:c2:98:95:7b:02:1d:5c:5a:6e:38:
                    40:21:2e:80:bf:42:7f:2e:01:d1:18:50:93:4d:95:
                    2c:fd:07:96:23:d2:dd:e8:a1:ec:df:b8:63:92:47:
                    31:52:47:27:7c:93:4b:78:84:ba:4b:e4:7d:b7:e7:
                    59:d9:74:42:e5:2b:e8:c1:fb:f4:dd:9d:23:8e:e3:
                    79:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:E2:05:E5:14:84:E1:41:1E:46:7C:83:20:00:80:30:52:BB:A6:D5
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/luIF5RSE4UEeRnyDIACAMFK7ptU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.180.0/22
                  212.111.211.0/24
                  212.111.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:a3:86:48:28:d0:53:04:bf:76:35:8a:d9:ca:b9:60:a2:93:
         3a:44:2b:3c:3f:2d:eb:40:02:72:8b:24:ce:8a:12:f1:b9:59:
         43:7c:28:25:ac:01:55:cc:ef:c6:00:d4:37:5f:b0:8d:4d:fa:
         8d:35:6e:a9:97:82:2f:1d:bb:5b:2c:eb:37:40:65:b7:07:59:
         d2:0e:b1:15:e5:1a:4f:c3:ab:f5:2c:25:44:37:fe:aa:ea:ae:
         2f:4c:3a:0b:1e:fe:ec:d9:2a:d6:38:0a:cf:44:5e:9c:f9:de:
         87:20:4b:f6:8c:cb:53:c5:c4:70:94:96:48:43:c8:9e:3d:ed:
         e9:60:74:bd:b3:0d:27:35:09:3f:60:ce:9f:cd:b0:53:53:9b:
         9c:10:16:9f:d8:a9:15:ff:cc:de:cb:2e:e6:94:80:14:90:a2:
         7b:26:16:6c:cd:1b:92:4f:53:b6:a5:43:23:91:d8:5f:1f:6d:
         c5:b8:ab:27:69:44:81:b4:90:cf:11:3b:da:b2:8f:1a:b5:cf:
         e2:6e:4b:cc:aa:cb:aa:c6:4b:ee:70:e5:0b:bf:b4:ab:9c:a3:
         ba:c5:b7:91:21:85:90:37:7b:24:fd:ab:29:de:1b:24:97:e2:
         68:a5:6a:28:3a:5d:7b:e4:94:f6:8a:77:0e:f9:66:fb:4f:2d:
         d0:a1:a0:41
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfpAaVKy1PQA2ZxDRRJ9FMeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwNzA4MDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmUyMDVlNTE0ODRlMTQxMWU0NjdjODMyMDAwODAzMDUyYmJhNmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGfcBS0czc4VK8ySRv/JzeLQsoD6
RPI6Jwmw5Hw18f1tHpBNu5eOgsvvDi6AoCCDpK/UiYjwzS4MFsQv50wZWvd1IzNP
FuykBULc6Ptp+AA2NxJEKphlLGePYaaAb5CuXpciPJ6Aq/LkjYFZY1EzJ0Gy3Z2B
wKU2a0GT3nY7zd0mNa6l3Ka0Zg7Iwl4HIcmpkVUxO2bLN9hOVpqJ13ZBp7K46Rqz
1CkjTo5X2/5g+Adwdejuiqab3sKYlXsCHVxabjhAIS6Av0J/LgHRGFCTTZUs/QeW
I9Ld6KHs37hjkkcxUkcnfJNLeIS6S+R9t+dZ2XRC5Svowfv03Z0jjuN54wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJbiBeUUhOFBHkZ8gyAAgDBSu6bVMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvbHVJRjVSU0U0VUVlUm55RElBQ0FNRks3cHRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCTS+0AwQA
1G/TAwQB1G/aMA0GCSqGSIb3DQEBCwUAA4IBAQAjo4ZIKNBTBL92NYrZyrlgopM6
RCs8Py3rQAJyiyTOihLxuVlDfCglrAFVzO/GANQ3X7CNTfqNNW6pl4IvHbtbLOs3
QGW3B1nSDrEV5RpPw6v1LCVEN/6q6q4vTDoLHv7s2SrWOArPRF6c+d6HIEv2jMtT
xcRwlJZIQ8iePe3pYHS9sw0nNQk/YM6fzbBTU5ucEBaf2KkV/8zeyy7mlIAUkKJ7
JhZszRuST1O2pUMjkdhfH23FuKsnaUSBtJDPETvaso8atc/ibkvMqsuqxkvucOUL
v7SrnKO6xbeRIYWQN3sk/asp3hskl+JopWooOl175JT2incO+Wb7Ty3QoaBB
-----END CERTIFICATE-----