Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/mSBPlqtK_yso1LxvAD3vvq3Keko.roa
File:                     mSBPlqtK_yso1LxvAD3vvq3Keko.roa (raw, json)
Hash identifier:          ofI3EI2oD85Mu/hQ7FhUp/RhQjJ8UixFIAvem5Gdcqo=
Subject key identifier:   99:20:4F:96:AB:4A:FF:2B:28:D4:BC:6F:00:3D:EF:BE:AD:CA:7A:4A
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0197C0113761AEFE42B6EEF76487538473AD
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/mSBPlqtK_yso1LxvAD3vvq3Keko.roa
Signing time:             Mon 30 Jun 2025 09:00:43 +0000
ROA not before:           Mon 30 Jun 2025 09:00:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7019
IP address blocks:        77.47.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 00:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c0:11:37:61:ae:fe:42:b6:ee:f7:64:87:53:84:73:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jun 30 09:00:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99204f96ab4aff2b28d4bc6f003defbeadca7a4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e0:ab:ea:a6:b6:b0:ef:06:ec:fd:f7:e8:cb:
                    6d:90:b3:ec:62:e5:00:e8:a1:54:76:0e:b1:ff:2a:
                    23:ad:87:b6:e9:8e:a0:7b:e5:70:a2:95:a0:9e:47:
                    47:ee:1b:eb:d3:25:3c:be:9c:81:5f:ca:43:9d:a6:
                    d9:ea:e3:7d:55:18:6a:3b:1b:84:60:63:db:ed:1c:
                    7f:e7:af:80:c3:9d:ba:4d:ac:65:90:ad:3d:ad:f9:
                    0c:fd:50:22:b6:64:dd:78:0b:ed:cb:07:8a:a3:d8:
                    7f:98:49:b9:21:e2:43:ec:92:95:30:fc:37:c3:3a:
                    68:da:17:a6:b1:83:20:d1:08:f3:b9:e1:e3:72:3e:
                    dd:65:cb:dc:9b:a3:2b:8f:9f:ae:0f:eb:3e:6b:27:
                    ea:a8:9d:fe:62:a1:3c:41:05:36:e4:49:eb:e8:45:
                    53:b6:d7:db:66:ce:88:c6:73:62:19:d6:e9:f9:cf:
                    16:45:18:aa:78:d3:24:d2:06:f6:66:b3:2c:72:91:
                    38:14:fb:14:eb:dc:45:18:e0:50:4e:10:b6:7c:ab:
                    78:03:1e:37:b7:63:56:f6:32:a0:e4:ea:29:ea:82:
                    39:21:e0:37:de:b6:6b:8b:45:60:9f:6c:3e:0a:8a:
                    6d:b5:48:84:98:47:e2:3e:52:36:ea:b5:0b:d4:2b:
                    56:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:20:4F:96:AB:4A:FF:2B:28:D4:BC:6F:00:3D:EF:BE:AD:CA:7A:4A
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/mSBPlqtK_yso1LxvAD3vvq3Keko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:c2:e5:18:29:b1:4c:20:e8:b8:e9:1a:b3:7b:4b:07:2c:be:
         fe:9e:86:03:34:b9:51:26:fc:70:77:4b:f3:e9:71:d4:61:20:
         08:7e:d7:a9:77:78:2f:e2:be:1c:a9:12:9a:ae:95:a4:50:c1:
         8a:1c:36:43:dd:fe:6f:95:40:36:c5:62:78:f5:61:ae:ca:40:
         df:69:8a:54:fe:56:98:06:c9:06:52:b2:10:89:58:55:d7:6c:
         92:d9:56:0d:db:1e:fe:73:ce:ce:fe:25:5f:15:46:ef:6a:73:
         35:db:2d:fc:01:4d:26:14:71:03:a3:9e:fc:9b:9b:d8:ec:00:
         87:f7:e9:90:b0:53:d6:f3:4b:35:a1:ef:2a:0c:04:82:68:09:
         d0:b7:4c:9b:5e:69:33:af:d9:42:dd:71:49:e5:16:01:65:fc:
         a9:9a:ae:9a:19:e5:e2:4a:a3:2c:75:cf:58:9f:05:25:4e:ca:
         43:0f:86:5b:ea:15:7d:97:9d:54:ea:41:8e:91:45:14:2a:cc:
         d2:3d:38:4c:1e:5f:f8:3f:23:98:d2:05:f7:e5:db:f7:b8:d4:
         5c:8f:77:ad:10:6a:bf:c3:1a:09:a7:cf:c7:d2:9c:a9:c8:cf:
         8f:57:76:90:02:26:b7:db:ff:77:b2:ce:1d:15:fa:38:92:6c:
         2b:2c:2c:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfAETdhrv5Ctu73ZIdThHOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwNjMwMDkwMDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTIwNGY5NmFiNGFmZjJiMjhkNGJjNmYwMDNkZWZiZWFkY2E3YTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneCr6qa2sO8G7P336MttkLPsYuUA
6KFUdg6x/yojrYe26Y6ge+VwopWgnkdH7hvr0yU8vpyBX8pDnabZ6uN9VRhqOxuE
YGPb7Rx/56+Aw526TaxlkK09rfkM/VAitmTdeAvtyweKo9h/mEm5IeJD7JKVMPw3
wzpo2hemsYMg0QjzueHjcj7dZcvcm6Mrj5+uD+s+ayfqqJ3+YqE8QQU25Enr6EVT
ttfbZs6IxnNiGdbp+c8WRRiqeNMk0gb2ZrMscpE4FPsU69xFGOBQThC2fKt4Ax43
t2NW9jKg5Oop6oI5IeA33rZri0Vgn2w+CopttUiEmEfiPlI26rUL1CtWxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJkgT5arSv8rKNS8bwA9776tynpKMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvbVNCUGxxdEtfeXNvMUx4dkFEM3Z2cTNLZWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATS/VMA0G
CSqGSIb3DQEBCwUAA4IBAQB4wuUYKbFMIOi46Rqze0sHLL7+noYDNLlRJvxwd0vz
6XHUYSAIftepd3gv4r4cqRKarpWkUMGKHDZD3f5vlUA2xWJ49WGuykDfaYpU/laY
BskGUrIQiVhV12yS2VYN2x7+c87O/iVfFUbvanM12y38AU0mFHEDo578m5vY7ACH
9+mQsFPW80s1oe8qDASCaAnQt0ybXmkzr9lC3XFJ5RYBZfypmq6aGeXiSqMsdc9Y
nwUlTspDD4Zb6hV9l51U6kGOkUUUKszSPThMHl/4PyOY0gX35dv3uNRcj3etEGq/
wxoJp8/H0pypyM+PV3aQAia32/93ss4dFfo4kmwrLCwD
-----END CERTIFICATE-----