Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/9Cck056lKROfatfMWv-QSieqh1A.roa
File:                     9Cck056lKROfatfMWv-QSieqh1A.roa (raw, json)
Hash identifier:          ZRG/VsSY+jhqYhGdF/D26P/ZcEHeclW3SeFgUZ7LewE=
Subject key identifier:   F4:27:24:D3:9E:A5:29:13:9F:6A:D7:CC:5A:FF:90:4A:27:AA:87:50
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0198E5E45A7B4D955B0108BD6F8BA7757080
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/9Cck056lKROfatfMWv-QSieqh1A.roa
Signing time:             Tue 26 Aug 2025 10:20:04 +0000
ROA not before:           Tue 26 Aug 2025 10:20:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        77.246.245.0/24 maxlen: 24
                          124.198.128.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Sep 2025 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e5:e4:5a:7b:4d:95:5b:01:08:bd:6f:8b:a7:75:70:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Aug 26 10:20:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f42724d39ea529139f6ad7cc5aff904a27aa8750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1d:5b:59:1a:22:ac:60:15:26:cb:41:2b:2f:
                    76:7f:58:6c:17:70:5c:ff:f7:b6:f4:ad:28:84:83:
                    da:cc:7f:34:7c:80:3b:34:0b:10:5e:ad:7b:9d:1c:
                    b9:8b:ef:9d:32:10:50:06:aa:e6:3e:69:c4:98:ec:
                    a4:b5:84:90:97:03:b4:9c:09:b6:87:cd:8a:5d:57:
                    be:73:3e:79:50:16:bc:f7:32:25:e8:62:d3:c3:24:
                    09:19:e2:c5:5f:85:71:40:44:c3:d9:16:04:c7:72:
                    55:ed:f5:77:c0:0e:bc:f7:2b:a8:2c:7f:b2:5f:7b:
                    7d:97:e0:a2:56:7a:60:8f:b5:d5:66:02:51:ea:d3:
                    82:45:92:2f:14:45:9d:c4:ef:79:8c:0d:e3:3c:78:
                    72:69:71:e2:71:95:74:63:66:9e:a1:61:3d:9c:0e:
                    9c:92:8b:44:5a:b3:6b:b0:ef:53:1e:3f:f0:8b:12:
                    b1:67:35:dd:14:5b:28:93:d7:1c:a1:f6:cc:1e:73:
                    15:16:0b:ca:9b:96:d5:80:5c:0f:d9:da:8d:c5:2f:
                    fa:62:a2:98:88:98:64:a3:b2:cb:da:77:6f:cd:ae:
                    82:5f:27:85:e4:56:33:7a:18:bf:5e:0c:4e:9e:35:
                    6a:2f:ec:36:ec:9f:e6:94:e1:1a:45:7f:f7:68:31:
                    cb:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:27:24:D3:9E:A5:29:13:9F:6A:D7:CC:5A:FF:90:4A:27:AA:87:50
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/9Cck056lKROfatfMWv-QSieqh1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.245.0/24
                  124.198.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:c6:0c:05:83:cd:c8:32:31:50:57:72:91:8f:ca:7f:c7:e7:
         24:58:d3:74:1e:fc:4a:a9:34:cf:10:e4:a5:56:77:1b:de:a1:
         0a:fb:b2:b9:39:0e:f8:fc:e5:66:74:f4:9c:84:b0:70:c4:4a:
         7b:39:2f:37:1c:5d:e3:c5:35:cd:99:d7:4b:2e:75:71:61:30:
         9c:90:eb:40:55:aa:e8:0e:1b:69:db:03:0e:50:cf:f6:45:c6:
         e4:4f:2d:35:94:59:41:65:40:fa:06:a4:ed:7e:79:f2:41:fc:
         ce:f1:bf:1e:68:83:62:7d:e8:91:cf:f1:eb:61:24:e1:3c:40:
         1c:5c:a1:db:6a:01:fc:91:95:2d:48:f1:1f:b5:1c:2b:bb:a5:
         f3:7a:8d:86:2d:40:70:bb:6f:22:94:92:e8:e2:d3:16:aa:c7:
         ee:9b:8f:24:60:7d:6b:8e:fe:54:ef:e5:e2:92:05:03:65:b4:
         83:30:55:74:9c:db:ff:bc:13:02:ce:9f:74:03:fd:89:87:74:
         21:c7:f1:43:f2:30:98:62:d4:c4:59:f0:3e:7e:fb:fa:b6:06:
         85:f2:e9:00:55:be:ba:ec:cc:64:cb:b5:6a:72:79:0f:26:74:
         6a:0e:4c:2a:86:23:2a:18:24:ae:35:69:89:8b:98:ec:86:b5:
         34:47:fc:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjl5Fp7TZVbAQi9b4undXCAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwODI2MTAyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDI3MjRkMzllYTUyOTEzOWY2YWQ3Y2M1YWZmOTA0YTI3YWE4NzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvh1bWRoirGAVJstBKy92f1hsF3Bc
//e29K0ohIPazH80fIA7NAsQXq17nRy5i++dMhBQBqrmPmnEmOyktYSQlwO0nAm2
h82KXVe+cz55UBa89zIl6GLTwyQJGeLFX4VxQETD2RYEx3JV7fV3wA689yuoLH+y
X3t9l+CiVnpgj7XVZgJR6tOCRZIvFEWdxO95jA3jPHhyaXHicZV0Y2aeoWE9nA6c
kotEWrNrsO9THj/wixKxZzXdFFsok9ccofbMHnMVFgvKm5bVgFwP2dqNxS/6YqKY
iJhko7LL2ndvza6CXyeF5FYzehi/XgxOnjVqL+w27J/mlOEaRX/3aDHLJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPQnJNOepSkTn2rXzFr/kEonqodQMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvOUNjazA1NmxLUk9mYXRmTVd2LVFTaWVxaDFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATfb1AwQB
fMaAMA0GCSqGSIb3DQEBCwUAA4IBAQC0xgwFg83IMjFQV3KRj8p/x+ckWNN0HvxK
qTTPEOSlVncb3qEK+7K5OQ74/OVmdPSchLBwxEp7OS83HF3jxTXNmddLLnVxYTCc
kOtAVaroDhtp2wMOUM/2RcbkTy01lFlBZUD6BqTtfnnyQfzO8b8eaINifeiRz/Hr
YSThPEAcXKHbagH8kZUtSPEftRwru6Xzeo2GLUBwu28ilJLo4tMWqsfum48kYH1r
jv5U7+XikgUDZbSDMFV0nNv/vBMCzp90A/2Jh3Qhx/FD8jCYYtTEWfA+fvv6tgaF
8ukAVb667Mxky7VqcnkPJnRqDkwqhiMqGCSuNWmJi5jshrU0R/yT
-----END CERTIFICATE-----