Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/5h7U117_LogP5kPETSBap2Ev0yI.roa
File:                     5h7U117_LogP5kPETSBap2Ev0yI.roa (raw, json)
Hash identifier:          QLmh86oOsIGhmYhBoDiaCA4zllnx8R+NzKdjQbMIzHI=
Subject key identifier:   E6:1E:D4:D7:5E:FF:2E:88:0F:E6:43:C4:4D:20:5A:A7:61:2F:D3:22
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       01990F2CBDDC466FD1E839E1D2E525FD2766
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/5h7U117_LogP5kPETSBap2Ev0yI.roa
Signing time:             Wed 03 Sep 2025 10:43:34 +0000
ROA not before:           Wed 03 Sep 2025 10:43:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213999
IP address blocks:        77.221.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 17:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:2c:bd:dc:46:6f:d1:e8:39:e1:d2:e5:25:fd:27:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Sep  3 10:43:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e61ed4d75eff2e880fe643c44d205aa7612fd322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:46:d5:33:09:d8:78:68:ae:81:69:8a:b8:51:
                    36:67:0c:80:10:b2:38:70:c1:ba:22:03:bb:a3:06:
                    47:ea:5a:22:f8:1d:2a:81:fa:d4:a5:b2:f6:bc:a5:
                    8a:44:5a:b9:17:22:03:e9:10:99:2b:26:18:fc:43:
                    c0:f3:9d:9a:67:ad:c5:3e:2e:59:1a:62:18:05:a9:
                    1d:3b:e5:5e:cf:da:73:a5:0f:6a:77:ea:9f:aa:d1:
                    8a:9d:08:41:32:49:87:09:98:18:62:56:1a:fc:f1:
                    93:37:02:95:04:55:4e:d9:37:94:5c:66:62:b9:5b:
                    9e:b7:1c:4c:ef:61:e7:f2:d3:fc:cc:ec:94:60:0e:
                    89:4f:19:d3:6c:fc:93:4e:32:50:8d:93:16:a8:23:
                    cd:9c:b3:4e:a5:41:b4:54:02:7d:6e:9b:36:45:73:
                    67:70:e1:70:63:e7:26:d2:78:32:5c:2e:e7:98:5e:
                    bd:1c:80:f6:ce:ef:80:b1:59:91:e7:53:57:db:ef:
                    16:87:70:b2:d4:a1:3b:3c:3e:8a:bd:79:fd:d4:bc:
                    07:19:75:8d:34:0f:a7:d9:e7:7e:9f:07:5a:cd:51:
                    d8:7c:42:5a:3a:65:2b:cc:00:57:a1:48:0f:81:ea:
                    67:34:ec:8b:26:17:20:e7:d9:20:81:9b:e3:65:15:
                    71:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:1E:D4:D7:5E:FF:2E:88:0F:E6:43:C4:4D:20:5A:A7:61:2F:D3:22
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/5h7U117_LogP5kPETSBap2Ev0yI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:2d:41:51:34:2e:3b:09:15:79:8d:da:14:da:15:3d:9c:ba:
         11:24:a2:dd:26:d7:2e:d6:f5:e8:b1:ba:5b:7f:18:14:a0:b1:
         20:16:4f:34:bc:69:d7:c6:f9:5b:39:54:28:7a:c3:60:6f:67:
         b7:f3:97:16:64:47:2a:6f:79:8d:5d:be:ff:d7:87:33:c4:46:
         f3:9e:c7:e6:d6:9d:b3:df:ad:3a:b4:48:d5:15:6a:67:74:4f:
         f9:1c:04:62:a7:9e:6b:ec:96:59:9a:da:f3:48:7d:9c:f3:85:
         88:03:43:a9:e6:dc:72:54:a5:09:9e:b0:85:9a:96:b3:8c:da:
         77:27:e1:52:67:83:59:f0:89:b9:9a:97:d8:ce:c9:38:f8:7b:
         3c:c8:da:b7:3e:f4:d3:87:f2:a4:96:88:71:dc:46:17:2f:f3:
         61:53:cc:6d:f2:a8:de:a5:a6:a9:57:fc:ea:85:d8:6e:fb:b3:
         f6:73:34:14:b4:9a:63:26:5d:a7:fe:f1:f1:b4:f2:81:11:5c:
         5b:43:71:df:2f:0c:20:56:39:d2:dd:f8:00:7a:4a:7f:9f:c8:
         d2:cf:bf:3e:79:de:e8:b6:d1:5a:b9:93:0e:9e:07:3d:f3:68:
         c1:ae:94:f2:c6:38:38:75:df:98:87:b8:b2:67:1c:48:c1:56:
         f1:c0:c8:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkPLL3cRm/R6Dnh0uUl/SdmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjUwOTAzMTA0MzM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjFlZDRkNzVlZmYyZTg4MGZlNjQzYzQ0ZDIwNWFhNzYxMmZkMzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UbVMwnYeGiugWmKuFE2ZwyAELI4
cMG6IgO7owZH6loi+B0qgfrUpbL2vKWKRFq5FyID6RCZKyYY/EPA852aZ63FPi5Z
GmIYBakdO+Vez9pzpQ9qd+qfqtGKnQhBMkmHCZgYYlYa/PGTNwKVBFVO2TeUXGZi
uVuetxxM72Hn8tP8zOyUYA6JTxnTbPyTTjJQjZMWqCPNnLNOpUG0VAJ9bps2RXNn
cOFwY+cm0ngyXC7nmF69HID2zu+AsVmR51NX2+8Wh3Cy1KE7PD6KvXn91LwHGXWN
NA+n2ed+nwdazVHYfEJaOmUrzABXoUgPgepnNOyLJhcg59kggZvjZRVxRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYe1Nde/y6ID+ZDxE0gWqdhL9MiMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvNWg3VTExN19Mb2dQNWtQRVRTQmFwMkV2MHlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATd2WMA0G
CSqGSIb3DQEBCwUAA4IBAQCfLUFRNC47CRV5jdoU2hU9nLoRJKLdJtcu1vXosbpb
fxgUoLEgFk80vGnXxvlbOVQoesNgb2e385cWZEcqb3mNXb7/14czxEbznsfm1p2z
3606tEjVFWpndE/5HARip55r7JZZmtrzSH2c84WIA0Op5txyVKUJnrCFmpazjNp3
J+FSZ4NZ8Im5mpfYzsk4+Hs8yNq3PvTTh/Kklohx3EYXL/NhU8xt8qjepaapV/zq
hdhu+7P2czQUtJpjJl2n/vHxtPKBEVxbQ3HfLwwgVjnS3fgAekp/n8jSz78+ed7o
ttFauZMOngc982jBrpTyxjg4dd+Yh7iyZxxIwVbxwMjG
-----END CERTIFICATE-----