Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/PeHEDW_rP1JUEqYPKxq3ZE0-zH4.roa
File:                     PeHEDW_rP1JUEqYPKxq3ZE0-zH4.roa (raw, json)
Hash identifier:          m2+wZp8wzsLpKqeRZNklpBnfCK4breDaWRdrgO3+3ys=
Subject key identifier:   3D:E1:C4:0D:6F:EB:3F:52:54:12:A6:0F:2B:1A:B7:64:4D:3E:CC:7E
Certificate issuer:       /CN=8ef8c471e83b14fc6c6cc7cfc96c1ac3e3087eae
Certificate serial:       01970B9839C40D9D851544B3DE89D86C53E0
Authority key identifier: 8E:F8:C4:71:E8:3B:14:FC:6C:6C:C7:CF:C9:6C:1A:C3:E3:08:7E:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/PeHEDW_rP1JUEqYPKxq3ZE0-zH4.roa
Signing time:             Mon 26 May 2025 07:56:55 +0000
ROA not before:           Mon 26 May 2025 07:56:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        77.95.219.0/24 maxlen: 24
                          2a13:f1c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0b:98:39:c4:0d:9d:85:15:44:b3:de:89:d8:6c:53:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef8c471e83b14fc6c6cc7cfc96c1ac3e3087eae
        Validity
            Not Before: May 26 07:56:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3de1c40d6feb3f525412a60f2b1ab7644d3ecc7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:44:1d:95:24:1c:5c:f5:fb:8a:5e:98:e8:e6:
                    a7:ad:b2:f9:2d:16:a3:cb:4d:bf:07:ce:26:26:ba:
                    e4:4b:18:31:6b:ac:2f:e3:65:c6:4d:d7:eb:09:48:
                    7a:5b:99:32:99:03:93:e0:5d:a5:34:fa:35:6b:ed:
                    d2:0c:2a:f1:47:66:cd:19:da:7b:24:69:9e:52:31:
                    5d:73:fc:b4:c3:68:ab:d4:c1:e3:5a:82:9b:21:50:
                    50:8a:7e:db:f5:ed:f7:e1:ce:1c:49:2f:aa:11:be:
                    ab:03:c5:df:2f:57:04:d1:29:e1:a6:a9:bb:13:0d:
                    0b:02:d0:02:d6:e1:47:0e:27:c0:4d:1c:39:01:ce:
                    01:55:45:71:b2:3c:09:63:6b:df:d6:d2:9c:a9:cd:
                    98:de:8e:2a:92:a3:d6:9b:5a:29:74:1f:96:7f:5d:
                    4d:a8:db:4b:1e:a6:41:6e:9d:1d:45:4c:5d:7e:31:
                    65:53:10:9a:10:dd:7e:2e:69:61:5b:27:a6:dc:4f:
                    41:f5:57:cd:ec:58:33:1e:cb:7f:a8:a2:cf:bf:b6:
                    0b:7c:c0:6e:8d:b3:61:25:22:29:5e:67:cd:a9:ff:
                    2d:f4:fc:65:5e:c0:ff:ae:fa:4d:a8:a6:94:5e:d0:
                    99:5a:af:b0:f9:b3:5e:ed:ee:40:a6:90:4c:f6:fe:
                    3c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E1:C4:0D:6F:EB:3F:52:54:12:A6:0F:2B:1A:B7:64:4D:3E:CC:7E
            X509v3 Authority Key Identifier:
                keyid:8E:F8:C4:71:E8:3B:14:FC:6C:6C:C7:CF:C9:6C:1A:C3:E3:08:7E:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/PeHEDW_rP1JUEqYPKxq3ZE0-zH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.219.0/24
                IPv6:
                  2a13:f1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:b6:3c:96:8a:f3:73:95:01:21:0c:43:f6:f4:f4:ad:5b:c9:
         d1:9a:c1:fb:82:78:3e:9c:86:0c:59:4d:ea:a8:15:a3:42:0c:
         07:7e:e0:75:54:be:b6:6d:28:6b:bd:5f:31:e7:16:cd:6c:a4:
         d2:9d:cf:c6:be:e7:b0:06:e5:39:0a:6e:5c:33:08:11:b5:c5:
         53:e5:7a:7a:45:44:ac:fd:bd:93:b8:3d:73:96:4e:8a:66:bf:
         ca:d5:18:ee:58:21:bf:d2:c6:e8:33:34:51:22:d0:62:dd:23:
         49:f6:4d:a6:52:16:a2:9d:14:f3:9b:8d:85:b8:89:66:36:9b:
         8f:8a:5a:b4:19:20:8f:81:79:ef:76:76:c0:b9:24:15:f4:60:
         f0:7d:ba:80:37:95:cc:6d:a8:89:a5:91:86:69:8f:77:a0:bc:
         22:09:71:37:48:35:20:82:7f:97:ef:90:95:95:cc:c2:c8:23:
         18:34:17:38:58:eb:7e:43:15:86:5e:96:d1:5a:e7:5e:b0:5f:
         e0:73:59:ba:b3:c9:04:a3:cc:a8:77:39:8b:e5:e6:c7:e2:47:
         9d:7c:7d:10:71:62:f0:bf:f1:97:45:fe:69:7f:b9:0f:12:3c:
         1a:a9:6d:a2:d9:63:e1:f8:b8:e0:d3:51:05:9c:b4:5c:d6:ad:
         de:f2:79:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZcLmDnEDZ2FFUSz3onYbFPgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjhjNDcxZTgzYjE0ZmM2YzZjYzdjZmM5NmMxYWMzZTMw
ODdlYWUwHhcNMjUwNTI2MDc1NjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGUxYzQwZDZmZWIzZjUyNTQxMmE2MGYyYjFhYjc2NDRkM2VjYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEQdlSQcXPX7il6Y6OanrbL5LRaj
y02/B84mJrrkSxgxa6wv42XGTdfrCUh6W5kymQOT4F2lNPo1a+3SDCrxR2bNGdp7
JGmeUjFdc/y0w2ir1MHjWoKbIVBQin7b9e334c4cSS+qEb6rA8XfL1cE0Snhpqm7
Ew0LAtAC1uFHDifATRw5Ac4BVUVxsjwJY2vf1tKcqc2Y3o4qkqPWm1opdB+Wf11N
qNtLHqZBbp0dRUxdfjFlUxCaEN1+LmlhWyem3E9B9VfN7FgzHst/qKLPv7YLfMBu
jbNhJSIpXmfNqf8t9PxlXsD/rvpNqKaUXtCZWq+w+bNe7e5AppBM9v48DwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD3hxA1v6z9SVBKmDysat2RNPsx+MB8GA1UdIwQY
MBaAFI74xHHoOxT8bGzHz8lsGsPjCH6uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZqRWNlZzdGUHhzYk1mUHlXd2F3LU1JZnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS84ZjJhZDgtNmE0OC00MjNjLWJlNDEt
MTM4YTcxMTdkZTM2LzEvUGVIRURXX3JQMUpVRXFZUEt4cTNaRTAtekg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS84ZjJhZDgtNmE0OC00MjNjLWJlNDEtMTM4YTcxMTdkZTM2
LzEvanZqRWNlZzdGUHhzYk1mUHlXd2F3LU1JZnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQATV/bMA0E
AgACMAcDBQMqE/HAMA0GCSqGSIb3DQEBCwUAA4IBAQA9tjyWivNzlQEhDEP29PSt
W8nRmsH7gng+nIYMWU3qqBWjQgwHfuB1VL62bShrvV8x5xbNbKTSnc/GvuewBuU5
Cm5cMwgRtcVT5Xp6RUSs/b2TuD1zlk6KZr/K1RjuWCG/0sboMzRRItBi3SNJ9k2m
UhainRTzm42FuIlmNpuPilq0GSCPgXnvdnbAuSQV9GDwfbqAN5XMbaiJpZGGaY93
oLwiCXE3SDUggn+X75CVlczCyCMYNBc4WOt+QxWGXpbRWudesF/gc1m6s8kEo8yo
dzmL5ebH4kedfH0QcWLwv/GXRf5pf7kPEjwaqW2i2WPh+Ljg01EFnLRc1q3e8nkM
-----END CERTIFICATE-----