Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/D6YciS_w4aBGgTwchVv0zjl3KM8.roa
File:                     D6YciS_w4aBGgTwchVv0zjl3KM8.roa (raw, json)
Hash identifier:          0I0L8dvu+mXVyzn+otu0YMQ4J1Sqc+LW0CCIWiAWR+s=
Subject key identifier:   0F:A6:1C:89:2F:F0:E1:A0:46:81:3C:1C:85:5B:F4:CE:39:77:28:CF
Certificate issuer:       /CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
Certificate serial:       019A5465676A023445E7DBE59438327F837D
Authority key identifier: 77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/D6YciS_w4aBGgTwchVv0zjl3KM8.roa
Signing time:             Wed 05 Nov 2025 14:22:03 +0000
ROA not before:           Wed 05 Nov 2025 14:22:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197075
IP address blocks:        5.152.144.0/24 maxlen: 24
                          5.152.154.0/24 maxlen: 24
                          5.152.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:54:65:67:6a:02:34:45:e7:db:e5:94:38:32:7f:83:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
        Validity
            Not Before: Nov  5 14:22:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fa61c892ff0e1a046813c1c855bf4ce397728cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c6:d6:ce:31:96:d7:86:55:b6:8e:f3:60:62:
                    4d:16:6c:b0:f4:a7:53:4a:07:04:19:9b:41:9e:63:
                    2c:8e:4e:ae:25:7e:17:02:5a:75:f3:6e:8c:a1:b9:
                    67:f6:b9:5d:05:46:f6:6d:af:5f:a1:cb:4d:ed:e4:
                    56:e9:dd:25:fc:bb:79:31:dc:fb:9e:c3:e4:e3:44:
                    eb:de:2c:47:24:75:0e:bb:f4:7d:e0:7b:6b:93:3f:
                    64:a6:3d:5a:d9:6f:4d:fe:d2:c0:ca:2c:50:a6:9f:
                    a1:c9:e8:db:29:d3:72:4d:79:0a:de:96:3c:28:2a:
                    4b:43:57:d6:57:b3:67:ef:ce:30:67:a3:0b:ce:eb:
                    5b:36:71:9d:69:d4:13:1f:48:39:aa:bb:58:fe:2f:
                    c6:87:7a:de:de:20:87:00:21:24:62:10:1c:dc:97:
                    c7:95:7c:0e:ae:d8:3f:45:34:f4:41:2c:dc:c1:2a:
                    20:75:86:d2:03:f0:e5:29:28:1e:1f:ea:bd:d3:6d:
                    0b:23:fb:6e:7e:bb:ea:30:c6:23:0b:62:2a:45:cb:
                    63:dc:67:f8:3a:c8:57:dd:44:39:2d:80:f3:1f:18:
                    bc:15:87:47:ce:bd:4e:e2:bd:21:ea:ab:ac:34:19:
                    9e:d4:54:b0:5b:41:ea:04:87:4b:da:95:ae:85:d5:
                    cb:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:A6:1C:89:2F:F0:E1:A0:46:81:3C:1C:85:5B:F4:CE:39:77:28:CF
            X509v3 Authority Key Identifier:
                keyid:77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/D6YciS_w4aBGgTwchVv0zjl3KM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.152.144.0/24
                  5.152.154.0/24
                  5.152.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:03:b6:8e:f7:42:8c:96:df:34:46:d7:b8:bd:88:52:3d:e2:
         08:31:24:6e:32:f5:83:de:99:f7:d0:6a:24:d7:6b:a9:42:1d:
         5f:52:4c:da:f2:b5:cd:1c:eb:43:bf:64:51:3e:5f:9d:2c:42:
         92:93:56:1f:e5:14:f0:74:aa:8a:63:46:a5:70:f7:af:5e:f0:
         fa:63:ad:e5:29:06:d9:c6:3d:41:0e:0b:23:0a:08:f8:a9:8b:
         8e:c4:21:45:87:a1:c3:a1:b8:12:f8:dc:02:34:bf:f8:cc:84:
         10:76:48:61:6f:cd:19:cc:80:3d:d1:f9:f6:53:9a:7f:4b:0d:
         81:d3:dc:3c:17:2a:8a:2b:24:64:a1:53:38:87:a0:f1:aa:f1:
         e5:db:b4:55:f8:de:f6:aa:0b:8d:d9:ed:c8:36:94:cd:77:d9:
         2e:bd:a2:38:0b:4f:f8:34:31:72:db:91:7e:38:80:6f:e8:60:
         3b:56:f4:0a:a7:35:d5:12:85:e7:57:fc:b4:aa:30:e9:d6:5b:
         ed:1c:62:6c:8f:ca:ff:7a:aa:54:c8:1b:b4:b4:6f:59:16:40:
         49:f0:f2:d5:a3:b2:79:f5:36:7a:69:a8:11:30:f3:f1:c1:18:
         7e:2d:de:ef:68:1f:36:e7:f3:7c:53:a2:79:b0:5e:9b:04:f2:
         06:d1:40:e3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZpUZWdqAjRF59vllDgyf4N9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjhlN2ZiZDRhYjY5NTA3ZmIxZmUzNTc5YWYzNDNhNTY2
MzkwODYwHhcNMjUxMTA1MTQyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmE2MWM4OTJmZjBlMWEwNDY4MTNjMWM4NTViZjRjZTM5NzcyOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8bWzjGW14ZVto7zYGJNFmyw9KdT
SgcEGZtBnmMsjk6uJX4XAlp1826Mobln9rldBUb2ba9foctN7eRW6d0l/Lt5Mdz7
nsPk40Tr3ixHJHUOu/R94Htrkz9kpj1a2W9N/tLAyixQpp+hyejbKdNyTXkK3pY8
KCpLQ1fWV7Nn784wZ6MLzutbNnGdadQTH0g5qrtY/i/Gh3re3iCHACEkYhAc3JfH
lXwOrtg/RTT0QSzcwSogdYbSA/DlKSgeH+q9020LI/tufrvqMMYjC2IqRctj3Gf4
OshX3UQ5LYDzHxi8FYdHzr1O4r0h6qusNBme1FSwW0HqBIdL2pWuhdXLGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA+mHIkv8OGgRoE8HIVb9M45dyjPMB8GA1UdIwQY
MBaAFHf45/vUq2lQf7H+NXmvNDpWY5CGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1Njgt
NzdmNmU5NGUzZGNjLzEvRDZZY2lTX3c0YUJHZ1R3Y2hWdjB6amwzS004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1NjgtNzdmNmU5NGUzZGNj
LzEvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABZiQAwQA
BZiaAwQABZicMA0GCSqGSIb3DQEBCwUAA4IBAQA3A7aO90KMlt80Rte4vYhSPeII
MSRuMvWD3pn30Gok12upQh1fUkza8rXNHOtDv2RRPl+dLEKSk1Yf5RTwdKqKY0al
cPevXvD6Y63lKQbZxj1BDgsjCgj4qYuOxCFFh6HDobgS+NwCNL/4zIQQdkhhb80Z
zIA90fn2U5p/Sw2B09w8FyqKKyRkoVM4h6DxqvHl27RV+N72qguN2e3INpTNd9ku
vaI4C0/4NDFy25F+OIBv6GA7VvQKpzXVEoXnV/y0qjDp1lvtHGJsj8r/eqpUyBu0
tG9ZFkBJ8PLVo7J59TZ6aagRMPPxwRh+Ld7vaB825/N8U6J5sF6bBPIG0UDj
-----END CERTIFICATE-----