Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/A3yjPvaD5qsyKW8DbOaa4404ACI.roa
File:                     A3yjPvaD5qsyKW8DbOaa4404ACI.roa (raw, json)
Hash identifier:          9SMEUKist5LgjTBKapFbU6CN82Hi6SuDK2xmvcyP0C8=
Subject key identifier:   03:7C:A3:3E:F6:83:E6:AB:32:29:6F:03:6C:E6:9A:E3:8D:38:00:22
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       019903D94CC6FAD5AEA5A4B1DBA35EE3A2DA
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/A3yjPvaD5qsyKW8DbOaa4404ACI.roa
Signing time:             Mon 01 Sep 2025 05:56:36 +0000
ROA not before:           Mon 01 Sep 2025 05:56:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        77.246.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 02:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:03:d9:4c:c6:fa:d5:ae:a5:a4:b1:db:a3:5e:e3:a2:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Sep  1 05:56:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=037ca33ef683e6ab32296f036ce69ae38d380022
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:f3:59:60:09:5d:b6:b4:0e:90:6e:75:7c:b8:
                    b8:a2:23:39:4b:79:6d:3d:f8:52:1b:9d:b8:2e:0c:
                    34:9b:61:f3:00:da:3e:0e:a6:66:4e:ad:d4:f2:46:
                    11:d6:97:08:de:0f:43:a7:7f:d4:ff:94:53:09:6a:
                    be:f5:e8:47:e2:0d:5a:1d:6a:64:91:60:09:5a:e8:
                    04:1b:0c:3f:64:5d:b9:86:e8:f8:16:45:24:ef:61:
                    3d:a2:7d:95:b5:f6:49:e4:46:89:52:cc:ea:b7:47:
                    47:48:b1:8f:f2:2e:99:21:79:dc:4b:32:16:77:d8:
                    be:3f:b1:30:ae:e8:2c:67:0b:93:37:8b:aa:73:a0:
                    9c:1c:26:a3:bb:c5:0d:c5:26:48:d6:8c:c0:5b:f9:
                    78:8f:3f:96:f3:15:dc:f2:34:f0:67:f4:29:94:4d:
                    31:51:68:cb:57:02:a4:a0:0e:e5:a8:59:90:ef:39:
                    61:8b:5f:a6:73:68:cb:cb:9e:42:6b:93:ae:a9:b1:
                    22:c4:33:02:4d:b4:7b:b2:05:da:9b:8d:6a:69:1e:
                    68:ab:a7:92:66:d8:0d:6a:44:83:e0:b2:b1:4e:5b:
                    d4:f8:bd:ac:7a:1a:93:92:29:03:99:2a:4a:08:65:
                    7e:09:08:53:2f:bc:90:de:60:64:38:45:5b:fd:22:
                    05:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:7C:A3:3E:F6:83:E6:AB:32:29:6F:03:6C:E6:9A:E3:8D:38:00:22
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/A3yjPvaD5qsyKW8DbOaa4404ACI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:cd:56:4d:76:1d:f4:e6:89:15:4a:3a:ce:d2:14:4c:a5:0a:
         3c:f5:9b:65:c5:75:e4:9e:26:bb:51:3d:a3:78:e2:9e:4d:5f:
         cf:52:8c:ef:64:a2:53:9f:93:e3:dd:08:99:2e:5a:55:24:21:
         ac:13:fa:fc:97:99:52:b3:99:c2:c1:3b:e6:ce:1d:59:4b:8b:
         03:fc:08:f8:4a:84:c8:c5:7d:d1:95:3a:0a:8e:6f:3e:5b:3c:
         f8:73:e2:ac:6c:a2:be:fd:11:3b:5c:1f:4b:7f:1f:f8:c7:5a:
         00:79:4b:1b:56:cc:fe:b4:fd:dd:0b:61:ab:78:f5:7d:42:d6:
         41:39:4a:0d:eb:03:6d:40:3f:5a:a5:0e:6b:a5:f5:53:1c:28:
         d9:eb:b4:4c:ed:8f:77:8b:38:5a:ac:71:83:c4:89:db:4c:27:
         9e:0f:a0:cc:19:57:39:f8:a0:8b:99:2f:b2:e3:0b:50:17:d5:
         72:1a:43:1a:06:22:d5:a1:67:34:3a:e5:d8:65:50:cd:c6:cf:
         48:fa:89:ec:7f:43:ee:00:cb:88:1a:ab:c8:de:f2:f5:b8:b0:
         39:16:4a:db:17:d5:21:b1:9b:d7:d1:4e:d1:bb:cb:5c:e8:50:
         5e:db:bc:89:6e:e7:63:31:c5:cf:27:ab:7f:e1:8d:b8:41:52:
         3f:98:71:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkD2UzG+tWupaSx26Ne46LaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjUwOTAxMDU1NjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzdjYTMzZWY2ODNlNmFiMzIyOTZmMDM2Y2U2OWFlMzhkMzgwMDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7vNZYAldtrQOkG51fLi4oiM5S3lt
PfhSG524Lgw0m2HzANo+DqZmTq3U8kYR1pcI3g9Dp3/U/5RTCWq+9ehH4g1aHWpk
kWAJWugEGww/ZF25huj4FkUk72E9on2VtfZJ5EaJUszqt0dHSLGP8i6ZIXncSzIW
d9i+P7EwrugsZwuTN4uqc6CcHCaju8UNxSZI1ozAW/l4jz+W8xXc8jTwZ/QplE0x
UWjLVwKkoA7lqFmQ7zlhi1+mc2jLy55Ca5OuqbEixDMCTbR7sgXam41qaR5oq6eS
ZtgNakSD4LKxTlvU+L2sehqTkikDmSpKCGV+CQhTL7yQ3mBkOEVb/SIFuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAN8oz72g+arMilvA2zmmuONOAAiMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvQTN5alB2YUQ1cXN5S1c4RGJPYWE0NDA0QUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbcMA0G
CSqGSIb3DQEBCwUAA4IBAQBOzVZNdh305okVSjrO0hRMpQo89ZtlxXXknia7UT2j
eOKeTV/PUozvZKJTn5Pj3QiZLlpVJCGsE/r8l5lSs5nCwTvmzh1ZS4sD/Aj4SoTI
xX3RlToKjm8+Wzz4c+KsbKK+/RE7XB9Lfx/4x1oAeUsbVsz+tP3dC2GrePV9QtZB
OUoN6wNtQD9apQ5rpfVTHCjZ67RM7Y93izharHGDxInbTCeeD6DMGVc5+KCLmS+y
4wtQF9VyGkMaBiLVoWc0OuXYZVDNxs9I+onsf0PuAMuIGqvI3vL1uLA5FkrbF9Uh
sZvX0U7Ru8tc6FBe27yJbudjMcXPJ6t/4Y24QVI/mHGs
-----END CERTIFICATE-----