Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/4HfKGrdJw2hcQ60EoNGgFUpZFJQ.roa
File:                     4HfKGrdJw2hcQ60EoNGgFUpZFJQ.roa (raw, json)
Hash identifier:          qF3XttqO9jwiees9rUY1IKTjleyBPA5fGz7pqfy7A98=
Subject key identifier:   E0:77:CA:1A:B7:49:C3:68:5C:43:AD:04:A0:D1:A0:15:4A:59:14:94
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019A06403762DD41402B94431F6389CEFB32
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/4HfKGrdJw2hcQ60EoNGgFUpZFJQ.roa
Signing time:             Tue 21 Oct 2025 10:11:03 +0000
ROA not before:           Tue 21 Oct 2025 10:11:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213090
IP address blocks:        77.85.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 Oct 2025 04:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:06:40:37:62:dd:41:40:2b:94:43:1f:63:89:ce:fb:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Oct 21 10:11:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e077ca1ab749c3685c43ad04a0d1a0154a591494
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:99:e8:46:03:51:3d:b3:44:36:b4:1c:4d:a9:
                    80:f6:13:2a:35:95:96:35:5e:7f:fd:69:e2:37:d1:
                    cf:b1:49:d2:c2:f5:c0:a4:59:98:0b:52:f7:4a:94:
                    0a:cd:53:67:14:02:ed:12:b4:40:fb:48:fd:e2:50:
                    5f:be:33:c8:a6:1a:00:4c:74:bd:e8:ae:bd:90:cc:
                    1a:c9:06:88:07:40:e7:8a:4e:fb:4e:ac:cb:91:db:
                    0c:8c:2b:53:c9:0d:6d:62:4c:f3:a8:52:37:56:db:
                    fa:b2:f8:24:9b:ca:1c:80:59:e2:9b:bd:7e:95:8c:
                    6c:0c:59:77:0c:5a:3c:ab:69:1f:4c:26:ca:3d:88:
                    28:e0:ce:e7:ec:5a:59:bc:a4:f6:7a:b0:9d:7b:d8:
                    8c:55:7a:2e:5b:3b:da:a5:9c:f0:8c:22:45:9a:f0:
                    66:2c:aa:f3:46:77:c8:d7:21:31:ec:93:3f:b9:d0:
                    23:38:d0:48:4b:90:d7:ed:94:67:1b:a4:7b:1e:fe:
                    a3:38:ae:c2:5f:a6:26:04:f4:40:75:34:82:b8:de:
                    41:9b:0c:25:51:4c:00:12:8a:e8:d6:f1:98:6c:97:
                    dc:d7:62:6b:be:56:02:1c:8b:eb:ea:d0:77:95:a4:
                    8f:fb:47:c6:54:8f:62:4d:bd:1d:44:b5:ab:68:e1:
                    ac:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:77:CA:1A:B7:49:C3:68:5C:43:AD:04:A0:D1:A0:15:4A:59:14:94
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/4HfKGrdJw2hcQ60EoNGgFUpZFJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.85.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:b0:7b:26:b8:33:66:11:1c:f7:ec:ee:3a:23:71:4c:29:36:
         ca:2b:a6:43:a8:cf:e7:fe:7a:fd:4e:04:6a:5a:5c:11:35:a5:
         20:31:89:cc:02:7e:61:a2:0c:61:40:1a:60:6f:c1:42:a4:e6:
         b8:7f:9b:b1:1e:a5:c9:42:97:bd:1b:98:0e:71:03:6d:c2:09:
         b3:d4:ff:3f:28:14:95:48:e7:24:48:3a:df:77:a7:f3:a1:d1:
         3b:cb:20:1c:49:1d:bf:97:84:1a:d5:4c:d6:7e:ba:7a:f9:34:
         51:67:a1:a6:4c:cf:7b:33:12:26:93:40:9c:88:f2:9c:57:b9:
         a5:6b:34:e3:26:5a:b4:91:3a:b6:a1:21:18:ca:a9:e5:6b:1f:
         32:ad:96:7f:32:56:aa:05:d0:00:35:0a:6e:e1:0a:df:4e:3c:
         9e:3f:90:cf:a4:9b:f7:56:87:f9:89:95:24:ef:dd:ea:0a:d5:
         7c:d6:ac:a3:32:11:5b:95:c6:f6:fd:8a:ce:f4:80:9f:09:11:
         31:a2:c9:bf:e0:d9:41:80:93:fd:68:86:a9:22:51:bf:df:76:
         89:b8:6e:7b:fb:29:80:81:41:90:eb:0d:cd:bf:01:22:66:0f:
         06:ba:c1:ef:2a:88:7b:44:bb:d0:c6:f4:0c:79:9f:2b:64:20:
         08:2c:41:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoGQDdi3UFAK5RDH2OJzvsyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUxMDIxMTAxMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDc3Y2ExYWI3NDljMzY4NWM0M2FkMDRhMGQxYTAxNTRhNTkxNDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JnoRgNRPbNENrQcTamA9hMqNZWW
NV5//WniN9HPsUnSwvXApFmYC1L3SpQKzVNnFALtErRA+0j94lBfvjPIphoATHS9
6K69kMwayQaIB0Dnik77TqzLkdsMjCtTyQ1tYkzzqFI3Vtv6svgkm8ocgFnim71+
lYxsDFl3DFo8q2kfTCbKPYgo4M7n7FpZvKT2erCde9iMVXouWzvapZzwjCJFmvBm
LKrzRnfI1yEx7JM/udAjONBIS5DX7ZRnG6R7Hv6jOK7CX6YmBPRAdTSCuN5Bmwwl
UUwAEoro1vGYbJfc12JrvlYCHIvr6tB3laSP+0fGVI9iTb0dRLWraOGs8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOB3yhq3ScNoXEOtBKDRoBVKWRSUMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvNEhmS0dyZEp3MmhjUTYwRW9OR2dGVXBaRkpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVXGMA0G
CSqGSIb3DQEBCwUAA4IBAQAEsHsmuDNmERz37O46I3FMKTbKK6ZDqM/n/nr9TgRq
WlwRNaUgMYnMAn5hogxhQBpgb8FCpOa4f5uxHqXJQpe9G5gOcQNtwgmz1P8/KBSV
SOckSDrfd6fzodE7yyAcSR2/l4Qa1UzWfrp6+TRRZ6GmTM97MxImk0CciPKcV7ml
azTjJlq0kTq2oSEYyqnlax8yrZZ/MlaqBdAANQpu4QrfTjyeP5DPpJv3Vof5iZUk
793qCtV81qyjMhFblcb2/YrO9ICfCRExosm/4NlBgJP9aIapIlG/33aJuG57+ymA
gUGQ6w3NvwEiZg8GusHvKoh7RLvQxvQMeZ8rZCAILEFK
-----END CERTIFICATE-----