Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/TiEA9Nu2FjMVNVi_yHMgYwzLbr0.roa
File:                     TiEA9Nu2FjMVNVi_yHMgYwzLbr0.roa (raw, json)
Hash identifier:          Tll4LKnun0VoyN+6bo73x6XxD7PysP5fIYKZ9UnMf54=
Subject key identifier:   4E:21:00:F4:DB:B6:16:33:15:35:58:BF:C8:73:20:63:0C:CB:6E:BD
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       019746231632EA45C9A56FA4FB1E5A0BE55F
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/TiEA9Nu2FjMVNVi_yHMgYwzLbr0.roa
Signing time:             Fri 06 Jun 2025 16:46:33 +0000
ROA not before:           Fri 06 Jun 2025 16:46:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42031
IP address blocks:        77.105.128.0/24 maxlen: 24
                          185.225.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:46:23:16:32:ea:45:c9:a5:6f:a4:fb:1e:5a:0b:e5:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: Jun  6 16:46:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e2100f4dbb61633153558bfc87320630ccb6ebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:54:0c:6a:ea:8d:52:7b:41:d6:81:f1:43:4f:
                    71:9a:6e:da:5c:de:0d:3d:a3:7e:e0:95:8e:52:cc:
                    a7:3b:09:4f:9b:34:e4:d3:72:d6:4a:37:15:77:70:
                    69:4f:86:4f:32:72:7d:7e:f1:90:4a:03:80:6f:ea:
                    e9:cd:25:be:8d:8d:a3:64:2a:e8:6c:7b:df:1b:bf:
                    60:c0:bc:06:e9:8d:a6:a9:f5:17:e7:9c:2d:4c:3d:
                    55:46:ad:97:bb:3a:bc:0a:39:7d:89:bb:78:71:38:
                    aa:dc:4b:d0:4d:84:c7:41:74:85:78:03:69:26:b6:
                    9e:e9:07:1c:4a:a4:06:f0:34:c9:b9:71:27:f1:ff:
                    e2:1e:c7:5c:72:d5:23:95:50:2a:19:44:ef:98:e4:
                    17:bf:6f:97:41:27:4b:1d:e5:54:8d:0f:11:fe:14:
                    68:ef:96:67:1b:b2:62:63:6f:7a:6a:40:3a:74:a2:
                    14:16:38:e2:c3:1f:ac:c4:96:9b:df:ea:d7:43:47:
                    4e:74:05:31:59:b3:3e:be:4e:ff:b5:c2:c2:8a:a9:
                    d0:b5:0f:c2:69:6b:2d:20:37:c5:91:71:5b:1a:54:
                    58:f1:52:4a:e4:ca:b9:59:ed:6d:19:b4:b1:ef:f7:
                    92:c9:98:3b:3d:8b:dd:2d:d2:6c:92:2b:7a:28:95:
                    29:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:21:00:F4:DB:B6:16:33:15:35:58:BF:C8:73:20:63:0C:CB:6E:BD
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/TiEA9Nu2FjMVNVi_yHMgYwzLbr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.128.0/24
                  185.225.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:00:38:8f:6a:54:8a:36:9a:e9:5c:7c:49:dc:cb:4d:a6:54:
         e1:63:2a:9d:a6:05:ff:8a:e9:da:a3:54:5f:a7:6f:0b:48:2a:
         ef:bf:e4:31:c4:90:46:b4:2d:16:90:69:f6:de:75:2c:0d:25:
         04:c1:da:ac:be:34:bc:a5:e9:cd:d0:8e:0c:a9:2e:02:30:d9:
         8f:18:40:31:57:05:f9:d5:a8:bd:fe:88:ba:fc:f0:f4:3d:ee:
         05:9c:a7:7e:17:6e:da:a3:b6:3f:77:0e:43:69:66:0d:d6:20:
         e5:5c:f3:5e:64:0e:1d:46:31:61:49:26:0f:ab:87:c7:26:ea:
         76:53:c1:b6:83:c0:73:8f:6a:c8:e0:a7:b5:72:6c:a6:77:57:
         ad:78:41:87:2e:11:16:84:a6:d0:cb:7c:96:5b:46:c8:c4:a0:
         24:cb:b9:91:ab:12:c0:53:04:ce:7f:76:4d:e9:dd:77:8b:8f:
         5a:a3:16:66:83:05:b5:81:1d:22:97:d0:8e:f8:62:8a:7a:33:
         db:e3:d5:ee:64:1d:d9:6a:1e:61:81:e0:cb:53:e8:7c:52:75:
         ea:94:0e:7f:2c:96:77:d4:91:52:7e:36:74:e7:0f:76:f3:4c:
         f7:a9:3d:48:59:4f:59:db:1d:bf:12:46:87:28:9a:08:f7:a2:
         d2:42:52:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdGIxYy6kXJpW+k+x5aC+VfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjUwNjA2MTY0NjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTIxMDBmNGRiYjYxNjMzMTUzNTU4YmZjODczMjA2MzBjY2I2ZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVQMauqNUntB1oHxQ09xmm7aXN4N
PaN+4JWOUsynOwlPmzTk03LWSjcVd3BpT4ZPMnJ9fvGQSgOAb+rpzSW+jY2jZCro
bHvfG79gwLwG6Y2mqfUX55wtTD1VRq2Xuzq8Cjl9ibt4cTiq3EvQTYTHQXSFeANp
Jrae6QccSqQG8DTJuXEn8f/iHsdcctUjlVAqGUTvmOQXv2+XQSdLHeVUjQ8R/hRo
75ZnG7JiY296akA6dKIUFjjiwx+sxJab3+rXQ0dOdAUxWbM+vk7/tcLCiqnQtQ/C
aWstIDfFkXFbGlRY8VJK5Mq5We1tGbSx7/eSyZg7PYvdLdJskit6KJUpgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE4hAPTbthYzFTVYv8hzIGMMy269MB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvVGlFQTlOdTJGak1WTlZpX3lITWdZd3pMYnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATWmAAwQA
ueHLMA0GCSqGSIb3DQEBCwUAA4IBAQBxADiPalSKNprpXHxJ3MtNplThYyqdpgX/
iunao1Rfp28LSCrvv+QxxJBGtC0WkGn23nUsDSUEwdqsvjS8penN0I4MqS4CMNmP
GEAxVwX51ai9/oi6/PD0Pe4FnKd+F27ao7Y/dw5DaWYN1iDlXPNeZA4dRjFhSSYP
q4fHJup2U8G2g8Bzj2rI4Ke1cmymd1eteEGHLhEWhKbQy3yWW0bIxKAky7mRqxLA
UwTOf3ZN6d13i49aoxZmgwW1gR0il9CO+GKKejPb49XuZB3Zah5hgeDLU+h8UnXq
lA5/LJZ31JFSfjZ05w9280z3qT1IWU9Z2x2/EkaHKJoI96LSQlJd
-----END CERTIFICATE-----