Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0_0iGAJeXKMTNOw78eGEdet28gc.roa
File:                     0_0iGAJeXKMTNOw78eGEdet28gc.roa (raw, json)
Hash identifier:          EJ1v2NPpX9RF4Rhr1GIhzMv9gvxWzHoHXqhEjZaqZBA=
Subject key identifier:   D3:FD:22:18:02:5E:5C:A3:13:34:EC:3B:F1:E1:84:75:EB:76:F2:07
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0198F737A9393FC36DA73F3F3EB3E44C2448
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0_0iGAJeXKMTNOw78eGEdet28gc.roa
Signing time:             Fri 29 Aug 2025 19:04:36 +0000
ROA not before:           Fri 29 Aug 2025 19:04:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50131
IP address blocks:        77.239.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f7:37:a9:39:3f:c3:6d:a7:3f:3f:3e:b3:e4:4c:24:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Aug 29 19:04:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3fd2218025e5ca31334ec3bf1e18475eb76f207
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:c5:7c:f8:fc:d5:5f:2d:c7:11:44:32:df:17:
                    b2:b1:6c:4f:f8:90:49:b2:a9:44:14:f7:70:ca:ce:
                    9a:1a:e1:00:b2:c0:74:33:06:7d:d3:68:45:22:17:
                    f0:58:a4:8e:76:ad:ec:6b:ff:50:35:11:33:9f:c4:
                    d9:02:16:11:c6:64:6f:2b:0b:0c:cf:49:06:85:06:
                    d1:44:02:99:53:df:37:1e:94:73:86:57:2b:98:fc:
                    4c:f2:ed:ca:50:8a:52:3c:8f:a1:14:d3:82:96:4e:
                    3d:59:c6:34:d2:e2:30:3c:11:db:8b:4a:18:14:d5:
                    86:f5:e9:81:7c:25:d2:2e:37:d8:f9:8d:ec:cc:9f:
                    78:a3:67:2d:61:9e:8c:82:67:31:48:84:69:2d:36:
                    bd:e2:f4:bd:25:17:02:7b:8e:1e:fe:d3:e8:55:d7:
                    b0:21:61:b3:42:8e:0d:f6:f9:06:b9:07:0c:91:5c:
                    7c:a2:31:28:82:06:2b:1e:b0:38:a5:85:71:dd:e1:
                    b1:f8:ab:d9:11:e3:11:13:7d:d2:ec:2a:f4:d8:8c:
                    d1:c6:35:11:42:39:db:cc:f6:b4:a4:71:c0:f3:ae:
                    7e:4f:de:c2:65:38:af:e2:9c:37:37:59:6f:4d:67:
                    23:7d:74:f0:a4:81:47:42:d0:df:30:d4:b9:dd:69:
                    2a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FD:22:18:02:5E:5C:A3:13:34:EC:3B:F1:E1:84:75:EB:76:F2:07
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0_0iGAJeXKMTNOw78eGEdet28gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.239.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:41:5e:b9:72:26:07:e9:22:5f:e2:45:cb:04:8d:54:92:fb:
         49:a9:1f:e4:1a:68:b3:0d:84:f5:30:5e:79:55:ad:1d:de:29:
         bd:f1:3f:99:98:fa:64:00:35:2b:8b:97:7f:9e:0c:64:e8:c6:
         09:ea:b5:d7:a2:cb:84:ce:f0:9f:94:14:bd:84:00:9e:3a:29:
         46:3d:8c:a4:81:e5:e2:58:9c:f5:9c:49:f8:10:e2:ec:52:46:
         13:03:9b:14:4b:dc:20:e1:68:4f:cd:28:79:d5:ce:f2:58:82:
         c8:8b:71:7e:8c:c1:2d:e1:7d:1d:bb:3f:5f:de:7b:49:8c:4d:
         b7:19:0f:d0:a7:01:11:44:41:90:2b:59:fb:6d:fa:44:5f:0a:
         85:12:db:dc:66:97:ec:98:6a:19:2b:7e:0f:ca:9a:e4:6d:b8:
         1e:59:0d:e2:49:1b:9c:ed:69:d1:69:11:a7:31:fe:ed:af:27:
         f7:5f:27:b6:05:37:94:cf:be:86:93:08:4c:a9:12:3c:fa:73:
         98:bb:60:f5:7f:16:ff:65:43:a4:3c:50:51:8c:5d:e4:ec:4e:
         f7:42:8b:37:53:27:72:58:e9:56:2b:67:62:f0:c6:44:5b:d4:
         4a:ae:d8:b6:1b:90:0e:82:d0:62:bf:7c:e6:73:82:4b:80:cd:
         51:86:72:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj3N6k5P8Ntpz8/PrPkTCRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODI5MTkwNDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZkMjIxODAyNWU1Y2EzMTMzNGVjM2JmMWUxODQ3NWViNzZmMjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68V8+PzVXy3HEUQy3xeysWxP+JBJ
sqlEFPdwys6aGuEAssB0MwZ902hFIhfwWKSOdq3sa/9QNREzn8TZAhYRxmRvKwsM
z0kGhQbRRAKZU983HpRzhlcrmPxM8u3KUIpSPI+hFNOClk49WcY00uIwPBHbi0oY
FNWG9emBfCXSLjfY+Y3szJ94o2ctYZ6MgmcxSIRpLTa94vS9JRcCe44e/tPoVdew
IWGzQo4N9vkGuQcMkVx8ojEoggYrHrA4pYVx3eGx+KvZEeMRE33S7Cr02IzRxjUR
QjnbzPa0pHHA865+T97CZTiv4pw3N1lvTWcjfXTwpIFHQtDfMNS53Wkq3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNP9IhgCXlyjEzTsO/HhhHXrdvIHMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMF8waUdBSmVYS01UTk93NzhlR0VkZXQyOGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTe90MA0G
CSqGSIb3DQEBCwUAA4IBAQBhQV65ciYH6SJf4kXLBI1UkvtJqR/kGmizDYT1MF55
Va0d3im98T+ZmPpkADUri5d/ngxk6MYJ6rXXosuEzvCflBS9hACeOilGPYykgeXi
WJz1nEn4EOLsUkYTA5sUS9wg4WhPzSh51c7yWILIi3F+jMEt4X0duz9f3ntJjE23
GQ/QpwERREGQK1n7bfpEXwqFEtvcZpfsmGoZK34PyprkbbgeWQ3iSRuc7WnRaRGn
Mf7tryf3Xye2BTeUz76GkwhMqRI8+nOYu2D1fxb/ZUOkPFBRjF3k7E73Qos3Uydy
WOlWK2di8MZEW9RKrti2G5AOgtBiv3zmc4JLgM1RhnKe
-----END CERTIFICATE-----