Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xEmKzDcyZreeHqTpSliLbWbvkdU.roa
File:                     xEmKzDcyZreeHqTpSliLbWbvkdU.roa (raw, json)
Hash identifier:          fRrHaVmCGcrV2SdJVORjK1vgZHA5NCcB9AsMSzAI/3s=
Subject key identifier:   C4:49:8A:CC:37:32:66:B7:9E:1E:A4:E9:4A:58:8B:6D:66:EF:91:D5
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       01991B2B434121D0BCC44AD288870193297F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xEmKzDcyZreeHqTpSliLbWbvkdU.roa
Signing time:             Fri 05 Sep 2025 18:37:24 +0000
ROA not before:           Fri 05 Sep 2025 18:37:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205089
IP address blocks:        77.239.124.0/24 maxlen: 24
                          144.31.24.0/24 maxlen: 24
                          144.31.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1b:2b:43:41:21:d0:bc:c4:4a:d2:88:87:01:93:29:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Sep  5 18:37:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4498acc373266b79e1ea4e94a588b6d66ef91d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9a:07:ec:10:c0:e9:87:ae:cd:5c:79:98:61:
                    65:ea:8c:aa:ae:5e:1d:6f:93:91:90:33:2b:43:7f:
                    82:a7:14:1f:a5:08:e0:9d:f9:fd:36:f9:f4:8f:4c:
                    7a:69:7e:8c:2d:68:aa:4e:eb:9c:5b:8e:04:e8:94:
                    74:3e:29:34:0d:e8:01:74:52:ac:88:e3:7e:3e:ec:
                    2c:ec:27:d7:f9:3c:9e:ac:b9:99:1f:11:ab:97:ee:
                    b1:a9:a9:22:b1:75:4b:f9:35:0e:1b:e7:60:57:bc:
                    10:0d:6a:3e:4b:3f:db:7e:7c:2d:57:1d:e3:5b:1b:
                    de:09:dc:1b:65:d8:ab:b5:ad:79:46:bb:1a:62:06:
                    9b:78:f2:9b:4a:e7:93:96:0e:02:fb:7a:cd:54:60:
                    fc:22:9d:7a:d5:3b:7d:c8:3e:9b:b1:37:90:10:1f:
                    88:a1:cd:ff:25:44:a3:ff:41:be:eb:b9:79:1f:61:
                    48:b6:2f:5f:1b:f3:57:90:7a:86:da:bd:f6:2d:d1:
                    1a:39:93:13:c3:3a:d2:f6:f1:8e:c9:9d:c5:d2:a5:
                    6a:76:e0:ea:2a:a9:cb:4e:99:00:15:a0:d4:db:55:
                    9d:4d:80:b0:62:8e:9e:4c:43:92:44:f9:ab:ce:91:
                    90:98:f5:5f:91:ee:8f:f3:1f:a8:14:81:96:f9:15:
                    91:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:49:8A:CC:37:32:66:B7:9E:1E:A4:E9:4A:58:8B:6D:66:EF:91:D5
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/xEmKzDcyZreeHqTpSliLbWbvkdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.239.124.0/24
                  144.31.24.0/24
                  144.31.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:da:0a:95:f7:5f:c5:f2:bc:49:49:cf:bb:13:3c:1e:13:b2:
         fe:7b:6a:e1:c1:21:74:87:68:e2:d1:57:df:00:99:81:c4:8c:
         68:1d:33:fd:98:79:f0:d1:fd:e0:e5:40:9d:20:8a:f3:54:6a:
         cd:01:0b:24:44:31:dc:63:8a:75:de:64:a1:8b:cf:81:01:a6:
         43:bb:4e:3e:c5:d6:dd:8d:35:b5:38:bc:23:ea:7e:82:5c:c9:
         cf:40:19:53:7f:fe:92:e7:34:bb:1d:35:ee:f0:43:56:21:97:
         76:9b:ad:a6:8b:c2:66:a0:d3:45:33:08:0d:5f:3a:b8:58:51:
         15:46:a1:25:37:77:3a:c1:89:8e:b8:93:3a:12:fc:42:85:6f:
         3a:37:9f:3f:d6:f6:60:6a:53:51:a0:c6:9e:a1:56:01:85:08:
         ea:a7:0f:28:b2:7b:f8:e5:82:d8:87:f4:13:b1:a6:6f:99:20:
         66:60:ea:07:a7:0f:24:fa:7b:34:c4:03:2c:aa:0a:35:50:27:
         f8:2d:24:67:41:98:0f:7d:fa:8f:db:22:dc:8f:2c:ab:04:09:
         ec:15:f9:f3:14:df:08:94:7c:0d:3e:3e:f7:c6:d4:40:a2:35:
         93:38:df:f8:3c:a5:a7:fe:38:00:25:90:70:24:c3:96:a0:33:
         0a:4e:27:80
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkbK0NBIdC8xErSiIcBkyl/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwOTA1MTgzNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDQ5OGFjYzM3MzI2NmI3OWUxZWE0ZTk0YTU4OGI2ZDY2ZWY5MWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5oH7BDA6YeuzVx5mGFl6oyqrl4d
b5ORkDMrQ3+CpxQfpQjgnfn9Nvn0j0x6aX6MLWiqTuucW44E6JR0Pik0DegBdFKs
iON+Puws7CfX+TyerLmZHxGrl+6xqakisXVL+TUOG+dgV7wQDWo+Sz/bfnwtVx3j
WxveCdwbZdirta15RrsaYgabePKbSueTlg4C+3rNVGD8Ip161Tt9yD6bsTeQEB+I
oc3/JUSj/0G+67l5H2FIti9fG/NXkHqG2r32LdEaOZMTwzrS9vGOyZ3F0qVqduDq
KqnLTpkAFaDU21WdTYCwYo6eTEOSRPmrzpGQmPVfke6P8x+oFIGW+RWR7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMRJisw3Mma3nh6k6UpYi21m75HVMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEveEVtS3pEY3lacmVlSHFUcFNsaUxiV2J2a2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATe98AwQA
kB8YAwQAkB/fMA0GCSqGSIb3DQEBCwUAA4IBAQAL2gqV91/F8rxJSc+7EzweE7L+
e2rhwSF0h2ji0VffAJmBxIxoHTP9mHnw0f3g5UCdIIrzVGrNAQskRDHcY4p13mSh
i8+BAaZDu04+xdbdjTW1OLwj6n6CXMnPQBlTf/6S5zS7HTXu8ENWIZd2m62mi8Jm
oNNFMwgNXzq4WFEVRqElN3c6wYmOuJM6EvxChW86N58/1vZgalNRoMaeoVYBhQjq
pw8osnv45YLYh/QTsaZvmSBmYOoHpw8k+ns0xAMsqgo1UCf4LSRnQZgPffqP2yLc
jyyrBAnsFfnzFN8IlHwNPj73xtRAojWTON/4PKWn/jgAJZBwJMOWoDMKTieA
-----END CERTIFICATE-----