Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/xb1c81OFtbINdLQq-ZwRav9UWoI.roa
File:                     xb1c81OFtbINdLQq-ZwRav9UWoI.roa (raw, json)
Hash identifier:          XHYFd0tSE5d2fh7X6gspcN3JIn/ONDCV3VHTC+ocClI=
Subject key identifier:   C5:BD:5C:F3:53:85:B5:B2:0D:74:B4:2A:F9:9C:11:6A:FF:54:5A:82
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       0195AE8CAD86FBD0A0B78593D5713EE442D7
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/xb1c81OFtbINdLQq-ZwRav9UWoI.roa
Signing time:             Wed 19 Mar 2025 13:16:49 +0000
ROA not before:           Wed 19 Mar 2025 13:16:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213845
IP address blocks:        77.93.88.0/22 maxlen: 24
                          217.116.168.0/21 maxlen: 24
                          2a14:7dc0:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 22:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ae:8c:ad:86:fb:d0:a0:b7:85:93:d5:71:3e:e4:42:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Mar 19 13:16:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5bd5cf35385b5b20d74b42af99c116aff545a82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:77:e7:6c:0b:30:35:21:c8:2e:f1:bc:ab:72:
                    be:38:52:e1:58:f6:fe:b8:55:81:47:3c:cc:21:99:
                    a0:ba:51:49:de:29:0f:2d:91:28:13:6b:13:79:eb:
                    ab:78:31:66:e1:d0:b0:d6:7a:10:dc:a7:65:a0:8a:
                    d2:3b:f1:cd:fe:69:44:39:e0:92:6a:de:92:9a:00:
                    70:55:4d:3d:97:2c:56:56:e4:89:b8:59:8d:b9:a1:
                    f8:39:9e:c3:0f:76:9a:93:78:f0:ae:77:5d:bb:9f:
                    33:5a:56:b4:93:71:5b:85:0f:4d:e0:30:1c:e4:c1:
                    8c:c3:bd:00:03:da:ae:81:25:dd:b5:81:4f:ca:cf:
                    64:db:ab:f2:3e:2b:eb:78:9b:81:26:42:e6:91:7b:
                    87:dd:b2:26:06:a0:24:24:d5:7a:06:24:70:6c:11:
                    ad:87:6a:de:01:b3:3c:51:bd:b6:e4:80:5e:20:66:
                    2b:7d:ae:83:e7:7c:0d:17:73:e6:28:c1:74:45:31:
                    10:4f:0d:9a:ee:25:51:6b:99:13:c3:36:d9:12:19:
                    d5:e7:84:1a:2d:78:ca:d2:a2:fb:4d:ed:67:1c:df:
                    f6:e8:b7:f8:fd:37:d4:3c:89:e9:a8:cb:ca:02:ca:
                    c9:97:1e:bb:55:e9:89:f5:fa:5e:28:a8:18:41:f3:
                    c0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:BD:5C:F3:53:85:B5:B2:0D:74:B4:2A:F9:9C:11:6A:FF:54:5A:82
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/xb1c81OFtbINdLQq-ZwRav9UWoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.88.0/22
                  217.116.168.0/21
                IPv6:
                  2a14:7dc0:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:a4:be:1d:06:9f:55:c4:cd:ec:8b:b8:39:d7:0a:fe:3c:87:
         a1:e6:0e:81:8f:9d:e4:d3:bb:14:d0:80:c3:db:6d:67:86:e7:
         3b:5d:50:41:ef:5f:b6:0e:04:86:bc:7e:f3:38:fd:62:a0:45:
         cc:ba:3a:93:f0:1a:56:69:77:93:57:09:16:4f:9d:22:34:e6:
         19:88:ba:48:a7:bd:de:b0:51:99:f9:0f:05:68:26:3b:22:08:
         0f:a8:9f:f8:ee:22:ae:ed:bf:cc:4b:2e:00:18:86:f4:1e:ae:
         22:61:81:81:a2:18:d1:88:aa:61:13:50:84:e2:b4:56:c5:1d:
         87:ef:3e:58:2f:be:ed:5f:83:29:9f:20:01:73:ef:3e:a7:d1:
         13:3d:c7:d6:ce:9c:cf:45:ca:d1:06:79:b1:b8:1e:a7:f7:36:
         3d:43:b7:8b:f1:43:26:6f:5d:d2:14:aa:d5:19:d9:07:18:80:
         fc:1e:1a:6d:eb:61:f7:36:cd:33:c8:24:f2:9f:b1:ad:71:43:
         0c:02:9e:33:96:f8:74:8c:af:33:03:b6:13:04:66:a5:1e:d3:
         4e:78:18:43:e4:71:7d:86:83:90:65:d8:85:ce:63:25:88:c8:
         e0:ca:57:48:38:72:49:21:81:52:26:66:83:a2:fb:dc:80:a0:
         a8:57:4f:ee
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZWujK2G+9Cgt4WT1XE+5ELXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjUwMzE5MTMxNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWJkNWNmMzUzODViNWIyMGQ3NGI0MmFmOTljMTE2YWZmNTQ1YTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXfnbAswNSHILvG8q3K+OFLhWPb+
uFWBRzzMIZmgulFJ3ikPLZEoE2sTeeureDFm4dCw1noQ3KdloIrSO/HN/mlEOeCS
at6SmgBwVU09lyxWVuSJuFmNuaH4OZ7DD3aak3jwrnddu58zWla0k3FbhQ9N4DAc
5MGMw70AA9qugSXdtYFPys9k26vyPivreJuBJkLmkXuH3bImBqAkJNV6BiRwbBGt
h2reAbM8Ub225IBeIGYrfa6D53wNF3PmKMF0RTEQTw2a7iVRa5kTwzbZEhnV54Qa
LXjK0qL7Te1nHN/26Lf4/TfUPInpqMvKAsrJlx67VemJ9fpeKKgYQfPAqQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFMW9XPNThbWyDXS0KvmcEWr/VFqCMB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEveGIxYzgxT0Z0YklOZExRcS1ad1JhdjlVV29JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQCTV1YAwQD
2XSoMA4EAgACMAgDBgAqFH3AATANBgkqhkiG9w0BAQsFAAOCAQEAe6S+HQafVcTN
7Iu4OdcK/jyHoeYOgY+d5NO7FNCAw9ttZ4bnO11QQe9ftg4Ehrx+8zj9YqBFzLo6
k/AaVml3k1cJFk+dIjTmGYi6SKe93rBRmfkPBWgmOyIID6if+O4iru2/zEsuABiG
9B6uImGBgaIY0YiqYRNQhOK0VsUdh+8+WC++7V+DKZ8gAXPvPqfREz3H1s6cz0XK
0QZ5sbgep/c2PUO3i/FDJm9d0hSq1RnZBxiA/B4abeth9zbNM8gk8p+xrXFDDAKe
M5b4dIyvMwO2EwRmpR7TTngYQ+RxfYaDkGXYhc5jJYjI4MpXSDhySSGBUiZmg6L7
3ICgqFdP7g==
-----END CERTIFICATE-----