Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/b7CuO8swmAB5zVTSm_jO2IJavds.roa
File:                     b7CuO8swmAB5zVTSm_jO2IJavds.roa (raw, json)
Hash identifier:          S98OSFNdzs+AyFwqdDiJJP4pVqahzpZhiBLaCvcC7jc=
Subject key identifier:   6F:B0:AE:3B:CB:30:98:00:79:CD:54:D2:9B:F8:CE:D8:82:5A:BD:DB
Certificate issuer:       /CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
Certificate serial:       019A0CF3E9D982B338711154794AA2B25A29
Authority key identifier: E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/b7CuO8swmAB5zVTSm_jO2IJavds.roa
Signing time:             Wed 22 Oct 2025 17:25:03 +0000
ROA not before:           Wed 22 Oct 2025 17:25:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        77.87.123.0/24 maxlen: 24
                          86.54.26.0/24 maxlen: 24
                          193.169.194.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Oct 2025 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0c:f3:e9:d9:82:b3:38:71:11:54:79:4a:a2:b2:5a:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
        Validity
            Not Before: Oct 22 17:25:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fb0ae3bcb30980079cd54d29bf8ced8825abddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d3:18:cd:98:38:62:e2:ac:f4:b3:ba:6d:1f:
                    62:88:98:3e:af:50:ea:75:7f:78:cc:7b:ad:47:6f:
                    12:4e:80:4b:2a:a2:a4:d0:c8:a3:ba:96:81:a9:b5:
                    2d:0a:11:ee:a4:a0:d0:d5:fa:13:1e:9a:3c:4b:b3:
                    d7:d8:18:69:64:2f:08:17:36:f9:14:66:25:2a:c2:
                    76:59:99:78:65:d3:61:7d:72:ef:90:ec:4e:65:56:
                    ea:a9:f8:ff:34:92:0f:15:28:4c:38:99:ae:7e:85:
                    b7:a3:88:a3:be:f4:11:ad:84:2d:af:87:27:f7:61:
                    95:4e:6b:1c:c7:2a:a0:a5:2f:c1:56:bb:bc:c0:af:
                    1d:09:b5:5f:be:e1:7f:6b:bc:5b:db:5a:46:cf:fc:
                    75:2f:92:39:4d:20:de:a7:3e:90:a4:b3:5f:5d:56:
                    8c:13:f6:31:a7:77:d8:79:4f:ae:e2:c0:34:c2:bd:
                    f6:9c:cf:a4:77:e9:a9:9e:48:aa:85:0e:bd:e0:ca:
                    cb:84:27:67:f1:a2:a8:86:c2:42:8d:ab:50:ba:80:
                    23:8f:38:42:79:18:a0:f2:f8:d1:2a:42:bf:64:aa:
                    e8:8e:93:fe:32:c4:e2:1e:86:69:2c:2b:24:1d:91:
                    e5:7c:a7:15:25:0c:90:83:ef:aa:78:67:8a:57:ee:
                    4f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:B0:AE:3B:CB:30:98:00:79:CD:54:D2:9B:F8:CE:D8:82:5A:BD:DB
            X509v3 Authority Key Identifier:
                keyid:E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/b7CuO8swmAB5zVTSm_jO2IJavds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.123.0/24
                  86.54.26.0/24
                  193.169.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:8e:e6:b3:66:6d:7f:73:ae:45:62:67:af:ed:7d:8e:7f:6a:
         8a:e5:3a:b3:bf:7a:57:d6:65:77:d3:32:7b:99:3e:be:fc:41:
         e3:5e:ed:3f:24:8c:da:c1:31:37:e7:f3:a3:fc:6a:af:8c:8e:
         15:02:d5:e1:e5:4a:c1:34:77:e5:24:c8:48:91:70:77:13:31:
         6d:18:ad:cd:be:43:ff:3c:3e:ff:1e:87:0b:01:86:6e:90:31:
         4a:2b:1a:fe:cd:c7:9f:da:25:af:65:39:7e:5c:fd:fe:07:bc:
         3c:40:5e:98:d3:15:d6:d6:d5:11:27:f7:08:28:00:9f:0b:ab:
         c4:58:6b:fd:2c:3c:2f:cc:a9:3a:6a:71:6f:8b:6b:cc:08:a7:
         9d:f1:ff:79:4f:27:f3:db:83:19:2f:e1:69:19:cf:0c:a4:5e:
         64:1a:99:a4:c6:51:bf:d2:5e:8e:7d:35:ea:50:ab:82:03:db:
         05:16:89:61:1f:1c:ba:b3:c2:94:51:67:9c:41:78:90:11:e9:
         68:3d:7c:8a:62:74:5c:ae:b5:29:e8:93:b6:a1:55:27:0c:84:
         71:17:c9:69:39:bc:55:7a:a9:0b:52:2d:4a:fe:e5:e7:02:56:
         3f:d7:e8:28:2f:92:03:b9:90:37:c5:4b:35:20:67:b0:1c:93:
         ed:f6:6c:12
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoM8+nZgrM4cRFUeUqislopMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YzJlMGQzZmRjMjE1YTM4OWM3MDQzY2E1YTFhMDZiZTJj
NTU4ZWYwHhcNMjUxMDIyMTcyNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmIwYWUzYmNiMzA5ODAwNzljZDU0ZDI5YmY4Y2VkODgyNWFiZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tMYzZg4YuKs9LO6bR9iiJg+r1Dq
dX94zHutR28SToBLKqKk0MijupaBqbUtChHupKDQ1foTHpo8S7PX2BhpZC8IFzb5
FGYlKsJ2WZl4ZdNhfXLvkOxOZVbqqfj/NJIPFShMOJmufoW3o4ijvvQRrYQtr4cn
92GVTmscxyqgpS/BVru8wK8dCbVfvuF/a7xb21pGz/x1L5I5TSDepz6QpLNfXVaM
E/Yxp3fYeU+u4sA0wr32nM+kd+mpnkiqhQ694MrLhCdn8aKohsJCjatQuoAjjzhC
eRig8vjRKkK/ZKrojpP+MsTiHoZpLCskHZHlfKcVJQyQg++qeGeKV+5P/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG+wrjvLMJgAec1U0pv4ztiCWr3bMB8GA1UdIwQY
MBaAFObC4NP9whWjiccEPKWhoGvixVjvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQt
ZjNlMDUyYmFiMTQ0LzEvYjdDdU84c3dtQUI1elZUU21fak8ySUphdmRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQtZjNlMDUyYmFiMTQ0
LzEvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATVd7AwQA
VjYaAwQBwanCMA0GCSqGSIb3DQEBCwUAA4IBAQBujuazZm1/c65FYmev7X2Of2qK
5Tqzv3pX1mV30zJ7mT6+/EHjXu0/JIzawTE35/Oj/GqvjI4VAtXh5UrBNHflJMhI
kXB3EzFtGK3NvkP/PD7/HocLAYZukDFKKxr+zcef2iWvZTl+XP3+B7w8QF6Y0xXW
1tURJ/cIKACfC6vEWGv9LDwvzKk6anFvi2vMCKed8f95Tyfz24MZL+FpGc8MpF5k
GpmkxlG/0l6OfTXqUKuCA9sFFolhHxy6s8KUUWecQXiQEeloPXyKYnRcrrUp6JO2
oVUnDIRxF8lpObxVeqkLUi1K/uXnAlY/1+goL5IDuZA3xUs1IGewHJPt9mwS
-----END CERTIFICATE-----