Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/9kKrY-00aHCLZ5_iE5q85XwU7ck.roa
File:                     9kKrY-00aHCLZ5_iE5q85XwU7ck.roa (raw, json)
Hash identifier:          JZlIoGUSP8LhD5Ex99sUi6EUJNNOAyUQks5HiOIipSE=
Subject key identifier:   F6:42:AB:63:ED:34:68:70:8B:67:9F:E2:13:9A:BC:E5:7C:14:ED:C9
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019942F0B62833C128A36CE835036964B539
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/9kKrY-00aHCLZ5_iE5q85XwU7ck.roa
Signing time:             Sat 13 Sep 2025 11:58:15 +0000
ROA not before:           Sat 13 Sep 2025 11:58:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44620
IP address blocks:        77.83.203.0/24 maxlen: 24
                          2a13:a440:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 07:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:42:f0:b6:28:33:c1:28:a3:6c:e8:35:03:69:64:b5:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Sep 13 11:58:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f642ab63ed3468708b679fe2139abce57c14edc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f0:23:f3:b0:50:cb:94:2e:3a:7e:95:bc:dd:
                    c1:62:68:6e:78:1d:ed:7c:85:9f:96:3d:d6:90:ab:
                    5f:25:bc:41:68:75:9c:68:93:fd:de:e3:04:b3:da:
                    56:0c:ef:a3:60:77:86:b7:1f:27:25:3d:36:0f:2e:
                    76:05:d9:4e:ef:52:d4:ca:6b:b9:5f:b7:0b:72:31:
                    7b:60:80:d7:02:12:0b:35:37:5c:b5:64:1c:c3:80:
                    04:63:36:cf:62:7b:b7:50:3a:62:e3:76:a9:f2:3d:
                    70:5e:46:78:72:31:22:54:8c:88:c6:5e:35:f7:26:
                    09:99:34:01:22:9c:7d:07:98:aa:9d:c5:2d:40:1c:
                    9f:23:c6:32:e5:c4:96:b7:6c:e2:89:13:14:66:cc:
                    23:12:44:48:90:02:3c:9f:f5:a4:0c:26:e7:d6:88:
                    ed:a5:f9:c2:8f:c6:43:87:70:17:4f:4e:78:b9:28:
                    5a:5b:a2:5e:ec:c9:29:47:81:29:04:98:b7:01:36:
                    d7:b6:db:9f:1c:34:e9:d6:a4:cd:da:bb:41:e5:d3:
                    f6:13:38:b4:05:b4:e4:9a:c7:79:cb:04:60:a8:06:
                    3e:f1:c6:cc:9f:5d:86:cb:b0:a7:99:fe:dc:0e:a9:
                    d2:36:fc:25:6c:db:1d:a4:d8:a0:d9:e5:ff:02:8b:
                    9e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:42:AB:63:ED:34:68:70:8B:67:9F:E2:13:9A:BC:E5:7C:14:ED:C9
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/9kKrY-00aHCLZ5_iE5q85XwU7ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.203.0/24
                IPv6:
                  2a13:a440:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:5c:35:f8:b5:d3:25:63:47:31:3a:a1:08:e9:ad:6b:cb:66:
         ad:16:56:57:62:b8:5e:b7:5e:9e:c5:f1:4a:a3:10:ee:b2:20:
         bf:24:2b:24:34:27:65:91:f1:ce:d0:8e:8a:ac:9c:f9:52:0f:
         41:18:29:2b:ef:e4:9c:b5:db:91:b8:54:f5:88:35:5e:89:3a:
         0e:f0:e5:cb:7a:a0:4b:14:28:e0:13:f6:55:b7:89:9f:45:70:
         10:0d:5f:05:fb:cc:27:9a:a0:1d:ad:a0:a1:f7:06:b6:d2:67:
         a5:48:7a:f4:94:e2:62:c3:f8:0c:e0:39:cc:05:a1:14:fe:f7:
         20:20:4f:98:12:c2:77:f9:2d:5a:18:24:47:be:05:65:88:1c:
         ef:85:95:e2:a6:06:99:38:35:5c:c5:8d:0f:a1:dd:35:20:74:
         11:53:af:93:fe:b4:6b:b2:43:be:d9:64:ba:f2:5e:5a:e4:d7:
         26:bf:d0:22:4d:f4:30:85:55:7b:e1:32:25:5a:5a:a0:0f:94:
         50:c4:53:47:43:f1:6e:c8:64:79:ab:4b:69:a7:43:5a:72:59:
         c2:42:c1:bd:84:a7:60:1b:17:29:f7:e6:d3:99:54:35:39:9a:
         6c:0d:86:e8:5d:1c:e9:14:b7:38:e1:de:94:b1:be:8b:14:5d:
         06:86:eb:76
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZlC8LYoM8Eoo2zoNQNpZLU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUwOTEzMTE1ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjQyYWI2M2VkMzQ2ODcwOGI2NzlmZTIxMzlhYmNlNTdjMTRlZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/Aj87BQy5QuOn6VvN3BYmhueB3t
fIWflj3WkKtfJbxBaHWcaJP93uMEs9pWDO+jYHeGtx8nJT02Dy52BdlO71LUymu5
X7cLcjF7YIDXAhILNTdctWQcw4AEYzbPYnu3UDpi43ap8j1wXkZ4cjEiVIyIxl41
9yYJmTQBIpx9B5iqncUtQByfI8Yy5cSWt2ziiRMUZswjEkRIkAI8n/WkDCbn1ojt
pfnCj8ZDh3AXT054uShaW6Je7MkpR4EpBJi3ATbXttufHDTp1qTN2rtB5dP2Ezi0
BbTkmsd5ywRgqAY+8cbMn12Gy7Cnmf7cDqnSNvwlbNsdpNig2eX/AoueGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPZCq2PtNGhwi2ef4hOavOV8FO3JMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvOWtLclktMDBhSENMWjVfaUU1cTg1WHdVN2NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQATVPLMA8E
AgACMAkDBwAqE6RAAAkwDQYJKoZIhvcNAQELBQADggEBAE1cNfi10yVjRzE6oQjp
rWvLZq0WVldiuF63Xp7F8UqjEO6yIL8kKyQ0J2WR8c7QjoqsnPlSD0EYKSvv5Jy1
25G4VPWINV6JOg7w5ct6oEsUKOAT9lW3iZ9FcBANXwX7zCeaoB2toKH3BrbSZ6VI
evSU4mLD+AzgOcwFoRT+9yAgT5gSwnf5LVoYJEe+BWWIHO+FleKmBpk4NVzFjQ+h
3TUgdBFTr5P+tGuyQ77ZZLryXlrk1ya/0CJN9DCFVXvhMiVaWqAPlFDEU0dD8W7I
ZHmrS2mnQ1pyWcJCwb2Ep2AbFyn35tOZVDU5mmwNhuhdHOkUtzjh3pSxvosUXQaG
63Y=
-----END CERTIFICATE-----