Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/hdIRotuEMqxvyLLMHMDf_nrLAts.roa
File:                     hdIRotuEMqxvyLLMHMDf_nrLAts.roa (raw, json)
Hash identifier:          Ky31mSfcPIv0rR/TK0GUIQ69QAnutavVbVWL8rCJCtE=
Subject key identifier:   85:D2:11:A2:DB:84:32:AC:6F:C8:B2:CC:1C:C0:DF:FE:7A:CB:02:DB
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019691EB7A1A927A0BBF9E8732478BF2DAF8
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/hdIRotuEMqxvyLLMHMDf_nrLAts.roa
Signing time:             Fri 02 May 2025 16:54:10 +0000
ROA not before:           Fri 02 May 2025 16:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399870
IP address blocks:        77.111.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:91:eb:7a:1a:92:7a:0b:bf:9e:87:32:47:8b:f2:da:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: May  2 16:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85d211a2db8432ac6fc8b2cc1cc0dffe7acb02db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cc:af:f1:f4:db:aa:96:61:4e:fc:8d:19:aa:
                    e9:31:d1:d4:60:2c:ce:cf:ff:8e:b9:12:41:18:b8:
                    7e:8b:b3:af:62:54:74:ef:cb:27:5f:fa:c6:91:64:
                    55:e4:bd:49:51:bd:1f:a9:ad:7d:92:f0:a6:45:e7:
                    00:ac:12:ef:ce:06:3e:4e:8e:44:d3:af:80:90:ec:
                    8c:74:92:c7:46:c8:4a:a8:3d:3d:96:39:2f:74:be:
                    60:d9:a6:06:e9:33:14:14:68:85:37:29:48:48:ca:
                    b0:50:96:fc:14:ad:ae:88:6f:df:9a:20:07:a6:8d:
                    70:46:97:45:ff:7d:27:6a:5c:79:49:5d:42:eb:4c:
                    07:09:17:0a:be:b1:5e:f6:62:74:30:03:21:00:a2:
                    f1:0e:12:32:2f:58:ba:f4:cb:23:f9:6f:d1:1c:1c:
                    bb:1b:9b:ea:41:33:e7:44:1c:c3:f2:1e:b6:b3:10:
                    05:24:e3:77:a9:31:33:ea:b4:78:8d:74:c1:01:a5:
                    dc:e8:c0:b3:b8:0c:4f:34:41:c6:85:70:47:15:22:
                    7c:de:ee:7a:78:08:1f:88:c5:a5:ea:2d:c4:85:5d:
                    7a:cd:f1:27:16:bb:90:1e:7d:10:f4:cf:45:d5:e9:
                    3a:28:22:03:bb:34:ac:e6:5c:ed:67:dd:86:b0:25:
                    f4:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:D2:11:A2:DB:84:32:AC:6F:C8:B2:CC:1C:C0:DF:FE:7A:CB:02:DB
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/hdIRotuEMqxvyLLMHMDf_nrLAts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:bc:93:72:39:cb:76:70:6f:87:07:a8:ce:80:4b:f5:84:f8:
         fb:9f:e4:cc:90:de:b4:02:1c:24:4b:b3:4b:81:7c:33:0c:4c:
         74:5c:3c:df:b5:f7:6c:cb:3d:7e:ee:c6:b9:ff:cf:ed:60:a4:
         22:95:48:ca:c4:b2:fa:17:dc:95:94:e1:7b:60:30:d5:6a:67:
         b7:5c:d4:fd:f4:68:7f:4d:44:70:9f:be:7d:19:89:49:50:e1:
         a8:89:f5:6c:c4:be:3a:e0:20:bb:13:9e:73:9d:3f:df:cc:f5:
         72:82:1f:ac:68:47:bc:a0:5d:47:36:95:51:bf:91:15:71:74:
         54:b3:e2:ce:73:04:f1:a3:92:33:67:a2:a2:cc:9b:f5:6c:b7:
         4e:52:e6:49:75:1c:54:37:9a:b7:4d:1a:e1:ec:be:a3:74:f6:
         0f:4f:fe:03:15:0c:60:73:98:fe:d1:53:32:69:5e:ff:69:ae:
         88:f7:d5:63:f6:63:15:05:a0:a6:1c:b2:33:ca:b4:6f:42:a0:
         28:35:20:d0:36:c2:54:68:70:5f:63:72:22:9b:11:0d:3d:98:
         b7:32:10:61:4d:93:66:27:5e:1e:a1:94:e0:68:57:44:97:7e:
         ee:ca:79:00:85:4f:5a:c4:02:90:2f:bf:27:a8:78:4d:b6:68:
         35:e6:c8:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaR63oaknoLv56HMkeL8tr4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNTAyMTY1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWQyMTFhMmRiODQzMmFjNmZjOGIyY2MxY2MwZGZmZTdhY2IwMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8yv8fTbqpZhTvyNGarpMdHUYCzO
z/+OuRJBGLh+i7OvYlR078snX/rGkWRV5L1JUb0fqa19kvCmRecArBLvzgY+To5E
06+AkOyMdJLHRshKqD09ljkvdL5g2aYG6TMUFGiFNylISMqwUJb8FK2uiG/fmiAH
po1wRpdF/30nalx5SV1C60wHCRcKvrFe9mJ0MAMhAKLxDhIyL1i69Msj+W/RHBy7
G5vqQTPnRBzD8h62sxAFJON3qTEz6rR4jXTBAaXc6MCzuAxPNEHGhXBHFSJ83u56
eAgfiMWl6i3EhV16zfEnFruQHn0Q9M9F1ek6KCIDuzSs5lztZ92GsCX0zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXSEaLbhDKsb8iyzBzA3/56ywLbMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvaGRJUm90dUVNcXh2eUxMTUhNRGZfbnJMQXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW9vMA0G
CSqGSIb3DQEBCwUAA4IBAQCavJNyOct2cG+HB6jOgEv1hPj7n+TMkN60AhwkS7NL
gXwzDEx0XDzftfdsyz1+7sa5/8/tYKQilUjKxLL6F9yVlOF7YDDVame3XNT99Gh/
TURwn759GYlJUOGoifVsxL464CC7E55znT/fzPVygh+saEe8oF1HNpVRv5EVcXRU
s+LOcwTxo5IzZ6KizJv1bLdOUuZJdRxUN5q3TRrh7L6jdPYPT/4DFQxgc5j+0VMy
aV7/aa6I99Vj9mMVBaCmHLIzyrRvQqAoNSDQNsJUaHBfY3IimxENPZi3MhBhTZNm
J14eoZTgaFdEl37uynkAhU9axAKQL78nqHhNtmg15sgG
-----END CERTIFICATE-----