Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/698bec-a0f0-42f7-99fa-28516bb7505c/1/7aycDRTYf8P211UyjMoRLngFRos.roa
File:                     7aycDRTYf8P211UyjMoRLngFRos.roa (raw, json)
Hash identifier:          1hSkTrGl1NaKOimvmkvsZcL4F2FAkgvJlT6iCyQWKdc=
Subject key identifier:   ED:AC:9C:0D:14:D8:7F:C3:F6:D7:55:32:8C:CA:11:2E:78:05:46:8B
Certificate issuer:       /CN=187a704f485e11dedabc56264e5d80c1487e0842
Certificate serial:       0195ED6AF8AE9F20464363A51F50A724ABD1
Authority key identifier: 18:7A:70:4F:48:5E:11:DE:DA:BC:56:26:4E:5D:80:C1:48:7E:08:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GHpwT0heEd7avFYmTl2AwUh-CEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/698bec-a0f0-42f7-99fa-28516bb7505c/1/7aycDRTYf8P211UyjMoRLngFRos.roa
Signing time:             Mon 31 Mar 2025 18:16:05 +0000
ROA not before:           Mon 31 Mar 2025 18:16:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5398
IP address blocks:        77.220.64.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/698bec-a0f0-42f7-99fa-28516bb7505c/1/GHpwT0heEd7avFYmTl2AwUh-CEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/698bec-a0f0-42f7-99fa-28516bb7505c/1/GHpwT0heEd7avFYmTl2AwUh-CEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GHpwT0heEd7avFYmTl2AwUh-CEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ed:6a:f8:ae:9f:20:46:43:63:a5:1f:50:a7:24:ab:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=187a704f485e11dedabc56264e5d80c1487e0842
        Validity
            Not Before: Mar 31 18:16:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edac9c0d14d87fc3f6d755328cca112e7805468b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:85:7a:58:ab:a5:0c:66:c3:2f:31:87:2d:8e:
                    36:60:79:ff:2c:81:23:03:bd:8c:d9:49:56:9d:2f:
                    70:07:23:98:a6:4d:22:4d:48:f0:55:81:1d:b5:b9:
                    1c:80:7e:ad:23:80:d6:da:f9:80:19:25:b5:8b:b7:
                    59:98:46:76:52:58:4e:df:78:0d:92:f7:c8:66:1c:
                    0a:e8:98:01:be:f3:2a:06:38:f9:d2:b6:ec:b9:1f:
                    93:2b:3e:07:f8:6f:15:f1:5b:16:d1:91:30:14:7c:
                    37:5f:9c:01:6a:ba:e4:3a:50:59:ac:7b:62:61:da:
                    b2:9f:cf:a0:87:e2:6e:21:8d:4d:7d:f0:2f:2b:95:
                    65:29:45:f6:76:c4:84:15:dc:7d:31:6a:47:40:1b:
                    49:a9:5b:a7:fd:5e:bb:da:c9:50:2c:86:82:58:b4:
                    ef:ec:3d:34:e2:9f:99:46:3a:6b:e2:4d:d1:31:e3:
                    91:67:c6:bd:fc:00:00:bc:bc:b9:65:8c:17:50:76:
                    77:03:61:2b:17:d1:7d:e9:9c:ce:de:7d:32:ca:9c:
                    94:9d:2c:21:9f:64:c6:f6:2e:4b:11:b9:65:c7:9e:
                    c0:94:93:81:f3:0b:2b:3d:9a:4c:2e:34:d8:db:2e:
                    ed:52:0b:31:58:6c:2a:7c:49:85:15:18:26:49:48:
                    e6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:AC:9C:0D:14:D8:7F:C3:F6:D7:55:32:8C:CA:11:2E:78:05:46:8B
            X509v3 Authority Key Identifier:
                keyid:18:7A:70:4F:48:5E:11:DE:DA:BC:56:26:4E:5D:80:C1:48:7E:08:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GHpwT0heEd7avFYmTl2AwUh-CEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/698bec-a0f0-42f7-99fa-28516bb7505c/1/7aycDRTYf8P211UyjMoRLngFRos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/698bec-a0f0-42f7-99fa-28516bb7505c/1/GHpwT0heEd7avFYmTl2AwUh-CEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.220.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         79:32:50:15:e5:cc:d6:e4:d6:2b:8e:49:cf:6c:d7:58:40:12:
         64:1e:70:e6:0f:ca:12:31:d5:a7:be:4e:5a:f6:ff:28:14:d1:
         65:c1:00:32:cb:4c:6f:de:a7:1b:b8:57:93:99:a3:bd:3d:c5:
         7b:75:8a:67:e3:9d:da:b1:08:ab:a7:03:3c:63:19:9a:fd:f2:
         e3:d2:89:1c:7d:f5:73:0e:f0:5b:ab:41:fe:c1:05:5c:9a:dc:
         78:9a:47:b1:e7:e5:20:7f:15:69:8c:3b:3e:84:62:eb:dd:72:
         bc:e3:e3:f9:8b:a0:ff:a6:11:5b:b0:6f:53:88:d2:2b:b4:48:
         a2:4c:42:76:fc:a3:aa:88:b9:f0:fa:0d:8d:8d:9f:a6:fa:8e:
         4c:7d:14:37:a6:f4:b2:3a:71:9f:60:3e:fb:e1:48:96:38:23:
         f7:68:b9:63:3b:0c:a7:a8:b6:d0:2a:47:1b:e3:78:fc:31:98:
         dc:9b:ce:22:7c:de:ee:85:cb:4c:f0:55:e3:f6:9e:a4:5e:e8:
         bc:d5:a4:a8:33:b4:ae:2c:73:b7:f5:b1:53:37:81:d2:0a:03:
         8a:63:32:a0:dc:9f:be:c2:40:67:6f:6a:20:2e:f1:30:5b:69:
         8c:e7:90:c3:53:34:52:57:e4:30:63:0f:2c:b2:f4:e0:03:f9:
         45:f3:c7:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXtaviunyBGQ2OlH1CnJKvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4N2E3MDRmNDg1ZTExZGVkYWJjNTYyNjRlNWQ4MGMxNDg3
ZTA4NDIwHhcNMjUwMzMxMTgxNjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGFjOWMwZDE0ZDg3ZmMzZjZkNzU1MzI4Y2NhMTEyZTc4MDU0NjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYV6WKulDGbDLzGHLY42YHn/LIEj
A72M2UlWnS9wByOYpk0iTUjwVYEdtbkcgH6tI4DW2vmAGSW1i7dZmEZ2UlhO33gN
kvfIZhwK6JgBvvMqBjj50rbsuR+TKz4H+G8V8VsW0ZEwFHw3X5wBarrkOlBZrHti
Ydqyn8+gh+JuIY1NffAvK5VlKUX2dsSEFdx9MWpHQBtJqVun/V672slQLIaCWLTv
7D004p+ZRjpr4k3RMeORZ8a9/AAAvLy5ZYwXUHZ3A2ErF9F96ZzO3n0yypyUnSwh
n2TG9i5LEbllx57AlJOB8wsrPZpMLjTY2y7tUgsxWGwqfEmFFRgmSUjmDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2snA0U2H/D9tdVMozKES54BUaLMB8GA1UdIwQY
MBaAFBh6cE9IXhHe2rxWJk5dgMFIfghCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0hwd1QwaGVFZDdhdkZZbVRsMkF3VWgtQ0VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC82OThiZWMtYTBmMC00MmY3LTk5ZmEt
Mjg1MTZiYjc1MDVjLzEvN2F5Y0RSVFlmOFAyMTFVeWpNb1JMbmdGUm9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC82OThiZWMtYTBmMC00MmY3LTk5ZmEtMjg1MTZiYjc1MDVj
LzEvR0hwd1QwaGVFZDdhdkZZbVRsMkF3VWgtQ0VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFTdxAMA0G
CSqGSIb3DQEBCwUAA4IBAQB5MlAV5czW5NYrjknPbNdYQBJkHnDmD8oSMdWnvk5a
9v8oFNFlwQAyy0xv3qcbuFeTmaO9PcV7dYpn453asQirpwM8Yxma/fLj0okcffVz
DvBbq0H+wQVcmtx4mkex5+UgfxVpjDs+hGLr3XK84+P5i6D/phFbsG9TiNIrtEii
TEJ2/KOqiLnw+g2NjZ+m+o5MfRQ3pvSyOnGfYD774UiWOCP3aLljOwynqLbQKkcb
43j8MZjcm84ifN7uhctM8FXj9p6kXui81aSoM7SuLHO39bFTN4HSCgOKYzKg3J++
wkBnb2ogLvEwW2mM55DDUzRSV+QwYw8ssvTgA/lF88cq
-----END CERTIFICATE-----