Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/YvXLrXHhjd-nwGcJH7F1yopiGtE.roa
File:                     YvXLrXHhjd-nwGcJH7F1yopiGtE.roa (raw, json)
Hash identifier:          dK9K4PtQEnNtt/mFhMDkGnv+ZFU2XffIeOfknq/roPw=
Subject key identifier:   62:F5:CB:AD:71:E1:8D:DF:A7:C0:67:09:1F:B1:75:CA:8A:62:1A:D1
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01974AE9FFFBBE0E9FF795F0A97BDA5ED195
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/YvXLrXHhjd-nwGcJH7F1yopiGtE.roa
Signing time:             Sat 07 Jun 2025 15:02:18 +0000
ROA not before:           Sat 07 Jun 2025 15:02:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216409
IP address blocks:        77.90.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Jun 2025 04:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4a:e9:ff:fb:be:0e:9f:f7:95:f0:a9:7b:da:5e:d1:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jun  7 15:02:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62f5cbad71e18ddfa7c067091fb175ca8a621ad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c1:02:e9:fe:d1:41:0b:37:1b:e5:5e:d7:b9:
                    b7:36:f5:26:1f:7b:46:2a:65:09:0f:36:0d:58:ef:
                    4a:d5:23:98:3b:85:b2:d5:f5:b0:2a:d5:97:5f:a8:
                    eb:c2:5c:0a:da:e6:12:b5:d9:50:0e:3e:ba:b9:b0:
                    4a:dd:b7:0c:e5:99:1f:7a:fb:4b:00:94:b0:8b:22:
                    ed:21:ba:bc:7e:7f:79:10:19:61:9e:5c:40:a3:a4:
                    60:bb:d8:80:ea:3c:f5:ea:3e:90:ba:60:21:cc:4c:
                    62:96:ee:58:d2:de:df:d1:d2:54:5a:80:7a:13:11:
                    ed:ec:54:88:d5:bd:f2:11:6e:de:a1:f6:80:02:10:
                    84:a3:3d:0b:94:05:03:86:87:78:c4:2e:09:e4:7b:
                    95:2a:d6:f9:2e:23:8b:f0:d0:e6:ea:95:4c:47:47:
                    9e:c8:d5:e0:ef:55:1a:84:7d:cc:e5:9c:94:e9:3a:
                    32:33:d8:65:ad:93:93:4b:bb:36:54:d7:58:90:67:
                    10:7e:3a:8f:69:2c:67:a7:e7:8e:91:32:ee:f4:05:
                    09:50:9f:70:27:a6:8d:88:52:a7:51:31:91:06:15:
                    c0:71:fd:e8:e5:05:01:9f:ed:58:55:24:d5:8c:78:
                    1f:b8:5c:1a:dd:fc:5c:dd:48:9f:f9:4b:b1:0e:80:
                    b8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:F5:CB:AD:71:E1:8D:DF:A7:C0:67:09:1F:B1:75:CA:8A:62:1A:D1
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/YvXLrXHhjd-nwGcJH7F1yopiGtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:98:df:70:a6:fc:5c:67:23:8c:76:fb:a2:53:74:44:9f:42:
         71:4c:17:e3:ab:99:c4:bd:a6:e2:7e:88:ac:a1:f1:34:cf:60:
         63:e4:be:9a:67:a3:39:5e:27:01:f7:19:f8:b9:1d:bb:6a:4e:
         77:76:1f:69:a1:a1:d7:d5:27:9e:43:7a:68:be:49:ff:6e:21:
         c9:95:12:10:91:44:63:ab:e1:4d:c8:94:91:20:56:bc:75:88:
         17:36:f9:b0:1d:af:91:a2:1a:63:fb:15:ac:05:08:64:19:0f:
         5f:12:d9:9f:92:91:ef:81:d3:44:c1:cc:a7:64:35:4f:8c:7d:
         ca:f8:a8:92:1e:14:e3:ad:c5:ab:d1:1e:78:7f:9c:2a:92:b5:
         ea:61:26:94:2c:cf:7d:d0:c8:44:18:8e:01:20:5d:34:60:8e:
         ea:e5:ab:29:91:f3:a6:5f:f2:75:06:36:9c:75:d4:30:6c:87:
         88:9a:e5:5b:15:b9:10:ed:79:05:d9:f1:0b:42:ad:66:f1:75:
         f5:45:8d:5c:90:ce:02:44:1c:7b:71:42:fa:9e:6d:da:98:fe:
         e8:ed:13:8d:c5:2c:1b:66:1a:e2:f1:40:59:dc:82:3f:c2:fe:
         0b:4a:55:2b:cb:4a:67:84:75:85:b6:6c:4d:04:6d:5f:52:59:
         2b:17:01:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdK6f/7vg6f95XwqXvaXtGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNjA3MTUwMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmY1Y2JhZDcxZTE4ZGRmYTdjMDY3MDkxZmIxNzVjYThhNjIxYWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMEC6f7RQQs3G+Ve17m3NvUmH3tG
KmUJDzYNWO9K1SOYO4Wy1fWwKtWXX6jrwlwK2uYStdlQDj66ubBK3bcM5ZkfevtL
AJSwiyLtIbq8fn95EBlhnlxAo6Rgu9iA6jz16j6QumAhzExilu5Y0t7f0dJUWoB6
ExHt7FSI1b3yEW7eofaAAhCEoz0LlAUDhod4xC4J5HuVKtb5LiOL8NDm6pVMR0ee
yNXg71UahH3M5ZyU6ToyM9hlrZOTS7s2VNdYkGcQfjqPaSxnp+eOkTLu9AUJUJ9w
J6aNiFKnUTGRBhXAcf3o5QUBn+1YVSTVjHgfuFwa3fxc3Uif+UuxDoC4fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGL1y61x4Y3fp8BnCR+xdcqKYhrRMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWXZYTHJYSGhqZC1ud0djSkg3RjF5b3BpR3RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVovMA0G
CSqGSIb3DQEBCwUAA4IBAQDBmN9wpvxcZyOMdvuiU3REn0JxTBfjq5nEvabifois
ofE0z2Bj5L6aZ6M5XicB9xn4uR27ak53dh9poaHX1SeeQ3povkn/biHJlRIQkURj
q+FNyJSRIFa8dYgXNvmwHa+Rohpj+xWsBQhkGQ9fEtmfkpHvgdNEwcynZDVPjH3K
+KiSHhTjrcWr0R54f5wqkrXqYSaULM990MhEGI4BIF00YI7q5aspkfOmX/J1Bjac
ddQwbIeImuVbFbkQ7XkF2fELQq1m8XX1RY1ckM4CRBx7cUL6nm3amP7o7RONxSwb
Zhri8UBZ3II/wv4LSlUry0pnhHWFtmxNBG1fUlkrFwFy
-----END CERTIFICATE-----