Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/_qdGKC4bJqbZljgyyPxOveMRSE0.roa
File:                     _qdGKC4bJqbZljgyyPxOveMRSE0.roa (raw, json)
Hash identifier:          J8tgXFuNd4XSd0aNfVTGZ5Pe7I2ykeSydlFrKCzATK8=
Subject key identifier:   FE:A7:46:28:2E:1B:26:A6:D9:96:38:32:C8:FC:4E:BD:E3:11:48:4D
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01984F3A1D6149C675991917CDDED7C8E04E
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/_qdGKC4bJqbZljgyyPxOveMRSE0.roa
Signing time:             Mon 28 Jul 2025 04:11:05 +0000
ROA not before:           Mon 28 Jul 2025 04:11:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215039
IP address blocks:        77.90.5.0/24 maxlen: 24
                          77.90.14.0/24 maxlen: 24
                          77.90.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4f:3a:1d:61:49:c6:75:99:19:17:cd:de:d7:c8:e0:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul 28 04:11:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fea746282e1b26a6d9963832c8fc4ebde311484d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:84:99:af:c7:ff:06:98:49:56:35:36:03:66:
                    13:05:d1:0f:9e:f1:41:1e:43:43:5b:69:34:61:e6:
                    f2:05:4a:6e:31:58:16:12:27:99:1a:09:3f:24:71:
                    cc:f5:3a:cf:f2:7c:61:99:1f:1b:5e:2f:53:71:ba:
                    4e:18:78:18:5f:70:00:e8:7d:f0:37:8c:fd:05:0a:
                    1b:e6:5b:7b:cd:a6:d0:dc:2e:56:1f:96:a4:fc:09:
                    f1:c0:ed:3f:af:86:a3:63:42:43:40:60:da:be:99:
                    a2:9f:28:07:25:d2:90:2c:73:5d:08:14:54:75:0c:
                    9b:68:7d:60:bf:a5:a2:6a:ab:73:01:7b:21:ea:d3:
                    ae:2b:f3:c1:a7:dc:da:d2:91:1b:5f:6d:e5:65:07:
                    ca:b9:2a:5a:5a:85:65:31:76:1d:d2:54:8e:c4:7b:
                    0b:06:59:da:d9:b0:3a:b6:7c:b1:8f:69:3e:13:3d:
                    bc:af:de:3e:96:df:9c:c4:a8:14:de:b4:8d:6a:d3:
                    66:d6:9e:6c:d4:c5:0c:32:9a:37:f9:82:50:1e:55:
                    90:06:5d:02:9c:48:4e:ca:3e:a4:a3:e1:1f:b4:d3:
                    76:7c:58:5a:f7:51:d3:6d:66:c4:75:9d:44:e0:2a:
                    0a:1d:bc:5c:d7:d1:3e:f3:25:d3:ad:d8:cd:99:dc:
                    3e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A7:46:28:2E:1B:26:A6:D9:96:38:32:C8:FC:4E:BD:E3:11:48:4D
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/_qdGKC4bJqbZljgyyPxOveMRSE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.5.0/24
                  77.90.14.0/24
                  77.90.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:2a:e3:73:bd:57:c8:42:3d:c2:e6:1c:0d:a6:e4:98:c3:4d:
         ca:61:3a:5d:9c:dc:70:d0:ae:45:f5:89:4b:c2:fa:d9:ed:16:
         7d:c5:a8:d6:aa:67:4e:ff:7c:d4:45:17:04:21:59:93:8c:4c:
         17:3a:93:59:aa:76:8c:5c:45:e7:99:bb:26:97:26:0b:db:f7:
         6d:65:7f:d0:bd:c5:42:d4:67:40:33:4b:a4:bc:54:a3:34:47:
         59:f6:a6:7e:14:ba:26:4b:92:5c:de:26:91:80:cd:78:7b:57:
         f2:60:c4:1c:ce:3f:4f:6d:d4:63:b1:97:5f:5a:b6:25:5c:eb:
         b4:7a:93:14:67:a1:66:0d:05:39:ec:cb:5d:65:ca:a4:4b:39:
         a0:f4:84:d1:cf:00:65:f6:ab:63:04:a3:c6:4f:22:2b:e2:b8:
         19:1f:35:45:e7:cb:f3:62:74:a9:18:f7:89:cd:91:59:13:53:
         9b:c6:84:e5:df:96:59:2a:41:ac:d7:d9:4b:7e:81:42:f0:67:
         ad:c3:30:3f:2e:a0:87:dc:fc:d9:48:fd:bd:39:e2:98:c8:ef:
         56:1a:06:1d:2c:d5:3a:02:02:44:7f:46:24:09:ac:c3:f1:d1:
         e4:18:65:f4:77:9f:e8:17:21:43:fa:6e:d3:87:34:2d:3e:f3:
         2b:58:ed:fc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhPOh1hScZ1mRkXzd7XyOBOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzI4MDQxMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWE3NDYyODJlMWIyNmE2ZDk5NjM4MzJjOGZjNGViZGUzMTE0ODRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoSZr8f/BphJVjU2A2YTBdEPnvFB
HkNDW2k0YebyBUpuMVgWEieZGgk/JHHM9TrP8nxhmR8bXi9TcbpOGHgYX3AA6H3w
N4z9BQob5lt7zabQ3C5WH5ak/AnxwO0/r4ajY0JDQGDavpminygHJdKQLHNdCBRU
dQybaH1gv6WiaqtzAXsh6tOuK/PBp9za0pEbX23lZQfKuSpaWoVlMXYd0lSOxHsL
Blna2bA6tnyxj2k+Ez28r94+lt+cxKgU3rSNatNm1p5s1MUMMpo3+YJQHlWQBl0C
nEhOyj6ko+EftNN2fFha91HTbWbEdZ1E4CoKHbxc19E+8yXTrdjNmdw+iQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP6nRiguGyam2ZY4Msj8Tr3jEUhNMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvX3FkR0tDNGJKcWJabGpneXlQeE92ZU1SU0UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATVoFAwQA
TVoOAwQATVo1MA0GCSqGSIb3DQEBCwUAA4IBAQAeKuNzvVfIQj3C5hwNpuSYw03K
YTpdnNxw0K5F9YlLwvrZ7RZ9xajWqmdO/3zURRcEIVmTjEwXOpNZqnaMXEXnmbsm
lyYL2/dtZX/QvcVC1GdAM0ukvFSjNEdZ9qZ+FLomS5Jc3iaRgM14e1fyYMQczj9P
bdRjsZdfWrYlXOu0epMUZ6FmDQU57MtdZcqkSzmg9ITRzwBl9qtjBKPGTyIr4rgZ
HzVF58vzYnSpGPeJzZFZE1ObxoTl35ZZKkGs19lLfoFC8GetwzA/LqCH3PzZSP29
OeKYyO9WGgYdLNU6AgJEf0YkCazD8dHkGGX0d5/oFyFD+m7ThzQtPvMrWO38
-----END CERTIFICATE-----