Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/uChuTS04OYJ_vnJckjeyw10yZB4.roa
File:                     uChuTS04OYJ_vnJckjeyw10yZB4.roa (raw, json)
Hash identifier:          LAAYGpYHaKqgdtKFl0mvmhFy/eHL//SDyVDwLRmQnTw=
Subject key identifier:   B8:28:6E:4D:2D:38:39:82:7F:BE:72:5C:92:37:B2:C3:5D:32:64:1E
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0198327E2ACDA0B1FA91DC421F9B8DEB78C3
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/uChuTS04OYJ_vnJckjeyw10yZB4.roa
Signing time:             Tue 22 Jul 2025 14:16:26 +0000
ROA not before:           Tue 22 Jul 2025 14:16:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213495
IP address blocks:        77.90.40.0/24 maxlen: 24
                          77.90.59.0/24 maxlen: 24
                          94.249.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:32:7e:2a:cd:a0:b1:fa:91:dc:42:1f:9b:8d:eb:78:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul 22 14:16:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8286e4d2d3839827fbe725c9237b2c35d32641e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:65:99:38:db:3d:99:e2:97:3a:db:e5:27:3c:
                    3a:d9:00:db:f4:72:6b:78:06:6c:96:cd:2b:ca:3f:
                    ed:7b:49:94:fe:ae:55:d9:10:90:26:a1:46:21:86:
                    3c:c7:39:07:c4:2d:6f:b1:58:3a:03:85:9b:3c:bf:
                    d0:61:f4:32:d8:c2:6a:47:a5:e6:35:bf:e0:3b:c7:
                    73:d7:ff:08:fb:ea:72:af:f8:ff:d7:cb:25:5a:fc:
                    46:69:98:e2:1c:06:bf:fb:26:2e:16:53:84:30:0c:
                    62:16:88:04:ab:54:44:63:9d:83:62:98:82:ac:93:
                    79:81:db:75:38:9f:85:13:b6:c3:c4:f6:0f:66:29:
                    93:7e:38:15:37:32:c3:dd:11:68:2a:03:5e:41:9e:
                    2e:4b:e5:79:e4:c4:23:6a:35:24:7c:0e:1a:61:04:
                    b0:25:81:f1:f1:7e:d0:5d:b1:a6:08:a8:77:7d:c7:
                    93:12:d0:02:61:a6:52:ce:23:a8:e5:f2:ba:d8:35:
                    9c:e8:42:cd:5c:a9:c0:a8:e3:e6:20:a5:87:80:2e:
                    2d:cc:9f:5f:4f:64:78:55:65:e5:4c:9c:53:00:27:
                    31:9b:96:94:50:e4:85:6b:c0:72:7e:38:35:f3:ac:
                    03:ac:b7:d8:39:9e:92:08:6f:54:06:d3:73:d0:8b:
                    71:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:28:6E:4D:2D:38:39:82:7F:BE:72:5C:92:37:B2:C3:5D:32:64:1E
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/uChuTS04OYJ_vnJckjeyw10yZB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.40.0/24
                  77.90.59.0/24
                  94.249.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:76:5c:c0:7d:16:ee:14:ae:a0:9b:9e:dd:ca:51:4b:ab:08:
         0f:86:34:b5:22:f2:d0:22:57:b2:3e:d9:e2:34:89:73:a6:7e:
         24:a2:bf:54:c0:d7:de:b4:a2:c8:af:a9:d4:cf:0e:be:e6:a4:
         30:f3:72:9b:a3:94:1d:ef:e9:ef:0b:f3:60:6d:a4:7c:49:18:
         17:13:0b:35:8f:7c:c8:15:66:b4:71:e8:2b:7a:0d:97:a6:db:
         af:f8:67:fc:5b:47:b0:a5:e4:be:37:a4:4d:1d:cd:8a:a4:bc:
         14:fc:c8:d9:13:fa:1d:74:8a:61:83:e0:58:b3:2a:44:8a:98:
         61:58:cc:c1:19:d4:34:1a:8b:5a:68:82:7a:db:2f:5c:21:21:
         4c:9c:23:2e:a7:e4:08:e2:83:2a:21:a7:64:3c:19:c6:74:79:
         86:80:93:57:9b:bf:70:23:64:bf:dc:ca:3f:b0:bc:8d:cb:52:
         50:80:b1:d0:45:b2:e5:c9:40:96:af:68:a4:7b:da:94:ea:a2:
         1c:58:3f:01:7e:e7:42:c8:24:b7:9d:b9:37:26:7d:dd:aa:b4:
         1c:b2:d4:a7:3d:25:8c:3e:ca:a1:f1:d0:a0:da:1a:b9:9a:46:
         7f:6f:af:25:19:4f:20:cb:3e:09:ba:9d:e7:a8:f0:3a:a4:b3:
         ef:ab:20:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgyfirNoLH6kdxCH5uN63jDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzIyMTQxNjI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODI4NmU0ZDJkMzgzOTgyN2ZiZTcyNWM5MjM3YjJjMzVkMzI2NDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWWZONs9meKXOtvlJzw62QDb9HJr
eAZsls0ryj/te0mU/q5V2RCQJqFGIYY8xzkHxC1vsVg6A4WbPL/QYfQy2MJqR6Xm
Nb/gO8dz1/8I++pyr/j/18slWvxGaZjiHAa/+yYuFlOEMAxiFogEq1REY52DYpiC
rJN5gdt1OJ+FE7bDxPYPZimTfjgVNzLD3RFoKgNeQZ4uS+V55MQjajUkfA4aYQSw
JYHx8X7QXbGmCKh3fceTEtACYaZSziOo5fK62DWc6ELNXKnAqOPmIKWHgC4tzJ9f
T2R4VWXlTJxTACcxm5aUUOSFa8Byfjg186wDrLfYOZ6SCG9UBtNz0ItxTQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLgobk0tODmCf75yXJI3ssNdMmQeMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvdUNodVRTMDRPWUpfdm5KY2tqZXl3MTB5WkI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATVooAwQA
TVo7AwQAXvnPMA0GCSqGSIb3DQEBCwUAA4IBAQDSdlzAfRbuFK6gm57dylFLqwgP
hjS1IvLQIleyPtniNIlzpn4kor9UwNfetKLIr6nUzw6+5qQw83Kbo5Qd7+nvC/Ng
baR8SRgXEws1j3zIFWa0cegreg2Xptuv+Gf8W0ewpeS+N6RNHc2KpLwU/MjZE/od
dIphg+BYsypEiphhWMzBGdQ0GotaaIJ62y9cISFMnCMup+QI4oMqIadkPBnGdHmG
gJNXm79wI2S/3Mo/sLyNy1JQgLHQRbLlyUCWr2ike9qU6qIcWD8BfudCyCS3nbk3
Jn3dqrQcstSnPSWMPsqh8dCg2hq5mkZ/b68lGU8gyz4Jup3nqPA6pLPvqyBl
-----END CERTIFICATE-----