Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3H6GWkZLc_NZF1jSonS4jQCRWcI.roa
File:                     3H6GWkZLc_NZF1jSonS4jQCRWcI.roa (raw, json)
Hash identifier:          R3AxMvWRSTeOTyqc1x3BVzV4vhkQWVoV9RK24Ln9bzA=
Subject key identifier:   DC:7E:86:5A:46:4B:73:F3:59:17:58:D2:A2:74:B8:8D:00:91:59:C2
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019D2B58DEB7F333BCA4B005453D7ABF0652
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3H6GWkZLc_NZF1jSonS4jQCRWcI.roa
Signing time:             Thu 26 Mar 2026 18:12:17 +0000
ROA not before:           Thu 26 Mar 2026 18:12:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201814
IP address blocks:        77.90.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2b:58:de:b7:f3:33:bc:a4:b0:05:45:3d:7a:bf:06:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar 26 18:12:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc7e865a464b73f3591758d2a274b88d009159c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:80:c4:10:88:4f:65:ad:13:36:11:84:be:d6:
                    39:9c:86:73:8f:41:7f:32:6b:d8:ac:7f:f3:73:6c:
                    9f:64:d0:ff:7f:7b:76:42:18:a9:3b:fb:80:8c:2f:
                    f0:ad:10:4d:fd:32:d0:35:cd:9e:a4:a1:3c:26:42:
                    cf:1e:66:56:4d:aa:12:6c:3d:a3:b8:e7:c0:c1:9b:
                    55:90:d7:89:ee:33:9c:f5:ac:20:62:7e:5d:d8:61:
                    93:8e:8c:7e:a6:df:35:3b:2e:40:86:f0:f4:ca:31:
                    2d:93:cd:5a:a1:03:4b:1f:40:83:6b:7c:e4:00:33:
                    a6:b2:3d:49:d5:36:4d:43:e5:9f:f6:88:f0:9a:ca:
                    c8:9a:e2:b1:7d:29:5c:bd:c4:65:81:1f:9b:93:59:
                    48:c3:8a:67:2f:bb:05:f0:29:81:a9:08:09:5b:d3:
                    92:26:96:94:17:b4:92:65:9f:c5:87:25:ec:b0:d0:
                    10:05:50:e7:b8:24:85:74:78:78:49:16:97:5e:de:
                    be:e1:82:5d:ed:b1:2f:09:3c:79:35:c0:13:89:9b:
                    87:51:b4:65:09:de:32:30:38:b4:0d:7b:c4:82:1a:
                    50:41:a6:e8:48:3e:ff:b6:b5:0e:b6:6c:89:cd:a9:
                    43:f9:ba:12:b0:17:91:1d:d0:a4:b3:b5:b0:ae:ea:
                    7d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:7E:86:5A:46:4B:73:F3:59:17:58:D2:A2:74:B8:8D:00:91:59:C2
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/3H6GWkZLc_NZF1jSonS4jQCRWcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:d7:1f:7c:39:6e:93:2d:b9:1b:9f:ef:e4:5f:da:6a:0e:3a:
         4c:31:1d:76:f2:ea:1d:11:ff:6a:f2:d1:23:99:61:38:61:e4:
         24:14:3a:7e:96:b1:dd:8d:f8:25:3b:e6:76:95:bb:21:6d:56:
         19:8a:0e:fd:a2:14:1f:bc:24:8c:00:85:f2:c2:b5:64:73:48:
         c4:2a:8a:55:6d:f4:68:72:f7:1e:dd:81:8f:ee:00:13:a5:0b:
         f6:49:e3:6c:90:60:9c:07:ef:48:a3:a2:03:3c:04:a4:f5:c3:
         7f:9f:04:0c:89:57:78:cc:e7:49:da:d8:74:6c:00:40:2f:33:
         fb:c5:89:66:7a:00:1b:4d:f8:28:6a:6f:ab:02:bc:d9:b6:f4:
         b9:5a:0b:b9:24:dd:1f:2f:25:22:20:f8:0d:d3:60:28:70:d5:
         81:91:9c:8b:b3:57:3b:9b:dd:18:84:9c:92:7b:c6:db:27:96:
         18:34:ad:09:9f:11:ed:9a:f9:76:e6:a8:53:a3:e6:3c:00:c9:
         65:65:f9:da:63:c8:ec:8f:90:da:20:72:32:a1:cf:b9:a7:1b:
         d0:ea:1a:4e:37:d1:f0:78:65:db:35:81:2d:dd:fe:0a:6f:56:
         f3:0c:33:c9:99:a9:b0:25:3e:81:73:66:a8:e6:f2:30:24:5d:
         1f:49:57:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0rWN638zO8pLAFRT16vwZSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwMzI2MTgxMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzdlODY1YTQ2NGI3M2YzNTkxNzU4ZDJhMjc0Yjg4ZDAwOTE1OWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoDEEIhPZa0TNhGEvtY5nIZzj0F/
MmvYrH/zc2yfZND/f3t2QhipO/uAjC/wrRBN/TLQNc2epKE8JkLPHmZWTaoSbD2j
uOfAwZtVkNeJ7jOc9awgYn5d2GGTjox+pt81Oy5AhvD0yjEtk81aoQNLH0CDa3zk
ADOmsj1J1TZNQ+Wf9ojwmsrImuKxfSlcvcRlgR+bk1lIw4pnL7sF8CmBqQgJW9OS
JpaUF7SSZZ/FhyXssNAQBVDnuCSFdHh4SRaXXt6+4YJd7bEvCTx5NcATiZuHUbRl
Cd4yMDi0DXvEghpQQaboSD7/trUOtmyJzalD+boSsBeRHdCks7Wwrup9+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNx+hlpGS3PzWRdY0qJ0uI0AkVnCMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvM0g2R1drWkxjX05aRjFqU29uUzRqUUNSV2NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVq8MA0G
CSqGSIb3DQEBCwUAA4IBAQBG1x98OW6TLbkbn+/kX9pqDjpMMR128uodEf9q8tEj
mWE4YeQkFDp+lrHdjfglO+Z2lbshbVYZig79ohQfvCSMAIXywrVkc0jEKopVbfRo
cvce3YGP7gATpQv2SeNskGCcB+9Io6IDPASk9cN/nwQMiVd4zOdJ2th0bABALzP7
xYlmegAbTfgoam+rArzZtvS5Wgu5JN0fLyUiIPgN02AocNWBkZyLs1c7m90YhJyS
e8bbJ5YYNK0JnxHtmvl25qhTo+Y8AMllZfnaY8jsj5DaIHIyoc+5pxvQ6hpON9Hw
eGXbNYEt3f4Kb1bzDDPJmamwJT6Bc2ao5vIwJF0fSVfc
-----END CERTIFICATE-----