Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/atVw4xeqFsYkbv0YanpMvYj9YJU.roa
File:                     atVw4xeqFsYkbv0YanpMvYj9YJU.roa (raw, json)
Hash identifier:          7v09PHKrV9HFGitf9dm+OHYN47o0kgfyg4toCmWYsN4=
Subject key identifier:   6A:D5:70:E3:17:AA:16:C6:24:6E:FD:18:6A:7A:4C:BD:88:FD:60:95
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01976492E4AA423171A7D5D8E120F98A44E8
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/atVw4xeqFsYkbv0YanpMvYj9YJU.roa
Signing time:             Thu 12 Jun 2025 14:37:17 +0000
ROA not before:           Thu 12 Jun 2025 14:37:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213541
IP address blocks:        77.90.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 20:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:64:92:e4:aa:42:31:71:a7:d5:d8:e1:20:f9:8a:44:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jun 12 14:37:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ad570e317aa16c6246efd186a7a4cbd88fd6095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d3:78:f0:f5:7e:78:41:0d:ba:b6:77:5f:0b:
                    bd:e2:66:85:f6:7c:6e:0f:41:96:41:30:d0:e6:2c:
                    09:fc:a1:8c:f8:75:4f:e7:f7:15:8e:e3:48:bf:63:
                    21:cd:69:b7:81:88:b4:b0:01:54:8e:c8:2e:43:f0:
                    48:bd:a5:c2:ae:a2:cb:99:c7:38:01:4b:72:3d:b8:
                    d5:9c:fc:bd:63:02:39:a2:10:53:11:5f:e2:a8:d8:
                    1d:ae:73:fd:67:16:79:d3:5b:14:17:2a:96:98:05:
                    68:80:37:37:2e:5a:65:49:9d:94:53:14:4b:0c:13:
                    37:56:a5:fd:bc:8b:55:2f:6b:24:9c:be:72:58:0e:
                    b3:22:55:d5:f4:d5:e0:b0:69:73:96:c3:5d:2a:6b:
                    c1:bb:b3:a3:43:aa:87:96:cd:0a:21:8b:b8:5a:17:
                    90:65:78:bd:7a:fc:2b:3b:50:06:ad:91:0a:ea:17:
                    eb:c2:5b:d9:3e:64:78:45:41:f6:11:0b:16:44:5b:
                    43:c5:24:3c:f2:ac:45:c7:fa:37:1a:6a:c8:56:55:
                    95:87:84:2c:29:21:d1:0d:eb:af:91:de:c1:83:38:
                    f5:73:28:05:17:6c:f1:8f:3e:de:84:61:b2:5a:8c:
                    67:06:79:80:d1:d1:80:34:73:1d:1a:0c:32:f6:b7:
                    03:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D5:70:E3:17:AA:16:C6:24:6E:FD:18:6A:7A:4C:BD:88:FD:60:95
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/atVw4xeqFsYkbv0YanpMvYj9YJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:be:bf:73:9e:05:6a:52:31:4c:28:83:b9:14:72:46:c1:34:
         d8:56:bb:2f:6f:e8:60:9c:b3:b9:1d:9c:52:66:fc:3a:3e:75:
         28:ed:29:0c:68:47:c9:ab:b5:7c:4f:2b:06:01:47:55:9f:37:
         16:ad:44:16:c8:d7:fc:a5:8b:5d:ac:a2:46:b2:95:89:fe:56:
         18:0d:c4:d6:6d:d6:0d:fe:6d:6e:c8:ab:ad:91:a3:52:e2:ce:
         52:21:87:39:ef:91:73:95:49:ad:a5:15:eb:be:d2:22:3c:f2:
         ac:0d:a8:e9:76:79:71:10:d7:f2:f8:df:c5:d6:19:b7:92:d3:
         2a:d9:32:4a:13:7c:e1:7a:53:23:65:72:9e:42:9c:c3:3b:5f:
         fe:5f:b3:87:53:5a:c9:51:ba:2d:b4:47:98:17:20:c4:3e:ad:
         84:0e:dd:37:d1:1d:d2:30:ac:fa:37:9f:6f:43:93:f0:d9:f2:
         a9:ec:c9:1c:47:61:92:33:4f:ae:b6:c2:2d:a8:58:2d:18:46:
         78:51:04:cb:49:55:d0:f1:70:f0:0d:5a:d8:ce:e9:94:c7:5c:
         5e:ce:98:28:b0:cb:e5:5b:26:9f:8d:36:26:3a:d0:b2:b7:d8:
         c8:6c:29:85:95:49:87:34:f0:8d:7f:52:a3:61:b4:e3:a9:55:
         62:81:ab:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdkkuSqQjFxp9XY4SD5ikToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUwNjEyMTQzNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQ1NzBlMzE3YWExNmM2MjQ2ZWZkMTg2YTdhNGNiZDg4ZmQ2MDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdN48PV+eEENurZ3Xwu94maF9nxu
D0GWQTDQ5iwJ/KGM+HVP5/cVjuNIv2MhzWm3gYi0sAFUjsguQ/BIvaXCrqLLmcc4
AUtyPbjVnPy9YwI5ohBTEV/iqNgdrnP9ZxZ501sUFyqWmAVogDc3LlplSZ2UUxRL
DBM3VqX9vItVL2sknL5yWA6zIlXV9NXgsGlzlsNdKmvBu7OjQ6qHls0KIYu4WheQ
ZXi9evwrO1AGrZEK6hfrwlvZPmR4RUH2EQsWRFtDxSQ88qxFx/o3GmrIVlWVh4Qs
KSHRDeuvkd7Bgzj1cygFF2zxjz7ehGGyWoxnBnmA0dGANHMdGgwy9rcD8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrVcOMXqhbGJG79GGp6TL2I/WCVMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvYXRWdzR4ZXFGc1lrYnYwWWFucE12WWo5WUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVquMA0G
CSqGSIb3DQEBCwUAA4IBAQCdvr9zngVqUjFMKIO5FHJGwTTYVrsvb+hgnLO5HZxS
Zvw6PnUo7SkMaEfJq7V8TysGAUdVnzcWrUQWyNf8pYtdrKJGspWJ/lYYDcTWbdYN
/m1uyKutkaNS4s5SIYc575FzlUmtpRXrvtIiPPKsDajpdnlxENfy+N/F1hm3ktMq
2TJKE3zhelMjZXKeQpzDO1/+X7OHU1rJUbottEeYFyDEPq2EDt030R3SMKz6N59v
Q5Pw2fKp7MkcR2GSM0+utsItqFgtGEZ4UQTLSVXQ8XDwDVrYzumUx1xezpgosMvl
WyafjTYmOtCyt9jIbCmFlUmHNPCNf1KjYbTjqVVigauI
-----END CERTIFICATE-----