Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ro4RN7jq-5YSJ6Tl2uyshgIvk0M.roa
File:                     ro4RN7jq-5YSJ6Tl2uyshgIvk0M.roa (raw, json)
Hash identifier:          SsVpapMOjceHmjPuKSzNdDwvqoNheCyzL+Hv9TkqdM8=
Subject key identifier:   AE:8E:11:37:B8:EA:FB:96:12:27:A4:E5:DA:EC:AC:86:02:2F:93:43
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019C9A2ED79A1D1C3365992FBBD2A78CB8E2
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ro4RN7jq-5YSJ6Tl2uyshgIvk0M.roa
Signing time:             Thu 26 Feb 2026 13:41:26 +0000
ROA not before:           Thu 26 Feb 2026 13:41:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        77.90.148.0/24 maxlen: 24
                          213.209.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:2e:d7:9a:1d:1c:33:65:99:2f:bb:d2:a7:8c:b8:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Feb 26 13:41:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae8e1137b8eafb961227a4e5daecac86022f9343
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1b:13:c0:0f:b5:e5:0b:2d:0d:22:90:74:e1:
                    0d:21:3f:c0:99:d4:74:b4:39:f8:79:c1:70:4e:a0:
                    f8:88:d8:3f:04:4c:bf:67:ff:a2:66:da:ae:50:8c:
                    67:4b:37:1d:c6:ec:f2:54:45:25:1e:b9:93:fc:8c:
                    c2:ab:51:c9:f9:34:0f:0f:87:05:61:88:b6:01:f1:
                    47:eb:52:66:e9:f9:e7:32:a7:af:11:33:3a:ae:8a:
                    be:08:68:20:b7:5f:5e:14:dc:f5:ab:07:fe:13:a2:
                    cc:ed:54:dd:50:33:35:86:0e:2a:e7:52:1f:59:2a:
                    67:a6:c0:46:8d:83:bc:ea:7c:ae:45:73:5e:8a:d2:
                    e8:76:79:02:74:21:f9:8c:af:93:d5:f1:30:f3:ab:
                    dc:7c:b8:70:3d:6e:7a:e1:1e:b5:7f:0b:6f:69:7a:
                    eb:a0:c8:d7:bb:ce:02:b7:fa:cf:eb:97:62:dc:94:
                    c7:d9:99:61:e5:55:74:17:b5:96:93:b7:0b:38:5c:
                    c5:2e:dc:c3:7d:25:6c:31:28:4a:ed:73:1c:0e:4a:
                    bf:8e:5c:ef:1f:e7:91:a9:c6:bf:62:40:33:b9:b6:
                    b7:e4:cc:f8:e5:3c:af:7b:06:1b:94:2d:5e:b5:29:
                    ba:ff:5e:2b:c6:0d:fd:d4:cf:40:94:54:fc:1d:62:
                    1c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:8E:11:37:B8:EA:FB:96:12:27:A4:E5:DA:EC:AC:86:02:2F:93:43
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/ro4RN7jq-5YSJ6Tl2uyshgIvk0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.148.0/24
                  213.209.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:2d:a8:0c:a9:ec:73:8f:06:77:39:55:ef:e6:c6:7f:6f:82:
         f0:86:6a:fb:3d:08:61:45:cd:69:13:69:de:73:7c:d3:bc:d7:
         6c:e9:95:83:45:99:cd:0a:8a:b7:3c:24:12:6b:49:0a:7e:b4:
         bc:e0:6f:a3:c1:ef:98:85:9e:ed:f4:05:04:7d:2f:3e:d2:60:
         a8:6b:08:05:cf:83:38:7e:33:c2:d4:cc:29:c7:d5:cd:dd:62:
         1f:da:08:3c:6d:c7:70:85:15:ab:bf:bb:e5:74:fd:32:ea:7c:
         f9:f6:93:b5:98:b7:b6:60:1f:d7:56:a3:75:f6:9d:16:e3:31:
         86:f7:59:b0:e7:12:cb:7c:ff:3b:43:b5:41:95:f8:09:00:a0:
         a6:81:39:f6:06:25:6d:31:4d:6c:64:26:92:97:53:a3:4b:cc:
         44:72:48:e1:48:db:26:3b:5f:0c:60:39:51:e4:1e:7e:58:4a:
         b6:bd:63:47:12:7a:77:16:b0:f2:13:c1:84:f5:83:53:f2:6d:
         cd:9b:ca:aa:00:a5:c0:6c:5c:da:48:a4:bf:e0:dd:71:f1:02:
         98:4d:b2:33:ab:9f:f0:d3:92:27:e8:2f:1d:16:6e:81:90:48:
         8e:4f:92:ca:cc:87:03:00:bc:01:59:75:14:95:71:2e:be:3e:
         b7:3f:57:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyaLteaHRwzZZkvu9KnjLjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwMjI2MTM0MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZThlMTEzN2I4ZWFmYjk2MTIyN2E0ZTVkYWVjYWM4NjAyMmY5MzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxsTwA+15QstDSKQdOENIT/AmdR0
tDn4ecFwTqD4iNg/BEy/Z/+iZtquUIxnSzcdxuzyVEUlHrmT/IzCq1HJ+TQPD4cF
YYi2AfFH61Jm6fnnMqevETM6roq+CGggt19eFNz1qwf+E6LM7VTdUDM1hg4q51If
WSpnpsBGjYO86nyuRXNeitLodnkCdCH5jK+T1fEw86vcfLhwPW564R61fwtvaXrr
oMjXu84Ct/rP65di3JTH2Zlh5VV0F7WWk7cLOFzFLtzDfSVsMShK7XMcDkq/jlzv
H+eRqca/YkAzuba35Mz45TyvewYblC1etSm6/14rxg391M9AlFT8HWIc4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK6OETe46vuWEiek5drsrIYCL5NDMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvcm80Uk43anEtNVlTSjZUbDJ1eXNoZ0l2azBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVqUAwQA
1dGBMA0GCSqGSIb3DQEBCwUAA4IBAQA+LagMqexzjwZ3OVXv5sZ/b4Lwhmr7PQhh
Rc1pE2nec3zTvNds6ZWDRZnNCoq3PCQSa0kKfrS84G+jwe+YhZ7t9AUEfS8+0mCo
awgFz4M4fjPC1Mwpx9XN3WIf2gg8bcdwhRWrv7vldP0y6nz59pO1mLe2YB/XVqN1
9p0W4zGG91mw5xLLfP87Q7VBlfgJAKCmgTn2BiVtMU1sZCaSl1OjS8xEckjhSNsm
O18MYDlR5B5+WEq2vWNHEnp3FrDyE8GE9YNT8m3Nm8qqAKXAbFzaSKS/4N1x8QKY
TbIzq5/w05In6C8dFm6BkEiOT5LKzIcDALwBWXUUlXEuvj63P1eb
-----END CERTIFICATE-----