Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/uxsvjGGBw1-sHXi_WNoWxLw_oHE.roa
File:                     uxsvjGGBw1-sHXi_WNoWxLw_oHE.roa (raw, json)
Hash identifier:          vcXV0IpjKrN098BPQFX2AiEdWi89pGJp2tXzpCOR06Q=
Subject key identifier:   BB:1B:2F:8C:61:81:C3:5F:AC:1D:78:BF:58:DA:16:C4:BC:3F:A0:71
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019EA98B2F538E75CC5813F74C503332AF88
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/uxsvjGGBw1-sHXi_WNoWxLw_oHE.roa
Signing time:             Mon 08 Jun 2026 23:22:11 +0000
ROA not before:           Mon 08 Jun 2026 23:22:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62425
IP address blocks:        77.90.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a9:8b:2f:53:8e:75:cc:58:13:f7:4c:50:33:32:af:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jun  8 23:22:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb1b2f8c6181c35fac1d78bf58da16c4bc3fa071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:82:68:eb:62:a1:c7:82:1b:eb:07:4c:71:c4:
                    44:b4:6b:cd:4b:16:c4:49:27:79:10:47:e2:6a:10:
                    10:ec:7c:e4:54:c8:8e:cd:23:0c:e9:49:91:a0:8a:
                    e5:0c:fa:82:fd:53:9e:48:06:3b:0f:97:0d:8f:2b:
                    7b:a4:02:68:ea:3d:2a:77:e0:8a:3f:e4:75:69:9a:
                    e8:43:fb:21:ba:fe:fd:89:51:16:e9:8d:f6:ad:b8:
                    6b:7b:67:20:5c:ff:36:90:60:1a:0a:0f:27:12:6d:
                    90:3c:51:15:25:f0:bf:5a:00:7f:a2:da:06:4a:cc:
                    53:1c:99:23:66:14:7d:ea:27:5b:ce:54:5a:a7:a2:
                    2f:5d:e6:ef:90:74:e4:94:cb:cb:a6:0f:53:3c:bd:
                    38:8a:2c:e7:19:fb:c2:09:27:4d:81:25:be:b2:04:
                    7c:e2:f3:99:91:1d:06:01:9a:95:bf:94:2a:b4:1c:
                    a6:6c:5f:85:0d:c5:8c:e4:cf:39:e0:a4:0b:3e:a2:
                    60:23:20:35:4d:fb:ca:e8:02:a2:e3:d0:0e:ab:64:
                    26:dd:c9:9e:6c:b4:bd:e1:87:58:0c:ef:26:a0:b1:
                    59:98:a6:3f:57:3e:14:3c:cd:3a:e7:9a:01:f8:63:
                    f6:2a:d4:e0:f3:fa:6a:04:e5:c7:7b:91:27:71:08:
                    1b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:1B:2F:8C:61:81:C3:5F:AC:1D:78:BF:58:DA:16:C4:BC:3F:A0:71
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/uxsvjGGBw1-sHXi_WNoWxLw_oHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:4d:40:6c:f5:14:aa:af:10:79:b3:d6:bd:d2:47:72:28:4f:
         fa:6c:26:00:ec:9f:ed:43:40:0b:b0:15:91:58:0a:78:67:ad:
         0b:fb:25:28:c3:83:22:02:4a:eb:f0:a4:de:58:3c:17:aa:37:
         9a:fb:f5:a0:9c:a7:b4:a6:b1:52:6e:55:6d:1a:fd:65:28:32:
         9e:84:d3:1d:e1:ce:19:e9:3e:4b:10:99:b3:f2:9f:28:f6:ee:
         05:50:db:42:e4:f4:53:ac:06:e9:39:b1:ba:d6:e8:77:8e:8b:
         80:26:d6:9a:00:1f:74:76:be:8c:0b:ba:c8:3f:fa:4c:d3:bd:
         7e:e7:90:44:98:76:d7:7c:d1:2f:df:8c:84:20:dc:37:ed:28:
         4d:ac:ee:26:35:5a:9a:cc:f4:d4:7e:78:67:18:7c:70:ee:ec:
         a8:0e:3a:f6:5c:6e:39:06:1a:48:7d:b5:79:95:6c:79:ba:40:
         b9:74:13:8d:ec:2e:82:37:fa:b9:35:f7:34:f6:dc:bc:5f:39:
         0e:17:d9:f5:6e:bb:76:b7:4c:7c:be:2d:16:6e:95:dd:a6:40:
         36:b3:ff:d5:f8:b9:ad:63:5f:5d:52:ed:a9:d2:d8:87:4f:8c:
         dd:60:cf:f6:22:7a:0a:43:9b:ea:75:86:8b:06:96:39:42:74:
         e9:96:c0:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6piy9TjnXMWBP3TFAzMq+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwNjA4MjMyMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjFiMmY4YzYxODFjMzVmYWMxZDc4YmY1OGRhMTZjNGJjM2ZhMDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIJo62Khx4Ib6wdMccREtGvNSxbE
SSd5EEfiahAQ7HzkVMiOzSMM6UmRoIrlDPqC/VOeSAY7D5cNjyt7pAJo6j0qd+CK
P+R1aZroQ/shuv79iVEW6Y32rbhre2cgXP82kGAaCg8nEm2QPFEVJfC/WgB/otoG
SsxTHJkjZhR96idbzlRap6IvXebvkHTklMvLpg9TPL04iiznGfvCCSdNgSW+sgR8
4vOZkR0GAZqVv5QqtBymbF+FDcWM5M854KQLPqJgIyA1TfvK6AKi49AOq2Qm3cme
bLS94YdYDO8moLFZmKY/Vz4UPM0655oB+GP2KtTg8/pqBOXHe5EncQgbhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLsbL4xhgcNfrB14v1jaFsS8P6BxMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvdXhzdmpHR0J3MS1zSFhpX1dOb1d4THdfb0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVqDMA0G
CSqGSIb3DQEBCwUAA4IBAQA3TUBs9RSqrxB5s9a90kdyKE/6bCYA7J/tQ0ALsBWR
WAp4Z60L+yUow4MiAkrr8KTeWDwXqjea+/WgnKe0prFSblVtGv1lKDKehNMd4c4Z
6T5LEJmz8p8o9u4FUNtC5PRTrAbpObG61uh3jouAJtaaAB90dr6MC7rIP/pM071+
55BEmHbXfNEv34yEINw37ShNrO4mNVqazPTUfnhnGHxw7uyoDjr2XG45BhpIfbV5
lWx5ukC5dBON7C6CN/q5Nfc09ty8XzkOF9n1brt2t0x8vi0WbpXdpkA2s//V+Lmt
Y19dUu2p0tiHT4zdYM/2InoKQ5vqdYaLBpY5QnTplsAg
-----END CERTIFICATE-----