Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/90yE-69sif8zX4jfHo4v7FOH6JA.roa
File:                     90yE-69sif8zX4jfHo4v7FOH6JA.roa (raw, json)
Hash identifier:          QLC30PLAO5hYp0GK8Ml+9aoiG2T2sp2bTejXfELxdjk=
Subject key identifier:   F7:4C:84:FB:AF:6C:89:FF:33:5F:88:DF:1E:8E:2F:EC:53:87:E8:90
Certificate issuer:       /CN=4477c699593ae2d61bc3743353b09d220429fe4a
Certificate serial:       019B7F13B2EA75FB2F421DBDC6EDF5C2A95D
Authority key identifier: 44:77:C6:99:59:3A:E2:D6:1B:C3:74:33:53:B0:9D:22:04:29:FE:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RHfGmVk64tYbw3QzU7CdIgQp_ko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/90yE-69sif8zX4jfHo4v7FOH6JA.roa
Signing time:             Fri 02 Jan 2026 14:19:16 +0000
ROA not before:           Fri 02 Jan 2026 14:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62098
IP address blocks:        193.30.167.0/24 maxlen: 24
                          2a0a:31c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/RHfGmVk64tYbw3QzU7CdIgQp_ko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/RHfGmVk64tYbw3QzU7CdIgQp_ko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RHfGmVk64tYbw3QzU7CdIgQp_ko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:b2:ea:75:fb:2f:42:1d:bd:c6:ed:f5:c2:a9:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4477c699593ae2d61bc3743353b09d220429fe4a
        Validity
            Not Before: Jan  2 14:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f74c84fbaf6c89ff335f88df1e8e2fec5387e890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:11:be:9b:93:5b:fa:a3:08:96:b4:d2:3e:63:
                    47:2d:4c:a8:65:be:a7:8c:48:9e:04:02:46:35:09:
                    c3:2b:19:d2:f1:bf:94:a1:34:39:96:fc:30:6c:44:
                    e3:ef:16:47:fd:4d:99:ab:a5:a2:1a:43:c0:ef:7c:
                    cd:13:ad:50:4f:f2:9a:79:30:94:5e:d7:11:0c:49:
                    0e:71:15:4e:3e:07:02:9e:98:e5:f8:4b:36:d8:75:
                    4a:e4:52:78:0d:fe:63:15:1a:64:3e:55:bb:8a:6d:
                    7b:a4:84:af:6f:32:bc:1d:3e:43:b7:df:46:98:63:
                    51:cc:30:9c:20:64:0e:92:09:32:5b:c3:4a:fb:78:
                    7c:75:25:6d:a8:65:e0:96:98:5e:2f:36:f4:6c:9e:
                    9f:e9:66:b5:00:06:0e:a5:f3:8a:fa:09:2b:c6:32:
                    18:b6:57:6f:47:19:da:d5:29:64:93:00:90:94:8c:
                    56:59:95:1a:7b:88:32:48:ae:31:db:4c:d6:fc:ec:
                    e1:2d:d0:d9:5b:42:9c:7e:d6:30:00:1c:c7:9d:7a:
                    d2:8b:ff:6f:96:e4:51:c2:ab:4b:4d:eb:72:02:63:
                    aa:2b:22:20:b6:aa:da:87:85:36:72:8e:5d:e1:84:
                    03:e4:dd:b7:08:e6:94:28:97:06:77:13:99:62:fe:
                    9a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:4C:84:FB:AF:6C:89:FF:33:5F:88:DF:1E:8E:2F:EC:53:87:E8:90
            X509v3 Authority Key Identifier:
                keyid:44:77:C6:99:59:3A:E2:D6:1B:C3:74:33:53:B0:9D:22:04:29:FE:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RHfGmVk64tYbw3QzU7CdIgQp_ko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/90yE-69sif8zX4jfHo4v7FOH6JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/4bc242-6462-411a-b1aa-dd305b851570/1/RHfGmVk64tYbw3QzU7CdIgQp_ko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.167.0/24
                IPv6:
                  2a0a:31c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:7f:87:24:1c:21:98:67:33:68:81:c7:e8:9f:22:b3:96:5e:
         d9:17:31:19:5d:5f:cf:d5:33:7a:f5:4a:c6:de:21:d3:cb:b8:
         3f:f9:54:8a:dc:be:c5:69:62:a5:e4:4a:fb:ce:10:04:4f:ba:
         cd:1c:5a:a3:ad:01:e5:bf:99:5b:c4:fa:7f:7a:9a:b2:ee:e3:
         7a:39:4b:88:81:c7:0a:90:50:b6:bf:91:07:e5:5e:03:06:42:
         ff:50:9a:bd:41:5e:0c:86:8c:96:24:87:59:f0:e4:aa:4a:e3:
         c1:ae:db:d8:2d:61:0b:80:f3:5c:48:43:f5:80:c1:7d:72:bf:
         97:db:33:4b:b4:13:0e:19:8d:67:18:68:5f:b3:63:10:f8:1d:
         59:38:ff:1d:f3:02:90:44:23:68:31:f9:2e:55:01:9a:77:b7:
         43:e2:32:90:04:db:46:ea:b8:e8:d4:06:bf:1e:89:de:b6:3e:
         a8:a4:1a:9c:d5:47:27:93:9f:ed:78:11:60:f8:fe:f5:2a:0e:
         57:c3:e3:e6:60:42:b3:b1:ff:e4:08:fe:3d:30:eb:f3:84:48:
         03:a7:95:2b:8f:b6:fc:2f:c8:fd:93:7e:74:09:e1:27:2a:38:
         a6:89:76:7e:f8:16:cf:f4:84:4b:cc:0e:8d:af:0a:bf:47:42:
         8d:4e:fa:9e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt/E7LqdfsvQh29xu31wqldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NzdjNjk5NTkzYWUyZDYxYmMzNzQzMzUzYjA5ZDIyMDQy
OWZlNGEwHhcNMjYwMTAyMTQxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzRjODRmYmFmNmM4OWZmMzM1Zjg4ZGYxZThlMmZlYzUzODdlODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRG+m5Nb+qMIlrTSPmNHLUyoZb6n
jEieBAJGNQnDKxnS8b+UoTQ5lvwwbETj7xZH/U2Zq6WiGkPA73zNE61QT/KaeTCU
XtcRDEkOcRVOPgcCnpjl+Es22HVK5FJ4Df5jFRpkPlW7im17pISvbzK8HT5Dt99G
mGNRzDCcIGQOkgkyW8NK+3h8dSVtqGXglpheLzb0bJ6f6Wa1AAYOpfOK+gkrxjIY
tldvRxna1SlkkwCQlIxWWZUae4gySK4x20zW/OzhLdDZW0KcftYwABzHnXrSi/9v
luRRwqtLTetyAmOqKyIgtqrah4U2co5d4YQD5N23COaUKJcGdxOZYv6aCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPdMhPuvbIn/M1+I3x6OL+xTh+iQMB8GA1UdIwQY
MBaAFER3xplZOuLWG8N0M1OwnSIEKf5KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkhmR21WazY0dFlidzNRelU3Q2RJZ1FwX2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi80YmMyNDItNjQ2Mi00MTFhLWIxYWEt
ZGQzMDViODUxNTcwLzEvOTB5RS02OXNpZjh6WDRqZkhvNHY3Rk9INkpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi80YmMyNDItNjQ2Mi00MTFhLWIxYWEtZGQzMDViODUxNTcw
LzEvUkhmR21WazY0dFlidzNRelU3Q2RJZ1FwX2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwR6nMA0E
AgACMAcDBQMqCjHAMA0GCSqGSIb3DQEBCwUAA4IBAQBuf4ckHCGYZzNogcfonyKz
ll7ZFzEZXV/P1TN69UrG3iHTy7g/+VSK3L7FaWKl5Er7zhAET7rNHFqjrQHlv5lb
xPp/epqy7uN6OUuIgccKkFC2v5EH5V4DBkL/UJq9QV4MhoyWJIdZ8OSqSuPBrtvY
LWELgPNcSEP1gMF9cr+X2zNLtBMOGY1nGGhfs2MQ+B1ZOP8d8wKQRCNoMfkuVQGa
d7dD4jKQBNtG6rjo1Aa/Honetj6opBqc1Ucnk5/teBFg+P71Kg5Xw+PmYEKzsf/k
CP49MOvzhEgDp5Urj7b8L8j9k350CeEnKjimiXZ++BbP9IRLzA6Nrwq/R0KNTvqe
-----END CERTIFICATE-----