Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/sdg3dsR-LO4U5J3eX37WF3yxhPo.roa
File:                     sdg3dsR-LO4U5J3eX37WF3yxhPo.roa (raw, json)
Hash identifier:          xI/zSgvmy+4LbBhBP2em10bjHjDbZ+brY5VkuhBI02k=
Subject key identifier:   B1:D8:37:76:C4:7E:2C:EE:14:E4:9D:DE:5F:7E:D6:17:7C:B1:84:FA
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0199A83EAA15197835924BD7F7764F36A3BE
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/sdg3dsR-LO4U5J3eX37WF3yxhPo.roa
Signing time:             Fri 03 Oct 2025 04:05:03 +0000
ROA not before:           Fri 03 Oct 2025 04:05:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214915
IP address blocks:        77.90.16.0/24 maxlen: 24
                          77.90.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a8:3e:aa:15:19:78:35:92:4b:d7:f7:76:4f:36:a3:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Oct  3 04:05:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1d83776c47e2cee14e49dde5f7ed6177cb184fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:25:63:0c:c8:49:ac:4e:cb:42:f7:47:29:56:
                    1f:f6:2c:db:fa:b9:7e:30:e0:2a:a6:d4:14:2e:90:
                    98:58:86:8c:42:80:16:a6:9b:b4:c7:0a:cb:e7:7f:
                    16:44:c8:96:e8:6d:33:82:cb:9d:86:87:19:3c:0e:
                    b7:6a:13:39:9b:22:b1:b7:34:1a:0f:c1:48:ff:11:
                    81:ac:90:85:f7:bd:e8:8b:6e:a0:90:49:1e:54:44:
                    21:7c:f5:fc:01:6e:9d:9a:cf:eb:53:ca:27:fd:f9:
                    d6:b6:7b:39:df:44:bd:a4:49:02:ba:60:18:2e:ca:
                    67:b6:c2:08:fb:f1:81:d0:43:c3:b4:a4:de:65:44:
                    43:a2:60:cf:14:74:6c:d5:86:50:54:cf:9c:ac:6e:
                    20:d5:c1:86:fd:8a:66:3e:b6:76:21:f2:4b:42:8a:
                    be:1f:9e:21:b9:8f:78:f1:8e:ba:0c:6f:55:4b:51:
                    33:b9:20:d1:ad:c7:8f:fa:a2:2e:19:54:55:8d:99:
                    76:15:f4:a0:2a:7f:cd:eb:1c:f0:f9:0a:2d:9d:d1:
                    1c:6d:06:68:67:5c:d5:63:4f:93:4e:22:28:58:49:
                    e5:d0:eb:d3:04:3c:e7:b2:b5:1b:71:8c:12:f3:05:
                    3e:50:4c:85:d9:1c:a5:76:98:57:d8:fe:1e:f3:6f:
                    df:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D8:37:76:C4:7E:2C:EE:14:E4:9D:DE:5F:7E:D6:17:7C:B1:84:FA
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/sdg3dsR-LO4U5J3eX37WF3yxhPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.16.0/24
                  77.90.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:dc:1b:b1:2b:ed:44:77:44:3a:56:11:6c:41:b8:f6:60:d8:
         b4:e1:0a:c4:b5:cb:1a:79:1c:7d:16:9f:7d:e3:4e:65:44:19:
         36:f2:b3:59:4e:c6:c3:41:5d:be:46:39:af:a8:be:6c:a5:6a:
         aa:42:00:dc:ad:25:a0:08:df:8b:53:32:05:b2:1c:e0:e8:4a:
         c5:c8:44:c6:ed:2c:8b:a7:06:ca:f2:89:68:b3:c8:30:7b:60:
         e5:b1:4f:f6:58:02:f5:b6:17:7d:92:51:41:ba:53:00:fb:d5:
         2b:9f:f9:d5:d4:59:4f:a4:b7:29:74:04:d7:12:12:48:7b:b9:
         9f:6f:ed:30:39:25:b6:22:38:91:d6:a8:63:12:c8:29:fb:75:
         ab:c0:08:7e:14:b5:40:65:dd:dc:46:1e:72:97:c6:43:d5:71:
         dd:19:1f:8a:a9:4d:84:e1:ab:69:6c:16:b0:89:78:e2:e2:9c:
         b1:c2:6e:9e:25:ac:89:a7:a6:9b:39:80:a2:8d:9e:f5:3e:11:
         ce:70:82:5e:93:7b:c2:cc:f9:a0:09:de:09:52:31:bb:e3:5f:
         f6:2e:54:db:54:02:37:39:2c:e8:fc:b8:79:89:8b:78:e0:9d:
         d4:48:d6:f7:b4:ba:ac:2c:ee:2a:30:e2:16:43:21:24:29:05:
         c8:dc:4b:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmoPqoVGXg1kkvX93ZPNqO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMDAzMDQwNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQ4Mzc3NmM0N2UyY2VlMTRlNDlkZGU1ZjdlZDYxNzdjYjE4NGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SVjDMhJrE7LQvdHKVYf9izb+rl+
MOAqptQULpCYWIaMQoAWppu0xwrL538WRMiW6G0zgsudhocZPA63ahM5myKxtzQa
D8FI/xGBrJCF973oi26gkEkeVEQhfPX8AW6dms/rU8on/fnWtns530S9pEkCumAY
LspntsII+/GB0EPDtKTeZURDomDPFHRs1YZQVM+crG4g1cGG/YpmPrZ2IfJLQoq+
H54huY948Y66DG9VS1EzuSDRrceP+qIuGVRVjZl2FfSgKn/N6xzw+QotndEcbQZo
Z1zVY0+TTiIoWEnl0OvTBDznsrUbcYwS8wU+UEyF2RyldphX2P4e82/fWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLHYN3bEfizuFOSd3l9+1hd8sYT6MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvc2RnM2RzUi1MTzRVNUozZVgzN1dGM3l4aFBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVoQAwQA
TVobMA0GCSqGSIb3DQEBCwUAA4IBAQBd3BuxK+1Ed0Q6VhFsQbj2YNi04QrEtcsa
eRx9Fp99405lRBk28rNZTsbDQV2+RjmvqL5spWqqQgDcrSWgCN+LUzIFshzg6ErF
yETG7SyLpwbK8olos8gwe2DlsU/2WAL1thd9klFBulMA+9Urn/nV1FlPpLcpdATX
EhJIe7mfb+0wOSW2IjiR1qhjEsgp+3WrwAh+FLVAZd3cRh5yl8ZD1XHdGR+KqU2E
4atpbBawiXji4pyxwm6eJayJp6abOYCijZ71PhHOcIJek3vCzPmgCd4JUjG741/2
LlTbVAI3OSzo/Lh5iYt44J3USNb3tLqsLO4qMOIWQyEkKQXI3EuY
-----END CERTIFICATE-----