Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/vjRHPwMvCfDOTd2o20oz_ZsE5Aw.roa
File:                     vjRHPwMvCfDOTd2o20oz_ZsE5Aw.roa (raw, json)
Hash identifier:          mA5AEUSASOccm5VLu1M2YmlcRb167J30YJtK09Pa6K8=
Subject key identifier:   BE:34:47:3F:03:2F:09:F0:CE:4D:DD:A8:DB:4A:33:FD:9B:04:E4:0C
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01967E5263CDD5C09A782EAC8E57818A7CE7
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/vjRHPwMvCfDOTd2o20oz_ZsE5Aw.roa
Signing time:             Mon 28 Apr 2025 21:34:10 +0000
ROA not before:           Mon 28 Apr 2025 21:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214771
IP address blocks:        77.90.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 13:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7e:52:63:cd:d5:c0:9a:78:2e:ac:8e:57:81:8a:7c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 28 21:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be34473f032f09f0ce4ddda8db4a33fd9b04e40c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:1b:46:da:4c:c0:83:bb:4b:3a:e9:0a:85:f1:
                    c4:11:fc:3b:eb:f1:7c:39:47:d6:09:6f:99:e3:8b:
                    14:7d:31:91:47:6a:4c:82:2c:89:8a:84:43:9b:28:
                    50:47:d0:a2:83:9e:9d:2b:34:78:96:3c:b6:86:35:
                    ec:e9:34:9a:2c:ee:56:bc:6e:5c:40:58:82:57:a7:
                    5c:bd:28:ea:e3:86:3f:ac:8b:53:e4:9b:ab:9a:94:
                    a0:cb:24:c8:bf:3c:16:91:a1:f2:5c:65:69:a0:d2:
                    74:05:62:62:1f:09:b3:3d:fd:3f:6c:5d:82:4f:45:
                    04:9f:63:e4:a6:ef:25:49:ab:06:48:c8:a9:3b:32:
                    4e:99:b5:18:42:f8:6f:bc:15:8e:2b:4a:00:86:c1:
                    c9:25:74:d9:43:5b:7e:69:53:5c:c0:45:fa:4a:4e:
                    cc:4b:22:e1:95:0d:1f:0c:ef:3f:62:9c:89:c8:ee:
                    68:34:c1:44:c6:75:91:b8:23:49:d2:dc:f7:d4:19:
                    39:ac:ee:41:ca:94:ee:eb:e1:0d:aa:cc:40:8e:9b:
                    9e:5c:f3:33:92:31:4d:09:42:b3:34:7f:0e:0f:69:
                    61:87:77:2b:ff:e5:8f:a3:93:63:2d:68:a5:45:f0:
                    cb:4a:56:ed:60:8b:81:4f:ae:0d:21:94:55:f9:e3:
                    20:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:34:47:3F:03:2F:09:F0:CE:4D:DD:A8:DB:4A:33:FD:9B:04:E4:0C
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/vjRHPwMvCfDOTd2o20oz_ZsE5Aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:d8:55:db:ce:48:db:2a:5a:09:79:f7:c6:02:39:0b:4a:92:
         d5:2e:8e:b4:0c:23:61:a7:c9:2e:73:47:dc:6a:8f:90:4c:a4:
         5a:89:65:5e:2b:a9:8a:b3:e4:76:df:e4:59:dc:21:70:54:65:
         b9:2f:df:eb:28:ff:5f:97:ab:21:97:53:c3:01:42:6d:9c:dc:
         22:19:a5:11:df:e5:3a:72:6f:4f:86:78:f5:24:02:2b:5c:ff:
         54:c1:de:e4:9a:89:ce:b7:e7:60:3a:88:a2:1f:5c:21:07:fa:
         46:ae:8b:ec:8b:f2:5b:7a:05:d0:ae:dc:19:ec:9d:af:b1:40:
         e1:63:72:1e:12:58:61:bb:3f:8c:0c:66:4c:4c:e1:27:d1:a8:
         bb:d5:81:16:b1:b3:ae:e7:5f:5b:2b:6d:54:ae:2d:9a:34:45:
         63:54:1c:cc:66:e3:e5:f0:f7:2d:b5:a8:c2:da:e5:0e:72:71:
         0a:8c:f5:1d:9f:03:7a:ca:68:35:f7:c2:30:aa:71:07:f4:4b:
         46:fb:c3:94:dd:bd:47:97:ed:21:27:e1:a1:a1:fa:10:3b:de:
         b3:0d:78:1c:36:9d:00:5c:6f:27:29:09:44:6c:52:5f:e1:9a:
         29:c5:32:a2:d7:e9:c5:e5:86:60:a8:5b:0b:82:79:e8:69:3c:
         95:dc:75:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ+UmPN1cCaeC6sjleBinznMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDI4MjEzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTM0NDczZjAzMmYwOWYwY2U0ZGRkYThkYjRhMzNmZDliMDRlNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/BtG2kzAg7tLOukKhfHEEfw76/F8
OUfWCW+Z44sUfTGRR2pMgiyJioRDmyhQR9Cig56dKzR4ljy2hjXs6TSaLO5WvG5c
QFiCV6dcvSjq44Y/rItT5JurmpSgyyTIvzwWkaHyXGVpoNJ0BWJiHwmzPf0/bF2C
T0UEn2Pkpu8lSasGSMipOzJOmbUYQvhvvBWOK0oAhsHJJXTZQ1t+aVNcwEX6Sk7M
SyLhlQ0fDO8/YpyJyO5oNMFExnWRuCNJ0tz31Bk5rO5BypTu6+ENqsxAjpueXPMz
kjFNCUKzNH8OD2lhh3cr/+WPo5NjLWilRfDLSlbtYIuBT64NIZRV+eMgIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL40Rz8DLwnwzk3dqNtKM/2bBOQMMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvdmpSSFB3TXZDZkRPVGQybzIwb3pfWnNFNUF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVoUMA0G
CSqGSIb3DQEBCwUAA4IBAQCj2FXbzkjbKloJeffGAjkLSpLVLo60DCNhp8kuc0fc
ao+QTKRaiWVeK6mKs+R23+RZ3CFwVGW5L9/rKP9fl6shl1PDAUJtnNwiGaUR3+U6
cm9Phnj1JAIrXP9Uwd7kmonOt+dgOoiiH1whB/pGrovsi/JbegXQrtwZ7J2vsUDh
Y3IeElhhuz+MDGZMTOEn0ai71YEWsbOu519bK21Uri2aNEVjVBzMZuPl8PcttajC
2uUOcnEKjPUdnwN6ymg198IwqnEH9EtG+8OU3b1Hl+0hJ+GhofoQO96zDXgcNp0A
XG8nKQlEbFJf4ZopxTKi1+nF5YZgqFsLgnnoaTyV3HXQ
-----END CERTIFICATE-----