Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/7nQ2lmMByBc9BzSe5MpXR-7PWQ4.roa
File:                     7nQ2lmMByBc9BzSe5MpXR-7PWQ4.roa (raw, json)
Hash identifier:          WXh7yFtrWpyCzYsrsNrvVMrVdkxW0TyL4bbT6QwTD/Q=
Subject key identifier:   EE:74:36:96:63:01:C8:17:3D:07:34:9E:E4:CA:57:47:EE:CF:59:0E
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0199AAE6DDC36F7DC3DC716F859115D8C5BF
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/7nQ2lmMByBc9BzSe5MpXR-7PWQ4.roa
Signing time:             Fri 03 Oct 2025 16:28:00 +0000
ROA not before:           Fri 03 Oct 2025 16:28:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62425
IP address blocks:        77.90.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:aa:e6:dd:c3:6f:7d:c3:dc:71:6f:85:91:15:d8:c5:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Oct  3 16:28:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee7436966301c8173d07349ee4ca5747eecf590e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f5:a2:17:e5:eb:50:c1:9d:58:7a:e4:f0:e0:
                    04:f5:99:8d:4d:b7:9c:1f:00:e1:4f:ba:ab:cd:6c:
                    7b:d4:03:c2:3a:a6:06:ce:6c:cb:51:03:28:ad:5c:
                    3d:6c:db:f8:95:8b:11:aa:03:cd:c5:80:b4:a6:6a:
                    59:18:8e:9b:45:d8:b8:07:f2:bf:0a:64:97:a3:e0:
                    b8:1b:a8:75:b7:41:1f:a1:17:89:f4:a8:a4:7a:db:
                    46:6e:e1:7d:0c:d6:1b:01:0e:4f:6e:e7:60:10:ac:
                    9a:04:b0:7b:fd:6f:9e:b3:5b:94:b7:5f:88:dc:9d:
                    28:ea:5f:ee:e4:bd:b2:8b:91:5e:3a:ec:d3:58:74:
                    f2:ed:7a:05:50:76:25:25:c6:70:42:77:3c:58:47:
                    c9:c5:dd:9f:7d:cb:fc:11:3e:bf:31:00:6d:1a:81:
                    4e:e2:f4:c6:c5:7f:3d:9d:e7:94:f4:6e:cf:d1:14:
                    f0:49:6b:24:97:b3:1f:a1:30:47:d5:7e:ed:5c:d1:
                    b0:1a:28:ce:7a:2c:f7:8d:32:43:12:e9:28:35:02:
                    0f:86:3c:22:74:8b:ef:ad:74:50:1e:3e:b0:7a:2a:
                    f9:d8:15:48:32:51:0b:3d:44:b1:cd:9f:ba:47:98:
                    f6:e5:4b:d6:97:b1:a3:8f:e2:4b:e6:7b:c1:c5:4f:
                    ea:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:74:36:96:63:01:C8:17:3D:07:34:9E:E4:CA:57:47:EE:CF:59:0E
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/7nQ2lmMByBc9BzSe5MpXR-7PWQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:d7:77:cb:9f:71:bf:ca:1b:2e:e7:90:8a:cb:d4:5b:09:f7:
         fb:c0:5b:d3:a2:b9:24:10:6e:00:b3:b0:e0:48:a9:a8:32:80:
         85:60:11:c4:ec:4d:d6:6e:ad:c4:ad:a7:14:e4:05:c0:48:66:
         06:87:f5:54:99:2c:b3:76:26:97:d0:00:58:67:88:24:9a:62:
         6a:7d:25:4b:ce:54:75:d3:84:41:83:ca:18:48:4b:87:25:2f:
         da:d3:f2:69:ea:a4:49:7c:c1:0f:ea:f2:8b:da:fa:06:c1:ff:
         ab:4c:e4:1a:18:40:a4:26:0e:65:1e:b5:6d:8b:d0:a7:b6:43:
         c7:91:a8:5f:d1:c8:4a:7a:af:b9:a8:ca:2e:b8:d2:26:62:50:
         f1:fd:a6:95:25:45:b7:74:fd:11:04:c2:6c:d6:97:dc:f4:2a:
         8a:48:40:33:94:cc:5c:cc:58:31:b2:f6:ad:a5:18:d7:b5:92:
         45:77:88:82:44:7f:13:d9:f4:f2:e6:13:be:30:a2:61:40:c5:
         23:f3:8c:59:3c:15:94:18:10:a6:d4:e2:78:74:a0:16:8e:a0:
         95:86:38:94:2a:01:3c:6c:d8:e2:b5:55:45:31:8c:23:51:0e:
         e5:ca:c8:6d:96:ac:f6:e2:f2:bc:8a:2a:7f:01:6c:a9:ec:b1:
         f0:c7:8a:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmq5t3Db33D3HFvhZEV2MW/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUxMDAzMTYyODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTc0MzY5NjYzMDFjODE3M2QwNzM0OWVlNGNhNTc0N2VlY2Y1OTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/WiF+XrUMGdWHrk8OAE9ZmNTbec
HwDhT7qrzWx71APCOqYGzmzLUQMorVw9bNv4lYsRqgPNxYC0pmpZGI6bRdi4B/K/
CmSXo+C4G6h1t0EfoReJ9KikettGbuF9DNYbAQ5PbudgEKyaBLB7/W+es1uUt1+I
3J0o6l/u5L2yi5FeOuzTWHTy7XoFUHYlJcZwQnc8WEfJxd2ffcv8ET6/MQBtGoFO
4vTGxX89neeU9G7P0RTwSWskl7MfoTBH1X7tXNGwGijOeiz3jTJDEukoNQIPhjwi
dIvvrXRQHj6weir52BVIMlELPUSxzZ+6R5j25UvWl7Gjj+JL5nvBxU/qOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO50NpZjAcgXPQc0nuTKV0fuz1kOMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvN25RMmxtTUJ5QmM5QnpTZTVNcFhSLTdQV1E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVqDMA0G
CSqGSIb3DQEBCwUAA4IBAQC113fLn3G/yhsu55CKy9RbCff7wFvTorkkEG4As7Dg
SKmoMoCFYBHE7E3Wbq3EracU5AXASGYGh/VUmSyzdiaX0ABYZ4gkmmJqfSVLzlR1
04RBg8oYSEuHJS/a0/Jp6qRJfMEP6vKL2voGwf+rTOQaGECkJg5lHrVti9CntkPH
kahf0chKeq+5qMouuNImYlDx/aaVJUW3dP0RBMJs1pfc9CqKSEAzlMxczFgxsvat
pRjXtZJFd4iCRH8T2fTy5hO+MKJhQMUj84xZPBWUGBCm1OJ4dKAWjqCVhjiUKgE8
bNjitVVFMYwjUQ7lyshtlqz24vK8iip/AWyp7LHwx4pU
-----END CERTIFICATE-----