Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/DRQUnN7HKcdXFxaJt5OsGPcTrMk.roa
File:                     DRQUnN7HKcdXFxaJt5OsGPcTrMk.roa (raw, json)
Hash identifier:          pc1QrwRY7ZHDNaDimFQwB1lOCkdLv/YmCn9z7q0J2sQ=
Subject key identifier:   0D:14:14:9C:DE:C7:29:C7:57:17:16:89:B7:93:AC:18:F7:13:AC:C9
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019D212E5B271F08B3C82B4A2F877249BAD6
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/DRQUnN7HKcdXFxaJt5OsGPcTrMk.roa
Signing time:             Tue 24 Mar 2026 18:49:39 +0000
ROA not before:           Tue 24 Mar 2026 18:49:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208626
IP address blocks:        77.90.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:21:2e:5b:27:1f:08:b3:c8:2b:4a:2f:87:72:49:ba:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar 24 18:49:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d14149cdec729c757171689b793ac18f713acc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:67:9b:10:f4:c5:51:e6:94:33:39:41:69:49:
                    28:21:71:a0:31:18:9d:97:b3:e3:f6:15:eb:34:dc:
                    38:7b:fd:cd:3a:9e:10:b5:7a:14:b5:aa:28:f8:49:
                    82:2d:4c:44:ef:d7:e1:8b:eb:b8:3f:3e:14:e5:12:
                    2b:b3:7d:c9:e4:2a:cd:e5:c5:7c:dd:38:fc:d7:86:
                    a1:0b:1f:54:a5:35:92:fa:88:22:8c:f4:8e:e1:b3:
                    f0:8c:92:ed:47:04:81:79:c8:84:1a:da:d4:83:0a:
                    be:c4:fc:1d:9c:92:de:dd:d5:93:91:41:56:40:25:
                    c0:fc:91:da:93:77:d7:36:a6:ff:b9:87:2b:57:38:
                    55:c8:2f:83:4f:e4:b4:67:9a:70:0c:09:be:90:b8:
                    89:fb:9f:27:78:d3:d7:e0:65:2f:26:14:54:91:f7:
                    83:d8:16:32:25:64:cf:85:bb:2c:58:7c:fb:78:1d:
                    5b:3a:83:7d:6a:99:81:8c:c7:48:d2:0c:5d:d8:db:
                    10:15:ff:33:6d:de:c5:14:35:ce:08:79:ff:40:43:
                    1c:ba:04:da:19:79:9d:d0:b3:9a:85:06:e9:de:80:
                    3b:10:ea:cf:a8:e5:91:e2:3e:f0:bc:23:93:3f:19:
                    2e:27:ad:d1:04:3a:eb:df:9d:10:71:cf:b5:c7:a7:
                    0b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:14:14:9C:DE:C7:29:C7:57:17:16:89:B7:93:AC:18:F7:13:AC:C9
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/DRQUnN7HKcdXFxaJt5OsGPcTrMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:21:55:cb:29:35:6d:22:22:5e:31:8d:bb:53:ee:51:e6:8f:
         45:82:fc:1b:04:72:81:f0:48:fc:15:f4:61:eb:b8:f7:75:eb:
         79:46:e6:b5:c7:57:9f:32:d2:23:ff:05:25:e6:34:7c:2e:e1:
         9a:db:e1:15:e4:5a:7b:55:e9:76:f9:65:41:0d:d7:59:43:5f:
         77:12:ce:6c:21:dc:00:2d:7c:d4:31:92:2e:65:ed:d2:c0:85:
         68:57:b1:83:32:0c:d7:ec:de:9a:f6:45:9c:1b:e9:df:4b:3a:
         4d:d6:3f:fd:70:06:fe:fc:c0:26:cf:6c:31:06:dc:75:d5:c3:
         71:73:92:c8:13:9a:9d:f1:0d:fe:0b:a4:e4:b9:90:21:0e:4b:
         9c:c4:98:2e:0c:19:cd:22:9c:0f:9b:69:ae:48:02:64:c6:9b:
         66:06:fb:a6:25:47:1c:c5:54:a7:5a:94:70:f9:f1:19:0a:ba:
         65:63:2d:a7:da:7e:91:dd:69:3c:45:28:54:1a:18:0f:c2:4e:
         61:e4:02:05:1d:b7:06:3b:da:08:0d:f3:b4:1b:77:0e:58:bc:
         73:ca:92:58:9e:fc:64:d2:e4:55:e6:12:02:82:21:3f:2b:ed:
         b7:8e:cb:c3:77:c9:22:65:aa:a4:77:f2:a4:b9:ec:71:4e:31:
         bc:74:7f:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0hLlsnHwizyCtKL4dySbrWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwMzI0MTg0OTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDE0MTQ5Y2RlYzcyOWM3NTcxNzE2ODliNzkzYWMxOGY3MTNhY2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWebEPTFUeaUMzlBaUkoIXGgMRid
l7Pj9hXrNNw4e/3NOp4QtXoUtaoo+EmCLUxE79fhi+u4Pz4U5RIrs33J5CrN5cV8
3Tj814ahCx9UpTWS+ogijPSO4bPwjJLtRwSBeciEGtrUgwq+xPwdnJLe3dWTkUFW
QCXA/JHak3fXNqb/uYcrVzhVyC+DT+S0Z5pwDAm+kLiJ+58neNPX4GUvJhRUkfeD
2BYyJWTPhbssWHz7eB1bOoN9apmBjMdI0gxd2NsQFf8zbd7FFDXOCHn/QEMcugTa
GXmd0LOahQbp3oA7EOrPqOWR4j7wvCOTPxkuJ63RBDrr350Qcc+1x6cLTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0UFJzexynHVxcWibeTrBj3E6zJMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvRFJRVW5ON0hLY2RYRnhhSnQ1T3NHUGNUck1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVq1MA0G
CSqGSIb3DQEBCwUAA4IBAQB7IVXLKTVtIiJeMY27U+5R5o9FgvwbBHKB8Ej8FfRh
67j3det5Rua1x1efMtIj/wUl5jR8LuGa2+EV5Fp7Vel2+WVBDddZQ193Es5sIdwA
LXzUMZIuZe3SwIVoV7GDMgzX7N6a9kWcG+nfSzpN1j/9cAb+/MAmz2wxBtx11cNx
c5LIE5qd8Q3+C6TkuZAhDkucxJguDBnNIpwPm2muSAJkxptmBvumJUccxVSnWpRw
+fEZCrplYy2n2n6R3Wk8RShUGhgPwk5h5AIFHbcGO9oIDfO0G3cOWLxzypJYnvxk
0uRV5hICgiE/K+23jsvDd8kiZaqkd/KkuexxTjG8dH8l
-----END CERTIFICATE-----