Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/FmAKBKd-PdNqMEGk2uZifaqmnrE.roa
File:                     FmAKBKd-PdNqMEGk2uZifaqmnrE.roa (raw, json)
Hash identifier:          BK0SX5WkOOtWNPjitJ2TK5CAHUK5xcu0+wg05UjWy1g=
Subject key identifier:   16:60:0A:04:A7:7E:3D:D3:6A:30:41:A4:DA:E6:62:7D:AA:A6:9E:B1
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0198C668F7BAFF6757A21D6819EB584E9204
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/FmAKBKd-PdNqMEGk2uZifaqmnrE.roa
Signing time:             Wed 20 Aug 2025 07:37:04 +0000
ROA not before:           Wed 20 Aug 2025 07:37:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34450
IP address blocks:        77.90.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c6:68:f7:ba:ff:67:57:a2:1d:68:19:eb:58:4e:92:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Aug 20 07:37:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16600a04a77e3dd36a3041a4dae6627daaa69eb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:3b:2d:db:e1:07:3d:fe:a5:dc:b2:fc:ec:a8:
                    63:35:ae:00:6f:33:66:2d:80:61:30:c6:55:16:60:
                    1f:3c:bb:3b:ba:05:41:70:e3:00:2f:34:29:13:84:
                    a2:ef:4c:ed:89:2f:07:3e:70:e8:67:bd:7a:76:41:
                    c3:a6:07:b3:6e:16:59:b7:e9:e0:3b:d0:be:69:58:
                    4a:46:c9:7a:18:1b:64:38:10:da:c1:bc:80:46:75:
                    44:53:86:6a:87:fa:0f:19:01:71:71:22:61:67:c1:
                    f1:26:ac:5f:ae:5c:a5:55:68:b1:c2:9a:80:18:49:
                    e5:27:9d:03:af:35:ed:f3:e5:ce:8b:b9:b2:24:9b:
                    6a:d4:60:16:dc:15:ff:d4:04:9c:e3:8b:91:24:6b:
                    8f:a0:74:7a:dd:81:da:19:fb:bc:66:e2:dc:84:5b:
                    3d:0c:66:08:6a:4c:a4:74:90:23:f4:6f:37:4b:d0:
                    92:6f:54:b7:4e:9f:be:e4:91:90:0d:eb:7f:42:37:
                    23:9b:d8:b8:b4:71:39:f2:a4:5a:16:6e:c3:de:cd:
                    0f:e7:26:15:1a:f0:a1:f4:c6:a8:f3:8f:64:3c:df:
                    61:7d:19:af:55:51:c0:42:a0:e5:b3:c5:8d:df:78:
                    e2:18:de:90:dc:db:df:11:3f:5f:47:e3:45:cb:d0:
                    cc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:60:0A:04:A7:7E:3D:D3:6A:30:41:A4:DA:E6:62:7D:AA:A6:9E:B1
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/FmAKBKd-PdNqMEGk2uZifaqmnrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:df:0a:85:1f:f5:ee:69:cb:dc:bb:7f:c3:96:66:cf:3e:b4:
         6d:27:3e:be:d6:20:73:71:0f:c9:35:38:83:1b:9b:4c:d4:c0:
         7e:ae:c9:f5:6f:90:71:66:42:a8:92:90:1d:97:37:db:4e:da:
         4b:5e:22:3b:12:cc:9a:25:45:b7:b4:63:17:60:05:3d:e3:4c:
         d9:3d:2e:e1:be:3c:20:32:e1:35:75:eb:a6:0d:68:51:8b:d4:
         ee:3e:f9:22:e4:64:cd:13:c1:f8:2c:57:6c:b3:59:5e:e2:72:
         69:01:fd:6f:74:19:4b:17:cd:bb:6c:c6:cc:f8:f5:30:62:24:
         64:13:cb:71:7e:70:2e:c3:8a:e9:84:6f:2c:4d:f3:65:f0:09:
         a0:d6:9e:4d:f4:be:86:73:1b:78:f5:fa:a8:56:16:cf:7e:e8:
         4e:9c:49:06:0c:4c:5d:8f:b3:05:2b:1b:d7:cb:f5:3e:7d:9f:
         47:d2:7a:76:31:06:01:8b:78:15:12:4d:5a:ce:40:b0:25:8a:
         e5:b7:5a:66:ef:3d:d4:5a:c6:a9:52:d4:67:f2:34:14:cd:a3:
         9a:27:65:08:62:8f:43:e5:e5:8e:f4:44:c9:3a:7a:26:8d:05:
         c3:8f:24:03:29:74:1b:c8:a3:d6:0e:56:d5:f6:22:e7:bf:c9:
         68:3c:17:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjGaPe6/2dXoh1oGetYTpIEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUwODIwMDczNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjYwMGEwNGE3N2UzZGQzNmEzMDQxYTRkYWU2NjI3ZGFhYTY5ZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jst2+EHPf6l3LL87KhjNa4AbzNm
LYBhMMZVFmAfPLs7ugVBcOMALzQpE4Si70ztiS8HPnDoZ716dkHDpgezbhZZt+ng
O9C+aVhKRsl6GBtkOBDawbyARnVEU4Zqh/oPGQFxcSJhZ8HxJqxfrlylVWixwpqA
GEnlJ50DrzXt8+XOi7myJJtq1GAW3BX/1ASc44uRJGuPoHR63YHaGfu8ZuLchFs9
DGYIakykdJAj9G83S9CSb1S3Tp++5JGQDet/Qjcjm9i4tHE58qRaFm7D3s0P5yYV
GvCh9Mao849kPN9hfRmvVVHAQqDls8WN33jiGN6Q3NvfET9fR+NFy9DMmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZgCgSnfj3TajBBpNrmYn2qpp6xMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvRm1BS0JLZC1QZE5xTUVHazJ1WmlmYXFtbnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVqOMA0G
CSqGSIb3DQEBCwUAA4IBAQCA3wqFH/Xuacvcu3/DlmbPPrRtJz6+1iBzcQ/JNTiD
G5tM1MB+rsn1b5BxZkKokpAdlzfbTtpLXiI7EsyaJUW3tGMXYAU940zZPS7hvjwg
MuE1deumDWhRi9TuPvki5GTNE8H4LFdss1le4nJpAf1vdBlLF827bMbM+PUwYiRk
E8txfnAuw4rphG8sTfNl8Amg1p5N9L6Gcxt49fqoVhbPfuhOnEkGDExdj7MFKxvX
y/U+fZ9H0np2MQYBi3gVEk1azkCwJYrlt1pm7z3UWsapUtRn8jQUzaOaJ2UIYo9D
5eWO9ETJOnomjQXDjyQDKXQbyKPWDlbV9iLnv8loPBe+
-----END CERTIFICATE-----