Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/SYJLObrmnLX0qSjqWy4fjvI4wfg.roa
File:                     SYJLObrmnLX0qSjqWy4fjvI4wfg.roa (raw, json)
Hash identifier:          8EEWLPfT56iygA2pm9gSd1ZbNAm6vIegZGKTF/BcW2k=
Subject key identifier:   49:82:4B:39:BA:E6:9C:B5:F4:A9:28:EA:5B:2E:1F:8E:F2:38:C1:F8
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0198A36CAB30A070E6E9E8871E8105333B53
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/SYJLObrmnLX0qSjqWy4fjvI4wfg.roa
Signing time:             Wed 13 Aug 2025 12:34:24 +0000
ROA not before:           Wed 13 Aug 2025 12:34:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213511
IP address blocks:        77.90.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:6c:ab:30:a0:70:e6:e9:e8:87:1e:81:05:33:3b:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Aug 13 12:34:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49824b39bae69cb5f4a928ea5b2e1f8ef238c1f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8b:71:99:44:cb:0d:be:b0:72:c2:ec:0a:c9:
                    6d:83:6e:69:9b:9a:48:52:76:9b:1c:6f:ab:31:3b:
                    0b:49:25:0d:38:f5:03:74:d2:11:4c:b7:bb:cc:47:
                    d4:ff:72:02:e8:f3:5f:2f:e1:80:6d:18:c5:c3:02:
                    35:33:e0:b7:31:a1:82:01:5a:7d:8b:03:84:e8:42:
                    64:74:2e:d5:47:b9:3e:cb:13:be:8c:2d:e9:3a:95:
                    12:07:f7:c5:b9:a0:b2:9e:87:b4:54:b6:0e:d8:88:
                    60:2b:6f:37:e8:ca:42:48:ff:42:a1:f0:35:19:52:
                    f5:be:02:ba:1a:d0:48:91:8d:b0:6b:32:1d:a5:ea:
                    63:79:92:16:9c:99:40:21:f7:19:56:f5:d2:55:4b:
                    71:87:c7:7d:d7:c5:7f:d2:c9:eb:d8:15:58:8f:30:
                    72:ba:40:aa:f2:b1:cb:05:e0:a8:9a:0a:fc:79:d6:
                    13:cd:af:8f:52:e3:1e:00:76:01:89:ec:b9:34:40:
                    3e:e6:f9:8e:30:4e:38:ae:37:78:a7:92:60:78:a9:
                    10:86:35:d9:78:4c:81:e2:c3:ed:d3:b4:58:21:fd:
                    bf:52:b3:1b:53:4f:8a:cd:88:a2:ea:b7:ef:9d:07:
                    f6:67:a4:d4:0c:dd:6a:91:0c:cf:f5:ce:62:e1:ac:
                    34:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:82:4B:39:BA:E6:9C:B5:F4:A9:28:EA:5B:2E:1F:8E:F2:38:C1:F8
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/SYJLObrmnLX0qSjqWy4fjvI4wfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:54:e5:f3:a8:73:85:c6:45:91:2b:44:a6:3a:65:12:c4:1a:
         e6:e4:54:8a:b7:5e:3e:aa:c8:98:3f:e4:29:87:89:be:ac:6e:
         b2:1a:29:6f:aa:18:f2:16:cb:fd:94:5e:06:5a:9c:00:0d:72:
         d5:ba:af:13:7d:a9:64:18:db:a2:70:17:21:e4:16:e9:09:1c:
         f8:6f:55:d8:5a:6a:32:09:5e:ad:db:48:ea:6c:df:e8:7b:6f:
         f8:b9:9b:e5:4f:e2:89:85:73:fc:56:70:a6:ba:45:0b:61:6b:
         b1:40:d6:5b:70:b7:a8:20:c7:38:8c:35:b1:0f:a2:3f:46:1e:
         12:c3:da:22:cd:0f:d7:03:32:03:c4:79:ad:2c:cf:aa:b1:67:
         a9:a1:e4:23:02:1d:59:90:b5:4b:33:8a:3b:ed:f9:77:71:3c:
         fc:d6:18:9d:70:46:17:2e:57:b2:42:80:b7:7b:18:07:4d:26:
         d3:5a:3c:7d:d3:99:dc:6d:76:d7:1f:a9:6b:ff:22:cc:22:91:
         c4:5d:74:d5:4d:71:7d:f4:cc:1d:a9:40:9a:b2:3f:8e:3d:47:
         13:f5:77:b8:31:5e:81:de:de:44:8d:73:2d:9f:5e:56:3f:3a:
         4c:0f:68:0d:b7:f2:ab:dc:0a:71:3a:77:67:a9:11:3e:a8:3f:
         66:8a:36:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZijbKswoHDm6eiHHoEFMztTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUwODEzMTIzNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTgyNGIzOWJhZTY5Y2I1ZjRhOTI4ZWE1YjJlMWY4ZWYyMzhjMWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkotxmUTLDb6wcsLsCsltg25pm5pI
UnabHG+rMTsLSSUNOPUDdNIRTLe7zEfU/3IC6PNfL+GAbRjFwwI1M+C3MaGCAVp9
iwOE6EJkdC7VR7k+yxO+jC3pOpUSB/fFuaCynoe0VLYO2IhgK2836MpCSP9CofA1
GVL1vgK6GtBIkY2wazIdpepjeZIWnJlAIfcZVvXSVUtxh8d918V/0snr2BVYjzBy
ukCq8rHLBeComgr8edYTza+PUuMeAHYBiey5NEA+5vmOME44rjd4p5JgeKkQhjXZ
eEyB4sPt07RYIf2/UrMbU0+KzYii6rfvnQf2Z6TUDN1qkQzP9c5i4aw0PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmCSzm65py19Kko6lsuH47yOMH4MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvU1lKTE9icm1uTFgwcVNqcVd5NGZqdkk0d2ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVqXMA0G
CSqGSIb3DQEBCwUAA4IBAQBXVOXzqHOFxkWRK0SmOmUSxBrm5FSKt14+qsiYP+Qp
h4m+rG6yGilvqhjyFsv9lF4GWpwADXLVuq8TfalkGNuicBch5BbpCRz4b1XYWmoy
CV6t20jqbN/oe2/4uZvlT+KJhXP8VnCmukULYWuxQNZbcLeoIMc4jDWxD6I/Rh4S
w9oizQ/XAzIDxHmtLM+qsWepoeQjAh1ZkLVLM4o77fl3cTz81hidcEYXLleyQoC3
exgHTSbTWjx905ncbXbXH6lr/yLMIpHEXXTVTXF99MwdqUCasj+OPUcT9Xe4MV6B
3t5EjXMtn15WPzpMD2gNt/Kr3ApxOndnqRE+qD9mijb7
-----END CERTIFICATE-----