Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/UHXvtX8IMLd4zONKPe_pIM09xQ4.roa
File:                     UHXvtX8IMLd4zONKPe_pIM09xQ4.roa (raw, json)
Hash identifier:          Nr/4kqhxxX7JW0R3yp+WhJP3/Vk86QSnLpWM2aR3Dgk=
Subject key identifier:   50:75:EF:B5:7F:08:30:B7:78:CC:E3:4A:3D:EF:E9:20:CD:3D:C5:0E
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019CEB05776BA8F9986323D06DF846FF5839
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/UHXvtX8IMLd4zONKPe_pIM09xQ4.roa
Signing time:             Sat 14 Mar 2026 06:25:29 +0000
ROA not before:           Sat 14 Mar 2026 06:25:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62425
IP address blocks:        77.90.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:eb:05:77:6b:a8:f9:98:63:23:d0:6d:f8:46:ff:58:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar 14 06:25:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5075efb57f0830b778cce34a3defe920cd3dc50e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ff:69:4f:47:33:f2:e8:b3:c7:ed:47:9e:8e:
                    dc:01:76:b4:2d:39:a3:56:ab:c6:0d:e6:f3:e5:2a:
                    46:9f:e4:3a:6d:67:44:d4:70:da:97:6c:39:40:46:
                    72:5f:19:87:1c:9f:6e:79:17:d0:f2:ea:4e:b6:fc:
                    7e:d8:0d:f2:76:93:1c:c0:43:f4:20:97:be:ef:41:
                    7c:a2:1f:b1:e0:7c:db:7a:ea:e8:69:9c:42:6d:b2:
                    25:0a:20:87:9d:d4:3c:1e:21:42:ef:f4:fe:4a:2b:
                    67:f2:e6:9b:34:40:d8:c5:d9:14:aa:33:0a:ff:50:
                    b1:e4:5f:65:c8:23:d0:50:90:25:ac:86:7a:e8:a6:
                    5d:8f:12:ac:86:28:18:78:e4:34:a6:0d:72:f9:db:
                    72:8a:11:f9:3a:8e:09:6c:49:c4:b1:f1:03:43:54:
                    e2:bf:cc:0c:9a:02:ec:02:89:30:76:be:0a:a8:cd:
                    85:a1:2f:0d:29:5c:17:e9:6a:82:56:bb:a0:e9:75:
                    1e:b2:c0:7f:85:55:ad:d8:c8:01:ad:5a:81:8e:65:
                    4c:75:2b:2c:2a:68:1f:bf:e1:f1:12:21:01:60:1f:
                    61:ee:83:8f:2a:cf:64:b1:53:32:41:89:ad:2d:76:
                    c1:4f:be:ff:06:fa:92:05:7a:49:ec:e4:f1:c4:8a:
                    16:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:75:EF:B5:7F:08:30:B7:78:CC:E3:4A:3D:EF:E9:20:CD:3D:C5:0E
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/UHXvtX8IMLd4zONKPe_pIM09xQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:ac:c3:da:e0:da:a3:a1:18:5e:00:6e:24:30:83:23:2c:1f:
         60:fa:ac:bd:8d:fa:74:8f:69:4a:9b:2d:36:7d:1f:4a:f9:14:
         e7:26:92:b3:98:8b:7b:e1:09:26:ec:20:28:7b:49:83:18:4b:
         7e:c9:89:f4:14:c7:a9:3a:c7:8a:39:46:bd:c4:2f:78:ca:6f:
         ca:6a:73:8c:75:9e:93:f0:98:1d:bd:98:6c:9f:6c:26:c6:43:
         4a:f0:b4:a3:b0:7a:aa:50:dd:42:64:54:b7:fd:10:05:37:a6:
         01:a4:33:1a:d9:cb:37:db:20:1a:d0:78:12:89:ab:45:e2:43:
         8d:85:e3:5a:d1:24:dc:85:7c:a6:4f:17:02:5a:35:a8:e2:7e:
         26:19:2d:21:9b:72:22:2d:55:74:f3:df:2f:f2:e0:66:3e:5a:
         e9:6e:19:c8:76:9e:ca:eb:11:93:06:18:83:b7:9c:b2:7a:47:
         16:c8:6a:4f:a5:f1:f8:e1:eb:7d:35:43:48:8a:51:f2:27:e9:
         8a:a3:15:11:f9:6c:3f:57:ee:cf:c1:92:5c:4f:f6:0f:7f:21:
         67:b8:fb:eb:ea:8f:3f:ba:b7:2e:73:2b:47:d5:97:45:08:1f:
         3a:d7:5d:93:1e:32:7f:d6:82:48:ae:87:68:ec:20:1c:de:0b:
         a5:b0:86:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzrBXdrqPmYYyPQbfhG/1g5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwMzE0MDYyNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDc1ZWZiNTdmMDgzMGI3NzhjY2UzNGEzZGVmZTkyMGNkM2RjNTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5P9pT0cz8uizx+1Hno7cAXa0LTmj
VqvGDebz5SpGn+Q6bWdE1HDal2w5QEZyXxmHHJ9ueRfQ8upOtvx+2A3ydpMcwEP0
IJe+70F8oh+x4HzbeuroaZxCbbIlCiCHndQ8HiFC7/T+Sitn8uabNEDYxdkUqjMK
/1Cx5F9lyCPQUJAlrIZ66KZdjxKshigYeOQ0pg1y+dtyihH5Oo4JbEnEsfEDQ1Ti
v8wMmgLsAokwdr4KqM2FoS8NKVwX6WqCVrug6XUessB/hVWt2MgBrVqBjmVMdSss
Kmgfv+HxEiEBYB9h7oOPKs9ksVMyQYmtLXbBT77/BvqSBXpJ7OTxxIoWdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFB177V/CDC3eMzjSj3v6SDNPcUOMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvVUhYdnRYOElNTGQ0ek9OS1BlX3BJTTA5eFE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVqDMA0G
CSqGSIb3DQEBCwUAA4IBAQCBrMPa4NqjoRheAG4kMIMjLB9g+qy9jfp0j2lKmy02
fR9K+RTnJpKzmIt74Qkm7CAoe0mDGEt+yYn0FMepOseKOUa9xC94ym/KanOMdZ6T
8JgdvZhsn2wmxkNK8LSjsHqqUN1CZFS3/RAFN6YBpDMa2cs32yAa0HgSiatF4kON
heNa0STchXymTxcCWjWo4n4mGS0hm3IiLVV0898v8uBmPlrpbhnIdp7K6xGTBhiD
t5yyekcWyGpPpfH44et9NUNIilHyJ+mKoxUR+Ww/V+7PwZJcT/YPfyFnuPvr6o8/
urcucytH1ZdFCB86112THjJ/1oJIrodo7CAc3gulsIbK
-----END CERTIFICATE-----