Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1btr2sFZFkNfxfsZ7_qmkawptYk.roa
File:                     1btr2sFZFkNfxfsZ7_qmkawptYk.roa (raw, json)
Hash identifier:          vUv5JVuR5cEYpterEiv/V22mDnU1mfgUFfCyFzxydqs=
Subject key identifier:   D5:BB:6B:DA:C1:59:16:43:5F:C5:FB:19:EF:FA:A6:91:AC:29:B5:89
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0196B86FB67DB688E2A8E5F8829ECDE47966
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1btr2sFZFkNfxfsZ7_qmkawptYk.roa
Signing time:             Sat 10 May 2025 04:24:11 +0000
ROA not before:           Sat 10 May 2025 04:24:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395839
IP address blocks:        77.90.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b8:6f:b6:7d:b6:88:e2:a8:e5:f8:82:9e:cd:e4:79:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 10 04:24:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5bb6bdac15916435fc5fb19effaa691ac29b589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e0:52:72:48:d5:90:79:5e:db:30:d7:61:e1:
                    96:a5:9f:71:1b:ba:06:a7:d7:d3:20:d5:d3:73:9a:
                    da:40:cd:52:1a:43:19:67:c5:37:f7:52:7c:c7:06:
                    9d:70:0f:c3:7b:18:8d:20:0b:18:07:71:23:8a:74:
                    98:13:0e:32:18:5c:59:08:c8:ea:a9:6d:4c:45:78:
                    fb:ed:44:14:9b:22:a2:ff:c1:4c:ca:17:d8:92:77:
                    e3:4b:10:16:5c:1b:28:ff:35:5a:30:7e:38:c8:d7:
                    aa:71:fc:d8:86:ea:3a:f9:0b:f5:71:2b:2a:ae:ce:
                    db:4c:91:84:36:7d:5c:1b:e0:94:4f:94:dd:c4:a1:
                    0d:a0:64:14:22:73:3b:9b:9b:56:81:7c:7a:30:67:
                    4d:1c:ed:2a:a7:b0:c0:7c:16:ed:08:ed:af:a2:f1:
                    7b:f2:11:fc:b2:d9:19:3f:a7:4e:f3:a5:46:36:d8:
                    c9:cb:cf:bd:63:85:73:2e:12:88:23:0e:fa:ac:c8:
                    dd:21:a4:1b:73:2f:42:38:3a:b5:09:a0:a9:73:38:
                    1e:04:08:f2:2a:0e:66:a2:2e:2f:5a:20:28:95:4d:
                    9f:ae:46:bc:71:7a:36:82:15:a5:4b:55:66:79:26:
                    b7:1f:09:16:0e:97:fc:d2:03:12:f2:6b:87:37:8e:
                    4b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:BB:6B:DA:C1:59:16:43:5F:C5:FB:19:EF:FA:A6:91:AC:29:B5:89
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1btr2sFZFkNfxfsZ7_qmkawptYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:7b:82:73:27:9c:3f:b1:45:75:64:39:e7:6a:d9:27:be:b9:
         9b:d2:6f:c3:27:34:7f:c1:57:d3:cc:b1:90:3a:88:cd:2d:ae:
         7f:84:76:9f:8c:c8:c0:4a:f0:fe:0e:79:9d:a6:f3:4a:6c:e7:
         ec:1f:04:14:83:28:96:90:92:ed:fb:05:5b:07:ba:94:74:c2:
         00:dc:89:e1:2a:09:a8:29:5a:53:4d:26:98:99:78:4d:dc:ad:
         0a:77:4e:3f:d1:2a:b2:43:06:32:cd:4d:20:66:6d:ba:56:0e:
         5d:d5:05:a4:da:07:26:bc:d2:a2:7e:0d:0c:78:f1:6f:d9:fd:
         c2:94:76:db:54:71:4a:19:a9:80:6e:dc:bc:7d:21:05:d4:c5:
         60:90:e1:a7:97:42:eb:13:3e:8f:b4:5e:dd:05:8f:1d:6d:69:
         56:15:7d:02:3f:f6:e5:46:e9:e6:19:aa:f7:9c:e5:4d:05:08:
         c4:a3:ab:4c:7b:df:52:92:3c:85:c2:20:f8:3d:36:c3:91:63:
         e3:23:7a:a6:3d:6a:bf:a8:c8:d9:f1:ac:97:7e:36:b4:c5:b3:
         64:56:38:29:6e:a8:f3:24:e6:77:1c:22:87:fd:ff:bf:72:d9:
         c1:b1:ad:40:32:4e:80:1e:b3:16:1e:ab:70:0a:68:a0:c4:0e:
         f9:67:79:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa4b7Z9tojiqOX4gp7N5HlmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNTEwMDQyNDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWJiNmJkYWMxNTkxNjQzNWZjNWZiMTllZmZhYTY5MWFjMjliNTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuBSckjVkHle2zDXYeGWpZ9xG7oG
p9fTINXTc5raQM1SGkMZZ8U391J8xwadcA/DexiNIAsYB3EjinSYEw4yGFxZCMjq
qW1MRXj77UQUmyKi/8FMyhfYknfjSxAWXBso/zVaMH44yNeqcfzYhuo6+Qv1cSsq
rs7bTJGENn1cG+CUT5TdxKENoGQUInM7m5tWgXx6MGdNHO0qp7DAfBbtCO2vovF7
8hH8stkZP6dO86VGNtjJy8+9Y4VzLhKIIw76rMjdIaQbcy9CODq1CaCpczgeBAjy
Kg5moi4vWiAolU2frka8cXo2ghWlS1VmeSa3HwkWDpf80gMS8muHN45LXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNW7a9rBWRZDX8X7Ge/6ppGsKbWJMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvMWJ0cjJzRlpGa05meGZzWjdfcW1rYXdwdFlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVomMA0G
CSqGSIb3DQEBCwUAA4IBAQATe4JzJ5w/sUV1ZDnnatknvrmb0m/DJzR/wVfTzLGQ
OojNLa5/hHafjMjASvD+DnmdpvNKbOfsHwQUgyiWkJLt+wVbB7qUdMIA3InhKgmo
KVpTTSaYmXhN3K0Kd04/0SqyQwYyzU0gZm26Vg5d1QWk2gcmvNKifg0MePFv2f3C
lHbbVHFKGamAbty8fSEF1MVgkOGnl0LrEz6PtF7dBY8dbWlWFX0CP/blRunmGar3
nOVNBQjEo6tMe99SkjyFwiD4PTbDkWPjI3qmPWq/qMjZ8ayXfja0xbNkVjgpbqjz
JOZ3HCKH/f+/ctnBsa1AMk6AHrMWHqtwCmigxA75Z3lG
-----END CERTIFICATE-----