Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/2S9FQHRSYG_Gz9Xn6NbrxFVuxk0.roa
File:                     2S9FQHRSYG_Gz9Xn6NbrxFVuxk0.roa (raw, json)
Hash identifier:          Q00kdvkNUYOXLxdC6EoV6gKq4XKull3SIxlC9obD1tc=
Subject key identifier:   D9:2F:45:40:74:52:60:6F:C6:CF:D5:E7:E8:D6:EB:C4:55:6E:C6:4D
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01970ACB27E80A69094D1BC3E5A62F8E30E6
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/2S9FQHRSYG_Gz9Xn6NbrxFVuxk0.roa
Signing time:             Mon 26 May 2025 04:12:55 +0000
ROA not before:           Mon 26 May 2025 04:12:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213579
IP address blocks:        77.90.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0a:cb:27:e8:0a:69:09:4d:1b:c3:e5:a6:2f:8e:30:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 26 04:12:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d92f45407452606fc6cfd5e7e8d6ebc4556ec64d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f3:1f:aa:37:13:30:e3:13:78:28:6a:8e:e7:
                    60:8e:aa:ee:4c:d4:93:e5:7e:4a:32:53:98:36:a6:
                    da:66:de:13:36:f3:aa:4a:ac:68:9b:1b:d9:16:cc:
                    2d:78:12:f9:23:89:68:2f:1c:a3:a8:9b:bc:03:b5:
                    f8:21:b0:58:b2:42:48:1a:f6:74:88:bb:78:e2:05:
                    16:e3:b6:b7:c8:16:72:ff:f4:43:37:b5:82:d9:81:
                    7b:a6:46:09:c4:6a:ec:f4:54:58:52:96:fb:e5:5d:
                    87:57:46:5b:55:02:71:16:7f:14:2a:2e:e3:94:0c:
                    13:f1:30:30:09:f4:6b:95:e6:66:b0:da:68:d9:ca:
                    de:be:79:f4:f8:80:60:79:7d:1b:2f:11:38:37:cc:
                    cc:fc:fc:ab:bf:90:62:fd:f2:14:4b:64:52:fe:61:
                    62:3c:c9:f4:31:06:5a:8f:8d:51:d9:d3:6b:ca:14:
                    fe:b3:20:5c:17:70:73:fe:2b:1f:0f:10:71:d6:54:
                    f0:00:3b:37:05:45:07:ac:8d:3e:85:62:98:83:61:
                    7d:4a:3d:fc:4b:25:c0:d9:85:4a:02:36:2e:87:21:
                    0c:5a:70:93:9a:1e:14:62:f2:f9:6b:2d:8b:01:e5:
                    f1:d3:7b:b3:2d:4f:20:5f:b9:54:d0:1e:c6:1c:75:
                    c1:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:2F:45:40:74:52:60:6F:C6:CF:D5:E7:E8:D6:EB:C4:55:6E:C6:4D
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/2S9FQHRSYG_Gz9Xn6NbrxFVuxk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:32:f3:d4:c0:60:2e:e9:e7:a2:ce:2b:d1:54:90:89:79:73:
         77:4a:04:d1:96:df:b6:8d:42:c8:14:f4:bd:74:d1:aa:1e:78:
         b1:5f:bd:81:41:9c:3b:8f:e7:a7:96:7d:bd:80:7f:16:db:0e:
         a4:8b:b6:ff:da:e7:6a:d1:f2:db:29:15:35:bf:f8:ff:0c:50:
         2e:a8:17:c0:b7:87:6f:3e:c3:fd:b0:ff:08:33:55:ea:15:4b:
         de:56:24:09:02:db:e9:b0:a7:ef:e5:ff:3a:50:18:ee:80:54:
         99:1f:c2:7f:1e:b3:95:96:42:e0:e5:bd:3b:a0:8c:4a:5c:2c:
         73:4c:8a:1d:e5:ba:74:71:3f:e7:01:a6:ef:f6:a4:2e:4a:96:
         7c:00:f6:c5:d0:e8:31:5b:93:4e:80:1d:d3:3c:de:16:5f:81:
         b8:d4:3e:1c:a4:f7:7d:f0:8a:e9:d9:33:77:54:5c:da:01:95:
         6f:34:43:28:1f:6e:8b:a9:c0:de:77:1b:a2:ff:fe:d2:e4:a1:
         8c:5c:6e:60:5b:e5:f6:05:10:14:c5:89:16:96:46:9c:b4:7d:
         09:25:ba:50:ee:6c:e4:b8:b6:97:46:92:2c:38:31:33:5d:ca:
         85:9f:dc:f6:97:76:13:f4:ad:6f:f5:78:5a:8a:a1:f0:db:20:
         ff:59:df:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcKyyfoCmkJTRvD5aYvjjDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNTI2MDQxMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTJmNDU0MDc0NTI2MDZmYzZjZmQ1ZTdlOGQ2ZWJjNDU1NmVjNjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvMfqjcTMOMTeChqjudgjqruTNST
5X5KMlOYNqbaZt4TNvOqSqxomxvZFswteBL5I4loLxyjqJu8A7X4IbBYskJIGvZ0
iLt44gUW47a3yBZy//RDN7WC2YF7pkYJxGrs9FRYUpb75V2HV0ZbVQJxFn8UKi7j
lAwT8TAwCfRrleZmsNpo2crevnn0+IBgeX0bLxE4N8zM/Pyrv5Bi/fIUS2RS/mFi
PMn0MQZaj41R2dNryhT+syBcF3Bz/isfDxBx1lTwADs3BUUHrI0+hWKYg2F9Sj38
SyXA2YVKAjYuhyEMWnCTmh4UYvL5ay2LAeXx03uzLU8gX7lU0B7GHHXBzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNkvRUB0UmBvxs/V5+jW68RVbsZNMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvMlM5RlFIUlNZR19HejlYbjZOYnJ4RlZ1eGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVowMA0G
CSqGSIb3DQEBCwUAA4IBAQA+MvPUwGAu6eeizivRVJCJeXN3SgTRlt+2jULIFPS9
dNGqHnixX72BQZw7j+enln29gH8W2w6ki7b/2udq0fLbKRU1v/j/DFAuqBfAt4dv
PsP9sP8IM1XqFUveViQJAtvpsKfv5f86UBjugFSZH8J/HrOVlkLg5b07oIxKXCxz
TIod5bp0cT/nAabv9qQuSpZ8APbF0OgxW5NOgB3TPN4WX4G41D4cpPd98Irp2TN3
VFzaAZVvNEMoH26LqcDedxui//7S5KGMXG5gW+X2BRAUxYkWlkactH0JJbpQ7mzk
uLaXRpIsODEzXcqFn9z2l3YT9K1v9XhaiqHw2yD/Wd8f
-----END CERTIFICATE-----