Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QdR7N6ygD_CxMTaqLJsptuPZZ4Y.roa
File:                     QdR7N6ygD_CxMTaqLJsptuPZZ4Y.roa (raw, json)
Hash identifier:          BRud/EbcdtKylsN8mWUntbZvbzSItkXs6t57UnMQK24=
Subject key identifier:   41:D4:7B:37:AC:A0:0F:F0:B1:31:36:AA:2C:9B:29:B6:E3:D9:67:86
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01942220065DF9133FAC43A5D7F3E1AB5BB9
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QdR7N6ygD_CxMTaqLJsptuPZZ4Y.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63473
IP address blocks:        77.90.31.0/24 maxlen: 24
                          77.90.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:06:5d:f9:13:3f:ac:43:a5:d7:f3:e1:ab:5b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41d47b37aca00ff0b13136aa2c9b29b6e3d96786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8d:a4:3b:16:d9:dd:8e:8b:d3:bd:57:fa:96:
                    57:fd:90:e8:d4:84:0f:46:28:94:6f:22:6a:2d:ea:
                    57:f4:7f:d9:61:06:75:a3:43:5b:5f:18:c6:1d:6f:
                    7b:8e:f4:06:0b:fe:ad:ff:4b:ae:82:ba:d6:af:4f:
                    8d:b0:c9:61:d9:bf:22:6c:3b:e4:cc:35:8c:60:07:
                    b6:af:72:e2:19:c0:ac:2c:d0:cc:26:bf:af:6c:53:
                    9e:64:ab:4a:ce:cd:22:97:7d:d1:93:9c:e6:4e:a2:
                    e3:bd:c6:25:48:f4:5e:6d:c4:de:35:7e:d4:20:8b:
                    ff:50:d3:6a:82:6c:15:18:c2:a3:1c:75:24:31:4a:
                    c6:d7:41:f5:cf:33:13:66:0f:96:4b:f1:63:2a:28:
                    cb:65:d2:b3:f3:37:06:95:7d:f2:54:e0:b2:5a:33:
                    ad:b4:39:ef:cf:72:7e:72:66:00:d0:01:dc:48:7d:
                    14:4f:e2:cf:4a:32:39:a5:9a:44:84:35:1c:dc:58:
                    2b:d1:76:eb:94:c6:76:a7:7f:6e:7e:b9:56:63:ce:
                    39:d4:d8:c0:9e:c2:86:12:61:6f:84:1a:0c:48:31:
                    14:25:70:20:86:77:0f:9d:5f:dc:69:91:73:2f:c7:
                    d2:e0:f7:69:2f:4a:5b:ab:37:07:a1:fd:67:2e:da:
                    86:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D4:7B:37:AC:A0:0F:F0:B1:31:36:AA:2C:9B:29:B6:E3:D9:67:86
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/QdR7N6ygD_CxMTaqLJsptuPZZ4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.31.0/24
                  77.90.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e9:8a:19:a1:ca:3d:37:b1:af:b5:31:ca:89:e5:1f:ff:3c:7d:
         de:ef:bd:42:83:cc:e6:a9:8e:6b:5f:f4:fc:6c:ec:94:a0:d1:
         d3:c8:e3:29:78:27:8a:d2:b3:e9:ea:35:79:d3:11:1e:d0:1d:
         dd:8a:a1:15:bf:16:40:7c:ed:43:20:e3:f0:0d:09:51:42:4e:
         59:87:04:6e:cb:a3:6e:e9:a6:a7:8e:02:5e:ae:a8:8e:bf:eb:
         7e:99:0b:5a:82:7b:5b:56:3e:a4:91:8b:89:37:f6:c5:5f:39:
         8a:27:0c:46:34:e1:32:ec:ac:b6:74:97:0e:f8:c4:1c:8d:9f:
         14:ed:0a:95:44:7a:c2:35:4b:4b:b5:49:b4:e9:83:2b:1c:cc:
         8c:ae:5f:11:3e:18:84:6b:45:30:b7:35:d8:8b:20:2c:8e:6e:
         05:b1:a7:94:d6:81:07:4f:ef:7b:dd:b4:bd:15:59:18:02:4a:
         2f:64:0b:d2:31:ec:9b:db:09:f6:de:d5:03:e5:3f:43:9e:a8:
         dd:f2:d7:e3:0c:17:3d:f5:e7:a0:00:3e:83:23:2e:cf:9b:13:
         b1:20:bf:64:6b:88:9d:99:bc:95:c5:f7:fa:aa:a8:9c:49:f7:
         7e:d3:a5:1d:21:e2:30:33:f5:4b:5b:e8:9b:6e:c3:2a:a3:cc:
         5a:13:79:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIAZd+RM/rEOl1/Phq1u5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQ0N2IzN2FjYTAwZmYwYjEzMTM2YWEyYzliMjliNmUzZDk2Nzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvY2kOxbZ3Y6L071X+pZX/ZDo1IQP
RiiUbyJqLepX9H/ZYQZ1o0NbXxjGHW97jvQGC/6t/0uugrrWr0+NsMlh2b8ibDvk
zDWMYAe2r3LiGcCsLNDMJr+vbFOeZKtKzs0il33Rk5zmTqLjvcYlSPRebcTeNX7U
IIv/UNNqgmwVGMKjHHUkMUrG10H1zzMTZg+WS/FjKijLZdKz8zcGlX3yVOCyWjOt
tDnvz3J+cmYA0AHcSH0UT+LPSjI5pZpEhDUc3Fgr0XbrlMZ2p39ufrlWY8451NjA
nsKGEmFvhBoMSDEUJXAghncPnV/caZFzL8fS4PdpL0pbqzcHof1nLtqG3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEHUezesoA/wsTE2qiybKbbj2WeGMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvUWRSN042eWdEX0N4TVRhcUxKc3B0dVBaWjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVofAwQA
TVojMA0GCSqGSIb3DQEBCwUAA4IBAQDpihmhyj03sa+1McqJ5R//PH3e771Cg8zm
qY5rX/T8bOyUoNHTyOMpeCeK0rPp6jV50xEe0B3diqEVvxZAfO1DIOPwDQlRQk5Z
hwRuy6Nu6aanjgJerqiOv+t+mQtagntbVj6kkYuJN/bFXzmKJwxGNOEy7Ky2dJcO
+MQcjZ8U7QqVRHrCNUtLtUm06YMrHMyMrl8RPhiEa0UwtzXYiyAsjm4FsaeU1oEH
T+973bS9FVkYAkovZAvSMeyb2wn23tUD5T9Dnqjd8tfjDBc99eegAD6DIy7PmxOx
IL9ka4idmbyVxff6qqicSfd+06UdIeIwM/VLW+ibbsMqo8xaE3ns
-----END CERTIFICATE-----