Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/YzGVIJmWnO95qYKAOnb10N5UShk.roa
File:                     YzGVIJmWnO95qYKAOnb10N5UShk.roa (raw, json)
Hash identifier:          jR6qp0IoXM7bJkVQEIaZMwOFlWNpIMMPjatFFFmmXnY=
Subject key identifier:   63:31:95:20:99:96:9C:EF:79:A9:82:80:3A:76:F5:D0:DE:54:4A:19
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0195D7AFFE95181EAD8C8F43865E06E05529
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/YzGVIJmWnO95qYKAOnb10N5UShk.roa
Signing time:             Thu 27 Mar 2025 12:59:50 +0000
ROA not before:           Thu 27 Mar 2025 12:59:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214556
IP address blocks:        77.90.15.0/24 maxlen: 24
                          77.90.27.0/24 maxlen: 24
                          77.90.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d7:af:fe:95:18:1e:ad:8c:8f:43:86:5e:06:e0:55:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar 27 12:59:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6331952099969cef79a982803a76f5d0de544a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f9:d0:f6:7b:19:eb:e5:fb:02:12:75:ce:6c:
                    f6:2a:2b:74:62:af:90:e4:67:3d:f4:a0:9d:71:fb:
                    90:dc:8d:df:a6:f1:dd:21:64:36:77:47:f7:29:87:
                    cf:cd:a9:23:90:c7:50:a4:97:18:3a:54:7f:95:08:
                    f1:36:74:85:6f:c3:e0:29:da:b3:a1:9f:d6:da:d9:
                    26:e0:ba:aa:c9:ef:c8:92:6f:6a:b6:e5:d4:55:f1:
                    b6:60:0e:86:96:b9:41:ff:18:66:e0:4e:e6:ff:31:
                    65:3d:4e:87:54:13:c1:40:95:5c:48:e0:f8:87:25:
                    6f:48:cd:ec:7a:d6:30:20:ea:ec:d7:ad:34:57:40:
                    55:62:12:4a:28:d9:c2:50:41:36:1e:39:25:6c:ad:
                    2d:53:cc:6f:7e:84:91:75:b5:f8:18:9e:71:be:3a:
                    3c:7c:b9:e1:ed:76:da:9e:8f:1e:75:e3:89:b9:10:
                    51:20:c4:8b:ef:22:9d:ec:14:20:67:14:fd:c3:92:
                    48:82:2e:c9:27:fb:04:6f:db:8b:e8:50:15:40:d4:
                    39:b3:a1:92:2b:da:0e:6f:af:59:8f:66:95:a7:78:
                    59:c8:50:92:da:a6:e1:a3:95:45:f3:02:fe:1a:bc:
                    d2:63:4b:b3:89:89:a7:81:de:ad:4a:48:6a:32:ff:
                    4b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:31:95:20:99:96:9C:EF:79:A9:82:80:3A:76:F5:D0:DE:54:4A:19
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/YzGVIJmWnO95qYKAOnb10N5UShk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.15.0/24
                  77.90.27.0/24
                  77.90.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:f7:35:54:88:6e:28:b5:56:82:19:6e:46:3a:aa:a1:42:f9:
         af:ae:ef:e7:12:73:6e:65:c7:d3:4e:b3:43:b5:0d:2b:86:2d:
         7b:71:04:92:a2:60:8e:52:c4:fb:50:db:7b:3b:41:3e:1e:72:
         c4:80:30:fa:86:da:8a:34:22:4f:ea:bb:1a:b2:47:df:3c:88:
         85:01:16:5d:83:19:d5:e0:f9:63:db:64:58:0e:fc:55:e8:10:
         f7:90:45:da:3d:66:f5:6a:d8:8b:9f:c0:75:ee:d0:15:0a:26:
         43:b1:37:40:66:52:0a:ab:51:3a:b1:05:6e:ff:b6:c0:d4:f8:
         5b:e9:f7:c0:9a:0c:9a:84:91:8a:80:89:b6:4b:05:34:60:45:
         a4:41:38:d6:ca:3f:fd:dc:d8:f8:71:23:04:04:dd:c0:cf:94:
         e7:30:86:7f:87:65:85:0d:87:aa:f1:68:5f:8b:ad:33:5b:45:
         0a:92:09:31:43:75:74:db:a9:75:bd:2b:ae:ed:32:df:96:8b:
         96:8a:bb:75:93:11:7c:d6:23:7e:52:bd:87:85:3c:8d:53:a7:
         d0:67:d7:9c:93:23:39:ee:93:09:e1:df:8a:22:8d:d6:2f:f9:
         54:ee:3d:f6:68:8c:75:82:8f:a4:84:ff:3a:5d:32:01:89:33:
         79:81:f1:88
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZXXr/6VGB6tjI9Dhl4G4FUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwMzI3MTI1OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzMxOTUyMDk5OTY5Y2VmNzlhOTgyODAzYTc2ZjVkMGRlNTQ0YTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fnQ9nsZ6+X7AhJ1zmz2Kit0Yq+Q
5Gc99KCdcfuQ3I3fpvHdIWQ2d0f3KYfPzakjkMdQpJcYOlR/lQjxNnSFb8PgKdqz
oZ/W2tkm4Lqqye/Ikm9qtuXUVfG2YA6GlrlB/xhm4E7m/zFlPU6HVBPBQJVcSOD4
hyVvSM3setYwIOrs1600V0BVYhJKKNnCUEE2HjklbK0tU8xvfoSRdbX4GJ5xvjo8
fLnh7Xbano8edeOJuRBRIMSL7yKd7BQgZxT9w5JIgi7JJ/sEb9uL6FAVQNQ5s6GS
K9oOb69Zj2aVp3hZyFCS2qbho5VF8wL+GrzSY0uziYmngd6tSkhqMv9L4wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGMxlSCZlpzveamCgDp29dDeVEoZMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWXpHVklKbVduTzk1cVlLQU9uYjEwTjVVU2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATVoPAwQA
TVobAwQATVovMA0GCSqGSIb3DQEBCwUAA4IBAQAl9zVUiG4otVaCGW5GOqqhQvmv
ru/nEnNuZcfTTrNDtQ0rhi17cQSSomCOUsT7UNt7O0E+HnLEgDD6htqKNCJP6rsa
skffPIiFARZdgxnV4Plj22RYDvxV6BD3kEXaPWb1atiLn8B17tAVCiZDsTdAZlIK
q1E6sQVu/7bA1Phb6ffAmgyahJGKgIm2SwU0YEWkQTjWyj/93Nj4cSMEBN3Az5Tn
MIZ/h2WFDYeq8Whfi60zW0UKkgkxQ3V026l1vSuu7TLflouWirt1kxF81iN+Ur2H
hTyNU6fQZ9eckyM57pMJ4d+KIo3WL/lU7j32aIx1go+khP86XTIBiTN5gfGI
-----END CERTIFICATE-----