Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/4vgCB29E8qksUTRT80hibqkfyyc.roa
File:                     4vgCB29E8qksUTRT80hibqkfyyc.roa (raw, json)
Hash identifier:          jmfyWEEY9JnvGnTw4OogSC5Brt6r5w8K86EHD/wwf9A=
Subject key identifier:   E2:F8:02:07:6F:44:F2:A9:2C:51:34:53:F3:48:62:6E:A9:1F:CB:27
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       01942747AC60A59EB0E319562D1C2ACCEA48
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/4vgCB29E8qksUTRT80hibqkfyyc.roa
Signing time:             Thu 02 Jan 2025 13:49:56 +0000
ROA not before:           Thu 02 Jan 2025 13:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62425
IP address blocks:        77.90.131.0/24 maxlen: 24
                          77.90.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ac:60:a5:9e:b0:e3:19:56:2d:1c:2a:cc:ea:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 13:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2f802076f44f2a92c513453f348626ea91fcb27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:29:b1:4c:9c:6f:73:a6:39:d3:e4:04:48:27:
                    3f:68:58:53:57:b3:dd:1b:25:e8:cf:87:ca:07:22:
                    5e:4d:79:51:5d:ea:84:ad:dd:6f:74:9c:e1:d9:cf:
                    68:6b:2f:ad:cd:37:81:cc:e3:f1:01:bb:aa:65:1f:
                    c7:2c:76:5f:ec:d2:a7:8a:a0:e8:af:b3:9f:d4:b0:
                    ab:10:5d:07:e8:5b:83:29:fc:33:0f:17:00:ea:59:
                    64:2c:21:6f:1f:a4:8a:9b:af:5e:7a:56:f3:ad:52:
                    1a:80:d6:b1:6c:9c:6c:1f:af:78:d9:8b:17:ae:07:
                    2b:68:78:af:df:b7:b1:b3:8f:a0:3f:3f:c9:d6:7c:
                    bf:4e:8a:04:49:ad:ad:dc:fe:22:3a:9e:ca:11:b1:
                    23:0a:b8:60:4f:6d:6e:7f:d4:41:66:79:62:a8:6f:
                    15:ca:51:96:78:6a:2b:c2:14:83:8d:a6:c8:e7:f7:
                    e4:49:bf:4f:c3:2a:ea:d7:b8:24:54:5f:e9:45:ca:
                    cd:b0:3b:e9:98:74:53:a6:70:0b:6a:3f:bd:28:51:
                    23:38:e0:98:78:6a:f8:7b:e2:a2:52:fb:13:ec:80:
                    5d:1c:fb:c6:92:ad:59:e3:24:7d:8f:0b:a1:79:92:
                    6e:0b:c1:3a:f4:cf:31:48:39:8e:e0:49:bf:28:9f:
                    95:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:F8:02:07:6F:44:F2:A9:2C:51:34:53:F3:48:62:6E:A9:1F:CB:27
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/4vgCB29E8qksUTRT80hibqkfyyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.131.0/24
                  77.90.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:e1:5c:57:71:24:97:54:e3:b1:db:08:a2:39:1c:45:b2:7d:
         52:cf:ab:11:be:97:57:3d:5b:13:ef:a7:69:59:ee:b2:9f:7e:
         37:22:80:69:0e:ba:b2:95:2b:35:05:bf:bf:0e:9d:41:f9:8f:
         4b:2b:31:e9:17:83:d4:cc:c3:c6:c8:af:4b:88:37:62:dd:c5:
         17:cb:11:8c:d5:71:91:f2:d2:ec:89:e7:87:22:ce:c2:1a:ee:
         32:1e:9e:e9:bb:05:ca:57:23:98:dc:61:f1:39:57:3c:62:99:
         08:0c:a5:71:24:63:66:5a:eb:50:9d:40:d1:7c:73:db:bc:f5:
         03:88:3d:87:5d:19:10:24:40:64:cb:e0:ad:72:1c:ef:6f:d5:
         02:38:01:84:27:1b:a5:d7:af:c3:6f:bf:6b:3a:64:37:40:66:
         3f:3c:3c:8a:6e:36:56:d3:d2:68:f4:a4:5a:0c:14:56:b2:b7:
         b4:8b:94:35:9c:ca:c2:75:62:ea:78:30:ec:aa:37:fd:ec:66:
         28:06:7c:42:82:c2:38:91:36:ef:8f:b1:72:e9:f6:75:d5:9c:
         de:46:1e:b6:11:08:6b:3c:21:6f:e1:61:bb:d6:ef:76:4f:57:
         77:b1:ca:13:d3:c3:5c:32:5e:2c:34:bd:92:45:b2:fd:98:8d:
         44:0e:b0:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR6xgpZ6w4xlWLRwqzOpIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUwMTAyMTM0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmY4MDIwNzZmNDRmMmE5MmM1MTM0NTNmMzQ4NjI2ZWE5MWZjYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8SmxTJxvc6Y50+QESCc/aFhTV7Pd
GyXoz4fKByJeTXlRXeqErd1vdJzh2c9oay+tzTeBzOPxAbuqZR/HLHZf7NKniqDo
r7Of1LCrEF0H6FuDKfwzDxcA6llkLCFvH6SKm69eelbzrVIagNaxbJxsH6942YsX
rgcraHiv37exs4+gPz/J1ny/TooESa2t3P4iOp7KEbEjCrhgT21uf9RBZnliqG8V
ylGWeGorwhSDjabI5/fkSb9Pwyrq17gkVF/pRcrNsDvpmHRTpnALaj+9KFEjOOCY
eGr4e+KiUvsT7IBdHPvGkq1Z4yR9jwuheZJuC8E69M8xSDmO4Em/KJ+VTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOL4AgdvRPKpLFE0U/NIYm6pH8snMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvNHZnQ0IyOUU4cWtzVVRSVDgwaGlicWtmeXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVqDAwQA
TVqNMA0GCSqGSIb3DQEBCwUAA4IBAQBb4VxXcSSXVOOx2wiiORxFsn1Sz6sRvpdX
PVsT76dpWe6yn343IoBpDrqylSs1Bb+/Dp1B+Y9LKzHpF4PUzMPGyK9LiDdi3cUX
yxGM1XGR8tLsieeHIs7CGu4yHp7puwXKVyOY3GHxOVc8YpkIDKVxJGNmWutQnUDR
fHPbvPUDiD2HXRkQJEBky+Ctchzvb9UCOAGEJxul16/Db79rOmQ3QGY/PDyKbjZW
09Jo9KRaDBRWsre0i5Q1nMrCdWLqeDDsqjf97GYoBnxCgsI4kTbvj7Fy6fZ11Zze
Rh62EQhrPCFv4WG71u92T1d3scoT08NcMl4sNL2SRbL9mI1EDrBC
-----END CERTIFICATE-----