Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Yjby7mJEeAWVb0D3T_IC7Iiunfc.roa
File:                     Yjby7mJEeAWVb0D3T_IC7Iiunfc.roa (raw, json)
Hash identifier:          3AdQ1hda+06iUnNZO4ZQjjRdSJPOGRIstvmg6/2/Y74=
Subject key identifier:   62:36:F2:EE:62:44:78:05:95:6F:40:F7:4F:F2:02:EC:88:AE:9D:F7
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019E933D058AE3B808EBB3C0106BCA0A8A0C
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Yjby7mJEeAWVb0D3T_IC7Iiunfc.roa
Signing time:             Thu 04 Jun 2026 15:25:10 +0000
ROA not before:           Thu 04 Jun 2026 15:25:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202736
IP address blocks:        77.90.141.0/24 maxlen: 24
                          77.90.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:93:3d:05:8a:e3:b8:08:eb:b3:c0:10:6b:ca:0a:8a:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jun  4 15:25:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6236f2ee62447805956f40f74ff202ec88ae9df7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0a:2a:60:11:e5:99:6b:87:a5:e5:09:dc:94:
                    d0:94:6e:64:8e:93:f5:98:f0:24:b6:ad:89:61:f8:
                    d3:5c:ac:b3:15:a2:c4:f2:db:a5:0d:e6:15:11:72:
                    63:b6:bb:04:b6:19:83:fe:b3:bb:00:d4:b9:82:29:
                    bf:d3:7c:40:3c:ec:b5:70:1f:39:0f:4c:74:7d:c7:
                    1a:a2:eb:25:a9:23:bf:86:f0:22:c3:1d:88:f7:cc:
                    cf:80:c3:a8:3d:af:21:4f:8c:86:78:67:68:2d:5e:
                    e6:ee:54:f1:ef:13:ed:f9:ae:a8:7e:1e:09:2a:d0:
                    e2:5f:a4:8e:7e:47:03:27:70:d6:78:20:e5:17:2a:
                    6c:57:ac:9a:b4:0e:31:d5:b1:6e:96:b3:ca:cc:74:
                    c5:a1:2a:d7:89:30:92:c5:7f:fd:df:8e:62:fd:0c:
                    86:ae:8d:10:2f:f6:1f:d0:eb:33:8e:c1:a6:ba:51:
                    08:0d:d9:25:9c:2c:37:c3:da:0b:e8:32:af:8c:61:
                    6e:95:58:60:18:c3:e7:88:40:b7:ac:0d:3b:b1:01:
                    96:ab:a9:08:38:d5:60:54:2c:ac:be:da:8c:34:35:
                    a0:ab:3e:01:82:8e:93:a8:28:d0:b9:28:8b:c8:bc:
                    7c:05:d8:04:51:2f:79:25:0d:0e:36:92:04:df:8a:
                    91:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:36:F2:EE:62:44:78:05:95:6F:40:F7:4F:F2:02:EC:88:AE:9D:F7
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/Yjby7mJEeAWVb0D3T_IC7Iiunfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.141.0-77.90.142.255

    Signature Algorithm: sha256WithRSAEncryption
         82:63:18:64:bd:ca:06:ec:3d:b4:3a:ac:8f:f3:18:98:cc:33:
         6e:57:dd:7d:55:4e:6c:6e:81:bf:73:e9:f4:1a:36:74:0b:3f:
         13:9f:8e:ff:62:c4:5c:db:3a:39:7a:54:52:5d:ae:3d:4c:bf:
         f1:df:ba:5d:ac:4b:72:3c:96:da:5f:3b:49:02:27:13:b0:99:
         a9:c0:5f:cc:a3:66:ac:9b:bb:84:06:c8:da:3e:97:5f:cf:14:
         b6:49:ec:85:9a:3b:8a:11:fa:a0:45:a4:71:44:38:19:3c:5a:
         d6:33:f7:08:57:d2:8a:8f:3e:a9:99:f1:e0:9a:6a:5b:2c:5f:
         d9:ca:0c:6d:0b:ad:1d:65:7f:b2:4c:bf:1c:55:9d:ef:ed:21:
         80:6c:0e:5b:d3:ea:a2:54:65:74:df:66:55:5e:c1:d5:31:ec:
         55:97:21:df:ba:f6:a3:47:a7:d1:95:26:48:90:82:81:1b:08:
         4d:c2:18:cb:aa:08:91:9f:f2:c2:77:f4:71:6d:de:b0:c9:7c:
         c9:46:eb:0f:a1:36:50:1f:de:79:c8:32:9b:5e:77:cb:5e:59:
         c4:ff:24:c3:a8:ff:fa:15:ce:53:40:ee:d6:37:2f:7b:3c:e1:
         48:6c:bb:c6:02:f6:e8:f8:62:6a:e4:30:62:90:8a:22:70:4b:
         61:b3:37:a2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ6TPQWK47gI67PAEGvKCooMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwNjA0MTUyNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjM2ZjJlZTYyNDQ3ODA1OTU2ZjQwZjc0ZmYyMDJlYzg4YWU5ZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQoqYBHlmWuHpeUJ3JTQlG5kjpP1
mPAktq2JYfjTXKyzFaLE8tulDeYVEXJjtrsEthmD/rO7ANS5gim/03xAPOy1cB85
D0x0fccaouslqSO/hvAiwx2I98zPgMOoPa8hT4yGeGdoLV7m7lTx7xPt+a6ofh4J
KtDiX6SOfkcDJ3DWeCDlFypsV6yatA4x1bFulrPKzHTFoSrXiTCSxX/9345i/QyG
ro0QL/Yf0OszjsGmulEIDdklnCw3w9oL6DKvjGFulVhgGMPniEC3rA07sQGWq6kI
ONVgVCysvtqMNDWgqz4Bgo6TqCjQuSiLyLx8BdgEUS95JQ0ONpIE34qRNwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGI28u5iRHgFlW9A90/yAuyIrp33MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvWWpieTdtSkVlQVdWYjBEM1RfSUM3SWl1bmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABNWo0D
BABNWo4wDQYJKoZIhvcNAQELBQADggEBAIJjGGS9ygbsPbQ6rI/zGJjMM25X3X1V
Tmxugb9z6fQaNnQLPxOfjv9ixFzbOjl6VFJdrj1Mv/Hful2sS3I8ltpfO0kCJxOw
manAX8yjZqybu4QGyNo+l1/PFLZJ7IWaO4oR+qBFpHFEOBk8WtYz9whX0oqPPqmZ
8eCaalssX9nKDG0LrR1lf7JMvxxVne/tIYBsDlvT6qJUZXTfZlVewdUx7FWXId+6
9qNHp9GVJkiQgoEbCE3CGMuqCJGf8sJ39HFt3rDJfMlG6w+hNlAf3nnIMpted8te
WcT/JMOo//oVzlNA7tY3L3s84Uhsu8YC9uj4YmrkMGKQiiJwS2GzN6I=
-----END CERTIFICATE-----