Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/wb9qe4KF3LQGTqZJqlR8Ho2oSW0.roa
File:                     wb9qe4KF3LQGTqZJqlR8Ho2oSW0.roa (raw, json)
Hash identifier:          0vA8JuQi+Rd+GLMN59PTBjFp5OPsXvc6wz/nW7AdGsM=
Subject key identifier:   C1:BF:6A:7B:82:85:DC:B4:06:4E:A6:49:AA:54:7C:1E:8D:A8:49:6D
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019D9C34373E9A85DA86D883252ABAB55571
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/wb9qe4KF3LQGTqZJqlR8Ho2oSW0.roa
Signing time:             Fri 17 Apr 2026 16:09:20 +0000
ROA not before:           Fri 17 Apr 2026 16:09:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213529
IP address blocks:        77.90.158.0/24 maxlen: 24
                          77.90.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 10:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9c:34:37:3e:9a:85:da:86:d8:83:25:2a:ba:b5:55:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Apr 17 16:09:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1bf6a7b8285dcb4064ea649aa547c1e8da8496d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:10:3f:5e:82:8d:08:a8:54:92:6f:f4:22:15:
                    c0:6c:e4:7a:73:bd:bb:b1:5f:4c:e7:ef:fb:7b:1c:
                    fe:24:89:3c:a9:df:77:e6:61:9a:98:ab:39:cc:85:
                    35:09:bc:c2:11:28:a5:90:64:a8:25:e9:14:30:d9:
                    a7:ad:23:a2:7a:fd:e0:4d:e9:09:88:c8:99:4c:6a:
                    e3:d6:9d:b8:e6:1e:5c:34:0c:2e:8a:bb:08:c2:36:
                    40:41:47:a2:be:d6:3b:ff:90:31:93:e8:a2:48:40:
                    29:41:94:91:55:d7:7b:62:70:a1:81:20:5d:f1:f7:
                    5d:bd:30:94:5f:9d:ca:eb:3d:e4:13:62:74:0b:2b:
                    1e:12:d1:23:47:c7:6d:d2:70:78:87:cc:b2:25:44:
                    b6:93:4f:1e:e7:57:a6:56:a3:60:bc:a0:d0:4d:9f:
                    43:fa:00:40:8c:2c:9f:35:47:82:d4:0b:93:a9:20:
                    ab:0c:dd:5b:64:9a:e5:ec:87:ba:a6:c6:b7:55:68:
                    dd:8f:d6:98:4f:ff:15:bd:ce:af:9b:d2:5d:32:c8:
                    fb:58:0d:0c:5d:0f:3a:8d:2c:fb:8d:6a:8d:72:05:
                    59:b8:fa:cf:03:d8:6e:0c:8d:9d:a0:1f:be:a1:0e:
                    94:39:b5:fc:39:c9:a4:a4:1a:13:ed:85:f4:92:a5:
                    17:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:BF:6A:7B:82:85:DC:B4:06:4E:A6:49:AA:54:7C:1E:8D:A8:49:6D
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/wb9qe4KF3LQGTqZJqlR8Ho2oSW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.158.0/24
                  77.90.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:bc:5c:e4:4d:ae:37:3b:f1:20:c4:0e:6a:3d:7e:72:34:1c:
         6c:b5:b6:c8:4f:e1:e6:e1:5b:31:d4:5a:38:3b:4a:9f:2d:12:
         ec:3d:f9:e4:90:c5:24:ef:c6:ec:8d:3c:50:a3:ca:bc:6c:bf:
         e0:d9:7a:ae:32:40:e2:60:67:24:0d:2c:e8:45:79:8a:47:38:
         82:22:ae:5e:a1:30:ff:55:98:e2:2c:cf:ca:50:af:b6:27:e6:
         e2:8c:6a:0e:42:97:95:ca:94:cb:8d:2b:dd:c0:17:f0:67:29:
         3a:74:00:cc:9e:2f:97:c1:d3:0c:c8:50:f4:c3:a6:36:5c:76:
         8a:a6:12:5f:e8:48:d9:64:e2:95:20:eb:18:e7:52:2b:ba:92:
         91:2b:0d:18:68:d2:33:0a:bc:ed:68:49:96:b5:2e:73:1e:ef:
         a0:c6:c2:1f:53:68:75:fb:be:a1:73:03:e1:b3:70:a9:4a:50:
         a7:fc:06:6e:d9:78:f2:5f:8f:b9:43:25:8c:2a:82:82:ee:13:
         f9:98:41:81:e6:ab:fb:41:41:16:fe:cf:a8:69:5b:a6:2b:88:
         06:ab:39:00:66:7a:7b:2b:c5:25:e7:e4:d7:19:b9:4a:ae:9f:
         96:15:f1:4d:11:70:e8:8b:17:f7:75:88:f3:05:04:94:c6:0c:
         61:57:4c:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2cNDc+moXahtiDJSq6tVVxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwNDE3MTYwOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWJmNmE3YjgyODVkY2I0MDY0ZWE2NDlhYTU0N2MxZThkYTg0OTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhA/XoKNCKhUkm/0IhXAbOR6c727
sV9M5+/7exz+JIk8qd935mGamKs5zIU1CbzCESilkGSoJekUMNmnrSOiev3gTekJ
iMiZTGrj1p245h5cNAwuirsIwjZAQUeivtY7/5Axk+iiSEApQZSRVdd7YnChgSBd
8fddvTCUX53K6z3kE2J0CyseEtEjR8dt0nB4h8yyJUS2k08e51emVqNgvKDQTZ9D
+gBAjCyfNUeC1AuTqSCrDN1bZJrl7Ie6psa3VWjdj9aYT/8Vvc6vm9JdMsj7WA0M
XQ86jSz7jWqNcgVZuPrPA9huDI2doB++oQ6UObX8OcmkpBoT7YX0kqUX+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMG/anuChdy0Bk6mSapUfB6NqEltMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvd2I5cWU0S0YzTFFHVHFaSnFsUjhIbzJvU1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVqeAwQA
TVq3MA0GCSqGSIb3DQEBCwUAA4IBAQBMvFzkTa43O/EgxA5qPX5yNBxstbbIT+Hm
4Vsx1Fo4O0qfLRLsPfnkkMUk78bsjTxQo8q8bL/g2XquMkDiYGckDSzoRXmKRziC
Iq5eoTD/VZjiLM/KUK+2J+bijGoOQpeVypTLjSvdwBfwZyk6dADMni+XwdMMyFD0
w6Y2XHaKphJf6EjZZOKVIOsY51IrupKRKw0YaNIzCrztaEmWtS5zHu+gxsIfU2h1
+76hcwPhs3CpSlCn/AZu2XjyX4+5QyWMKoKC7hP5mEGB5qv7QUEW/s+oaVumK4gG
qzkAZnp7K8Ul5+TXGblKrp+WFfFNEXDoixf3dYjzBQSUxgxhV0wB
-----END CERTIFICATE-----