Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/zSyEja7s6-FcC2A4cfsL-HNjtEE.roa
File:                     zSyEja7s6-FcC2A4cfsL-HNjtEE.roa (raw, json)
Hash identifier:          2GY8yor4l2LD8bv0Z/SVmO/KolDg2zRMpa7nMwkf0ko=
Subject key identifier:   CD:2C:84:8D:AE:EC:EB:E1:5C:0B:60:38:71:FB:0B:F8:73:63:B4:41
Certificate issuer:       /CN=cad794ac601ce2505b65f975a7d516a2f00a5b31
Certificate serial:       019A050BAF628ABB6D78602B840033A5A4E1
Authority key identifier: CA:D7:94:AC:60:1C:E2:50:5B:65:F9:75:A7:D5:16:A2:F0:0A:5B:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yteUrGAc4lBbZfl1p9UWovAKWzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/zSyEja7s6-FcC2A4cfsL-HNjtEE.roa
Signing time:             Tue 21 Oct 2025 04:34:02 +0000
ROA not before:           Tue 21 Oct 2025 04:34:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401937
IP address blocks:        77.90.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/yteUrGAc4lBbZfl1p9UWovAKWzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/yteUrGAc4lBbZfl1p9UWovAKWzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yteUrGAc4lBbZfl1p9UWovAKWzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 19:12:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:05:0b:af:62:8a:bb:6d:78:60:2b:84:00:33:a5:a4:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cad794ac601ce2505b65f975a7d516a2f00a5b31
        Validity
            Not Before: Oct 21 04:34:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd2c848daeecebe15c0b603871fb0bf87363b441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fa:39:7d:a0:0c:16:d2:d9:20:df:53:71:95:
                    be:7c:61:54:00:de:a1:a8:32:cf:07:03:c3:80:28:
                    c9:b9:ff:fd:3a:f0:d7:5b:7d:8b:81:50:4c:42:e2:
                    48:aa:43:1e:d3:ba:80:7d:ab:38:a4:81:1d:5c:bc:
                    d9:62:de:6c:ae:01:37:8d:c3:a8:e1:61:5e:d7:44:
                    94:63:a3:6f:bc:95:87:92:e1:89:79:6e:d9:da:1c:
                    5b:34:2e:15:29:60:87:f4:7a:33:d0:57:50:b8:56:
                    86:1c:af:34:bd:1d:85:de:65:7f:5b:1a:71:e5:47:
                    32:71:ac:09:c4:90:43:9d:79:c1:cd:51:c8:09:5f:
                    c4:33:d4:06:c2:6c:58:80:ca:a9:34:fc:78:38:65:
                    44:02:8c:5c:d9:76:14:47:47:fb:a8:48:33:9e:10:
                    aa:5e:25:1d:9a:60:c6:4d:77:36:d8:c9:28:af:63:
                    89:b2:00:af:78:6d:fe:39:79:31:1c:80:08:ba:ed:
                    9f:0c:43:ca:f7:dd:c4:82:24:2f:4c:7d:f2:dc:4c:
                    1f:63:09:a3:87:72:e0:5e:b9:2b:f0:2a:5a:d0:d9:
                    bb:71:1c:68:9b:93:7b:e9:3b:5d:65:5e:63:29:02:
                    84:dd:7b:b1:c4:8b:d8:dc:9c:88:b0:3f:13:da:8d:
                    41:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:2C:84:8D:AE:EC:EB:E1:5C:0B:60:38:71:FB:0B:F8:73:63:B4:41
            X509v3 Authority Key Identifier:
                keyid:CA:D7:94:AC:60:1C:E2:50:5B:65:F9:75:A7:D5:16:A2:F0:0A:5B:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yteUrGAc4lBbZfl1p9UWovAKWzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/zSyEja7s6-FcC2A4cfsL-HNjtEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/f9a4be-d79c-4192-a6b3-3b988f188d91/1/yteUrGAc4lBbZfl1p9UWovAKWzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:1a:43:66:94:cb:9d:1f:7e:6b:7c:e8:1c:d7:c7:d6:d5:58:
         45:0c:c4:34:e8:24:d5:28:0b:25:35:60:a2:11:44:ee:a3:59:
         f4:69:5a:04:76:0f:49:15:e8:09:7a:61:7f:58:0b:34:55:70:
         71:33:c3:cb:12:84:67:9c:32:10:69:1f:c2:59:a5:e8:9b:95:
         e2:28:a1:90:77:a6:f3:42:f0:21:51:94:9d:28:79:1e:1e:80:
         30:6e:06:92:00:75:1c:50:1a:1b:5f:e8:9a:39:85:a5:dc:aa:
         db:8b:5a:8a:ec:81:a2:ff:64:33:41:7a:04:d2:ea:4d:16:41:
         52:82:ab:fd:0c:bd:ca:4a:4b:57:dc:84:07:81:8d:36:18:c6:
         d3:5a:fc:77:99:28:7d:49:ce:c0:d5:56:99:63:60:18:19:ec:
         fd:24:0a:c2:42:d3:f6:b3:3b:0e:59:d7:4b:16:7d:fe:d6:2a:
         cb:da:5d:0e:5d:ff:62:8c:e3:d4:86:65:2d:03:47:68:86:00:
         6d:eb:14:86:a4:8e:58:9b:8d:c7:bc:ad:3a:69:5e:d9:4c:c0:
         d3:c5:c1:70:02:1b:f8:66:47:45:be:6a:ea:f8:6b:25:5a:cf:
         9d:f4:fd:35:41:a0:34:44:c9:cc:da:05:c8:2e:ac:fa:4f:74:
         20:0a:00:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoFC69iirtteGArhAAzpaThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZDc5NGFjNjAxY2UyNTA1YjY1Zjk3NWE3ZDUxNmEyZjAw
YTViMzEwHhcNMjUxMDIxMDQzNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDJjODQ4ZGFlZWNlYmUxNWMwYjYwMzg3MWZiMGJmODczNjNiNDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPo5faAMFtLZIN9TcZW+fGFUAN6h
qDLPBwPDgCjJuf/9OvDXW32LgVBMQuJIqkMe07qAfas4pIEdXLzZYt5srgE3jcOo
4WFe10SUY6NvvJWHkuGJeW7Z2hxbNC4VKWCH9Hoz0FdQuFaGHK80vR2F3mV/Wxpx
5UcycawJxJBDnXnBzVHICV/EM9QGwmxYgMqpNPx4OGVEAoxc2XYUR0f7qEgznhCq
XiUdmmDGTXc22Mkor2OJsgCveG3+OXkxHIAIuu2fDEPK993EgiQvTH3y3EwfYwmj
h3LgXrkr8Cpa0Nm7cRxom5N76TtdZV5jKQKE3XuxxIvY3JyIsD8T2o1BUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0shI2u7OvhXAtgOHH7C/hzY7RBMB8GA1UdIwQY
MBaAFMrXlKxgHOJQW2X5dafVFqLwClsxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXRlVXJHQWM0bEJiWmZsMXA5VVdvdkFLV3pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9mOWE0YmUtZDc5Yy00MTkyLWE2YjMt
M2I5ODhmMTg4ZDkxLzEvelN5RWphN3M2LUZjQzJBNGNmc0wtSE5qdEVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9mOWE0YmUtZDc5Yy00MTkyLWE2YjMtM2I5ODhmMTg4ZDkx
LzEveXRlVXJHQWM0bEJiWmZsMXA5VVdvdkFLV3pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVpmMA0G
CSqGSIb3DQEBCwUAA4IBAQAUGkNmlMudH35rfOgc18fW1VhFDMQ06CTVKAslNWCi
EUTuo1n0aVoEdg9JFegJemF/WAs0VXBxM8PLEoRnnDIQaR/CWaXom5XiKKGQd6bz
QvAhUZSdKHkeHoAwbgaSAHUcUBobX+iaOYWl3Krbi1qK7IGi/2QzQXoE0upNFkFS
gqv9DL3KSktX3IQHgY02GMbTWvx3mSh9Sc7A1VaZY2AYGez9JArCQtP2szsOWddL
Fn3+1irL2l0OXf9ijOPUhmUtA0dohgBt6xSGpI5Ym43HvK06aV7ZTMDTxcFwAhv4
ZkdFvmrq+GslWs+d9P01QaA0RMnM2gXILqz6T3QgCgB2
-----END CERTIFICATE-----
Generated at Wed Oct 22 01:23:01 2025 by rpki-client