Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/C-bdkM4lL8tTpeZXpiv45nhPUuM.roa
File:                     C-bdkM4lL8tTpeZXpiv45nhPUuM.roa (raw, json)
Hash identifier:          dO9wg4oa3fmXkWxOi24v6xA9xh5CDmqHbzYIcdtWFXo=
Subject key identifier:   0B:E6:DD:90:CE:25:2F:CB:53:A5:E6:57:A6:2B:F8:E6:78:4F:52:E3
Certificate issuer:       /CN=30aff75209684a354669061d23da29f8ea2f1d5e
Certificate serial:       019424B298227767004B43DA9813A3C7237E
Authority key identifier: 30:AF:F7:52:09:68:4A:35:46:69:06:1D:23:DA:29:F8:EA:2F:1D:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MK_3UgloSjVGaQYdI9op-OovHV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/C-bdkM4lL8tTpeZXpiv45nhPUuM.roa
Signing time:             Thu 02 Jan 2025 01:47:51 +0000
ROA not before:           Thu 02 Jan 2025 01:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207185
IP address blocks:        185.90.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/MK_3UgloSjVGaQYdI9op-OovHV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/MK_3UgloSjVGaQYdI9op-OovHV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MK_3UgloSjVGaQYdI9op-OovHV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:98:22:77:67:00:4b:43:da:98:13:a3:c7:23:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30aff75209684a354669061d23da29f8ea2f1d5e
        Validity
            Not Before: Jan  2 01:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0be6dd90ce252fcb53a5e657a62bf8e6784f52e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d7:bd:83:40:ad:47:70:f5:a8:ed:20:77:10:
                    a3:0a:a2:d6:01:2a:f2:fa:3a:a7:4e:6f:c1:28:12:
                    be:73:58:16:24:4e:40:8f:1b:f0:8a:0a:81:f1:6b:
                    8a:40:e2:4a:17:24:94:7f:fe:19:12:05:37:b9:0a:
                    cf:a1:c5:40:6e:31:43:b5:df:a1:40:bf:f3:00:d3:
                    e2:6f:fa:fe:7c:53:52:15:19:64:b0:54:03:61:92:
                    90:d8:c2:10:a6:b7:a3:cb:78:dd:c3:aa:c6:75:f9:
                    6b:66:ba:76:37:27:89:cc:b1:f7:4a:a6:19:83:79:
                    46:3d:f0:21:59:c9:b1:e9:7b:6c:4a:ad:b4:1a:17:
                    98:a9:28:4d:da:5d:14:1e:22:48:e2:0f:c3:99:6a:
                    23:a1:4c:88:41:20:9a:e2:13:ca:61:bc:87:a9:4a:
                    18:fc:1c:ee:2a:47:c2:25:36:9b:ff:24:71:89:1b:
                    d0:9d:56:dd:5c:79:cc:59:3b:9f:2e:58:3c:64:c0:
                    21:4a:3d:31:02:98:c5:6e:d9:ce:ad:89:59:9c:dd:
                    b0:6c:ee:42:b3:d8:74:f0:4e:cd:5e:8c:b1:d6:ec:
                    fc:fe:cb:45:eb:8a:d4:eb:9a:0c:a5:20:bc:81:0e:
                    ea:c5:93:9d:06:c8:04:6d:0a:3f:ec:f9:d0:c0:f3:
                    c3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E6:DD:90:CE:25:2F:CB:53:A5:E6:57:A6:2B:F8:E6:78:4F:52:E3
            X509v3 Authority Key Identifier:
                keyid:30:AF:F7:52:09:68:4A:35:46:69:06:1D:23:DA:29:F8:EA:2F:1D:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MK_3UgloSjVGaQYdI9op-OovHV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/C-bdkM4lL8tTpeZXpiv45nhPUuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/MK_3UgloSjVGaQYdI9op-OovHV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:a3:59:1c:2c:b1:cf:61:4e:2d:90:30:4f:e9:ae:da:03:2f:
         9d:43:a5:ec:15:f3:ed:72:36:d9:3d:1b:da:6e:b1:ce:b0:f7:
         be:45:5d:e9:10:97:c4:7e:39:ca:4b:da:7a:8b:e0:62:e2:bd:
         ba:33:f2:ce:c9:12:33:b1:cb:f1:33:e5:e8:80:00:3b:57:64:
         7b:96:0e:b7:cc:77:a8:16:0b:d6:97:ae:2b:6f:48:4c:a1:16:
         d2:7e:c3:68:28:ad:a5:94:35:0b:ee:b2:74:f9:85:0a:ad:bf:
         31:21:95:c5:6a:cc:ec:0b:06:6c:b9:21:69:f5:c0:80:8d:e1:
         ca:3d:10:31:a1:07:93:58:2f:f0:65:70:dd:34:c9:9b:0f:d7:
         3c:1c:e8:92:f6:71:f9:67:62:2d:8a:d7:23:54:fa:bc:e4:56:
         7d:fd:f5:a1:10:56:6f:93:ec:87:c2:85:21:b2:c1:8e:2c:bc:
         a9:22:43:eb:1d:6c:fb:7b:99:20:58:11:3c:3c:9c:83:da:55:
         69:89:07:d1:4a:4f:02:a3:03:cf:99:17:e2:af:4d:5d:d3:0d:
         c0:08:06:ca:ee:c5:38:e3:4b:70:1d:ae:28:8f:42:6c:2c:b3:
         e6:21:d9:3b:ff:2a:56:3b:cd:34:a3:c8:b6:58:9c:d3:55:49:
         e3:18:3a:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkspgid2cAS0PamBOjxyN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYWZmNzUyMDk2ODRhMzU0NjY5MDYxZDIzZGEyOWY4ZWEy
ZjFkNWUwHhcNMjUwMTAyMDE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmU2ZGQ5MGNlMjUyZmNiNTNhNWU2NTdhNjJiZjhlNjc4NGY1MmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAude9g0CtR3D1qO0gdxCjCqLWASry
+jqnTm/BKBK+c1gWJE5AjxvwigqB8WuKQOJKFySUf/4ZEgU3uQrPocVAbjFDtd+h
QL/zANPib/r+fFNSFRlksFQDYZKQ2MIQprejy3jdw6rGdflrZrp2NyeJzLH3SqYZ
g3lGPfAhWcmx6XtsSq20GheYqShN2l0UHiJI4g/DmWojoUyIQSCa4hPKYbyHqUoY
/BzuKkfCJTab/yRxiRvQnVbdXHnMWTufLlg8ZMAhSj0xApjFbtnOrYlZnN2wbO5C
s9h08E7NXoyx1uz8/stF64rU65oMpSC8gQ7qxZOdBsgEbQo/7PnQwPPDxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvm3ZDOJS/LU6XmV6Yr+OZ4T1LjMB8GA1UdIwQY
MBaAFDCv91IJaEo1RmkGHSPaKfjqLx1eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUtfM1VnbG9TalZHYVFZZEk5b3AtT292SFY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84NDRhMjUtYThkZi00NTYxLWIzZTct
OTc4NWEzMzU1NDJhLzEvQy1iZGtNNGxMOHRUcGVaWHBpdjQ1bmhQVXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84NDRhMjUtYThkZi00NTYxLWIzZTctOTc4NWEzMzU1NDJh
LzEvTUtfM1VnbG9TalZHYVFZZEk5b3AtT292SFY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVrQMA0G
CSqGSIb3DQEBCwUAA4IBAQAEo1kcLLHPYU4tkDBP6a7aAy+dQ6XsFfPtcjbZPRva
brHOsPe+RV3pEJfEfjnKS9p6i+Bi4r26M/LOyRIzscvxM+XogAA7V2R7lg63zHeo
FgvWl64rb0hMoRbSfsNoKK2llDUL7rJ0+YUKrb8xIZXFaszsCwZsuSFp9cCAjeHK
PRAxoQeTWC/wZXDdNMmbD9c8HOiS9nH5Z2ItitcjVPq85FZ9/fWhEFZvk+yHwoUh
ssGOLLypIkPrHWz7e5kgWBE8PJyD2lVpiQfRSk8CowPPmRfir01d0w3ACAbK7sU4
40twHa4oj0JsLLPmIdk7/ypWO800o8i2WJzTVUnjGDoZ
-----END CERTIFICATE-----