Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/Wbs0VJkcKc0wPaUZr1NgrKtuldI.roa
File:                     Wbs0VJkcKc0wPaUZr1NgrKtuldI.roa (raw, json)
Hash identifier:          WCN9qi9r+Hm8rm9TUPQoS3r8Tkkj6NM9JqBneLGhwx0=
Subject key identifier:   59:BB:34:54:99:1C:29:CD:30:3D:A5:19:AF:53:60:AC:AB:6E:95:D2
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       01983E4CEBECC15A0CC703643CDD4816C60C
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/Wbs0VJkcKc0wPaUZr1NgrKtuldI.roa
Signing time:             Thu 24 Jul 2025 21:18:05 +0000
ROA not before:           Thu 24 Jul 2025 21:18:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        89.34.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 15:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3e:4c:eb:ec:c1:5a:0c:c7:03:64:3c:dd:48:16:c6:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Jul 24 21:18:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59bb3454991c29cd303da519af5360acab6e95d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9e:b4:80:fe:d3:bd:3f:f9:6a:b9:d9:07:98:
                    6a:00:04:0c:e0:70:3e:01:28:0f:79:74:2b:eb:d3:
                    0a:3c:de:5d:9f:42:d9:9b:d2:70:89:8d:fb:85:0b:
                    bb:a3:74:10:20:bf:66:d7:22:ce:dc:63:e9:27:7b:
                    e9:33:e3:71:7f:cd:45:1c:ff:c8:d4:ea:37:0e:e2:
                    16:a7:28:56:45:d5:f1:be:b3:03:39:c5:05:b1:18:
                    4e:b8:2f:dd:29:29:b7:fc:30:25:34:d7:a1:00:2a:
                    a8:49:d5:e5:1d:89:03:96:67:70:41:7f:3a:61:f1:
                    22:8d:99:69:2d:e4:e4:b9:9d:60:1e:42:90:42:57:
                    35:b5:51:ea:44:a8:9c:61:a3:c9:2b:8b:3c:0c:d8:
                    28:fd:3a:9d:7c:37:d1:9b:32:7c:8e:e0:f7:04:fe:
                    33:4e:e4:c6:80:29:23:d1:58:53:39:3d:7f:3f:91:
                    de:7c:13:e9:53:ed:1d:b9:94:25:d9:4a:48:f1:67:
                    b8:28:49:85:84:47:63:d0:25:19:c5:f3:2d:da:f9:
                    ed:b2:e4:85:0e:3f:3c:6c:6b:22:2b:fe:b2:a8:69:
                    34:fe:bd:e6:b3:cc:e0:be:62:1d:1e:93:37:01:9d:
                    d4:dd:61:e3:90:35:91:34:ce:0a:58:ce:33:67:1d:
                    74:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:BB:34:54:99:1C:29:CD:30:3D:A5:19:AF:53:60:AC:AB:6E:95:D2
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/Wbs0VJkcKc0wPaUZr1NgrKtuldI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:53:18:1e:49:55:c4:c9:fe:64:fd:f4:d9:88:a9:73:f8:9c:
         1b:18:f6:08:cd:8b:eb:df:bc:10:55:d1:5c:18:60:db:38:50:
         e7:08:4a:71:55:82:09:f4:2b:01:d8:0b:35:14:09:12:6d:76:
         6c:56:46:2a:85:75:f9:c4:2c:c6:24:b6:31:1a:f0:4f:2e:93:
         e4:11:db:20:d1:d3:1b:a3:58:5e:98:54:b8:82:49:e4:d9:0d:
         6c:46:6a:e7:b3:ea:57:58:05:8f:bb:c6:9e:98:a8:6c:ce:16:
         dc:ba:0c:76:62:36:9e:c2:3a:50:dc:e1:ae:1f:4b:33:b4:ef:
         a5:d2:c5:fa:6e:62:a5:cb:f6:76:68:0c:81:08:5d:06:54:f2:
         8c:23:fa:bd:73:84:ae:8c:38:d2:53:23:5b:de:e7:2b:56:a0:
         f9:bd:b2:b8:2f:a3:9d:b2:c0:52:57:ec:c1:cc:2f:11:75:f7:
         88:57:cf:7b:8b:eb:a5:09:74:28:8b:68:f7:b5:3b:dd:52:8a:
         a9:06:10:e7:7a:dd:58:71:21:02:85:2c:7f:50:95:4b:08:4d:
         35:ee:74:fe:21:04:80:f9:a4:34:23:cf:44:9e:10:64:d3:1b:
         1c:10:c0:e1:b2:58:b8:06:16:37:b4:06:71:3d:58:aa:87:dd:
         7d:76:09:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg+TOvswVoMxwNkPN1IFsYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjUwNzI0MjExODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWJiMzQ1NDk5MWMyOWNkMzAzZGE1MTlhZjUzNjBhY2FiNmU5NWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJ60gP7TvT/5arnZB5hqAAQM4HA+
ASgPeXQr69MKPN5dn0LZm9JwiY37hQu7o3QQIL9m1yLO3GPpJ3vpM+Nxf81FHP/I
1Oo3DuIWpyhWRdXxvrMDOcUFsRhOuC/dKSm3/DAlNNehACqoSdXlHYkDlmdwQX86
YfEijZlpLeTkuZ1gHkKQQlc1tVHqRKicYaPJK4s8DNgo/TqdfDfRmzJ8juD3BP4z
TuTGgCkj0VhTOT1/P5HefBPpU+0duZQl2UpI8We4KEmFhEdj0CUZxfMt2vntsuSF
Dj88bGsiK/6yqGk0/r3ms8zgvmIdHpM3AZ3U3WHjkDWRNM4KWM4zZx10ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFm7NFSZHCnNMD2lGa9TYKyrbpXSMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvV2JzMFZKa2NLYzB3UGFVWnIxTmdyS3R1bGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSJaMA0G
CSqGSIb3DQEBCwUAA4IBAQCTUxgeSVXEyf5k/fTZiKlz+JwbGPYIzYvr37wQVdFc
GGDbOFDnCEpxVYIJ9CsB2As1FAkSbXZsVkYqhXX5xCzGJLYxGvBPLpPkEdsg0dMb
o1hemFS4gknk2Q1sRmrns+pXWAWPu8aemKhszhbcugx2YjaewjpQ3OGuH0sztO+l
0sX6bmKly/Z2aAyBCF0GVPKMI/q9c4SujDjSUyNb3ucrVqD5vbK4L6OdssBSV+zB
zC8RdfeIV897i+ulCXQoi2j3tTvdUoqpBhDnet1YcSEChSx/UJVLCE017nT+IQSA
+aQ0I89EnhBk0xscEMDhsli4BhY3tAZxPViqh919dglZ
-----END CERTIFICATE-----