Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/kBW1Ug-QmbDscYe4Elzdm_TAFdE.roa
File:                     kBW1Ug-QmbDscYe4Elzdm_TAFdE.roa (raw, json)
Hash identifier:          Ax6DXNnR+gfJ48aQ8B/JVWqA4Do+NYDikc/jseozXG0=
Subject key identifier:   90:15:B5:52:0F:90:99:B0:EC:71:87:B8:12:5C:DD:9B:F4:C0:15:D1
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019422201565EBB3E323A0155296CBC703AC
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/kBW1Ug-QmbDscYe4Elzdm_TAFdE.roa
Signing time:             Wed 01 Jan 2025 13:48:35 +0000
ROA not before:           Wed 01 Jan 2025 13:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214194
IP address blocks:        77.90.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:15:65:eb:b3:e3:23:a0:15:52:96:cb:c7:03:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 13:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9015b5520f9099b0ec7187b8125cdd9bf4c015d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e6:be:f8:d7:88:d4:f7:28:9b:72:d9:ec:40:
                    2c:ef:f3:8e:d3:91:50:9d:b4:e8:f5:55:fe:9b:90:
                    17:c2:a5:aa:69:3a:be:00:5c:b9:c3:c0:50:93:dc:
                    cb:bf:18:d3:94:0c:aa:d8:44:e4:91:89:ac:58:4d:
                    87:0f:7e:84:7a:db:78:cb:40:d0:b4:7c:c0:87:ce:
                    7d:ec:c8:71:b9:c1:8d:77:7a:fb:b7:39:fb:85:60:
                    88:42:9c:61:4a:e0:77:ae:1b:c3:44:88:cd:57:a9:
                    5a:82:d4:b1:b5:b4:8f:26:4a:83:fc:1b:22:15:64:
                    89:64:4c:9c:5a:94:7f:bf:13:75:81:7f:9a:7b:a9:
                    af:d3:4e:8a:8a:06:81:ac:da:dc:01:85:85:c1:09:
                    c9:a1:ff:e8:84:0f:b8:d0:f5:30:57:df:1a:35:b5:
                    80:2c:00:35:a4:a0:a9:b3:26:3d:9f:ed:46:9a:39:
                    65:7f:bb:c0:91:eb:f5:f7:ac:d9:a0:df:76:b8:9e:
                    9d:d5:2f:0e:7b:1a:3b:de:08:19:b1:f4:c1:4a:be:
                    80:34:ab:0e:15:3f:53:6e:4b:26:e2:dd:f1:40:11:
                    e0:99:43:37:64:66:4d:8c:c0:a3:08:1b:fd:48:62:
                    a1:e0:48:22:2f:cf:3d:38:df:34:de:36:95:e2:7e:
                    37:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:15:B5:52:0F:90:99:B0:EC:71:87:B8:12:5C:DD:9B:F4:C0:15:D1
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/kBW1Ug-QmbDscYe4Elzdm_TAFdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:02:fd:2c:5d:42:49:2f:b2:63:06:a3:c0:32:a4:b2:f4:51:
         10:fc:8e:e7:4c:bc:5b:4e:0b:3d:74:73:ea:a7:41:81:f4:de:
         6f:31:1f:3c:bb:f5:eb:ae:68:66:11:7a:37:f8:86:14:61:88:
         4a:86:e3:c4:1e:fc:c8:25:4d:45:fa:a0:f2:36:0c:d2:b7:58:
         a4:de:c3:46:11:f5:dd:64:1b:9e:c5:8a:e9:17:1e:aa:10:be:
         b6:cc:5b:db:b8:a1:3b:3f:fb:d2:99:38:43:f3:94:23:f8:ac:
         5e:46:07:d1:c1:cf:b5:24:72:89:7e:88:0b:b0:59:9c:72:3d:
         b0:68:f3:19:fa:9e:11:64:a3:43:4a:ba:22:76:49:88:89:44:
         ca:c0:10:ae:2f:42:5f:01:a0:4f:35:ee:72:f2:c4:5f:49:3b:
         56:1c:33:88:bf:a7:fa:8c:aa:59:d0:15:40:98:ba:60:fc:20:
         02:ac:28:b4:de:6b:92:17:6c:9d:65:38:a3:f4:64:c1:3f:de:
         99:35:c8:85:53:fc:03:dc:68:47:0e:eb:8b:a0:18:f8:2c:55:
         42:7b:25:c8:b6:95:eb:b3:b1:6d:3d:0c:f4:73:9b:3b:f3:09:
         9b:ab:a0:16:bc:c3:dd:0c:82:0e:65:d1:67:46:4c:08:59:02:
         1c:d5:22:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBVl67PjI6AVUpbLxwOsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwMTAxMTM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDE1YjU1MjBmOTA5OWIwZWM3MTg3YjgxMjVjZGQ5YmY0YzAxNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuea++NeI1Pcom3LZ7EAs7/OO05FQ
nbTo9VX+m5AXwqWqaTq+AFy5w8BQk9zLvxjTlAyq2ETkkYmsWE2HD36Eett4y0DQ
tHzAh8597MhxucGNd3r7tzn7hWCIQpxhSuB3rhvDRIjNV6lagtSxtbSPJkqD/Bsi
FWSJZEycWpR/vxN1gX+ae6mv006KigaBrNrcAYWFwQnJof/ohA+40PUwV98aNbWA
LAA1pKCpsyY9n+1Gmjllf7vAkev196zZoN92uJ6d1S8Oexo73ggZsfTBSr6ANKsO
FT9Tbksm4t3xQBHgmUM3ZGZNjMCjCBv9SGKh4EgiL889ON803jaV4n43uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAVtVIPkJmw7HGHuBJc3Zv0wBXRMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEva0JXMVVnLVFtYkRzY1llNEVsemRtX1RBRmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVokMA0G
CSqGSIb3DQEBCwUAA4IBAQAsAv0sXUJJL7JjBqPAMqSy9FEQ/I7nTLxbTgs9dHPq
p0GB9N5vMR88u/XrrmhmEXo3+IYUYYhKhuPEHvzIJU1F+qDyNgzSt1ik3sNGEfXd
ZBuexYrpFx6qEL62zFvbuKE7P/vSmThD85Qj+KxeRgfRwc+1JHKJfogLsFmccj2w
aPMZ+p4RZKNDSroidkmIiUTKwBCuL0JfAaBPNe5y8sRfSTtWHDOIv6f6jKpZ0BVA
mLpg/CACrCi03muSF2ydZTij9GTBP96ZNciFU/wD3GhHDuuLoBj4LFVCeyXItpXr
s7FtPQz0c5s78wmbq6AWvMPdDIIOZdFnRkwIWQIc1SI0
-----END CERTIFICATE-----