Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/bv4tcwtbryxLyYhV6XTH39AB-vY.roa
File:                     bv4tcwtbryxLyYhV6XTH39AB-vY.roa (raw, json)
Hash identifier:          Xi6BhRdiZvjQrRH2s9UR2MhITflZG1sNqXTRu0wxscs=
Subject key identifier:   6E:FE:2D:73:0B:5B:AF:2C:4B:C9:88:55:E9:74:C7:DF:D0:01:FA:F6
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       019425FDD7B817BB1B84B42BBB36E8C3F6C4
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/bv4tcwtbryxLyYhV6XTH39AB-vY.roa
Signing time:             Thu 02 Jan 2025 07:49:39 +0000
ROA not before:           Thu 02 Jan 2025 07:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200973
IP address blocks:        185.90.0.0/22 maxlen: 22
                          185.90.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d7:b8:17:bb:1b:84:b4:2b:bb:36:e8:c3:f6:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: Jan  2 07:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6efe2d730b5baf2c4bc98855e974c7dfd001faf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e7:91:c4:1e:47:fd:dc:26:f7:8b:7b:19:21:
                    da:7d:88:24:34:8d:2d:06:f9:ca:16:42:f1:9c:e5:
                    84:f5:b4:94:80:2b:8c:38:21:3d:9b:66:2b:9a:c6:
                    89:bb:99:2e:d9:21:4b:2f:13:cf:05:76:5e:4a:97:
                    88:33:ba:dd:e3:48:73:0a:fd:2a:fb:3d:4c:ee:23:
                    d7:92:c8:9b:fc:94:70:fd:ab:ec:83:c8:2a:51:34:
                    57:9e:1d:53:dc:93:bd:f3:d0:e2:4b:4c:eb:b6:bb:
                    c0:f5:69:9d:17:98:0d:d1:80:fb:a3:ce:a4:e9:08:
                    45:dd:44:f5:74:e5:ac:ee:77:58:44:b4:bf:2f:c3:
                    39:13:1a:5d:73:53:6f:d0:c5:11:83:ab:76:34:72:
                    b2:3e:93:8d:d6:b5:09:46:e6:36:cf:b9:e1:7f:53:
                    19:2e:93:ba:05:73:29:10:22:9c:88:b7:6c:f9:a7:
                    0e:e4:8c:d7:f6:a4:2f:f8:15:1e:37:33:ae:2e:37:
                    8f:a5:93:1a:d5:37:e6:70:c9:52:14:8c:ca:3a:f1:
                    fd:5c:69:d6:4d:ae:ea:40:a3:79:fc:8e:ec:a4:16:
                    ae:38:89:fa:97:49:2b:04:f9:eb:94:38:a6:3e:06:
                    88:5d:59:25:ad:a1:13:c2:36:9f:27:e1:f6:d6:10:
                    b5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:FE:2D:73:0B:5B:AF:2C:4B:C9:88:55:E9:74:C7:DF:D0:01:FA:F6
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/bv4tcwtbryxLyYhV6XTH39AB-vY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:0f:d4:63:0a:a0:16:a6:f5:5d:be:ce:1d:40:f9:17:f2:72:
         a0:26:fd:51:1d:5a:49:2d:74:69:92:de:f0:72:a6:ff:4f:a5:
         20:56:81:32:ad:87:a7:49:c7:f6:c3:60:ec:d5:bb:1e:9b:a7:
         4a:11:ca:08:cb:ed:b4:b1:37:08:5b:4b:db:e1:68:d1:e2:e0:
         1e:27:04:66:f8:22:aa:3a:2f:29:e6:69:f2:86:3b:81:12:b3:
         39:b0:b3:4b:8e:eb:a0:68:3e:fd:f3:50:bf:30:b6:d7:be:ab:
         e9:ae:2a:40:44:05:25:29:6e:ae:bf:27:4d:2d:c9:70:9f:5d:
         6d:53:f3:bb:c6:a4:a6:2e:c8:96:89:2d:62:e8:ff:97:4d:df:
         5f:89:2e:61:29:e2:1c:ac:3b:b8:3d:63:3e:fa:e7:41:8d:59:
         e7:91:1f:82:79:2a:6d:00:eb:48:03:07:1c:7e:86:da:40:d6:
         46:dd:4b:83:dc:c4:56:9a:df:61:72:25:d4:1f:7e:38:20:61:
         2d:18:98:76:0c:8e:a8:26:5d:52:c1:f1:81:5b:cd:c0:d6:0f:
         79:70:d4:c0:32:0a:ec:75:1b:79:71:a9:5c:b7:4b:bc:c3:fe:
         f4:ae:b6:ba:e1:a4:d8:57:bc:09:1c:a0:84:1b:86:d4:50:00:
         78:54:0c:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/de4F7sbhLQruzbow/bEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwMTAyMDc0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWZlMmQ3MzBiNWJhZjJjNGJjOTg4NTVlOTc0YzdkZmQwMDFmYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmueRxB5H/dwm94t7GSHafYgkNI0t
BvnKFkLxnOWE9bSUgCuMOCE9m2YrmsaJu5ku2SFLLxPPBXZeSpeIM7rd40hzCv0q
+z1M7iPXksib/JRw/avsg8gqUTRXnh1T3JO989DiS0zrtrvA9WmdF5gN0YD7o86k
6QhF3UT1dOWs7ndYRLS/L8M5Expdc1Nv0MURg6t2NHKyPpON1rUJRuY2z7nhf1MZ
LpO6BXMpECKciLds+acO5IzX9qQv+BUeNzOuLjePpZMa1TfmcMlSFIzKOvH9XGnW
Ta7qQKN5/I7spBauOIn6l0krBPnrlDimPgaIXVklraETwjafJ+H21hC1TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7+LXMLW68sS8mIVel0x9/QAfr2MB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvYnY0dGN3dGJyeXhMeVloVjZYVEgzOUFCLXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVoAMA0G
CSqGSIb3DQEBCwUAA4IBAQA2D9RjCqAWpvVdvs4dQPkX8nKgJv1RHVpJLXRpkt7w
cqb/T6UgVoEyrYenScf2w2Ds1bsem6dKEcoIy+20sTcIW0vb4WjR4uAeJwRm+CKq
Oi8p5mnyhjuBErM5sLNLjuugaD7981C/MLbXvqvpripARAUlKW6uvydNLclwn11t
U/O7xqSmLsiWiS1i6P+XTd9fiS5hKeIcrDu4PWM++udBjVnnkR+CeSptAOtIAwcc
fobaQNZG3UuD3MRWmt9hciXUH344IGEtGJh2DI6oJl1SwfGBW83A1g95cNTAMgrs
dRt5calct0u8w/70rra64aTYV7wJHKCEG4bUUAB4VAxf
-----END CERTIFICATE-----