Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/Jan-36Lo7cls_qlYXAYwCHL-IM0.roa
File:                     Jan-36Lo7cls_qlYXAYwCHL-IM0.roa (raw, json)
Hash identifier:          9QKHqIJMi/8WyyfdqnXT2xQCCgDbraKMeYqVzfnxL6A=
Subject key identifier:   25:A9:FE:DF:A2:E8:ED:C9:6C:FE:A9:58:5C:06:30:08:72:FE:20:CD
Certificate issuer:       /CN=14fb7c3336acd4189d3fac639a280d9b0020f298
Certificate serial:       019426D9B4A0E4D0208AA1F2899CF0D02E83
Authority key identifier: 14:FB:7C:33:36:AC:D4:18:9D:3F:AC:63:9A:28:0D:9B:00:20:F2:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FPt8Mzas1BidP6xjmigNmwAg8pg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/Jan-36Lo7cls_qlYXAYwCHL-IM0.roa
Signing time:             Thu 02 Jan 2025 11:49:49 +0000
ROA not before:           Thu 02 Jan 2025 11:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.90.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/FPt8Mzas1BidP6xjmigNmwAg8pg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/FPt8Mzas1BidP6xjmigNmwAg8pg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FPt8Mzas1BidP6xjmigNmwAg8pg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:b4:a0:e4:d0:20:8a:a1:f2:89:9c:f0:d0:2e:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14fb7c3336acd4189d3fac639a280d9b0020f298
        Validity
            Not Before: Jan  2 11:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25a9fedfa2e8edc96cfea9585c06300872fe20cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4b:9f:09:29:b7:d0:17:e9:02:ee:65:26:bc:
                    1d:ec:c7:d5:89:57:54:8f:b5:46:26:7b:bb:95:dd:
                    37:11:20:03:72:d0:bc:f6:e5:50:a1:1c:03:d6:e2:
                    e4:23:ad:30:47:90:29:88:d3:01:ee:81:95:1e:b5:
                    6c:ae:92:93:22:00:72:33:11:02:ef:b7:0c:f4:08:
                    5f:02:71:89:90:91:11:cf:0b:15:ac:09:f6:7b:f7:
                    39:09:6c:d2:62:6f:0e:88:f2:7d:86:4b:04:19:d8:
                    e6:3a:fc:c4:36:25:3a:e0:d0:fb:25:8d:fd:53:39:
                    96:08:b0:39:54:9b:d5:db:8a:d8:13:09:d0:a6:81:
                    90:c4:f5:37:38:2c:37:84:51:b3:88:31:d8:e6:d2:
                    e4:46:a4:bd:51:50:d1:98:e0:bd:a4:8b:ee:bb:33:
                    82:b5:d4:0b:70:89:5b:9d:8b:95:d1:71:40:26:33:
                    5b:3c:5e:40:cd:3a:d1:86:21:63:5f:aa:b9:27:4b:
                    ee:3b:82:91:79:1a:36:2b:b3:69:a0:2e:16:f0:94:
                    36:fa:65:39:e8:97:a3:4b:6b:63:8b:8a:fe:83:f4:
                    ae:8f:bf:32:c2:f9:f0:28:8b:a4:00:93:e9:29:2d:
                    87:ae:d2:95:27:74:cc:08:bf:95:cc:c4:e0:dd:92:
                    11:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A9:FE:DF:A2:E8:ED:C9:6C:FE:A9:58:5C:06:30:08:72:FE:20:CD
            X509v3 Authority Key Identifier:
                keyid:14:FB:7C:33:36:AC:D4:18:9D:3F:AC:63:9A:28:0D:9B:00:20:F2:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FPt8Mzas1BidP6xjmigNmwAg8pg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/Jan-36Lo7cls_qlYXAYwCHL-IM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/FPt8Mzas1BidP6xjmigNmwAg8pg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:45:8d:30:11:fd:24:81:6e:5d:49:47:03:33:4c:d4:de:45:
         c6:af:72:25:f0:88:bb:dc:7a:f5:c4:fd:74:98:27:dd:3c:f4:
         e9:28:6e:07:fc:8c:61:ff:34:3c:3d:22:5b:a3:56:69:ac:66:
         28:92:3d:19:d5:b2:eb:9c:76:f5:33:76:50:0d:4b:bd:7a:a6:
         21:d4:84:b6:9a:f4:4f:b0:fe:48:06:51:f6:96:6c:c9:17:7c:
         4a:3d:bc:9a:63:ff:ff:88:39:7c:2d:45:ae:1b:e2:7e:9d:11:
         9d:39:17:30:de:62:c1:55:80:c1:dd:54:d5:78:fa:09:43:50:
         82:4d:13:91:81:70:d2:e9:f8:ff:0d:7e:0e:6a:f7:5d:67:a3:
         81:98:c7:2d:19:22:b1:ed:a9:5c:82:68:d4:16:24:46:21:f1:
         ca:63:af:b6:30:1c:aa:60:01:3f:89:92:3b:6c:6b:3f:b9:1e:
         2f:59:96:dc:78:d3:2f:b4:fe:6f:b6:dc:5c:ae:07:1b:f3:eb:
         19:55:35:f8:33:4a:22:a2:55:03:07:59:dc:50:60:d1:ee:3c:
         a7:0f:30:97:dd:90:bb:1f:75:cd:76:c6:51:d1:02:fa:47:e7:
         93:f2:99:08:f8:0d:2d:58:d0:61:72:df:64:37:6f:4e:0e:e4:
         b3:4b:75:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2bSg5NAgiqHyiZzw0C6DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0ZmI3YzMzMzZhY2Q0MTg5ZDNmYWM2MzlhMjgwZDliMDAy
MGYyOTgwHhcNMjUwMTAyMTE0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWE5ZmVkZmEyZThlZGM5NmNmZWE5NTg1YzA2MzAwODcyZmUyMGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEufCSm30BfpAu5lJrwd7MfViVdU
j7VGJnu7ld03ESADctC89uVQoRwD1uLkI60wR5ApiNMB7oGVHrVsrpKTIgByMxEC
77cM9AhfAnGJkJERzwsVrAn2e/c5CWzSYm8OiPJ9hksEGdjmOvzENiU64ND7JY39
UzmWCLA5VJvV24rYEwnQpoGQxPU3OCw3hFGziDHY5tLkRqS9UVDRmOC9pIvuuzOC
tdQLcIlbnYuV0XFAJjNbPF5AzTrRhiFjX6q5J0vuO4KReRo2K7NpoC4W8JQ2+mU5
6JejS2tji4r+g/Suj78ywvnwKIukAJPpKS2HrtKVJ3TMCL+VzMTg3ZIR1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWp/t+i6O3JbP6pWFwGMAhy/iDNMB8GA1UdIwQY
MBaAFBT7fDM2rNQYnT+sY5ooDZsAIPKYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlB0OE16YXMxQmlkUDZ4am1pZ05td0FnOHBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NGRmOGUtNGIwNC00MjIzLTg0Njct
OTkzOWRmMWQwZDA5LzEvSmFuLTM2TG83Y2xzX3FsWVhBWXdDSEwtSU0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NGRmOGUtNGIwNC00MjIzLTg0NjctOTkzOWRmMWQwZDA5
LzEvRlB0OE16YXMxQmlkUDZ4am1pZ05td0FnOHBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVp3MA0G
CSqGSIb3DQEBCwUAA4IBAQALRY0wEf0kgW5dSUcDM0zU3kXGr3Il8Ii73Hr1xP10
mCfdPPTpKG4H/Ixh/zQ8PSJbo1ZprGYokj0Z1bLrnHb1M3ZQDUu9eqYh1IS2mvRP
sP5IBlH2lmzJF3xKPbyaY///iDl8LUWuG+J+nRGdORcw3mLBVYDB3VTVePoJQ1CC
TRORgXDS6fj/DX4OavddZ6OBmMctGSKx7alcgmjUFiRGIfHKY6+2MByqYAE/iZI7
bGs/uR4vWZbceNMvtP5vttxcrgcb8+sZVTX4M0oiolUDB1ncUGDR7jynDzCX3ZC7
H3XNdsZR0QL6R+eT8pkI+A0tWNBhct9kN29ODuSzS3Ur
-----END CERTIFICATE-----