Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/uot90FkBP8Y3Y-x6-7brjjoB-rU.roa
File:                     uot90FkBP8Y3Y-x6-7brjjoB-rU.roa (raw, json)
Hash identifier:          0JXXSAl/uFfrD7KxeCsCoDWgeiNKlIuga4IDFWQXH2c=
Subject key identifier:   BA:8B:7D:D0:59:01:3F:C6:37:63:EC:7A:FB:B6:EB:8E:3A:01:FA:B5
Certificate issuer:       /CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
Certificate serial:       0194258E449DFDCA0F54BF4AB272D8481990
Authority key identifier: 39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/uot90FkBP8Y3Y-x6-7brjjoB-rU.roa
Signing time:             Thu 02 Jan 2025 05:47:48 +0000
ROA not before:           Thu 02 Jan 2025 05:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34996
IP address blocks:        90.158.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:44:9d:fd:ca:0f:54:bf:4a:b2:72:d8:48:19:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
        Validity
            Not Before: Jan  2 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba8b7dd059013fc63763ec7afbb6eb8e3a01fab5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2d:7d:e8:3e:97:9f:33:dd:0b:c8:0c:a1:0f:
                    af:6c:51:af:f7:7e:71:cb:24:35:8e:5c:5f:ee:35:
                    69:0a:9f:87:25:b1:0a:e2:38:3e:67:fa:93:de:81:
                    5b:50:7b:11:cb:88:f9:15:c8:d5:88:04:90:44:db:
                    85:32:e9:e5:27:be:06:f4:1f:47:17:6d:f3:e6:99:
                    8a:0a:6c:0c:3d:6f:ef:80:da:88:62:47:b0:86:2e:
                    8b:fd:67:33:fc:2c:66:d1:5f:f7:1e:11:cc:86:01:
                    31:ae:97:dd:08:67:c1:aa:18:0b:b7:15:83:47:b5:
                    57:c0:93:6b:17:bf:f8:44:31:e5:ae:29:40:bf:40:
                    34:94:57:f7:38:54:3f:33:cd:9f:57:f5:48:04:33:
                    89:53:62:94:24:cc:f6:33:be:13:0d:13:68:41:3a:
                    bc:b3:5c:35:db:a7:bf:51:87:94:3a:71:16:c3:17:
                    c3:6f:91:c9:ed:07:f9:b6:7d:43:1a:d0:ea:36:41:
                    e2:c5:b1:40:7b:35:01:8b:74:12:8c:70:70:1d:89:
                    d1:84:0b:63:37:72:75:9f:e0:eb:8f:d0:23:a8:aa:
                    0f:18:54:24:d7:0c:f0:4a:23:5f:11:91:6a:34:37:
                    c5:3d:2a:29:dc:21:d7:d9:7e:68:7e:fd:f3:86:e9:
                    9e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:8B:7D:D0:59:01:3F:C6:37:63:EC:7A:FB:B6:EB:8E:3A:01:FA:B5
            X509v3 Authority Key Identifier:
                keyid:39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/uot90FkBP8Y3Y-x6-7brjjoB-rU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.158.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:de:cf:65:74:8e:1d:eb:16:bb:ba:91:21:39:98:ed:89:5e:
         3f:c9:34:8d:a7:3e:ed:57:f9:a3:86:60:e6:e5:ae:a7:90:96:
         8d:89:2c:9a:d7:e3:b5:20:30:6c:e2:28:dc:f3:49:cc:67:77:
         7f:4a:71:79:e8:cc:97:b8:7c:14:25:2b:47:d8:38:ca:a3:29:
         f4:b3:d2:75:67:1c:86:26:9b:dd:d7:ff:b1:c4:c0:ee:cb:ac:
         4b:46:e6:4c:ba:2f:dc:ee:01:92:bb:51:4c:52:9e:a7:66:43:
         f9:a7:de:d5:44:58:da:3d:f9:09:3d:cd:e9:ca:63:e8:86:7b:
         9c:b6:7f:01:97:5d:a2:1d:30:2a:49:eb:bc:b5:53:0d:c8:3d:
         e1:a3:a5:ad:14:3a:ef:bd:82:15:9a:24:dd:4e:4c:7e:fa:bc:
         e4:bf:77:5f:c5:38:c4:22:7e:c8:4e:a6:2b:67:7d:15:b5:91:
         7d:fc:e0:a6:79:97:4d:da:ba:eb:af:91:75:b6:9c:6a:33:62:
         c2:c0:c9:10:da:cb:5b:10:17:af:ea:8b:a5:03:a5:d0:8c:86:
         bf:7d:5d:d1:de:dc:3c:da:90:0d:49:9b:78:65:ec:7e:8d:d5:
         6c:93:62:77:0c:cc:38:b6:87:18:30:27:5c:3d:69:ef:0d:94:
         c1:34:a7:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljkSd/coPVL9KsnLYSBmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MTlmMmFkOTE1ODRiYWZmMDQ2NzQ0N2JhYzhmYjk3OGQx
ZjlkZDMwHhcNMjUwMTAyMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYThiN2RkMDU5MDEzZmM2Mzc2M2VjN2FmYmI2ZWI4ZTNhMDFmYWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyS196D6XnzPdC8gMoQ+vbFGv935x
yyQ1jlxf7jVpCp+HJbEK4jg+Z/qT3oFbUHsRy4j5FcjViASQRNuFMunlJ74G9B9H
F23z5pmKCmwMPW/vgNqIYkewhi6L/Wcz/Cxm0V/3HhHMhgExrpfdCGfBqhgLtxWD
R7VXwJNrF7/4RDHlrilAv0A0lFf3OFQ/M82fV/VIBDOJU2KUJMz2M74TDRNoQTq8
s1w126e/UYeUOnEWwxfDb5HJ7Qf5tn1DGtDqNkHixbFAezUBi3QSjHBwHYnRhAtj
N3J1n+Drj9AjqKoPGFQk1wzwSiNfEZFqNDfFPSop3CHX2X5ofv3zhumeYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqLfdBZAT/GN2Psevu26446Afq1MB8GA1UdIwQY
MBaAFDkZ8q2RWEuv8EZ0R7rI+5eNH53TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUt
MzJhYTY3MzFjMjkxLzEvdW90OTBGa0JQOFkzWS14Ni03YnJqam9CLXJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUtMzJhYTY3MzFjMjkx
LzEvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWp76MA0G
CSqGSIb3DQEBCwUAA4IBAQB/3s9ldI4d6xa7upEhOZjtiV4/yTSNpz7tV/mjhmDm
5a6nkJaNiSya1+O1IDBs4ijc80nMZ3d/SnF56MyXuHwUJStH2DjKoyn0s9J1ZxyG
Jpvd1/+xxMDuy6xLRuZMui/c7gGSu1FMUp6nZkP5p97VRFjaPfkJPc3pymPohnuc
tn8Bl12iHTAqSeu8tVMNyD3ho6WtFDrvvYIVmiTdTkx++rzkv3dfxTjEIn7ITqYr
Z30VtZF9/OCmeZdN2rrrr5F1tpxqM2LCwMkQ2stbEBev6oulA6XQjIa/fV3R3tw8
2pANSZt4Zex+jdVsk2J3DMw4tocYMCdcPWnvDZTBNKd5
-----END CERTIFICATE-----