Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/90MmzVO4MvLdyb-AJQYr53vSOsE.roa
File:                     90MmzVO4MvLdyb-AJQYr53vSOsE.roa (raw, json)
Hash identifier:          5J/pNqbP4sJI9fRD38vzW+V+FYiLCJKVNSYkNzbkDm4=
Subject key identifier:   F7:43:26:CD:53:B8:32:F2:DD:C9:BF:80:25:06:2B:E7:7B:D2:3A:C1
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       0194228DE29AD9561157F25F4E10872E4AC2
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/90MmzVO4MvLdyb-AJQYr53vSOsE.roa
Signing time:             Wed 01 Jan 2025 15:48:31 +0000
ROA not before:           Wed 01 Jan 2025 15:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212749
IP address blocks:        185.86.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e2:9a:d9:56:11:57:f2:5f:4e:10:87:2e:4a:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Jan  1 15:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f74326cd53b832f2ddc9bf8025062be77bd23ac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c6:04:d0:20:c5:36:90:8d:60:08:86:cb:b9:
                    67:f7:25:e3:44:0c:75:c5:34:b2:b6:9f:1e:82:57:
                    cb:fd:d9:23:22:3d:07:c9:80:e7:88:cf:aa:cb:13:
                    29:37:3d:68:57:26:e1:8a:0f:9a:4f:9f:ba:4b:5f:
                    d1:88:3b:db:ec:a8:a0:87:18:c1:b4:fa:3e:8b:63:
                    e7:2a:8d:d2:c4:ce:17:50:c0:8f:96:42:25:f6:35:
                    42:eb:8a:0f:7d:30:99:2c:05:a9:f1:eb:b1:b3:d9:
                    3f:93:22:d8:4d:09:93:fc:9b:f3:1a:b0:1d:01:53:
                    1e:32:8f:14:eb:5c:07:68:f5:a6:06:fa:e9:1d:90:
                    ee:a5:25:7e:53:21:3b:bd:63:66:33:44:45:b7:84:
                    b5:18:f6:18:78:41:ee:e2:56:7a:71:98:35:1e:74:
                    bc:18:6e:c9:bd:77:ed:ec:8b:a7:4a:cc:2d:79:bf:
                    ab:87:5f:8d:2f:95:8e:02:17:ac:09:1a:ff:c4:35:
                    b0:14:b6:7d:04:39:a8:da:52:23:d1:6e:7e:27:35:
                    2c:f5:c8:e4:f6:d0:02:5f:86:29:3c:4a:de:c2:09:
                    76:92:fe:7b:60:d8:e9:98:53:44:92:ff:7e:de:8a:
                    46:ed:d7:b0:fa:fb:9e:b6:7c:e4:3a:74:71:58:91:
                    a6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:43:26:CD:53:B8:32:F2:DD:C9:BF:80:25:06:2B:E7:7B:D2:3A:C1
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/90MmzVO4MvLdyb-AJQYr53vSOsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:d6:31:98:10:1a:76:6c:2e:0b:8f:18:73:c2:cf:2d:7c:ca:
         b7:65:d6:85:89:7d:4f:ef:6a:8f:f8:96:b7:12:03:02:ce:44:
         f6:b8:2e:f3:45:d3:2f:18:21:15:93:38:36:27:60:6e:11:37:
         6f:33:35:70:42:fa:11:4c:8f:5e:73:47:db:8e:92:7d:ca:e0:
         ad:d5:70:fe:9a:59:0f:04:1b:3b:dd:3b:76:9b:08:7d:90:86:
         a3:65:c4:52:1e:e7:29:20:70:39:0e:a0:bd:0d:0d:c4:a3:de:
         7f:b0:8f:d0:90:20:2c:78:50:a0:07:0e:dc:f0:01:f8:b5:68:
         79:f8:6f:fa:06:28:8f:bb:65:c7:97:55:57:08:c8:20:94:e9:
         9b:e7:e8:b6:57:fe:c6:4b:b9:6a:03:97:92:4a:1d:e4:59:51:
         dc:ba:27:6f:91:80:d4:5b:60:f2:66:92:3c:bc:70:e4:60:44:
         eb:e5:bd:51:6b:e7:5c:59:e8:0c:92:5a:fc:26:29:9d:18:b4:
         e0:6e:67:42:5c:3b:58:d9:ff:4c:b7:e1:21:bc:35:0e:9e:79:
         e1:ca:da:59:1e:57:3c:75:3b:49:68:29:18:d3:4c:ed:e3:c4:
         64:ca:3c:7d:f6:14:3b:bb:ae:7c:50:00:75:fd:78:a7:b6:43:
         f8:4a:13:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijeKa2VYRV/JfThCHLkrCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjUwMTAxMTU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzQzMjZjZDUzYjgzMmYyZGRjOWJmODAyNTA2MmJlNzdiZDIzYWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8YE0CDFNpCNYAiGy7ln9yXjRAx1
xTSytp8eglfL/dkjIj0HyYDniM+qyxMpNz1oVybhig+aT5+6S1/RiDvb7KighxjB
tPo+i2PnKo3SxM4XUMCPlkIl9jVC64oPfTCZLAWp8euxs9k/kyLYTQmT/JvzGrAd
AVMeMo8U61wHaPWmBvrpHZDupSV+UyE7vWNmM0RFt4S1GPYYeEHu4lZ6cZg1HnS8
GG7JvXft7IunSswteb+rh1+NL5WOAhesCRr/xDWwFLZ9BDmo2lIj0W5+JzUs9cjk
9tACX4YpPErewgl2kv57YNjpmFNEkv9+3opG7dew+vuetnzkOnRxWJGmoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdDJs1TuDLy3cm/gCUGK+d70jrBMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvOTBNbXpWTzRNdkxkeWItQUpRWXI1M3ZTT3NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVbCMA0G
CSqGSIb3DQEBCwUAA4IBAQCc1jGYEBp2bC4Ljxhzws8tfMq3ZdaFiX1P72qP+Ja3
EgMCzkT2uC7zRdMvGCEVkzg2J2BuETdvMzVwQvoRTI9ec0fbjpJ9yuCt1XD+mlkP
BBs73Tt2mwh9kIajZcRSHucpIHA5DqC9DQ3Eo95/sI/QkCAseFCgBw7c8AH4tWh5
+G/6BiiPu2XHl1VXCMgglOmb5+i2V/7GS7lqA5eSSh3kWVHcuidvkYDUW2DyZpI8
vHDkYETr5b1Ra+dcWegMklr8JimdGLTgbmdCXDtY2f9Mt+EhvDUOnnnhytpZHlc8
dTtJaCkY00zt48Rkyjx99hQ7u658UAB1/XintkP4ShNt
-----END CERTIFICATE-----