Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/jmvJtOcai0xSRp6W7XIZ5xVngd8.roa
File:                     jmvJtOcai0xSRp6W7XIZ5xVngd8.roa (raw, json)
Hash identifier:          JgYzfW89S+dSxGLKt+KgW2lDyT5++3g1wGoGMtyKroc=
Subject key identifier:   8E:6B:C9:B4:E7:1A:8B:4C:52:46:9E:96:ED:72:19:E7:15:67:81:DF
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019854AB8AE833955DB003FA6857D739BEFD
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/jmvJtOcai0xSRp6W7XIZ5xVngd8.roa
Signing time:             Tue 29 Jul 2025 05:33:05 +0000
ROA not before:           Tue 29 Jul 2025 05:33:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214941
IP address blocks:        89.43.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:54:ab:8a:e8:33:95:5d:b0:03:fa:68:57:d7:39:be:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jul 29 05:33:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e6bc9b4e71a8b4c52469e96ed7219e7156781df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c4:18:28:33:c6:67:3d:34:33:df:23:40:a0:
                    08:74:cc:ea:46:a6:7f:a4:e5:b3:2c:3c:ee:9f:0e:
                    6e:9d:e9:69:4e:b3:bc:c2:7c:81:07:e2:d7:3d:2a:
                    c9:78:25:dd:cc:10:de:05:79:0d:06:ca:3b:ab:3b:
                    84:3a:9b:b8:b8:bd:27:73:8d:5b:ab:cf:ea:45:7c:
                    67:8d:da:cf:74:2c:78:d8:dd:72:08:a8:0d:c2:cd:
                    98:af:8a:87:6b:01:e8:74:40:28:47:99:50:15:66:
                    0a:23:d9:fe:d0:77:d7:3b:5c:63:cd:98:30:3c:6f:
                    7f:70:9e:00:df:17:8e:84:cd:c8:36:3e:a6:5e:6a:
                    4a:06:66:4f:5e:07:d4:92:87:fa:e8:38:15:cf:1b:
                    e8:93:80:ab:42:49:23:8f:e0:a2:c6:e9:2a:0d:83:
                    8b:91:ef:03:ee:5c:ad:6b:7e:fb:b9:c9:dc:e9:49:
                    a9:60:73:24:f4:1d:7e:55:95:68:81:79:f4:e1:d5:
                    73:a4:63:c2:45:41:61:b9:83:0d:c8:cf:58:65:da:
                    21:01:57:2a:4f:94:18:f8:10:07:52:e2:62:94:3a:
                    10:fe:27:d5:31:cc:8f:20:98:02:b4:a2:a1:b4:a8:
                    0d:49:4e:a7:33:1b:79:bd:27:13:a5:18:e1:52:62:
                    62:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:6B:C9:B4:E7:1A:8B:4C:52:46:9E:96:ED:72:19:E7:15:67:81:DF
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/jmvJtOcai0xSRp6W7XIZ5xVngd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:12:54:32:03:ac:fd:6e:6e:65:cf:b2:3d:ee:3f:38:66:c6:
         ec:5e:2f:01:18:3d:09:22:8e:c3:c2:0d:75:90:92:79:d3:9c:
         5a:02:ab:69:96:f3:49:d4:0a:04:be:9e:ac:73:32:a2:2a:ea:
         6a:c2:3e:83:a2:9e:b9:f1:ab:ea:47:20:fa:0e:37:06:ed:b7:
         bb:b7:60:4b:b3:c4:6c:1a:b8:05:a1:71:84:a1:48:20:1e:70:
         2a:32:32:f8:65:8a:fb:1a:08:b7:7e:c2:dd:e8:dd:38:fd:8c:
         35:0f:1d:7a:e4:74:4b:bd:d1:f6:8d:47:45:5b:e3:fb:b1:b4:
         03:46:27:ed:36:02:bf:fb:3b:1d:d5:cb:d6:13:e1:8c:91:23:
         26:f0:96:17:a3:01:7f:b7:a4:bc:ec:e1:5c:9e:bd:3b:37:81:
         14:a3:05:52:2e:ef:7d:90:13:6f:be:b6:5c:82:46:a6:fb:bd:
         0d:84:5e:74:71:e7:ce:8c:aa:2d:51:f4:26:36:5b:dd:cc:dc:
         27:28:99:2d:9d:d4:10:01:97:e0:2c:39:db:8c:25:ca:1d:1c:
         11:4d:34:36:41:77:2c:da:91:15:06:cc:95:7e:66:95:31:98:
         7d:65:56:92:f3:8a:cb:b6:a5:d7:37:50:66:0d:00:48:70:bc:
         6b:7e:53:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhUq4roM5VdsAP6aFfXOb79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwNzI5MDUzMzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTZiYzliNGU3MWE4YjRjNTI0NjllOTZlZDcyMTllNzE1Njc4MWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8QYKDPGZz00M98jQKAIdMzqRqZ/
pOWzLDzunw5unelpTrO8wnyBB+LXPSrJeCXdzBDeBXkNBso7qzuEOpu4uL0nc41b
q8/qRXxnjdrPdCx42N1yCKgNws2Yr4qHawHodEAoR5lQFWYKI9n+0HfXO1xjzZgw
PG9/cJ4A3xeOhM3INj6mXmpKBmZPXgfUkof66DgVzxvok4CrQkkjj+CixukqDYOL
ke8D7lyta377ucnc6UmpYHMk9B1+VZVogXn04dVzpGPCRUFhuYMNyM9YZdohAVcq
T5QY+BAHUuJilDoQ/ifVMcyPIJgCtKKhtKgNSU6nMxt5vScTpRjhUmJiKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5rybTnGotMUkaelu1yGecVZ4HfMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvam12SnRPY2FpMHhTUnA2VzdYSVo1eFZuZ2Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSsuMA0G
CSqGSIb3DQEBCwUAA4IBAQAWElQyA6z9bm5lz7I97j84ZsbsXi8BGD0JIo7Dwg11
kJJ505xaAqtplvNJ1AoEvp6sczKiKupqwj6Dop658avqRyD6DjcG7be7t2BLs8Rs
GrgFoXGEoUggHnAqMjL4ZYr7Ggi3fsLd6N04/Yw1Dx165HRLvdH2jUdFW+P7sbQD
RiftNgK/+zsd1cvWE+GMkSMm8JYXowF/t6S87OFcnr07N4EUowVSLu99kBNvvrZc
gkam+70NhF50cefOjKotUfQmNlvdzNwnKJktndQQAZfgLDnbjCXKHRwRTTQ2QXcs
2pEVBsyVfmaVMZh9ZVaS84rLtqXXN1BmDQBIcLxrflP2
-----END CERTIFICATE-----