Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Igwttews3zTf6wI1RkjOucrZb7k.roa
File:                     Igwttews3zTf6wI1RkjOucrZb7k.roa (raw, json)
Hash identifier:          RGGi7tVX4X5AV4Pl9VsKDhxO0R3x582Z9cuiXMQY/B8=
Subject key identifier:   22:0C:2D:B5:EC:2C:DF:34:DF:EB:02:35:46:48:CE:B9:CA:D9:6F:B9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01985A8899E7B226725C6036BE9E95BFFED3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Igwttews3zTf6wI1RkjOucrZb7k.roa
Signing time:             Wed 30 Jul 2025 08:52:38 +0000
ROA not before:           Wed 30 Jul 2025 08:52:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140224
IP address blocks:        89.213.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5a:88:99:e7:b2:26:72:5c:60:36:be:9e:95:bf:fe:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 30 08:52:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=220c2db5ec2cdf34dfeb02354648ceb9cad96fb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:3e:a0:03:ad:59:1e:21:05:50:85:1a:41:a9:
                    e6:d3:f5:28:73:4b:e3:a9:0a:57:65:dc:7b:1d:94:
                    3c:44:8b:55:74:60:36:1b:88:d6:fb:22:b8:a1:87:
                    61:88:96:be:fc:b4:a9:6a:1d:ea:56:9b:ad:3b:c3:
                    7f:36:cb:46:aa:83:64:92:ba:b3:59:05:7d:fa:89:
                    8c:e2:72:81:35:57:33:86:04:c3:03:1f:3e:2e:f8:
                    b6:96:c6:b4:3c:bf:5d:6f:eb:d0:a8:61:7f:32:68:
                    8e:e6:0a:9e:01:da:e2:c4:6f:eb:51:7c:11:84:64:
                    2c:05:1d:96:8f:e9:ff:59:57:4b:ca:d0:ab:02:1e:
                    c4:98:6d:31:88:26:4e:24:75:2e:21:74:1b:b9:da:
                    cd:d1:68:4c:5c:36:a5:ae:76:b6:3e:47:b0:59:b8:
                    1e:eb:46:cb:4c:be:00:56:d7:63:8c:11:4f:42:94:
                    07:0f:b1:f9:33:f8:9c:54:66:bc:4c:f9:c7:6c:e1:
                    56:8d:cc:b9:93:ab:71:52:11:04:db:a2:18:f1:62:
                    c7:75:44:28:bc:54:94:3c:1e:8b:d7:0d:50:ff:6f:
                    4a:21:2e:c9:80:7f:13:d4:57:4e:20:7e:11:3e:3f:
                    d1:09:b5:3a:e5:36:df:5b:5e:6b:51:bd:80:fa:70:
                    e0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:0C:2D:B5:EC:2C:DF:34:DF:EB:02:35:46:48:CE:B9:CA:D9:6F:B9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Igwttews3zTf6wI1RkjOucrZb7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:26:b2:a2:0e:37:cf:24:2e:75:ad:39:52:de:97:45:83:50:
         d9:7b:58:42:29:e4:1f:00:92:60:d2:b6:54:dd:4c:29:3c:1a:
         24:be:66:59:71:b2:d6:16:79:93:2b:90:72:2c:97:27:4a:89:
         b8:d0:5e:30:6c:5e:ee:90:2c:38:57:fd:03:45:e1:43:cf:06:
         52:1e:72:a3:88:84:35:96:11:37:0a:07:b0:bc:90:96:e3:56:
         6b:9a:48:a1:1a:cf:b4:ae:c6:09:86:91:93:b5:f9:0e:52:95:
         3a:ad:0f:fc:52:01:f0:74:1f:c2:6d:57:ab:51:07:0e:af:e4:
         9d:fb:93:b3:d2:67:f4:cf:0b:f8:23:6f:5b:d4:fe:39:1e:7f:
         38:74:7b:4f:25:fe:82:14:42:27:a9:e4:4f:f8:e5:05:6e:51:
         b2:f6:1e:32:7b:10:f1:1c:2e:65:2e:29:1c:85:75:17:3f:a5:
         a2:e7:00:75:77:3b:8f:e3:46:9e:15:d1:10:50:53:3e:6a:e6:
         2a:67:a3:c4:83:fc:3d:81:53:7a:c6:7e:98:0f:bf:fc:8a:83:
         4e:78:4a:6b:3c:0c:6b:4f:89:98:f3:29:97:82:63:4a:81:a9:
         80:37:79:4c:d1:92:37:73:8a:04:f2:7d:5e:62:bd:bd:52:9e:
         77:6c:2a:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhaiJnnsiZyXGA2vp6Vv/7TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzMwMDg1MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjBjMmRiNWVjMmNkZjM0ZGZlYjAyMzU0NjQ4Y2ViOWNhZDk2ZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz6gA61ZHiEFUIUaQanm0/Uoc0vj
qQpXZdx7HZQ8RItVdGA2G4jW+yK4oYdhiJa+/LSpah3qVputO8N/NstGqoNkkrqz
WQV9+omM4nKBNVczhgTDAx8+Lvi2lsa0PL9db+vQqGF/MmiO5gqeAdrixG/rUXwR
hGQsBR2Wj+n/WVdLytCrAh7EmG0xiCZOJHUuIXQbudrN0WhMXDalrna2PkewWbge
60bLTL4AVtdjjBFPQpQHD7H5M/icVGa8TPnHbOFWjcy5k6txUhEE26IY8WLHdUQo
vFSUPB6L1w1Q/29KIS7JgH8T1FdOIH4RPj/RCbU65TbfW15rUb2A+nDgywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIMLbXsLN803+sCNUZIzrnK2W+5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSWd3dHRld3MzelRmNndJMVJrak91Y3JaYjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUBMA0G
CSqGSIb3DQEBCwUAA4IBAQAxJrKiDjfPJC51rTlS3pdFg1DZe1hCKeQfAJJg0rZU
3UwpPBokvmZZcbLWFnmTK5ByLJcnSom40F4wbF7ukCw4V/0DReFDzwZSHnKjiIQ1
lhE3CgewvJCW41ZrmkihGs+0rsYJhpGTtfkOUpU6rQ/8UgHwdB/CbVerUQcOr+Sd
+5Oz0mf0zwv4I29b1P45Hn84dHtPJf6CFEInqeRP+OUFblGy9h4yexDxHC5lLikc
hXUXP6Wi5wB1dzuP40aeFdEQUFM+auYqZ6PEg/w9gVN6xn6YD7/8ioNOeEprPAxr
T4mY8ymXgmNKgamAN3lM0ZI3c4oE8n1eYr29Up53bCqO
-----END CERTIFICATE-----