Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aZH5pbTZE4Sx7B5sSn_n_Bj4dA8.roa
File:                     aZH5pbTZE4Sx7B5sSn_n_Bj4dA8.roa (raw, json)
Hash identifier:          m5WYpT5FzMujjxYewT6UDN83UX+C6TqXvHOt0kLjaaQ=
Subject key identifier:   69:91:F9:A5:B4:D9:13:84:B1:EC:1E:6C:4A:7F:E7:FC:18:F8:74:0F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01985A8899B06E583E8D76CF65C153615A7D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aZH5pbTZE4Sx7B5sSn_n_Bj4dA8.roa
Signing time:             Wed 30 Jul 2025 08:52:38 +0000
ROA not before:           Wed 30 Jul 2025 08:52:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18186
IP address blocks:        89.213.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 02:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5a:88:99:b0:6e:58:3e:8d:76:cf:65:c1:53:61:5a:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 30 08:52:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6991f9a5b4d91384b1ec1e6c4a7fe7fc18f8740f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fd:01:64:c8:1b:76:21:1d:69:3a:d8:0d:b2:
                    fa:0d:88:bb:14:0f:56:07:78:39:9d:57:d2:bf:41:
                    9c:48:3e:be:00:f9:1a:08:e1:a9:7a:4a:ac:7b:47:
                    41:b2:3b:4b:64:a3:6d:2e:ba:14:81:1c:71:69:4c:
                    7e:22:cf:33:cc:b4:c4:e5:d9:3e:3d:8e:ae:0e:97:
                    2a:8c:13:8a:16:fc:75:fd:6f:77:db:2b:6b:7e:6f:
                    76:b0:bc:98:ff:53:85:2a:0b:54:b2:03:0d:82:6d:
                    8c:7d:a4:fb:61:5a:76:53:50:f4:7b:e8:93:f6:7a:
                    d9:96:85:f0:2e:03:da:d3:1d:7b:e3:d8:55:a2:e1:
                    8e:ba:f4:da:dc:8d:ac:9f:dc:3c:54:63:0a:ac:fd:
                    15:31:83:60:2b:27:6c:d3:19:fd:e8:b0:cf:2f:f2:
                    77:60:03:a7:20:dc:c3:1c:56:64:ae:0e:00:e2:fd:
                    23:32:b5:9f:5a:39:a7:7e:14:92:c3:68:0e:f6:3a:
                    a1:29:dd:a4:90:64:d7:a9:bf:ae:3d:13:27:2c:62:
                    22:f0:0a:9f:fd:72:e1:63:fc:67:06:10:30:11:3f:
                    df:87:9d:89:26:fe:16:4f:13:1a:7e:3f:29:08:c0:
                    d2:d2:7d:c8:ef:7f:cd:a1:f5:44:13:84:42:5d:a1:
                    88:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:91:F9:A5:B4:D9:13:84:B1:EC:1E:6C:4A:7F:E7:FC:18:F8:74:0F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aZH5pbTZE4Sx7B5sSn_n_Bj4dA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:f7:a2:68:1e:28:34:5e:12:6b:f8:b5:60:3f:75:6d:b4:21:
         c0:dc:30:7c:a9:c9:04:e7:bc:42:bb:c9:9a:89:61:66:d7:ad:
         71:07:da:8f:c5:47:d0:58:0e:7a:8a:96:2f:c0:de:14:9f:4d:
         e3:9d:1e:4b:35:58:45:75:cd:24:8c:f9:b1:84:c4:db:80:9d:
         8f:f0:10:f7:0c:b5:e7:b2:e6:be:16:20:8f:f2:7f:8e:7b:30:
         50:cb:cd:69:5f:f5:ca:9d:d0:f2:4d:29:04:5e:50:eb:f0:c9:
         48:15:14:3e:9c:71:72:ce:0e:66:83:6b:05:14:45:28:46:9e:
         35:d0:92:ad:e3:d5:2c:98:4c:af:de:92:b7:74:df:d7:f5:f8:
         9d:d0:10:92:70:ea:aa:85:c9:4b:e1:81:77:d0:79:07:76:cf:
         a0:52:4f:f1:ce:02:ca:85:56:d0:fc:06:2d:2b:2f:f1:fa:d4:
         58:2a:52:0a:81:4d:24:cc:5b:65:20:4b:f5:09:c7:ce:6b:0a:
         2e:f1:2b:b5:8d:48:bf:f7:e4:5e:34:b2:5c:30:0a:04:a7:22:
         03:0b:32:d3:c3:3d:13:6b:80:0e:35:94:82:50:15:50:be:55:
         d3:3a:84:e7:2b:c5:7f:b2:f1:54:a9:d5:4c:bb:16:62:e7:0a:
         e0:f8:c8:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhaiJmwblg+jXbPZcFTYVp9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzMwMDg1MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTkxZjlhNWI0ZDkxMzg0YjFlYzFlNmM0YTdmZTdmYzE4Zjg3NDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0f0BZMgbdiEdaTrYDbL6DYi7FA9W
B3g5nVfSv0GcSD6+APkaCOGpekqse0dBsjtLZKNtLroUgRxxaUx+Is8zzLTE5dk+
PY6uDpcqjBOKFvx1/W932ytrfm92sLyY/1OFKgtUsgMNgm2MfaT7YVp2U1D0e+iT
9nrZloXwLgPa0x1749hVouGOuvTa3I2sn9w8VGMKrP0VMYNgKyds0xn96LDPL/J3
YAOnINzDHFZkrg4A4v0jMrWfWjmnfhSSw2gO9jqhKd2kkGTXqb+uPRMnLGIi8Aqf
/XLhY/xnBhAwET/fh52JJv4WTxMafj8pCMDS0n3I73/NofVEE4RCXaGIWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmR+aW02ROEsewebEp/5/wY+HQPMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYVpINXBiVFpFNFN4N0I1c1NuX25fQmo0ZEE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUBMA0G
CSqGSIb3DQEBCwUAA4IBAQAR96JoHig0XhJr+LVgP3VttCHA3DB8qckE57xCu8ma
iWFm161xB9qPxUfQWA56ipYvwN4Un03jnR5LNVhFdc0kjPmxhMTbgJ2P8BD3DLXn
sua+FiCP8n+OezBQy81pX/XKndDyTSkEXlDr8MlIFRQ+nHFyzg5mg2sFFEUoRp41
0JKt49UsmEyv3pK3dN/X9fid0BCScOqqhclL4YF30HkHds+gUk/xzgLKhVbQ/AYt
Ky/x+tRYKlIKgU0kzFtlIEv1CcfOawou8Su1jUi/9+ReNLJcMAoEpyIDCzLTwz0T
a4AONZSCUBVQvlXTOoTnK8V/svFUqdVMuxZi5wrg+MgB
-----END CERTIFICATE-----