Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/an5PEyykJQLXnZ_ULHk5KS1atP4.roa
File:                     an5PEyykJQLXnZ_ULHk5KS1atP4.roa (raw, json)
Hash identifier:          tgqXb3VgmOjldZhkH4NBZANR5HGAxCTdZW3xQ8ubxIA=
Subject key identifier:   6A:7E:4F:13:2C:A4:25:02:D7:9D:9F:D4:2C:79:39:29:2D:5A:B4:FE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019680F0CC36ADB33A488774BF1FF13105DE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/an5PEyykJQLXnZ_ULHk5KS1atP4.roa
Signing time:             Tue 29 Apr 2025 09:46:26 +0000
ROA not before:           Tue 29 Apr 2025 09:46:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212868
IP address blocks:        89.213.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 14:57:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:80:f0:cc:36:ad:b3:3a:48:87:74:bf:1f:f1:31:05:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 29 09:46:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a7e4f132ca42502d79d9fd42c7939292d5ab4fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:93:96:dc:3a:1a:95:5c:84:ac:07:e6:a0:cb:
                    6c:0c:87:cc:a6:ff:c7:37:58:94:26:55:db:56:6f:
                    86:e0:94:ec:e7:4c:bf:d1:8d:cf:36:c1:92:76:8b:
                    f3:87:30:ee:e6:f2:2a:cc:11:16:56:0b:3d:8a:c9:
                    2f:95:d6:6c:3a:7b:6c:56:b3:88:51:b8:8e:2d:13:
                    d7:0d:c2:72:00:40:ba:44:a1:b1:77:b7:af:fd:3e:
                    ed:d0:e0:70:35:22:ca:cc:c0:2f:b1:27:45:24:96:
                    d8:79:f6:be:6b:e9:b4:0c:dd:48:be:33:7e:29:a8:
                    8d:54:13:ff:26:b1:1d:51:37:4a:13:19:7e:60:51:
                    88:c1:d3:0f:8e:7f:6f:31:3b:a4:ed:86:77:c0:33:
                    f1:98:2d:49:19:e8:ef:43:ea:23:62:41:69:1a:60:
                    f5:d3:14:0d:9b:8a:a5:63:15:6c:5a:3d:57:1b:9f:
                    f8:18:ec:aa:1f:05:cd:e0:d9:cd:02:43:7b:9e:57:
                    da:9a:85:cc:fd:5b:bf:41:4a:b1:6b:4b:8f:26:cb:
                    69:7d:6d:6a:35:6e:56:f6:41:e2:c6:a6:86:a8:4f:
                    f4:f8:09:50:58:1e:d9:b2:73:f8:ee:b7:09:2d:25:
                    7e:70:b7:66:6c:12:8c:41:2f:a6:1e:c7:11:b8:08:
                    f0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:7E:4F:13:2C:A4:25:02:D7:9D:9F:D4:2C:79:39:29:2D:5A:B4:FE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/an5PEyykJQLXnZ_ULHk5KS1atP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:9d:57:ee:10:04:d4:f8:9a:64:ce:a0:c8:c0:91:f5:30:72:
         f8:ad:dd:21:31:02:55:8e:e3:69:d5:2c:bd:20:a9:34:e7:51:
         ab:2b:66:63:de:f1:8a:b3:3d:30:55:11:a5:80:de:c6:44:be:
         23:f7:13:58:2b:8f:ae:04:d4:25:4b:b9:17:af:0b:d3:7e:ea:
         0f:3a:fc:9a:5a:df:49:21:ae:d3:35:f9:8d:3d:86:49:77:04:
         33:8a:12:fe:35:c1:71:b1:d2:29:01:b6:ff:49:a1:16:29:ff:
         a2:6b:4f:f4:80:21:0b:8f:7b:13:fb:5c:60:86:cb:cb:ed:72:
         ee:8d:74:b6:df:b0:de:4f:24:2e:d6:0c:fd:23:0f:6e:32:97:
         77:e1:c7:69:92:3e:c7:4a:09:f1:0e:7b:c7:fa:e1:9c:9d:ab:
         32:98:69:b1:b6:e9:96:83:62:29:6f:80:e9:4e:43:b4:42:6e:
         20:97:ea:14:72:ca:54:8f:3b:d3:e1:89:6b:9a:91:0d:ff:cb:
         40:9d:f0:77:c7:05:1b:24:c4:0c:16:45:ab:ee:ec:4d:a0:33:
         07:f1:7e:1e:6f:49:1d:4c:39:4c:06:d7:a5:76:3b:d0:d4:55:
         67:33:f1:6c:b3:65:33:1a:7c:2d:0b:ea:92:2d:f8:7b:17:f6:
         bb:8c:ee:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaA8Mw2rbM6SId0vx/xMQXeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDI5MDk0NjI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTdlNGYxMzJjYTQyNTAyZDc5ZDlmZDQyYzc5MzkyOTJkNWFiNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJOW3DoalVyErAfmoMtsDIfMpv/H
N1iUJlXbVm+G4JTs50y/0Y3PNsGSdovzhzDu5vIqzBEWVgs9iskvldZsOntsVrOI
UbiOLRPXDcJyAEC6RKGxd7ev/T7t0OBwNSLKzMAvsSdFJJbYefa+a+m0DN1IvjN+
KaiNVBP/JrEdUTdKExl+YFGIwdMPjn9vMTuk7YZ3wDPxmC1JGejvQ+ojYkFpGmD1
0xQNm4qlYxVsWj1XG5/4GOyqHwXN4NnNAkN7nlfamoXM/Vu/QUqxa0uPJstpfW1q
NW5W9kHixqaGqE/0+AlQWB7ZsnP47rcJLSV+cLdmbBKMQS+mHscRuAjwZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGp+TxMspCUC152f1Cx5OSktWrT+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYW41UEV5eWtKUUxYblpfVUxIazVLUzFhdFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXEMA0G
CSqGSIb3DQEBCwUAA4IBAQBBnVfuEATU+JpkzqDIwJH1MHL4rd0hMQJVjuNp1Sy9
IKk051GrK2Zj3vGKsz0wVRGlgN7GRL4j9xNYK4+uBNQlS7kXrwvTfuoPOvyaWt9J
Ia7TNfmNPYZJdwQzihL+NcFxsdIpAbb/SaEWKf+ia0/0gCELj3sT+1xghsvL7XLu
jXS237DeTyQu1gz9Iw9uMpd34cdpkj7HSgnxDnvH+uGcnasymGmxtumWg2Ipb4Dp
TkO0Qm4gl+oUcspUjzvT4YlrmpEN/8tAnfB3xwUbJMQMFkWr7uxNoDMH8X4eb0kd
TDlMBteldjvQ1FVnM/Fss2UzGnwtC+qSLfh7F/a7jO5g
-----END CERTIFICATE-----