Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mn6XOa2ioduGMWcK9IK-8brwCkE.roa
File:                     mn6XOa2ioduGMWcK9IK-8brwCkE.roa (raw, json)
Hash identifier:          D5/xbKMmnpF+FzMYSYZXYVPhcn6kdZi/WB/xQnu7SOg=
Subject key identifier:   9A:7E:97:39:AD:A2:A1:DB:86:31:67:0A:F4:82:BE:F1:BA:F0:0A:41
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01985A889A7D7FD572B1A514B572F914A1D8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mn6XOa2ioduGMWcK9IK-8brwCkE.roa
Signing time:             Wed 30 Jul 2025 08:52:38 +0000
ROA not before:           Wed 30 Jul 2025 08:52:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150770
IP address blocks:        89.213.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 05:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5a:88:9a:7d:7f:d5:72:b1:a5:14:b5:72:f9:14:a1:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 30 08:52:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a7e9739ada2a1db8631670af482bef1baf00a41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:14:c5:ba:09:8b:df:1d:b9:97:2c:d1:e6:bb:
                    85:19:d1:d2:51:9f:c9:19:96:19:21:04:e2:a2:b8:
                    4c:00:f5:1d:f9:c5:4a:76:13:3c:b6:a0:81:f7:b3:
                    c4:49:0d:e5:68:5f:3f:ea:b1:21:03:9d:46:65:ff:
                    4c:87:a3:ff:df:3d:82:8e:04:ae:65:07:2c:ec:ee:
                    7d:aa:5e:56:bc:60:1a:62:41:29:ad:91:8f:c6:60:
                    58:a6:9e:6d:c4:db:02:9b:9d:7b:7e:eb:db:0f:3b:
                    71:7d:c7:04:c2:37:b0:91:33:41:20:28:ff:fd:1e:
                    67:ba:04:d2:c0:92:bf:58:86:be:30:98:3b:cc:bd:
                    bb:cf:87:3e:45:23:a4:3b:fe:ea:1e:94:1c:49:78:
                    20:95:9c:53:7a:e5:78:31:5b:58:c0:ee:18:7a:f6:
                    bf:f9:bb:0e:a4:54:6d:a5:8e:6d:54:98:03:cf:cf:
                    cf:6f:a8:ff:29:e9:d6:b7:73:c6:49:81:ee:45:d1:
                    8b:b9:00:2c:ad:bb:ae:82:fa:f2:81:1d:bb:50:cb:
                    b5:64:90:5d:a7:a1:93:57:16:d9:63:0a:bd:32:73:
                    71:a9:39:e6:0b:2a:8c:eb:07:97:43:ef:83:79:1e:
                    8c:ab:3b:1f:3b:93:13:90:18:e8:98:b9:49:99:37:
                    a5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:7E:97:39:AD:A2:A1:DB:86:31:67:0A:F4:82:BE:F1:BA:F0:0A:41
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mn6XOa2ioduGMWcK9IK-8brwCkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:7f:ce:28:f8:26:83:3f:f8:08:8a:bb:15:07:77:4e:cb:eb:
         b2:1b:4a:99:28:19:e5:1c:be:a2:f3:4e:66:36:09:83:33:a4:
         62:00:07:7f:10:15:ad:6c:f3:df:d9:93:7b:1a:52:b8:fb:0f:
         42:3a:f1:33:69:9b:55:ed:af:c8:38:a6:2c:0d:41:5c:82:de:
         b4:58:1e:48:9d:da:bc:17:5a:37:7d:cb:fc:a3:66:c4:19:ed:
         99:e2:38:36:ca:a1:68:c5:b3:2d:2e:f5:f2:66:ae:75:47:a2:
         d9:87:dc:49:dc:40:64:b3:87:60:21:2e:25:7a:b6:22:d2:5e:
         29:37:8e:54:29:25:a4:3b:72:83:79:49:d1:d7:df:aa:de:4f:
         4d:17:13:2d:f6:42:df:8c:0a:ea:be:99:20:ae:3f:e9:4b:c7:
         73:3b:fb:1d:c0:66:ea:b4:04:dc:12:ab:66:ec:d8:57:e9:eb:
         7c:79:df:4e:86:0b:ca:08:d4:40:4d:f5:ee:00:fc:84:77:cd:
         94:32:4a:d8:fe:7c:05:7f:71:af:8e:15:29:dc:7b:1d:12:e9:
         5e:be:e3:9b:6e:8b:da:35:ff:f5:0d:88:04:a5:3b:c2:9b:c4:
         85:99:1b:28:34:cc:65:ef:20:da:85:e0:1c:f9:37:6c:01:5f:
         c6:e5:0c:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhaiJp9f9VysaUUtXL5FKHYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzMwMDg1MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTdlOTczOWFkYTJhMWRiODYzMTY3MGFmNDgyYmVmMWJhZjAwYTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xTFugmL3x25lyzR5ruFGdHSUZ/J
GZYZIQTiorhMAPUd+cVKdhM8tqCB97PESQ3laF8/6rEhA51GZf9Mh6P/3z2CjgSu
ZQcs7O59ql5WvGAaYkEprZGPxmBYpp5txNsCm517fuvbDztxfccEwjewkTNBICj/
/R5nugTSwJK/WIa+MJg7zL27z4c+RSOkO/7qHpQcSXgglZxTeuV4MVtYwO4Yeva/
+bsOpFRtpY5tVJgDz8/Pb6j/KenWt3PGSYHuRdGLuQAsrbuugvrygR27UMu1ZJBd
p6GTVxbZYwq9MnNxqTnmCyqM6weXQ++DeR6MqzsfO5MTkBjomLlJmTelBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJp+lzmtoqHbhjFnCvSCvvG68ApBMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbW42WE9hMmlvZHVHTVdjSzlJSy04YnJ3Q2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUBMA0G
CSqGSIb3DQEBCwUAA4IBAQAgf84o+CaDP/gIirsVB3dOy+uyG0qZKBnlHL6i805m
NgmDM6RiAAd/EBWtbPPf2ZN7GlK4+w9COvEzaZtV7a/IOKYsDUFcgt60WB5Indq8
F1o3fcv8o2bEGe2Z4jg2yqFoxbMtLvXyZq51R6LZh9xJ3EBks4dgIS4lerYi0l4p
N45UKSWkO3KDeUnR19+q3k9NFxMt9kLfjArqvpkgrj/pS8dzO/sdwGbqtATcEqtm
7NhX6et8ed9OhgvKCNRATfXuAPyEd82UMkrY/nwFf3GvjhUp3HsdEulevuObbova
Nf/1DYgEpTvCm8SFmRsoNMxl7yDaheAc+TdsAV/G5Qzj
-----END CERTIFICATE-----