Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RtT63I8vCilxSu2itU4Q42h-N6I.roa
File:                     RtT63I8vCilxSu2itU4Q42h-N6I.roa (raw, json)
Hash identifier:          aZdB+d7tDLLyYknj0QgTDm39q/UrvHOYoDAiEDmADi4=
Subject key identifier:   46:D4:FA:DC:8F:2F:0A:29:71:4A:ED:A2:B5:4E:10:E3:68:7E:37:A2
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0199855C9D4081B059DA0C599BB1F3DE75FA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RtT63I8vCilxSu2itU4Q42h-N6I.roa
Signing time:             Fri 26 Sep 2025 09:31:03 +0000
ROA not before:           Fri 26 Sep 2025 09:31:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137409
IP address blocks:        89.213.97.0/24 maxlen: 24
                          217.145.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:5c:9d:40:81:b0:59:da:0c:59:9b:b1:f3:de:75:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 26 09:31:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46d4fadc8f2f0a29714aeda2b54e10e3687e37a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b6:97:ab:c8:a0:e6:bf:f1:55:20:e9:c2:71:
                    98:30:cc:77:db:cd:77:4d:62:83:3c:ed:67:5e:2b:
                    15:ed:28:fc:d6:e9:e6:25:a9:ae:ef:c0:ba:95:0a:
                    de:85:10:a1:9d:89:2e:ed:45:64:ed:16:8f:68:02:
                    41:1d:3d:04:21:e7:50:0d:8c:6f:3b:6e:bc:32:7b:
                    c3:68:bb:8f:e0:4c:25:33:c9:34:20:05:34:dd:d5:
                    29:49:15:a5:65:71:47:2d:da:75:3d:8b:be:2a:b9:
                    8d:aa:1f:90:2c:a0:24:d5:87:4a:17:37:fa:bd:19:
                    b7:4e:d7:41:94:29:61:27:3d:60:31:1f:c7:67:e1:
                    18:ee:86:d4:09:1a:ee:99:ed:dc:15:d3:95:d4:98:
                    14:47:db:08:2c:87:2e:34:e7:64:29:f6:a5:9a:8d:
                    08:88:d7:99:6f:4d:62:cc:ac:e0:35:b0:72:3e:d1:
                    d4:fe:e5:8b:76:1c:39:a9:a1:3e:5a:6f:67:65:ab:
                    7c:d1:83:c6:42:89:7b:58:f2:65:2d:24:dc:52:da:
                    1b:93:6a:e2:26:2a:81:b0:36:16:f5:d4:4a:79:7a:
                    bf:10:9e:63:c4:0e:a0:a7:3b:80:d3:40:c2:73:4f:
                    b1:e4:f7:c0:9d:cc:1c:2c:4f:a0:15:5c:28:09:19:
                    e8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:D4:FA:DC:8F:2F:0A:29:71:4A:ED:A2:B5:4E:10:E3:68:7E:37:A2
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RtT63I8vCilxSu2itU4Q42h-N6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.97.0/24
                  217.145.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:a0:7a:fa:8b:83:f5:bf:ac:f0:13:5d:24:11:55:66:46:62:
         d6:a8:51:7c:03:84:f6:33:03:66:6e:23:80:51:e8:45:94:8d:
         3b:83:54:87:5f:b2:16:69:0b:90:66:a5:3f:ee:bb:45:a0:c2:
         c8:5c:7b:0f:0a:5b:ca:f3:7f:3a:a7:74:b3:3a:27:6a:5d:b3:
         fa:24:38:0d:15:3b:3c:5d:ab:99:ff:57:c2:e3:d4:20:22:f3:
         88:e5:b3:de:cd:f5:b3:30:d6:8e:10:85:0d:5c:47:a3:f2:1d:
         fb:0d:ca:50:78:a1:84:77:f1:11:31:47:fd:19:e4:d5:11:8c:
         71:01:f4:25:12:43:ef:a8:7a:3c:84:a6:38:b7:02:f8:ce:96:
         60:0b:a3:4c:31:6e:8c:79:24:34:f1:31:8b:8a:6a:da:d5:b3:
         03:4c:7b:cd:91:1d:a8:1a:a0:b3:72:78:c9:63:00:dc:2d:09:
         06:53:98:7d:eb:87:41:c1:0a:9d:d1:b0:a2:12:fc:80:08:4e:
         fb:c2:5a:4c:d1:c3:2a:e1:d8:68:73:d1:99:bb:1c:8a:9e:68:
         a3:41:12:7e:52:4e:1f:cf:2d:3c:e7:ee:d8:66:23:79:63:2a:
         a3:88:a1:6e:32:d0:5c:57:c8:9c:d8:b0:16:08:35:e6:f0:9b:
         6f:c8:d0:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmFXJ1AgbBZ2gxZm7Hz3nX6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwOTI2MDkzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmQ0ZmFkYzhmMmYwYTI5NzE0YWVkYTJiNTRlMTBlMzY4N2UzN2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLaXq8ig5r/xVSDpwnGYMMx32813
TWKDPO1nXisV7Sj81unmJamu78C6lQrehRChnYku7UVk7RaPaAJBHT0EIedQDYxv
O268MnvDaLuP4EwlM8k0IAU03dUpSRWlZXFHLdp1PYu+KrmNqh+QLKAk1YdKFzf6
vRm3TtdBlClhJz1gMR/HZ+EY7obUCRrume3cFdOV1JgUR9sILIcuNOdkKfalmo0I
iNeZb01izKzgNbByPtHU/uWLdhw5qaE+Wm9nZat80YPGQol7WPJlLSTcUtobk2ri
JiqBsDYW9dRKeXq/EJ5jxA6gpzuA00DCc0+x5PfAncwcLE+gFVwoCRnoAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEbU+tyPLwopcUrtorVOEONofjeiMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUnRUNjNJOHZDaWx4U3UyaXRVNFE0MmgtTjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdVhAwQA
2ZFKMA0GCSqGSIb3DQEBCwUAA4IBAQBFoHr6i4P1v6zwE10kEVVmRmLWqFF8A4T2
MwNmbiOAUehFlI07g1SHX7IWaQuQZqU/7rtFoMLIXHsPClvK8386p3SzOidqXbP6
JDgNFTs8XauZ/1fC49QgIvOI5bPezfWzMNaOEIUNXEej8h37DcpQeKGEd/ERMUf9
GeTVEYxxAfQlEkPvqHo8hKY4twL4zpZgC6NMMW6MeSQ08TGLimra1bMDTHvNkR2o
GqCzcnjJYwDcLQkGU5h964dBwQqd0bCiEvyACE77wlpM0cMq4dhoc9GZuxyKnmij
QRJ+Uk4fzy085+7YZiN5YyqjiKFuMtBcV8ic2LAWCDXm8JtvyNBo
-----END CERTIFICATE-----