Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_Nw5XHjOI-0rzBmSsuqYmCBQojM.roa
File:                     _Nw5XHjOI-0rzBmSsuqYmCBQojM.roa (raw, json)
Hash identifier:          KcysqtTihzaFIwlVGQ9940KlNXzPEuUXAXE0I19qyFw=
Subject key identifier:   FC:DC:39:5C:78:CE:23:ED:2B:CC:19:92:B2:EA:98:98:20:50:A2:33
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019827D6CFA5FF695440565F14D39252E8A0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_Nw5XHjOI-0rzBmSsuqYmCBQojM.roa
Signing time:             Sun 20 Jul 2025 12:37:25 +0000
ROA not before:           Sun 20 Jul 2025 12:37:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     329007
IP address blocks:        89.213.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:27:d6:cf:a5:ff:69:54:40:56:5f:14:d3:92:52:e8:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 20 12:37:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcdc395c78ce23ed2bcc1992b2ea98982050a233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:51:0b:83:c1:48:f8:1b:01:62:cb:e5:77:01:
                    df:c2:bd:bd:80:4c:86:16:f0:28:26:2f:07:df:00:
                    f0:22:f0:1d:5a:da:36:63:d1:cf:0e:a1:d5:7a:7c:
                    8b:6a:03:1d:e5:59:33:54:c8:8e:4c:1b:ba:bf:eb:
                    a7:df:34:53:75:33:f1:bd:a4:1c:7d:b8:65:06:e8:
                    95:6a:e1:6a:9f:31:12:57:44:0f:11:99:7f:31:44:
                    5f:45:a1:20:12:d5:ee:00:6d:0c:b6:0e:3b:12:69:
                    1d:9b:ff:03:9e:f7:46:9e:ac:52:0b:58:99:f7:a7:
                    3b:3b:85:cb:92:69:24:1c:65:b2:a9:02:31:3d:9e:
                    5b:a5:35:3e:ee:77:a4:30:79:83:fe:d6:f3:60:0a:
                    59:63:1c:99:c3:99:51:e2:2c:e8:e2:53:4f:e9:30:
                    c2:af:28:85:c9:d1:c7:6d:29:4f:70:03:6e:b3:b7:
                    1e:67:8f:84:4f:c3:27:0b:ca:65:be:68:28:71:6f:
                    49:67:60:7d:84:c6:6f:dd:68:33:a9:3b:33:eb:ba:
                    b2:29:a2:4f:5e:ea:5e:ee:aa:32:b3:af:bc:25:21:
                    b4:1e:40:1b:46:6c:34:32:14:5a:3d:35:79:26:cd:
                    4a:ab:da:e3:e1:f0:eb:f2:85:03:59:0f:38:c5:6e:
                    77:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DC:39:5C:78:CE:23:ED:2B:CC:19:92:B2:EA:98:98:20:50:A2:33
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_Nw5XHjOI-0rzBmSsuqYmCBQojM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:c9:17:2a:e2:d1:ca:cd:d6:74:fb:32:bf:82:22:5d:83:e9:
         13:2d:35:e4:97:80:b9:1d:7f:1c:e2:dc:7d:38:17:4c:66:25:
         49:bb:9a:f9:5b:0a:57:2e:f0:86:bb:88:f4:83:e2:65:61:fa:
         ad:6c:a3:01:d6:77:4a:f0:d7:0d:b9:50:ff:b6:bb:10:94:a7:
         cc:c3:6e:be:df:51:f8:e2:bd:12:9b:14:ae:19:c7:18:94:b1:
         98:3b:dc:71:eb:6f:89:be:92:2c:90:72:5a:fe:cb:4a:21:d0:
         aa:55:0e:b8:6d:9f:05:79:fa:37:2f:46:c7:8a:04:90:61:ff:
         06:17:a9:2e:14:b1:b1:2e:35:0f:d4:77:de:f5:97:95:12:07:
         9a:93:21:64:8c:fc:49:c3:4e:a5:dd:85:54:30:56:1b:0c:5d:
         cf:4a:2c:8b:5a:ad:5f:b7:da:85:2d:b6:5b:10:80:c3:d2:51:
         42:15:68:21:d9:dc:04:48:8c:af:27:94:d4:b3:10:31:38:13:
         63:aa:35:9b:78:ea:c9:df:71:fa:33:34:9a:fe:1e:65:f6:f8:
         6a:be:9a:80:4a:0e:9c:56:eb:3f:aa:b4:52:17:f3:bf:ae:91:
         60:82:9b:f7:03:95:75:f5:9b:0e:f0:b1:c3:57:be:12:b7:bd:
         b8:43:85:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgn1s+l/2lUQFZfFNOSUuigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzIwMTIzNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2RjMzk1Yzc4Y2UyM2VkMmJjYzE5OTJiMmVhOTg5ODIwNTBhMjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1ELg8FI+BsBYsvldwHfwr29gEyG
FvAoJi8H3wDwIvAdWto2Y9HPDqHVenyLagMd5VkzVMiOTBu6v+un3zRTdTPxvaQc
fbhlBuiVauFqnzESV0QPEZl/MURfRaEgEtXuAG0Mtg47Emkdm/8DnvdGnqxSC1iZ
96c7O4XLkmkkHGWyqQIxPZ5bpTU+7nekMHmD/tbzYApZYxyZw5lR4izo4lNP6TDC
ryiFydHHbSlPcANus7ceZ4+ET8MnC8plvmgocW9JZ2B9hMZv3WgzqTsz67qyKaJP
Xupe7qoys6+8JSG0HkAbRmw0MhRaPTV5Js1Kq9rj4fDr8oUDWQ84xW53pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzcOVx4ziPtK8wZkrLqmJggUKIzMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvX053NVhIak9JLTByekJtU3N1cVltQ0JRb2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUGMA0G
CSqGSIb3DQEBCwUAA4IBAQCQyRcq4tHKzdZ0+zK/giJdg+kTLTXkl4C5HX8c4tx9
OBdMZiVJu5r5WwpXLvCGu4j0g+JlYfqtbKMB1ndK8NcNuVD/trsQlKfMw26+31H4
4r0SmxSuGccYlLGYO9xx62+JvpIskHJa/stKIdCqVQ64bZ8Fefo3L0bHigSQYf8G
F6kuFLGxLjUP1Hfe9ZeVEgeakyFkjPxJw06l3YVUMFYbDF3PSiyLWq1ft9qFLbZb
EIDD0lFCFWgh2dwESIyvJ5TUsxAxOBNjqjWbeOrJ33H6MzSa/h5l9vhqvpqASg6c
Vus/qrRSF/O/rpFggpv3A5V19ZsO8LHDV74St724Q4Xz
-----END CERTIFICATE-----