Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IRq9sN8ibGp5ef4mtIX0Hyr4zL0.roa
File:                     IRq9sN8ibGp5ef4mtIX0Hyr4zL0.roa (raw, json)
Hash identifier:          WrYDrFrcY3+J88E3vZPbYqNT5o/gKPZfor0BuD9oPMU=
Subject key identifier:   21:1A:BD:B0:DF:22:6C:6A:79:79:FE:26:B4:85:F4:1F:2A:F8:CC:BD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01943B9EA18560775B1943A80F6BDD1EF4E6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IRq9sN8ibGp5ef4mtIX0Hyr4zL0.roa
Signing time:             Mon 06 Jan 2025 12:37:19 +0000
ROA not before:           Mon 06 Jan 2025 12:37:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137897
IP address blocks:        89.213.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:3b:9e:a1:85:60:77:5b:19:43:a8:0f:6b:dd:1e:f4:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  6 12:37:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=211abdb0df226c6a7979fe26b485f41f2af8ccbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:89:0d:a8:42:9e:90:72:d8:4f:07:82:0a:2e:
                    9c:47:dc:25:6d:0b:7e:4a:80:e4:8b:44:e8:46:7e:
                    61:a8:c1:07:72:02:46:be:50:8e:aa:1b:0b:06:bc:
                    01:78:8c:a4:45:a6:2c:cf:cd:e9:d6:b3:b5:f2:6d:
                    dd:94:39:63:01:d7:f4:54:dc:da:d7:00:1b:4d:15:
                    a8:cb:d6:a1:07:dc:38:7e:09:94:f9:19:6f:97:e3:
                    84:0c:cb:38:58:2d:3d:5a:70:b6:1b:87:12:da:5a:
                    90:02:ef:65:00:e6:74:00:f3:3c:1a:af:a2:fd:a6:
                    eb:fe:60:55:1d:b2:90:92:6d:27:77:dd:d9:b0:ec:
                    5f:61:98:d4:d1:2b:3b:0f:95:ff:63:e6:c5:68:ba:
                    42:68:1d:6b:e0:d1:33:23:5c:7b:df:50:43:5d:ee:
                    d3:f4:ae:9e:b9:e5:51:8d:11:c1:46:1c:31:db:82:
                    f2:e9:c1:eb:05:d1:fb:b1:8e:ef:e1:89:b7:ec:31:
                    55:23:3d:01:be:3d:80:e7:20:07:60:5d:37:ee:dc:
                    6f:17:1c:9e:aa:65:a6:2f:56:26:ec:46:eb:c0:6d:
                    40:fa:d7:52:d0:7e:f8:11:22:02:91:ee:04:bc:66:
                    85:61:22:e9:64:13:b5:fd:28:e6:0d:10:86:88:dc:
                    77:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:1A:BD:B0:DF:22:6C:6A:79:79:FE:26:B4:85:F4:1F:2A:F8:CC:BD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IRq9sN8ibGp5ef4mtIX0Hyr4zL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:94:34:a0:e4:b9:23:e2:37:21:d8:ac:c8:55:b1:42:d1:76:
         39:18:b5:12:07:ba:1a:18:67:a1:9a:e9:b7:b5:11:d7:92:d2:
         69:46:6a:c7:f3:a4:17:ec:09:d9:39:99:84:ec:37:93:55:e8:
         af:38:38:5d:41:95:8e:16:ed:19:2d:97:5b:07:69:de:09:ba:
         52:0a:ce:13:50:ba:5d:53:12:47:d2:ef:48:f2:ef:5d:f4:53:
         0c:c8:f7:14:35:44:0f:59:f1:d0:a7:f6:9b:b0:c5:5c:d6:b3:
         c3:68:98:1c:f1:71:5a:dd:d8:db:24:7a:1d:ef:14:3a:72:b8:
         96:5f:e8:25:c4:ba:5d:b1:11:0e:28:a0:94:c1:b3:a0:e8:1e:
         cd:df:6e:fa:8e:03:80:f5:b2:01:d4:92:a2:d4:3f:e1:ed:9e:
         bd:5c:aa:86:95:91:cf:4b:6d:9d:75:18:37:ba:a5:cf:5f:1d:
         84:eb:c7:cb:14:b8:b7:0e:f5:40:78:87:f9:f4:2e:c1:70:94:
         57:b7:57:ac:c2:8a:8f:37:29:e5:5e:98:48:c1:1a:2d:93:26:
         78:10:5f:04:a6:a8:d6:bf:63:39:a3:69:cc:13:36:2b:01:b6:
         9a:a1:d9:85:f6:c8:58:27:b6:af:07:db:42:dd:88:6a:bf:15:
         3d:aa:1d:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ7nqGFYHdbGUOoD2vdHvTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTA2MTIzNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTFhYmRiMGRmMjI2YzZhNzk3OWZlMjZiNDg1ZjQxZjJhZjhjY2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIkNqEKekHLYTweCCi6cR9wlbQt+
SoDki0ToRn5hqMEHcgJGvlCOqhsLBrwBeIykRaYsz83p1rO18m3dlDljAdf0VNza
1wAbTRWoy9ahB9w4fgmU+Rlvl+OEDMs4WC09WnC2G4cS2lqQAu9lAOZ0APM8Gq+i
/abr/mBVHbKQkm0nd93ZsOxfYZjU0Ss7D5X/Y+bFaLpCaB1r4NEzI1x731BDXe7T
9K6eueVRjRHBRhwx24Ly6cHrBdH7sY7v4Ym37DFVIz0Bvj2A5yAHYF037txvFxye
qmWmL1Ym7EbrwG1A+tdS0H74ESICke4EvGaFYSLpZBO1/SjmDRCGiNx39wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEavbDfImxqeXn+JrSF9B8q+My9MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSVJxOXNOOGliR3A1ZWY0bXRJWDBIeXI0ekwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUGMA0G
CSqGSIb3DQEBCwUAA4IBAQAUlDSg5Lkj4jch2KzIVbFC0XY5GLUSB7oaGGehmum3
tRHXktJpRmrH86QX7AnZOZmE7DeTVeivODhdQZWOFu0ZLZdbB2neCbpSCs4TULpd
UxJH0u9I8u9d9FMMyPcUNUQPWfHQp/absMVc1rPDaJgc8XFa3djbJHod7xQ6criW
X+glxLpdsREOKKCUwbOg6B7N3276jgOA9bIB1JKi1D/h7Z69XKqGlZHPS22ddRg3
uqXPXx2E68fLFLi3DvVAeIf59C7BcJRXt1eswoqPNynlXphIwRotkyZ4EF8EpqjW
v2M5o2nMEzYrAbaaodmF9shYJ7avB9tC3YhqvxU9qh1X
-----END CERTIFICATE-----