Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IXslm79g2iEsqB3oirw_shKo2j8.roa
File:                     IXslm79g2iEsqB3oirw_shKo2j8.roa (raw, json)
Hash identifier:          EP2vZ0lcU4RlySeAqgWZbsUfImAMgsTZ3JWV818dL8Y=
Subject key identifier:   21:7B:25:9B:BF:60:DA:21:2C:A8:1D:E8:8A:BC:3F:B2:12:A8:DA:3F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143FC7D4F3DA43127A9420B87E9C743
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IXslm79g2iEsqB3oirw_shKo2j8.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197860
IP address blocks:        89.213.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fc:7d:4f:3d:a4:31:27:a9:42:0b:87:e9:c7:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=217b259bbf60da212ca81de88abc3fb212a8da3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ac:17:9f:93:8e:f9:49:92:a2:65:c6:c2:4f:
                    06:35:b0:e5:9d:63:52:a9:b6:b1:ae:c8:cd:b8:be:
                    f2:5e:f8:c7:d2:c4:af:4d:6e:a9:24:1a:ab:6b:f3:
                    f9:6e:55:8a:38:d8:50:c7:1f:09:92:bf:6b:f5:49:
                    02:64:77:3c:50:6c:b4:d8:00:7c:b6:7b:90:ab:ed:
                    c3:ac:f5:98:73:4f:90:f7:79:3e:06:fd:9a:dd:fa:
                    24:8e:a0:24:40:2d:b1:d5:50:88:f5:f0:17:e8:f1:
                    dd:a8:a6:1c:f2:e8:b1:3b:e7:c1:65:89:4b:3e:de:
                    d7:41:49:ee:f0:d0:cc:7a:01:1c:00:e1:4a:c3:4c:
                    4c:89:61:47:ae:38:81:c8:0f:7a:d1:63:5b:cf:71:
                    0f:24:b6:d7:31:a5:07:4d:3e:cd:4b:18:3d:e3:9e:
                    ae:db:0a:a5:22:f1:9a:f1:82:68:61:a1:b8:d1:41:
                    c1:48:a5:d8:1e:05:1f:f5:42:2e:97:86:07:b8:2d:
                    e8:4d:73:79:05:c7:1b:5a:16:4a:f5:46:7b:9a:a5:
                    1d:d3:0b:26:d9:4d:d2:21:33:d9:9c:3f:d6:fc:f2:
                    4f:56:6b:dc:25:13:b6:9c:c7:74:7b:7a:ef:87:0c:
                    5f:0d:78:8a:8d:db:2e:e9:04:09:d6:b5:92:1e:7d:
                    e3:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:7B:25:9B:BF:60:DA:21:2C:A8:1D:E8:8A:BC:3F:B2:12:A8:DA:3F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IXslm79g2iEsqB3oirw_shKo2j8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:87:dc:67:89:03:b8:9f:fe:00:b5:df:d5:cd:34:51:98:d6:
         7a:3a:65:b3:ee:47:3e:6b:f8:68:18:9e:9a:6e:68:80:df:2f:
         14:40:5d:e9:ef:8d:12:8a:57:02:d3:e5:c7:8f:54:3e:6d:79:
         02:b6:bf:5a:11:b0:20:48:ec:45:14:9d:5f:4c:83:4b:96:23:
         10:34:66:7e:e4:e2:d1:f9:27:fd:a0:a4:7c:1d:f5:28:e0:81:
         93:23:ba:e3:ff:1c:a7:c2:c7:c6:34:4f:2f:55:2a:b0:ee:d5:
         14:02:1f:96:82:e0:81:16:19:a9:82:a3:1b:60:1d:f8:bd:e4:
         b2:56:af:33:1e:ea:34:51:f8:d4:81:c9:66:a9:57:b0:7d:3d:
         8f:cc:1e:f9:a2:a2:98:cb:80:89:a7:a5:0f:29:b6:1a:c7:8f:
         f0:50:a6:ec:db:de:7b:50:ee:eb:d4:22:88:87:1a:30:5c:d5:
         42:3b:d5:98:47:4c:55:db:56:f9:9e:e5:59:6a:27:d7:49:24:
         2c:06:f5:55:51:96:b8:f0:94:ac:e9:35:74:ec:7c:7d:dd:92:
         0c:14:72:6c:0a:85:33:c8:41:80:6e:2f:e6:e8:59:5c:5f:0f:
         3e:c8:07:1e:59:0a:8a:1d:72:bb:0a:34:91:bb:9c:4c:3d:db:
         63:7b:32:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/x9Tz2kMSepQguH6cdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTdiMjU5YmJmNjBkYTIxMmNhODFkZTg4YWJjM2ZiMjEyYThkYTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqawXn5OO+UmSomXGwk8GNbDlnWNS
qbaxrsjNuL7yXvjH0sSvTW6pJBqra/P5blWKONhQxx8Jkr9r9UkCZHc8UGy02AB8
tnuQq+3DrPWYc0+Q93k+Bv2a3fokjqAkQC2x1VCI9fAX6PHdqKYc8uixO+fBZYlL
Pt7XQUnu8NDMegEcAOFKw0xMiWFHrjiByA960WNbz3EPJLbXMaUHTT7NSxg9456u
2wqlIvGa8YJoYaG40UHBSKXYHgUf9UIul4YHuC3oTXN5BccbWhZK9UZ7mqUd0wsm
2U3SITPZnD/W/PJPVmvcJRO2nMd0e3rvhwxfDXiKjdsu6QQJ1rWSHn3jfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCF7JZu/YNohLKgd6Iq8P7ISqNo/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSVhzbG03OWcyaUVzcUIzb2lyd19zaEtvMmo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWmMA0G
CSqGSIb3DQEBCwUAA4IBAQCQh9xniQO4n/4Atd/VzTRRmNZ6OmWz7kc+a/hoGJ6a
bmiA3y8UQF3p740SilcC0+XHj1Q+bXkCtr9aEbAgSOxFFJ1fTINLliMQNGZ+5OLR
+Sf9oKR8HfUo4IGTI7rj/xynwsfGNE8vVSqw7tUUAh+WguCBFhmpgqMbYB34veSy
Vq8zHuo0UfjUgclmqVewfT2PzB75oqKYy4CJp6UPKbYax4/wUKbs2957UO7r1CKI
hxowXNVCO9WYR0xV21b5nuVZaifXSSQsBvVVUZa48JSs6TV07Hx93ZIMFHJsCoUz
yEGAbi/m6FlcXw8+yAceWQqKHXK7CjSRu5xMPdtjezJ8
-----END CERTIFICATE-----