Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/eaddae-3783-4fdb-a301-a001a29c23f0/1/s5l9rjSPorbmJ6DV5XzzuHrSRWc.roa
File:                     s5l9rjSPorbmJ6DV5XzzuHrSRWc.roa (raw, json)
Hash identifier:          j3es1QhJ3BxNSOr+OOVs21FGOEaNLK9nKvgzFCuGlpk=
Subject key identifier:   B3:99:7D:AE:34:8F:A2:B6:E6:27:A0:D5:E5:7C:F3:B8:7A:D2:45:67
Certificate issuer:       /CN=ebbc91cccab016d3b9128761a9c4e553976121c8
Certificate serial:       01989F295C1F23B5D90AE8AAF1D66FCF038F
Authority key identifier: EB:BC:91:CC:CA:B0:16:D3:B9:12:87:61:A9:C4:E5:53:97:61:21:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/67yRzMqwFtO5EodhqcTlU5dhIcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/eaddae-3783-4fdb-a301-a001a29c23f0/1/s5l9rjSPorbmJ6DV5XzzuHrSRWc.roa
Signing time:             Tue 12 Aug 2025 16:42:24 +0000
ROA not before:           Tue 12 Aug 2025 16:42:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212166
IP address blocks:        89.39.245.0/24 maxlen: 24
                          2a04:7080:800::/42 maxlen: 48
                          2a04:7080:840::/42 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/eaddae-3783-4fdb-a301-a001a29c23f0/1/67yRzMqwFtO5EodhqcTlU5dhIcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/eaddae-3783-4fdb-a301-a001a29c23f0/1/67yRzMqwFtO5EodhqcTlU5dhIcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/67yRzMqwFtO5EodhqcTlU5dhIcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9f:29:5c:1f:23:b5:d9:0a:e8:aa:f1:d6:6f:cf:03:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebbc91cccab016d3b9128761a9c4e553976121c8
        Validity
            Not Before: Aug 12 16:42:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3997dae348fa2b6e627a0d5e57cf3b87ad24567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:09:aa:21:7b:0c:59:e3:2a:16:ad:03:a6:e0:
                    07:d3:03:eb:4f:91:19:66:d8:ce:42:3f:1d:46:6b:
                    25:f3:ae:a1:7b:7f:b1:9a:6d:a5:12:eb:fd:06:ce:
                    82:75:0b:c3:4d:b9:2e:57:92:38:aa:c0:7a:20:ae:
                    b9:9a:b5:24:b9:53:d5:4a:aa:2d:c9:f0:7d:85:c1:
                    67:62:c2:96:b2:f5:03:a5:e4:cc:cc:50:6c:55:5b:
                    c2:75:72:3a:a2:b3:e2:f2:09:68:21:1a:9d:3b:51:
                    e4:8f:4a:c8:fc:5c:f1:70:2f:f6:88:cf:6f:c0:b7:
                    96:ca:9d:6f:f7:e9:fb:91:d5:e5:3b:86:ea:21:77:
                    f9:2a:c8:e8:fe:d0:f5:6b:dd:15:4e:d0:57:b4:b7:
                    38:a3:85:5e:a1:09:75:3b:dc:81:f9:a6:10:c5:53:
                    1a:29:8e:ba:bd:bb:54:94:bb:ea:f0:98:2f:66:46:
                    bd:1f:57:15:f4:02:84:a6:f1:f6:b3:bf:5b:32:ba:
                    87:f3:79:67:65:54:79:e8:63:b3:79:7c:68:e2:ba:
                    f5:f3:ea:0f:ae:32:c3:11:e5:7a:48:94:e6:8c:08:
                    6e:80:ae:4c:62:5f:2c:b7:61:b3:b9:27:2b:a1:1d:
                    aa:ce:6c:59:a5:88:94:f9:20:0c:cf:fa:f5:2e:4f:
                    1f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:99:7D:AE:34:8F:A2:B6:E6:27:A0:D5:E5:7C:F3:B8:7A:D2:45:67
            X509v3 Authority Key Identifier:
                keyid:EB:BC:91:CC:CA:B0:16:D3:B9:12:87:61:A9:C4:E5:53:97:61:21:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/67yRzMqwFtO5EodhqcTlU5dhIcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/eaddae-3783-4fdb-a301-a001a29c23f0/1/s5l9rjSPorbmJ6DV5XzzuHrSRWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/eaddae-3783-4fdb-a301-a001a29c23f0/1/67yRzMqwFtO5EodhqcTlU5dhIcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.245.0/24
                IPv6:
                  2a04:7080:800::/41

    Signature Algorithm: sha256WithRSAEncryption
         a8:c6:41:3e:73:f1:25:33:16:4a:af:8c:06:38:54:7f:63:a2:
         d0:95:18:59:99:ba:3a:b5:af:ac:ef:06:8e:37:fb:43:de:46:
         40:e3:57:38:c0:48:57:d5:a5:d1:71:9e:67:66:24:1b:b5:2e:
         1f:3b:f9:ec:da:c2:27:a9:76:13:47:8f:09:53:e8:6d:d2:ee:
         67:bb:4c:23:f6:ff:0f:74:58:a5:cc:f1:40:57:9b:4a:31:26:
         2f:4b:76:f4:56:23:8e:18:51:e9:3e:78:91:5b:c6:5b:ec:ec:
         86:4f:d8:09:0f:1c:e8:09:3e:ff:e3:74:0e:dd:fe:1b:08:d6:
         b0:b7:a7:33:b7:4a:42:e9:30:3f:b7:b6:83:21:7e:d1:49:f5:
         b7:7a:81:54:29:ab:6d:c6:a4:2c:28:33:a7:7d:7a:b1:16:d0:
         02:3a:2f:27:3f:a9:55:92:3e:99:74:85:28:99:20:f8:ee:95:
         ce:ec:77:35:2d:b1:44:76:65:f0:2a:6d:07:89:33:b2:c1:2e:
         f3:80:a6:28:fa:81:59:2d:67:6d:64:1c:17:3c:bf:7a:a2:ff:
         14:4a:b6:11:ec:55:a9:c9:8c:cd:45:ba:2f:2c:6b:34:a1:3e:
         26:5b:af:de:74:60:da:61:6b:9e:0b:aa:49:73:43:dd:39:c7:
         87:a0:f0:41
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZifKVwfI7XZCuiq8dZvzwOPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYmM5MWNjY2FiMDE2ZDNiOTEyODc2MWE5YzRlNTUzOTc2
MTIxYzgwHhcNMjUwODEyMTY0MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzk5N2RhZTM0OGZhMmI2ZTYyN2EwZDVlNTdjZjNiODdhZDI0NTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAmqIXsMWeMqFq0DpuAH0wPrT5EZ
ZtjOQj8dRmsl866he3+xmm2lEuv9Bs6CdQvDTbkuV5I4qsB6IK65mrUkuVPVSqot
yfB9hcFnYsKWsvUDpeTMzFBsVVvCdXI6orPi8gloIRqdO1Hkj0rI/FzxcC/2iM9v
wLeWyp1v9+n7kdXlO4bqIXf5Ksjo/tD1a90VTtBXtLc4o4VeoQl1O9yB+aYQxVMa
KY66vbtUlLvq8JgvZka9H1cV9AKEpvH2s79bMrqH83lnZVR56GOzeXxo4rr18+oP
rjLDEeV6SJTmjAhugK5MYl8st2GzuScroR2qzmxZpYiU+SAMz/r1Lk8fUwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLOZfa40j6K25ieg1eV887h60kVnMB8GA1UdIwQY
MBaAFOu8kczKsBbTuRKHYanE5VOXYSHIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjd5UnpNcXdGdE81RW9kaHFjVGxVNWRoSWNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9lYWRkYWUtMzc4My00ZmRiLWEzMDEt
YTAwMWEyOWMyM2YwLzEvczVsOXJqU1BvcmJtSjZEVjVYenp1SHJTUldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9lYWRkYWUtMzc4My00ZmRiLWEzMDEtYTAwMWEyOWMyM2Yw
LzEvNjd5UnpNcXdGdE81RW9kaHFjVGxVNWRoSWNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAWSf1MA8E
AgACMAkDBwcqBHCACAAwDQYJKoZIhvcNAQELBQADggEBAKjGQT5z8SUzFkqvjAY4
VH9jotCVGFmZujq1r6zvBo43+0PeRkDjVzjASFfVpdFxnmdmJBu1Lh87+ezawiep
dhNHjwlT6G3S7me7TCP2/w90WKXM8UBXm0oxJi9LdvRWI44YUek+eJFbxlvs7IZP
2AkPHOgJPv/jdA7d/hsI1rC3pzO3SkLpMD+3toMhftFJ9bd6gVQpq23GpCwoM6d9
erEW0AI6Lyc/qVWSPpl0hSiZIPjulc7sdzUtsUR2ZfAqbQeJM7LBLvOApij6gVkt
Z21kHBc8v3qi/xRKthHsVanJjM1Fui8sazShPiZbr950YNpha54LqklzQ905x4eg
8EE=
-----END CERTIFICATE-----