Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AvWocCU5xL2xIo75A6wrJutS9sc.roa
File:                     AvWocCU5xL2xIo75A6wrJutS9sc.roa (raw, json)
Hash identifier:          fL9y/uJOMgQc1pA9sVUJLspuXhvAQx3Jhj/J5V3BopI=
Subject key identifier:   02:F5:A8:70:25:39:C4:BD:B1:22:8E:F9:03:AC:2B:26:EB:52:F6:C7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01989E48287A0B810C2008120A62A2D45EC5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AvWocCU5xL2xIo75A6wrJutS9sc.roa
Signing time:             Tue 12 Aug 2025 12:36:25 +0000
ROA not before:           Tue 12 Aug 2025 12:36:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214481
IP address blocks:        89.213.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9e:48:28:7a:0b:81:0c:20:08:12:0a:62:a2:d4:5e:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 12 12:36:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02f5a8702539c4bdb1228ef903ac2b26eb52f6c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:f1:d3:b4:1f:55:e5:39:3d:d7:3f:bf:5e:53:
                    43:28:77:3d:f6:a4:11:8e:11:62:aa:0e:17:07:f3:
                    9d:ac:4c:82:ff:5e:30:8b:e9:ba:20:63:ce:ba:2e:
                    92:1e:9b:42:d8:f8:e5:f2:9d:78:5e:8f:cc:e2:96:
                    50:b0:ac:b1:88:c4:a8:97:74:b8:23:37:02:fc:94:
                    4c:51:6b:74:f5:51:99:3f:4d:c4:fb:79:86:3b:3a:
                    ac:24:fb:b6:a3:f3:0e:66:cd:3f:7b:3f:4c:5a:98:
                    31:bb:6a:9d:ca:32:a3:7e:5a:94:c6:ed:25:f4:eb:
                    f7:d1:62:e6:7d:51:cc:89:fe:18:5d:d4:71:61:e8:
                    d9:f3:76:ba:b2:74:71:04:76:b4:bb:74:70:0e:a9:
                    c3:8a:dd:75:da:1d:03:97:0f:89:58:6c:bc:fc:b9:
                    f8:ac:a1:6a:9a:1a:51:99:60:58:a1:a5:38:f8:c5:
                    e9:69:23:c4:f9:00:3c:19:c7:dd:6f:75:03:84:fc:
                    2e:64:14:54:33:c4:4f:04:f3:f7:20:8c:77:7d:5f:
                    e2:e5:96:83:da:4e:f5:5e:38:49:ee:a3:c4:83:0f:
                    31:01:9e:0f:c2:1c:88:21:b3:7e:2b:da:d1:5e:0d:
                    b5:d3:6a:29:8b:71:76:72:10:92:c5:3d:a5:96:3f:
                    67:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:F5:A8:70:25:39:C4:BD:B1:22:8E:F9:03:AC:2B:26:EB:52:F6:C7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AvWocCU5xL2xIo75A6wrJutS9sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:d1:6a:5f:47:6c:ba:e0:96:37:a0:94:38:1f:b9:c1:ad:c8:
         c4:a8:47:c1:19:dd:ae:93:55:4a:fa:97:66:c3:1f:d1:07:a0:
         75:ac:d9:00:e0:5e:6e:66:3d:15:6f:82:15:d5:c4:83:21:bd:
         8c:e4:be:d0:57:57:06:cb:01:6e:9e:12:8f:e9:0a:64:db:c0:
         86:57:59:d9:1e:73:e7:e0:6b:24:8b:60:4c:a6:2d:1a:1b:98:
         04:24:74:fd:8a:ae:b6:4f:08:83:e5:5f:4b:2d:fe:b8:bc:7c:
         5e:4f:15:b1:cb:34:72:b0:fc:47:25:db:2f:1c:38:eb:4c:d6:
         0c:d1:fe:02:a5:8d:37:10:f6:b8:e1:fa:0c:2e:5e:42:b1:89:
         31:1c:1d:db:36:23:ce:41:b3:09:72:24:b1:af:bf:2e:d8:dd:
         70:18:22:82:69:1d:33:7d:6a:11:71:21:63:32:2a:83:3e:79:
         34:41:69:fc:1f:15:f6:02:30:98:cf:31:9c:de:71:02:d7:48:
         23:43:3b:14:df:7c:db:27:9c:73:e3:03:a0:87:39:36:b2:ce:
         31:3d:7b:fd:e8:22:b7:e2:7c:45:f1:b1:b6:30:1c:64:3d:4b:
         6a:65:ba:88:31:a6:e0:d4:0a:37:8d:2b:33:06:e0:b2:e8:f1:
         64:9f:0e:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZieSCh6C4EMIAgSCmKi1F7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODEyMTIzNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmY1YTg3MDI1MzljNGJkYjEyMjhlZjkwM2FjMmIyNmViNTJmNmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5vHTtB9V5Tk91z+/XlNDKHc99qQR
jhFiqg4XB/OdrEyC/14wi+m6IGPOui6SHptC2Pjl8p14Xo/M4pZQsKyxiMSol3S4
IzcC/JRMUWt09VGZP03E+3mGOzqsJPu2o/MOZs0/ez9MWpgxu2qdyjKjflqUxu0l
9Ov30WLmfVHMif4YXdRxYejZ83a6snRxBHa0u3RwDqnDit112h0Dlw+JWGy8/Ln4
rKFqmhpRmWBYoaU4+MXpaSPE+QA8Gcfdb3UDhPwuZBRUM8RPBPP3IIx3fV/i5ZaD
2k71XjhJ7qPEgw8xAZ4PwhyIIbN+K9rRXg2102opi3F2chCSxT2llj9n+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAL1qHAlOcS9sSKO+QOsKybrUvbHMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQXZXb2NDVTV4TDJ4SW83NUE2d3JKdXRTOXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUtMA0G
CSqGSIb3DQEBCwUAA4IBAQBw0WpfR2y64JY3oJQ4H7nBrcjEqEfBGd2uk1VK+pdm
wx/RB6B1rNkA4F5uZj0Vb4IV1cSDIb2M5L7QV1cGywFunhKP6Qpk28CGV1nZHnPn
4Gski2BMpi0aG5gEJHT9iq62TwiD5V9LLf64vHxeTxWxyzRysPxHJdsvHDjrTNYM
0f4CpY03EPa44foMLl5CsYkxHB3bNiPOQbMJciSxr78u2N1wGCKCaR0zfWoRcSFj
MiqDPnk0QWn8HxX2AjCYzzGc3nEC10gjQzsU33zbJ5xz4wOghzk2ss4xPXv96CK3
4nxF8bG2MBxkPUtqZbqIMabg1Ao3jSszBuCy6PFknw62
-----END CERTIFICATE-----