Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IuV-6SWrCp8akHcG4XGuf63FGmw.roa
File:                     IuV-6SWrCp8akHcG4XGuf63FGmw.roa (raw, json)
Hash identifier:          NSshUaLiddHa4TTgeZmwMZHbVzZCiD7/IIzDOony558=
Subject key identifier:   22:E5:7E:E9:25:AB:0A:9F:1A:90:77:06:E1:71:AE:7F:AD:C5:1A:6C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01989E49FCA82FA834C62E7DADC152F5728C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IuV-6SWrCp8akHcG4XGuf63FGmw.roa
Signing time:             Tue 12 Aug 2025 12:38:25 +0000
ROA not before:           Tue 12 Aug 2025 12:38:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        89.213.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9e:49:fc:a8:2f:a8:34:c6:2e:7d:ad:c1:52:f5:72:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 12 12:38:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22e57ee925ab0a9f1a907706e171ae7fadc51a6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d6:c8:4c:9e:44:e5:e1:52:e1:f7:47:3f:a3:
                    4c:07:de:8e:85:37:0e:3c:09:5b:1d:8a:aa:70:3e:
                    b0:a2:35:47:09:d4:4f:7a:8f:35:64:36:db:a7:6e:
                    f6:cb:91:af:d8:2b:a4:17:c2:55:4c:bf:b4:54:ad:
                    da:b1:6e:2b:f5:31:51:8f:12:e7:2b:85:5e:9f:04:
                    97:25:81:6c:5a:bf:77:94:62:a6:66:6b:da:b4:15:
                    1c:86:4a:22:7d:5c:84:26:82:a3:61:82:85:bb:90:
                    cb:9c:28:c2:f9:be:84:48:e4:7e:5e:0a:b7:6c:09:
                    92:e6:08:bf:01:be:7a:ac:a2:aa:49:83:0e:d1:9b:
                    a6:bf:57:60:c9:c8:69:1f:dd:2a:58:3e:e2:41:dd:
                    29:4e:5a:b3:36:ad:1d:77:c0:dd:5e:a7:2d:6e:6d:
                    c4:66:62:e7:e2:73:32:ba:c1:39:2d:df:6c:89:aa:
                    92:8f:ac:2c:20:06:a9:41:82:7d:fd:3c:31:50:6a:
                    4a:24:41:a8:84:4b:df:de:01:8b:2c:4d:57:1e:d0:
                    b7:94:61:69:43:af:de:4f:6e:cd:53:81:64:95:6b:
                    b1:6a:ed:b2:7e:ab:54:90:1c:db:0e:5a:64:23:19:
                    92:67:80:9c:62:7b:b1:7a:93:12:0d:d5:02:66:ea:
                    c8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:E5:7E:E9:25:AB:0A:9F:1A:90:77:06:E1:71:AE:7F:AD:C5:1A:6C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IuV-6SWrCp8akHcG4XGuf63FGmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:ac:4a:e0:53:54:d8:14:43:6d:af:26:a7:a1:be:63:b3:36:
         a0:f4:17:2a:a5:67:9c:88:de:24:8c:8b:d7:c6:ab:5a:27:e6:
         c7:c6:cb:57:e7:1f:7c:c5:b6:e5:ad:a1:92:10:8f:bb:d7:bd:
         cd:a8:9c:cb:18:3b:1a:7f:21:65:d3:99:55:65:ba:88:5b:ab:
         29:10:74:a1:2d:26:af:8b:f5:ea:43:63:4a:49:dc:c8:6a:fc:
         3e:53:07:d1:f7:23:58:78:70:cc:bb:7c:e5:64:51:e7:5b:5b:
         da:c2:9e:53:50:39:d4:60:c7:08:e4:db:b0:d2:94:b2:24:5b:
         70:1c:6b:72:f5:6c:f4:9a:b8:ab:03:f7:f4:af:e3:17:cf:aa:
         3c:6d:ce:91:82:4c:60:1a:c6:1a:57:c1:f0:ef:ce:ff:0d:bf:
         12:57:1b:22:25:00:9e:fe:37:25:28:21:d9:be:84:81:15:2d:
         04:30:07:88:61:d6:69:59:aa:db:7d:14:51:40:eb:c4:17:c0:
         16:66:71:ee:be:38:c0:73:4e:41:9a:3d:70:27:66:33:1a:04:
         46:f0:e3:15:d2:11:cd:b6:97:b6:d6:56:32:ef:bb:d2:88:13:
         62:5a:4f:5f:61:60:36:ed:a4:4b:c2:30:c2:9d:e0:aa:17:ea:
         fe:98:d7:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZieSfyoL6g0xi59rcFS9XKMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODEyMTIzODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmU1N2VlOTI1YWIwYTlmMWE5MDc3MDZlMTcxYWU3ZmFkYzUxYTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktbITJ5E5eFS4fdHP6NMB96OhTcO
PAlbHYqqcD6wojVHCdRPeo81ZDbbp272y5Gv2CukF8JVTL+0VK3asW4r9TFRjxLn
K4VenwSXJYFsWr93lGKmZmvatBUchkoifVyEJoKjYYKFu5DLnCjC+b6ESOR+Xgq3
bAmS5gi/Ab56rKKqSYMO0Zumv1dgychpH90qWD7iQd0pTlqzNq0dd8DdXqctbm3E
ZmLn4nMyusE5Ld9siaqSj6wsIAapQYJ9/TwxUGpKJEGohEvf3gGLLE1XHtC3lGFp
Q6/eT27NU4FklWuxau2yfqtUkBzbDlpkIxmSZ4CcYnuxepMSDdUCZurI5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLlfuklqwqfGpB3BuFxrn+txRpsMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSXVWLTZTV3JDcDhha0hjRzRYR3VmNjNGR213LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdW3MA0G
CSqGSIb3DQEBCwUAA4IBAQCnrErgU1TYFENtryanob5jszag9BcqpWeciN4kjIvX
xqtaJ+bHxstX5x98xbblraGSEI+7173NqJzLGDsafyFl05lVZbqIW6spEHShLSav
i/XqQ2NKSdzIavw+UwfR9yNYeHDMu3zlZFHnW1vawp5TUDnUYMcI5Nuw0pSyJFtw
HGty9Wz0mrirA/f0r+MXz6o8bc6RgkxgGsYaV8Hw787/Db8SVxsiJQCe/jclKCHZ
voSBFS0EMAeIYdZpWarbfRRRQOvEF8AWZnHuvjjAc05Bmj1wJ2YzGgRG8OMV0hHN
tpe21lYy77vSiBNiWk9fYWA27aRLwjDCneCqF+r+mNfn
-----END CERTIFICATE-----
Generated at Sat Aug 23 14:01:09 2025 by rpki-client