Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/NpWIoMyjqyMb_Zaw1o9kw3JDDi4.roa
File:                     NpWIoMyjqyMb_Zaw1o9kw3JDDi4.roa (raw, json)
Hash identifier:          wMXhMaV/pVnTHbpuxwyjif970THZSh4/vwdthTw+gqc=
Subject key identifier:   36:95:88:A0:CC:A3:AB:23:1B:FD:96:B0:D6:8F:64:C3:72:43:0E:2E
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       01978219BB8D6D423692F150725D4022AE8F
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/NpWIoMyjqyMb_Zaw1o9kw3JDDi4.roa
Signing time:             Wed 18 Jun 2025 08:13:33 +0000
ROA not before:           Wed 18 Jun 2025 08:13:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22516
IP address blocks:        89.23.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:82:19:bb:8d:6d:42:36:92:f1:50:72:5d:40:22:ae:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jun 18 08:13:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=369588a0cca3ab231bfd96b0d68f64c372430e2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:23:26:8b:0e:b8:da:4a:10:6d:44:bb:4b:53:
                    d9:8a:e2:bd:0b:fa:e5:23:d4:6f:fa:63:34:1d:10:
                    ef:30:a2:38:a5:bd:16:2e:43:84:56:be:38:c2:d4:
                    1d:6a:58:71:82:09:96:48:02:6a:1a:cd:30:5e:b1:
                    89:f5:9e:c0:b2:48:31:4a:17:0a:1e:f6:6f:0f:3c:
                    71:98:db:bf:1d:19:2b:a0:46:f8:b2:99:fd:60:e5:
                    a6:1a:9c:30:5e:8e:79:48:89:5f:d4:f7:58:dd:c4:
                    5b:6f:b0:c0:79:25:e3:15:08:47:a1:17:e4:90:f5:
                    6e:a9:35:82:a2:af:b4:a5:f1:24:e9:06:bb:da:24:
                    2b:b1:ba:9a:f1:99:d4:9a:56:bc:25:af:1e:f7:3f:
                    a5:cf:e8:fc:48:ba:4f:00:3d:b1:f8:40:e2:f2:17:
                    74:6f:41:8d:5a:fb:a4:d7:40:9c:d2:63:06:94:22:
                    ba:f7:46:f2:44:5e:ee:1b:c2:aa:09:66:8e:12:8a:
                    83:b9:ba:78:85:93:a1:f1:42:9f:23:a6:88:91:fd:
                    ee:39:87:51:ef:4d:03:68:ae:9d:90:24:d7:eb:1d:
                    cc:30:92:4a:6e:50:c9:d5:26:ff:f0:b0:29:c4:82:
                    e6:f3:82:85:e8:61:63:1d:bf:34:be:b9:f4:47:c3:
                    70:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:95:88:A0:CC:A3:AB:23:1B:FD:96:B0:D6:8F:64:C3:72:43:0E:2E
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/NpWIoMyjqyMb_Zaw1o9kw3JDDi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:b1:86:04:e1:cc:bc:f1:bb:ff:6b:74:c7:ad:77:33:91:e9:
         ce:a5:73:88:4b:1d:d9:50:1f:ce:3c:dd:f7:c5:69:be:21:03:
         9b:71:81:b5:6b:de:ea:cb:b3:bd:ac:81:2e:21:eb:a2:d0:ac:
         38:48:6d:c4:9f:31:2a:e4:d3:ce:6d:ad:df:d2:b3:c7:18:f3:
         1c:8d:08:66:1b:8a:e1:a2:75:c1:79:53:ab:e9:20:2b:12:5c:
         3d:46:f1:4b:43:ca:ed:71:23:cc:03:72:6b:cc:60:b1:84:cc:
         2b:c2:18:a9:5a:b1:94:86:10:76:e4:79:0b:77:99:5c:99:bf:
         68:47:37:02:fc:b2:4c:0b:52:a2:fd:bf:54:c7:3b:32:f7:9c:
         55:31:3f:44:0f:b6:0f:eb:f8:da:56:f1:9d:6f:a3:e8:f5:f4:
         1a:e3:50:9b:6b:74:06:5b:0b:f2:1d:6c:b7:69:1a:f3:09:38:
         76:0a:36:08:4c:34:79:cb:a4:74:12:4b:2e:02:3a:79:2e:ab:
         42:48:e9:f7:2a:de:2d:36:3a:22:3b:64:e8:6f:35:c2:3a:ff:
         aa:8f:c8:5e:06:80:82:1b:cf:2c:df:6e:f2:c9:e8:8a:dc:68:
         01:fc:f4:9a:33:0b:04:40:72:7b:c2:2d:14:1c:d1:e3:49:8e:
         8b:ac:31:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeCGbuNbUI2kvFQcl1AIq6PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwNjE4MDgxMzMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjk1ODhhMGNjYTNhYjIzMWJmZDk2YjBkNjhmNjRjMzcyNDMwZTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSMmiw642koQbUS7S1PZiuK9C/rl
I9Rv+mM0HRDvMKI4pb0WLkOEVr44wtQdalhxggmWSAJqGs0wXrGJ9Z7AskgxShcK
HvZvDzxxmNu/HRkroEb4spn9YOWmGpwwXo55SIlf1PdY3cRbb7DAeSXjFQhHoRfk
kPVuqTWCoq+0pfEk6Qa72iQrsbqa8ZnUmla8Ja8e9z+lz+j8SLpPAD2x+EDi8hd0
b0GNWvuk10Cc0mMGlCK690byRF7uG8KqCWaOEoqDubp4hZOh8UKfI6aIkf3uOYdR
700DaK6dkCTX6x3MMJJKblDJ1Sb/8LApxILm84KF6GFjHb80vrn0R8NwMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaViKDMo6sjG/2WsNaPZMNyQw4uMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvTnBXSW9NeWpxeU1iX1phdzFvOWt3M0pERGk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdRMA0G
CSqGSIb3DQEBCwUAA4IBAQB9sYYE4cy88bv/a3THrXczkenOpXOISx3ZUB/OPN33
xWm+IQObcYG1a97qy7O9rIEuIeui0Kw4SG3EnzEq5NPOba3f0rPHGPMcjQhmG4rh
onXBeVOr6SArElw9RvFLQ8rtcSPMA3JrzGCxhMwrwhipWrGUhhB25HkLd5lcmb9o
RzcC/LJMC1Ki/b9Uxzsy95xVMT9ED7YP6/jaVvGdb6Po9fQa41Cba3QGWwvyHWy3
aRrzCTh2CjYITDR5y6R0EksuAjp5LqtCSOn3Kt4tNjoiO2TobzXCOv+qj8heBoCC
G88s327yyeiK3GgB/PSaMwsEQHJ7wi0UHNHjSY6LrDF5
-----END CERTIFICATE-----