Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/fMzNpGVWR81PY-itrM6ZWrxbxR4.roa
File:                     fMzNpGVWR81PY-itrM6ZWrxbxR4.roa (raw, json)
Hash identifier:          JzHaCWidPtRsdVXuThinCzpkb7ljHyzzEpjdEgADrSY=
Subject key identifier:   7C:CC:CD:A4:65:56:47:CD:4F:63:E8:AD:AC:CE:99:5A:BC:5B:C5:1E
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       0197D0E02FC9ED75B8A4B070C72F76E710FE
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/fMzNpGVWR81PY-itrM6ZWrxbxR4.roa
Signing time:             Thu 03 Jul 2025 15:20:42 +0000
ROA not before:           Thu 03 Jul 2025 15:20:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        89.23.66.0/24 maxlen: 24
                          89.23.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d0:e0:2f:c9:ed:75:b8:a4:b0:70:c7:2f:76:e7:10:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jul  3 15:20:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ccccda4655647cd4f63e8adacce995abc5bc51e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:2b:10:e5:27:88:b5:9e:ff:cb:fc:db:9f:e8:
                    08:7b:30:d5:13:d2:93:49:6e:8a:8d:fb:80:cd:a3:
                    58:37:75:be:52:a7:96:28:34:aa:97:5e:62:71:74:
                    0e:e1:f7:50:da:54:08:17:2d:95:21:a0:d5:5b:6c:
                    50:ae:02:3d:b5:09:24:38:fb:19:4c:88:7f:ca:ef:
                    56:5e:95:88:0d:59:76:5e:c4:73:1e:f4:dc:93:73:
                    55:54:a7:19:92:bd:c7:d6:8c:9d:21:2e:7b:0d:a5:
                    d6:ac:33:b5:1d:ec:cd:89:24:1f:51:bd:50:45:0a:
                    2c:30:cc:87:10:4e:02:67:41:72:8d:de:8e:87:c4:
                    b1:4a:43:39:dd:5b:32:9f:4a:86:3c:62:c8:e0:cb:
                    6b:fb:22:4e:6e:a2:fc:b6:e4:dc:f7:4b:73:be:09:
                    5d:63:4e:d2:75:56:e6:e2:0f:b1:79:e5:a8:f2:64:
                    c4:2b:70:88:80:f2:96:73:50:49:ab:a2:b1:b8:88:
                    69:9e:3d:f9:9a:96:95:53:4d:df:40:d8:1b:25:de:
                    9c:9d:02:0e:2b:6a:0b:aa:51:57:05:73:2e:fb:82:
                    f4:ad:5e:b0:2d:0c:17:7b:e6:d7:44:3a:96:2e:c0:
                    75:bd:86:cb:1e:3b:56:f8:a8:c6:be:22:40:56:73:
                    70:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:CC:CD:A4:65:56:47:CD:4F:63:E8:AD:AC:CE:99:5A:BC:5B:C5:1E
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/fMzNpGVWR81PY-itrM6ZWrxbxR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.66.0/24
                  89.23.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:20:f9:46:dd:2a:da:36:0e:e0:dd:49:9b:e2:a3:0f:8e:59:
         c4:3f:94:85:9d:5c:26:cb:3b:09:3b:4a:26:04:27:a3:09:05:
         ef:21:c6:39:eb:e4:eb:34:f1:fd:fd:2a:c8:51:78:c7:a4:96:
         2c:b4:bf:99:be:30:b0:bd:8e:f1:15:da:30:28:8b:b8:9b:ca:
         17:08:0b:11:38:19:b6:36:67:da:07:dc:cb:b0:7e:50:1c:71:
         44:03:79:81:55:09:d7:46:68:0a:9c:42:a3:2a:3f:85:35:b6:
         da:e0:0e:3b:a5:17:1d:0e:bd:fe:64:58:d8:d5:09:1b:be:9c:
         6f:4e:b9:b7:19:c5:ce:4f:19:58:66:1a:98:af:94:b8:06:60:
         71:9d:d6:6f:68:23:47:ee:35:fb:36:6a:bb:ea:45:ff:7e:48:
         6c:c5:1a:d5:a5:76:76:02:ae:e6:ca:2d:6f:6e:e0:8a:06:5f:
         6e:be:2b:63:77:75:37:3e:61:be:be:bb:87:ec:38:40:b5:a9:
         96:d2:56:6f:3d:44:9a:3e:97:ee:1c:61:f0:11:11:8d:53:64:
         34:49:9b:72:e3:7c:46:1f:95:de:ba:8a:cf:e8:7f:d8:a2:f0:
         f1:17:81:f8:3d:30:8b:26:43:f6:9f:9f:9c:af:69:39:3a:9d:
         23:92:53:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfQ4C/J7XW4pLBwxy925xD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwNzAzMTUyMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2NjY2RhNDY1NTY0N2NkNGY2M2U4YWRhY2NlOTk1YWJjNWJjNTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SsQ5SeItZ7/y/zbn+gIezDVE9KT
SW6KjfuAzaNYN3W+UqeWKDSql15icXQO4fdQ2lQIFy2VIaDVW2xQrgI9tQkkOPsZ
TIh/yu9WXpWIDVl2XsRzHvTck3NVVKcZkr3H1oydIS57DaXWrDO1HezNiSQfUb1Q
RQosMMyHEE4CZ0Fyjd6Oh8SxSkM53Vsyn0qGPGLI4Mtr+yJObqL8tuTc90tzvgld
Y07SdVbm4g+xeeWo8mTEK3CIgPKWc1BJq6KxuIhpnj35mpaVU03fQNgbJd6cnQIO
K2oLqlFXBXMu+4L0rV6wLQwXe+bXRDqWLsB1vYbLHjtW+KjGviJAVnNw0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHzMzaRlVkfNT2PorazOmVq8W8UeMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvZk16TnBHVldSODFQWS1pdHJNNlpXcnhieFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRdCAwQA
WRddMA0GCSqGSIb3DQEBCwUAA4IBAQBqIPlG3SraNg7g3Umb4qMPjlnEP5SFnVwm
yzsJO0omBCejCQXvIcY56+TrNPH9/SrIUXjHpJYstL+ZvjCwvY7xFdowKIu4m8oX
CAsROBm2NmfaB9zLsH5QHHFEA3mBVQnXRmgKnEKjKj+FNbba4A47pRcdDr3+ZFjY
1QkbvpxvTrm3GcXOTxlYZhqYr5S4BmBxndZvaCNH7jX7Nmq76kX/fkhsxRrVpXZ2
Aq7myi1vbuCKBl9uvitjd3U3PmG+vruH7DhAtamW0lZvPUSaPpfuHGHwERGNU2Q0
SZty43xGH5XeuorP6H/YovDxF4H4PTCLJkP2n5+cr2k5Op0jklMH
-----END CERTIFICATE-----