Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1kR_POGuTAaHovLOCX1lTOE57lI.roa
File:                     1kR_POGuTAaHovLOCX1lTOE57lI.roa (raw, json)
Hash identifier:          LYln6QfL2ITaLtdjdV6guC1+sxTxxkTnmxcczxAsWTE=
Subject key identifier:   D6:44:7F:3C:E1:AE:4C:06:87:A2:F2:CE:09:7D:65:4C:E1:39:EE:52
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019A261F65DFFEF1B16D331C46EFFB39BE52
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1kR_POGuTAaHovLOCX1lTOE57lI.roa
Signing time:             Mon 27 Oct 2025 14:43:03 +0000
ROA not before:           Mon 27 Oct 2025 14:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52116
IP address blocks:        89.23.71.0/24 maxlen: 24
                          178.254.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:26:1f:65:df:fe:f1:b1:6d:33:1c:46:ef:fb:39:be:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Oct 27 14:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6447f3ce1ae4c0687a2f2ce097d654ce139ee52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:1b:81:e3:b1:87:ad:30:fb:2e:83:fb:4d:60:
                    d2:e1:58:1a:be:b1:73:e1:25:db:6b:e6:25:5e:dc:
                    22:8f:e5:2a:9b:b0:37:21:15:bb:d2:6b:7b:28:11:
                    06:65:6a:7c:80:04:b7:b1:5f:eb:92:d0:56:95:96:
                    db:3b:c0:1a:53:ed:32:8e:49:97:7b:a8:e3:c3:a8:
                    d1:6a:d8:ac:e2:14:4d:7d:b3:5f:10:41:a1:39:f9:
                    1e:85:94:7e:72:c3:8b:04:4f:3e:2e:91:49:72:9a:
                    81:0c:01:51:fa:4c:27:7e:ad:eb:00:09:b7:26:65:
                    68:3c:a8:64:eb:41:f8:46:d8:6a:09:5f:fe:07:b0:
                    43:c7:eb:46:94:59:9a:4b:41:91:d6:07:8a:66:60:
                    ff:11:76:2e:3d:c2:69:07:6f:c0:f5:2b:92:20:2c:
                    4c:24:c8:44:e6:5f:90:2e:ef:3e:65:d2:32:4d:82:
                    5d:f7:97:da:d9:11:a9:0d:55:50:eb:c2:53:eb:f3:
                    f9:e6:b1:ef:02:bd:90:6a:34:7f:50:0d:de:91:42:
                    45:cb:ed:ad:8c:cf:47:48:62:a6:35:da:87:a1:a8:
                    70:9f:d7:4e:61:91:69:d8:10:f4:b9:03:45:eb:5e:
                    9f:16:90:44:d0:4a:74:88:ed:69:36:67:13:6e:cb:
                    28:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:44:7F:3C:E1:AE:4C:06:87:A2:F2:CE:09:7D:65:4C:E1:39:EE:52
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/1kR_POGuTAaHovLOCX1lTOE57lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.71.0/24
                  178.254.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:d5:38:42:8d:1d:fd:8d:4f:1b:c7:72:3d:97:41:5d:20:d7:
         82:5a:8c:7a:ac:8b:f8:53:58:3b:8c:d5:a0:e8:48:06:0f:76:
         54:c4:f2:9f:30:76:e9:93:d7:d3:cc:88:7d:13:bc:38:cd:e9:
         2e:61:81:d8:a1:d0:db:dc:7d:d4:87:7a:19:4c:74:ce:d8:30:
         08:8a:70:73:0f:b6:ed:8c:d1:44:9b:5a:a4:82:b7:31:31:a6:
         70:7b:83:c6:01:8e:02:40:47:90:24:2a:6f:26:4b:a8:06:df:
         b8:de:4c:3e:07:ad:29:78:14:11:a8:f8:c2:ca:52:b4:52:ba:
         e2:2f:8b:ec:06:c8:4d:37:7d:37:e4:f7:3b:4f:07:02:f0:21:
         6e:e5:1e:1d:8d:86:2b:ee:b7:b8:2f:80:d9:66:e2:b0:17:87:
         35:70:9c:49:a4:c3:51:d9:70:7d:0d:d0:82:79:57:05:c0:e6:
         eb:2c:e0:5e:94:d7:19:86:ea:58:d4:67:6b:8a:5d:e9:21:b4:
         2b:49:cd:c6:2d:89:b4:44:cb:59:3f:56:95:2f:ca:d3:07:79:
         5a:a4:32:ed:14:7f:bd:ac:4d:45:9f:d3:90:93:39:b8:f5:88:
         6d:86:5b:26:93:2c:59:43:39:fe:85:74:ab:ad:7f:28:21:8d:
         c1:07:61:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZomH2Xf/vGxbTMcRu/7Ob5SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUxMDI3MTQ0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQ0N2YzY2UxYWU0YzA2ODdhMmYyY2UwOTdkNjU0Y2UxMzllZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xuB47GHrTD7LoP7TWDS4VgavrFz
4SXba+YlXtwij+Uqm7A3IRW70mt7KBEGZWp8gAS3sV/rktBWlZbbO8AaU+0yjkmX
e6jjw6jRatis4hRNfbNfEEGhOfkehZR+csOLBE8+LpFJcpqBDAFR+kwnfq3rAAm3
JmVoPKhk60H4RthqCV/+B7BDx+tGlFmaS0GR1geKZmD/EXYuPcJpB2/A9SuSICxM
JMhE5l+QLu8+ZdIyTYJd95fa2RGpDVVQ68JT6/P55rHvAr2QajR/UA3ekUJFy+2t
jM9HSGKmNdqHoahwn9dOYZFp2BD0uQNF616fFpBE0Ep0iO1pNmcTbssotwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNZEfzzhrkwGh6Lyzgl9ZUzhOe5SMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvMWtSX1BPR3VUQWFIb3ZMT0NYMWxUT0U1N2xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRdHAwQA
sv6qMA0GCSqGSIb3DQEBCwUAA4IBAQAF1ThCjR39jU8bx3I9l0FdINeCWox6rIv4
U1g7jNWg6EgGD3ZUxPKfMHbpk9fTzIh9E7w4zekuYYHYodDb3H3Uh3oZTHTO2DAI
inBzD7btjNFEm1qkgrcxMaZwe4PGAY4CQEeQJCpvJkuoBt+43kw+B60peBQRqPjC
ylK0UrriL4vsBshNN3035Pc7TwcC8CFu5R4djYYr7re4L4DZZuKwF4c1cJxJpMNR
2XB9DdCCeVcFwObrLOBelNcZhupY1Gdril3pIbQrSc3GLYm0RMtZP1aVL8rTB3la
pDLtFH+9rE1Fn9OQkzm49YhthlsmkyxZQzn+hXSrrX8oIY3BB2Gp
-----END CERTIFICATE-----