Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/AvcpGqH3Sm_8TjNqmIkBinf46QI.roa
File:                     AvcpGqH3Sm_8TjNqmIkBinf46QI.roa (raw, json)
Hash identifier:          p94EGV7RSkc4Ew06rUCHDxU2ZKsNhSuQI3BL3FeJUgo=
Subject key identifier:   02:F7:29:1A:A1:F7:4A:6F:FC:4E:33:6A:98:89:01:8A:77:F8:E9:02
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019E2B1EC3357C3C529BEAFAA5C202192F88
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/AvcpGqH3Sm_8TjNqmIkBinf46QI.roa
Signing time:             Fri 15 May 2026 10:11:36 +0000
ROA not before:           Fri 15 May 2026 10:11:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        89.23.80.0/24 maxlen: 24
                          89.23.91.0/24 maxlen: 24
                          89.23.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:1e:c3:35:7c:3c:52:9b:ea:fa:a5:c2:02:19:2f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: May 15 10:11:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02f7291aa1f74a6ffc4e336a9889018a77f8e902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:21:2c:7d:c9:e2:5d:a9:bf:ca:4f:64:6b:87:
                    84:93:f4:dd:03:46:3f:b0:3f:98:b4:af:e8:43:81:
                    71:bc:45:58:7a:2f:07:f5:af:d7:65:e6:d9:69:0b:
                    53:a0:3d:eb:06:12:64:fb:1e:3f:67:66:fe:91:70:
                    51:fb:95:3c:5b:59:1f:75:4f:d7:b6:4b:df:89:a7:
                    45:17:2c:d6:6a:96:60:2c:f4:01:e3:eb:63:b2:0a:
                    ec:79:dc:fa:a2:d4:9a:fe:7d:30:94:11:30:ef:a7:
                    1a:6d:62:de:3f:28:e1:81:cd:31:7a:8f:8b:45:88:
                    20:04:f9:41:df:3e:f9:d5:b1:43:c9:c9:65:ab:4c:
                    ad:d4:37:ca:f5:c8:53:16:39:c7:6d:50:6f:91:bf:
                    36:1d:43:6d:ee:c7:f9:ee:5c:4b:f8:28:72:ba:a5:
                    b7:a6:7c:26:b9:bc:ba:77:f0:6f:b9:12:24:92:ff:
                    1f:51:be:62:95:99:20:db:20:ab:94:11:1a:70:6a:
                    64:46:ea:47:21:96:fc:ca:9c:68:a6:45:d7:3c:a6:
                    b4:da:93:b3:17:7b:fc:af:30:77:af:ae:ed:d5:9d:
                    5d:de:1d:5e:55:7d:17:e9:c9:5d:2d:13:03:30:a0:
                    ae:db:5a:56:68:72:2a:39:57:d4:6a:9f:56:44:63:
                    64:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:F7:29:1A:A1:F7:4A:6F:FC:4E:33:6A:98:89:01:8A:77:F8:E9:02
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/AvcpGqH3Sm_8TjNqmIkBinf46QI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.80.0/24
                  89.23.91.0-89.23.92.255

    Signature Algorithm: sha256WithRSAEncryption
         46:6c:a1:91:7e:53:5e:e5:f0:05:d0:6a:e3:d0:a2:af:aa:a7:
         3f:86:c0:fa:12:2d:ab:b5:0b:08:72:b9:f8:be:98:e1:d1:8d:
         6a:10:d8:f7:39:6f:8e:6f:14:a8:28:e9:07:76:fc:cf:2e:a6:
         5a:0a:39:1b:da:c9:24:1d:91:5d:51:11:cb:6e:7a:e5:15:3e:
         26:2f:68:61:92:98:b7:46:91:18:cf:5d:00:09:31:a1:fe:4a:
         d8:3e:ee:4e:bf:9c:2d:b7:59:05:58:ca:fb:75:aa:43:db:a6:
         eb:c1:8a:78:ba:7d:60:f8:77:c1:47:1a:df:57:e5:29:e5:e5:
         3b:53:50:cf:a0:88:2b:b3:ba:66:1b:71:6e:31:73:28:ae:be:
         d9:03:79:db:5e:47:b5:f0:a8:e2:dd:74:0d:07:51:5f:75:3b:
         25:fe:4c:73:b8:c2:32:6b:60:6f:ff:a4:54:cd:30:e6:e9:26:
         86:af:2d:b5:6a:8f:54:7a:2c:9a:ff:61:ff:7a:a1:8c:70:ce:
         88:db:30:60:47:1d:24:f1:65:dc:d5:74:c2:46:ce:0d:e5:e1:
         db:b0:35:2c:f7:d7:da:c4:d5:9d:fe:42:8d:a7:f3:ef:32:8d:
         ac:be:6e:a4:2c:80:94:c0:46:3a:52:8d:fa:c4:1e:2e:91:b7:
         3d:03:51:40
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ4rHsM1fDxSm+r6pcICGS+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwNTE1MTAxMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmY3MjkxYWExZjc0YTZmZmM0ZTMzNmE5ODg5MDE4YTc3ZjhlOTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCEsfcniXam/yk9ka4eEk/TdA0Y/
sD+YtK/oQ4FxvEVYei8H9a/XZebZaQtToD3rBhJk+x4/Z2b+kXBR+5U8W1kfdU/X
tkvfiadFFyzWapZgLPQB4+tjsgrsedz6otSa/n0wlBEw76cabWLePyjhgc0xeo+L
RYggBPlB3z751bFDycllq0yt1DfK9chTFjnHbVBvkb82HUNt7sf57lxL+ChyuqW3
pnwmuby6d/BvuRIkkv8fUb5ilZkg2yCrlBEacGpkRupHIZb8ypxopkXXPKa02pOz
F3v8rzB3r67t1Z1d3h1eVX0X6cldLRMDMKCu21pWaHIqOVfUap9WRGNktQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAL3KRqh90pv/E4zapiJAYp3+OkCMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvQXZjcEdxSDNTbV84VGpOcW1Ja0JpbmY0NlFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAWRdQMAwD
BABZF1sDBABZF1wwDQYJKoZIhvcNAQELBQADggEBAEZsoZF+U17l8AXQauPQoq+q
pz+GwPoSLau1Cwhyufi+mOHRjWoQ2Pc5b45vFKgo6Qd2/M8uploKORvaySQdkV1R
EctueuUVPiYvaGGSmLdGkRjPXQAJMaH+Stg+7k6/nC23WQVYyvt1qkPbpuvBini6
fWD4d8FHGt9X5Snl5TtTUM+giCuzumYbcW4xcyiuvtkDedteR7XwqOLddA0HUV91
OyX+THO4wjJrYG//pFTNMObpJoavLbVqj1R6LJr/Yf96oYxwzojbMGBHHSTxZdzV
dMJGzg3l4duwNSz319rE1Z3+Qo2n8+8yjay+bqQsgJTARjpSjfrEHi6Rtz0DUUA=
-----END CERTIFICATE-----