Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/BBWHxI2qxJugy5EdQZUBoUgOgUQ.roa
File:                     BBWHxI2qxJugy5EdQZUBoUgOgUQ.roa (raw, json)
Hash identifier:          Ki3cjD7lDk6ycchmeRTgonS4Xd5ui/gBFYyrPXUBqpU=
Subject key identifier:   04:15:87:C4:8D:AA:C4:9B:A0:CB:91:1D:41:95:01:A1:48:0E:81:44
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019DF1BC66529115A625A70DD8FA7442B704
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/BBWHxI2qxJugy5EdQZUBoUgOgUQ.roa
Signing time:             Mon 04 May 2026 06:45:49 +0000
ROA not before:           Mon 04 May 2026 06:45:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     140133
IP address blocks:        89.23.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 May 2026 14:07:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f1:bc:66:52:91:15:a6:25:a7:0d:d8:fa:74:42:b7:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: May  4 06:45:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=041587c48daac49ba0cb911d419501a1480e8144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:96:96:94:4a:3c:42:ee:05:e9:2f:52:af:4b:
                    a2:68:ad:a0:33:1b:72:be:6d:78:77:3b:16:34:b9:
                    8e:f5:ce:b7:c8:8a:e2:6c:a4:79:02:83:09:59:63:
                    b3:7d:33:db:8d:e8:65:a9:5b:74:7c:ad:e4:e9:f5:
                    2c:88:67:4b:6a:af:ed:9b:81:89:20:c1:b5:62:61:
                    b6:a8:4a:d9:75:f1:40:d6:95:c1:e4:11:74:57:ef:
                    d5:82:23:9f:53:ed:55:07:7a:da:0c:11:1c:83:c1:
                    1c:20:bf:dd:0c:12:e1:0b:41:81:48:b9:40:d5:6c:
                    78:c9:de:ea:1f:86:6d:d3:91:b9:20:dd:31:59:76:
                    59:9e:24:49:55:09:f9:9f:7e:09:5a:b4:65:78:01:
                    71:49:8c:3e:5c:f1:a9:ff:23:85:18:6a:ca:6f:8b:
                    0d:b8:74:c8:81:bd:53:ae:58:70:72:00:ec:29:4b:
                    b6:d3:3b:ce:bc:be:97:63:21:58:ed:2a:5c:4c:ae:
                    dd:83:0b:94:54:ec:34:1a:5b:04:dd:84:51:a9:7c:
                    b5:9f:01:21:85:d3:e0:8a:98:fa:d4:e9:69:cd:39:
                    7a:fa:49:e0:2b:3f:b1:19:59:53:2b:6b:d7:fb:1b:
                    61:2b:7c:75:13:37:d2:7c:2b:ba:ea:a3:e9:c0:36:
                    5c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:15:87:C4:8D:AA:C4:9B:A0:CB:91:1D:41:95:01:A1:48:0E:81:44
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/BBWHxI2qxJugy5EdQZUBoUgOgUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:37:36:35:cf:6f:75:56:6a:d3:52:aa:3b:9d:2c:aa:a1:b1:
         21:42:7a:5a:7e:15:c9:22:f5:72:17:3c:e5:67:a1:33:5d:72:
         93:a7:70:84:6f:08:45:3c:90:a5:13:d7:c7:59:8b:52:24:cd:
         12:1d:d0:ac:c9:46:08:bf:bd:cc:b0:46:11:cf:f3:d4:68:ae:
         1d:01:05:10:84:e2:b2:78:00:5a:98:44:bd:8a:6d:12:60:3e:
         1d:9e:cb:c1:25:c9:fe:66:ce:48:3b:f7:3e:5b:e4:e1:7c:38:
         67:df:f0:01:7a:23:69:f4:11:d9:a3:29:fa:92:03:cb:e0:ff:
         cd:3a:e5:36:07:7a:bc:67:74:55:39:39:9c:c3:3d:b7:49:a8:
         c8:64:da:11:ce:6d:91:ee:1e:cf:11:a4:32:83:5f:d5:b4:a9:
         5f:75:42:cb:8f:5d:31:ed:35:22:90:a9:55:43:4d:22:a5:52:
         a7:f3:26:39:5c:72:6c:65:24:9e:9c:fa:86:38:82:00:3e:3f:
         ce:4c:52:b9:2f:58:27:03:1c:36:65:d5:59:05:63:7f:04:4e:
         36:0d:b8:6f:cd:2a:f4:ca:5c:13:0d:8b:48:79:cc:90:07:fa:
         c8:02:ac:c0:94:2f:4d:7c:35:86:aa:b1:0a:b2:90:f2:f1:06:
         d0:d2:ed:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3xvGZSkRWmJacN2Pp0QrcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwNTA0MDY0NTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDE1ODdjNDhkYWFjNDliYTBjYjkxMWQ0MTk1MDFhMTQ4MGU4MTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpaWlEo8Qu4F6S9Sr0uiaK2gMxty
vm14dzsWNLmO9c63yIribKR5AoMJWWOzfTPbjehlqVt0fK3k6fUsiGdLaq/tm4GJ
IMG1YmG2qErZdfFA1pXB5BF0V+/VgiOfU+1VB3raDBEcg8EcIL/dDBLhC0GBSLlA
1Wx4yd7qH4Zt05G5IN0xWXZZniRJVQn5n34JWrRleAFxSYw+XPGp/yOFGGrKb4sN
uHTIgb1TrlhwcgDsKUu20zvOvL6XYyFY7SpcTK7dgwuUVOw0GlsE3YRRqXy1nwEh
hdPgipj61OlpzTl6+kngKz+xGVlTK2vX+xthK3x1EzfSfCu66qPpwDZcLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQVh8SNqsSboMuRHUGVAaFIDoFEMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvQkJXSHhJMnF4SnVneTVFZFFaVUJvVWdPZ1VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdMMA0G
CSqGSIb3DQEBCwUAA4IBAQB8NzY1z291VmrTUqo7nSyqobEhQnpafhXJIvVyFzzl
Z6EzXXKTp3CEbwhFPJClE9fHWYtSJM0SHdCsyUYIv73MsEYRz/PUaK4dAQUQhOKy
eABamES9im0SYD4dnsvBJcn+Zs5IO/c+W+ThfDhn3/ABeiNp9BHZoyn6kgPL4P/N
OuU2B3q8Z3RVOTmcwz23SajIZNoRzm2R7h7PEaQyg1/VtKlfdULLj10x7TUikKlV
Q00ipVKn8yY5XHJsZSSenPqGOIIAPj/OTFK5L1gnAxw2ZdVZBWN/BE42DbhvzSr0
ylwTDYtIecyQB/rIAqzAlC9NfDWGqrEKspDy8QbQ0u17
-----END CERTIFICATE-----