Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/EbdHJttkvnZu6ykROrZEWjs4mj0.roa
File:                     EbdHJttkvnZu6ykROrZEWjs4mj0.roa (raw, json)
Hash identifier:          bSAVjbIUv95GkOUnVUptC037tkrahIdQXM4OOzOGm+4=
Subject key identifier:   11:B7:47:26:DB:64:BE:76:6E:EB:29:11:3A:B6:44:5A:3B:38:9A:3D
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       01990FDF44628D66964A2AC664B4849559C7
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/EbdHJttkvnZu6ykROrZEWjs4mj0.roa
Signing time:             Wed 03 Sep 2025 13:58:34 +0000
ROA not before:           Wed 03 Sep 2025 13:58:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        89.23.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Sep 2025 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:df:44:62:8d:66:96:4a:2a:c6:64:b4:84:95:59:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Sep  3 13:58:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11b74726db64be766eeb29113ab6445a3b389a3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4e:0e:10:45:ac:75:d6:55:30:ca:ba:44:12:
                    01:08:4a:a8:2e:74:6b:48:fb:ba:b5:f5:69:39:bb:
                    3c:4b:6d:49:21:ec:3e:9f:f5:1e:00:6f:e0:12:a5:
                    f6:75:71:13:47:e1:10:37:99:29:78:73:1b:0c:ff:
                    e2:bd:59:1e:b6:19:39:40:61:ab:e4:db:a6:a7:c7:
                    47:d6:7c:f3:03:c0:56:35:9c:8d:73:e8:d7:ff:8f:
                    79:ff:0a:67:85:c2:46:d7:8e:ec:2d:5c:f0:97:e6:
                    50:50:60:7b:f0:07:79:66:4e:fc:d5:18:bb:4f:ff:
                    18:30:76:c8:92:98:50:33:2b:80:cf:d6:30:1c:9d:
                    20:2f:df:c3:05:cd:4d:31:e3:8e:d2:fd:c5:61:de:
                    62:27:e8:6b:15:0e:bc:d3:89:e6:5c:5c:4e:41:d4:
                    51:6a:dd:fd:d3:5e:22:58:9d:9d:01:6b:0b:be:d7:
                    34:c2:0e:73:55:aa:5a:e1:f1:f8:30:20:81:31:cf:
                    98:74:b4:72:e1:3a:c5:be:a7:47:7a:79:1c:71:a0:
                    10:22:be:de:37:a5:7f:2d:fa:1b:d3:14:80:c9:e1:
                    5b:87:be:86:44:86:62:e9:18:0e:66:36:bb:89:fc:
                    a3:26:8e:0c:bb:4f:f6:19:02:69:b0:38:ca:33:c2:
                    88:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B7:47:26:DB:64:BE:76:6E:EB:29:11:3A:B6:44:5A:3B:38:9A:3D
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/EbdHJttkvnZu6ykROrZEWjs4mj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:84:02:4d:84:1e:be:ff:db:49:07:18:f8:7d:b6:26:23:5e:
         25:82:3c:27:f6:75:01:39:f1:85:51:90:4d:cb:06:b4:72:40:
         8a:23:94:4d:49:57:a5:3c:f4:9e:9e:11:68:a4:fb:93:6c:82:
         5d:c8:ec:8a:d5:cc:c8:ad:ff:a8:53:b6:eb:4e:6b:33:bf:70:
         8f:cb:c9:72:14:69:f5:00:ff:0f:76:ae:49:16:79:fe:c2:ba:
         c6:52:7d:f8:89:c9:9c:39:f4:a5:33:ec:e5:68:92:39:60:14:
         81:e6:c9:a2:26:77:97:3c:bf:57:e9:02:ad:db:ec:de:d3:15:
         06:8a:8f:f1:d3:71:21:c7:25:e4:07:6a:ed:0f:3c:5e:9a:55:
         90:54:60:ec:98:a7:70:74:f7:a5:34:0a:9f:b7:40:ba:95:31:
         05:d0:f9:06:05:9d:ea:e8:bd:31:f2:02:aa:63:86:5d:50:ee:
         b2:7e:b2:93:7e:c0:c5:f7:64:ac:92:23:63:8f:16:9e:e1:b0:
         b6:65:01:a9:65:0d:18:e4:77:16:4a:7b:7e:62:b9:8a:59:02:
         08:e4:bd:85:3f:28:1c:39:7b:bd:ec:71:fc:18:64:83:57:f8:
         d8:54:6c:e5:4a:78:06:ab:e9:a1:45:c3:5d:d1:7b:e7:a8:a2:
         be:4a:ac:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkP30RijWaWSirGZLSElVnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwOTAzMTM1ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWI3NDcyNmRiNjRiZTc2NmVlYjI5MTEzYWI2NDQ1YTNiMzg5YTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq04OEEWsddZVMMq6RBIBCEqoLnRr
SPu6tfVpObs8S21JIew+n/UeAG/gEqX2dXETR+EQN5kpeHMbDP/ivVkethk5QGGr
5Nump8dH1nzzA8BWNZyNc+jX/495/wpnhcJG147sLVzwl+ZQUGB78Ad5Zk781Ri7
T/8YMHbIkphQMyuAz9YwHJ0gL9/DBc1NMeOO0v3FYd5iJ+hrFQ6804nmXFxOQdRR
at39014iWJ2dAWsLvtc0wg5zVapa4fH4MCCBMc+YdLRy4TrFvqdHenkccaAQIr7e
N6V/Lfob0xSAyeFbh76GRIZi6RgOZja7ifyjJo4Mu0/2GQJpsDjKM8KI5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBG3RybbZL52buspETq2RFo7OJo9MB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvRWJkSEp0dGt2blp1NnlrUk9yWkVXanM0bWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdVMA0G
CSqGSIb3DQEBCwUAA4IBAQAYhAJNhB6+/9tJBxj4fbYmI14lgjwn9nUBOfGFUZBN
ywa0ckCKI5RNSVelPPSenhFopPuTbIJdyOyK1czIrf+oU7brTmszv3CPy8lyFGn1
AP8Pdq5JFnn+wrrGUn34icmcOfSlM+zlaJI5YBSB5smiJneXPL9X6QKt2+ze0xUG
io/x03EhxyXkB2rtDzxemlWQVGDsmKdwdPelNAqft0C6lTEF0PkGBZ3q6L0x8gKq
Y4ZdUO6yfrKTfsDF92SskiNjjxae4bC2ZQGpZQ0Y5HcWSnt+YrmKWQII5L2FPygc
OXu97HH8GGSDV/jYVGzlSngGq+mhRcNd0XvnqKK+Sqzp
-----END CERTIFICATE-----