Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/R5kMmrZFX8kpJ7ukNoHULUoDuOk.roa
File:                     R5kMmrZFX8kpJ7ukNoHULUoDuOk.roa (raw, json)
Hash identifier:          UUnZQO4bQzNcFCMAFze2eB+HGjVzyJCDQoBK8EAG7hw=
Subject key identifier:   47:99:0C:9A:B6:45:5F:C9:29:27:BB:A4:36:81:D4:2D:4A:03:B8:E9
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       0199759C066162C2C54CED56743E5F34868F
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/R5kMmrZFX8kpJ7ukNoHULUoDuOk.roa
Signing time:             Tue 23 Sep 2025 08:06:23 +0000
ROA not before:           Tue 23 Sep 2025 08:06:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        89.23.66.0/24 maxlen: 24
                          89.23.93.0/24 maxlen: 24
                          178.254.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:75:9c:06:61:62:c2:c5:4c:ed:56:74:3e:5f:34:86:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Sep 23 08:06:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47990c9ab6455fc92927bba43681d42d4a03b8e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:dc:c9:e0:31:f6:63:a4:7f:e5:ec:3d:82:b6:
                    4d:bb:a1:7e:32:42:63:91:2e:e4:79:64:3f:ac:2c:
                    0d:18:5b:87:57:20:7a:75:57:9c:b6:02:0e:d8:e3:
                    b7:98:19:00:a7:7b:11:35:08:bf:77:d7:dc:65:62:
                    02:fa:5e:bf:48:fc:ce:7e:4d:12:a5:b6:e0:93:bf:
                    22:a7:29:42:94:8a:55:1b:be:c3:50:a3:25:b4:54:
                    17:df:f3:65:e0:ad:20:77:da:08:04:5a:b1:d7:c2:
                    2c:96:b9:8e:73:86:5c:80:ba:ad:62:72:fa:e4:1d:
                    9a:9f:93:ed:0f:91:04:e8:ce:2d:ac:30:c0:12:3f:
                    9a:24:0a:a5:aa:09:68:db:9e:5c:8c:66:e3:65:14:
                    13:00:1c:06:96:4b:b6:54:e8:a6:a3:be:b9:a0:f5:
                    9f:7e:17:0c:ee:d7:64:ec:2c:1f:60:2d:95:a3:8e:
                    74:16:1a:4a:33:ec:ef:23:1a:62:60:b7:c1:99:10:
                    b2:9d:6d:fa:00:75:70:06:89:2b:36:b9:50:23:e7:
                    cd:88:ba:57:35:4b:eb:af:10:54:23:ad:33:47:6f:
                    ad:c2:8c:e0:0d:7a:a5:0d:ca:b9:5a:7a:87:26:55:
                    9a:6e:86:54:f3:95:b0:65:c1:bb:25:81:a7:d0:da:
                    2b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:99:0C:9A:B6:45:5F:C9:29:27:BB:A4:36:81:D4:2D:4A:03:B8:E9
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/R5kMmrZFX8kpJ7ukNoHULUoDuOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.66.0/24
                  89.23.93.0/24
                  178.254.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:f8:c9:48:34:2c:f9:6e:e9:cd:71:06:76:8c:b4:e5:1d:e3:
         fa:4a:e5:75:5b:95:30:00:44:e4:05:10:87:fb:fe:48:0e:cd:
         a4:f3:81:4a:0c:e8:9d:f9:d0:1e:42:07:f9:a2:ad:27:4e:e1:
         aa:f8:3b:87:8a:b1:39:21:1b:83:43:9f:e3:25:a2:75:bf:4b:
         72:4a:3c:41:0c:4d:e2:c4:a9:3d:f5:e6:62:cf:a4:69:11:7c:
         21:3a:80:e3:c1:45:94:0f:bc:11:ff:fd:bc:e4:90:cf:81:6e:
         a4:b6:70:7b:cb:24:6f:77:7f:7d:75:5f:1e:39:86:34:7a:fe:
         91:a2:c8:a5:55:20:39:f0:0e:76:c1:93:88:e9:d4:6f:63:d9:
         2d:2c:da:a6:f2:17:0a:82:ac:87:b3:79:a5:d1:96:e0:4a:7e:
         9e:6e:04:b6:5d:ef:72:a3:b3:a3:0c:1a:9c:95:e2:86:40:17:
         c0:a0:67:93:ac:f3:26:ec:dd:0c:69:46:ad:3a:ad:c4:f2:ad:
         20:8d:d1:fd:7f:62:f7:ad:fc:07:99:1a:67:13:56:9f:36:0c:
         17:c2:d1:fb:1a:43:63:48:4f:d3:46:e3:38:29:28:4a:0a:7f:
         72:f9:11:5c:87:62:36:6a:b7:50:d6:f4:1c:31:52:ea:1a:e2:
         50:11:5e:99
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZl1nAZhYsLFTO1WdD5fNIaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwOTIzMDgwNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzk5MGM5YWI2NDU1ZmM5MjkyN2JiYTQzNjgxZDQyZDRhMDNiOGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNzJ4DH2Y6R/5ew9grZNu6F+MkJj
kS7keWQ/rCwNGFuHVyB6dVectgIO2OO3mBkAp3sRNQi/d9fcZWIC+l6/SPzOfk0S
pbbgk78ipylClIpVG77DUKMltFQX3/Nl4K0gd9oIBFqx18IslrmOc4ZcgLqtYnL6
5B2an5PtD5EE6M4trDDAEj+aJAqlqglo255cjGbjZRQTABwGlku2VOimo765oPWf
fhcM7tdk7CwfYC2Vo450FhpKM+zvIxpiYLfBmRCynW36AHVwBokrNrlQI+fNiLpX
NUvrrxBUI60zR2+twozgDXqlDcq5WnqHJlWaboZU85WwZcG7JYGn0NorUwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEeZDJq2RV/JKSe7pDaB1C1KA7jpMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvUjVrTW1yWkZYOGtwSjd1a05vSFVMVW9EdU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWRdCAwQA
WRddAwQAsv6yMA0GCSqGSIb3DQEBCwUAA4IBAQCK+MlINCz5bunNcQZ2jLTlHeP6
SuV1W5UwAETkBRCH+/5IDs2k84FKDOid+dAeQgf5oq0nTuGq+DuHirE5IRuDQ5/j
JaJ1v0tySjxBDE3ixKk99eZiz6RpEXwhOoDjwUWUD7wR//285JDPgW6ktnB7yyRv
d399dV8eOYY0ev6RosilVSA58A52wZOI6dRvY9ktLNqm8hcKgqyHs3ml0ZbgSn6e
bgS2Xe9yo7OjDBqcleKGQBfAoGeTrPMm7N0MaUatOq3E8q0gjdH9f2L3rfwHmRpn
E1afNgwXwtH7GkNjSE/TRuM4KShKCn9y+RFch2I2ardQ1vQcMVLqGuJQEV6Z
-----END CERTIFICATE-----