Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/c3i_UrePTqV6avmdgqwppddN8l0.roa
File:                     c3i_UrePTqV6avmdgqwppddN8l0.roa (raw, json)
Hash identifier:          l2N5YerA7IDscYteiaWIhJ+Cdxnj1YXYWiRZGSwTMQk=
Subject key identifier:   73:78:BF:52:B7:8F:4E:A5:7A:6A:F9:9D:82:AC:29:A5:D7:4D:F2:5D
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019CC1EA5AE727714BCAE925B85F21920104
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/c3i_UrePTqV6avmdgqwppddN8l0.roa
Signing time:             Fri 06 Mar 2026 06:51:27 +0000
ROA not before:           Fri 06 Mar 2026 06:51:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        89.23.93.0/24 maxlen: 24
                          109.111.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c1:ea:5a:e7:27:71:4b:ca:e9:25:b8:5f:21:92:01:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Mar  6 06:51:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7378bf52b78f4ea57a6af99d82ac29a5d74df25d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a1:62:22:6c:71:99:fb:f3:57:36:14:f4:32:
                    f5:be:7a:98:54:67:91:f8:3e:2c:27:0f:f0:5d:f3:
                    3e:99:0d:b7:3d:37:84:df:1a:c2:99:36:e4:27:8e:
                    22:b5:1d:ba:49:fe:92:50:57:bb:56:bb:81:18:5b:
                    23:09:b4:10:fb:c8:c2:f4:ba:a8:4c:b1:9a:f6:ac:
                    2d:ca:4a:df:b0:4c:58:fe:e9:60:69:4c:c5:ea:71:
                    0b:49:9d:a2:96:22:ca:bc:1c:96:d6:09:7d:2b:9f:
                    b9:c6:40:71:70:95:d6:11:81:8a:bc:38:4a:e9:05:
                    54:d3:5b:f3:92:86:f8:ea:79:54:ed:2a:13:a2:99:
                    9b:a7:3d:23:55:61:64:2d:4b:87:bc:83:dc:7c:5c:
                    fc:6b:c7:c1:2b:a0:8f:cb:45:4a:3e:46:82:2b:00:
                    bf:7e:00:9e:13:43:0f:8c:33:62:08:66:00:bb:b4:
                    20:69:59:05:ff:8c:b7:27:52:e1:9f:e7:80:a3:e5:
                    2f:c3:ba:33:c7:c0:3c:11:8c:d0:01:fd:62:7a:2c:
                    5f:71:fd:56:a8:e2:05:8b:86:ea:3e:e7:53:65:ba:
                    83:61:ae:c3:0c:22:51:98:90:3d:a5:45:51:dc:ce:
                    66:7d:9e:2c:57:06:f1:e7:a1:6b:2d:21:02:4c:45:
                    75:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:78:BF:52:B7:8F:4E:A5:7A:6A:F9:9D:82:AC:29:A5:D7:4D:F2:5D
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/c3i_UrePTqV6avmdgqwppddN8l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.93.0/24
                  109.111.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:3c:2b:f6:ba:0e:59:68:ad:d1:b0:d0:78:3e:27:a3:d1:e6:
         eb:ac:2d:2c:bf:86:3a:3e:b6:0d:a1:24:a1:9c:fa:5e:22:8e:
         18:8e:86:91:26:2d:d7:a5:42:f0:8d:6f:9c:7d:eb:f3:76:5c:
         62:98:15:e0:c9:9e:03:27:4c:e7:b4:4c:07:c1:f8:b3:8c:d6:
         82:05:3f:8d:52:39:60:aa:ac:2f:04:70:7a:f7:c8:34:5b:a9:
         e2:d8:32:30:31:2e:d4:aa:9a:06:06:25:dd:28:12:df:74:f7:
         49:7d:2b:b2:0f:ed:58:94:0a:6e:18:b0:3b:5c:4b:f0:07:99:
         7f:7b:62:b1:14:67:d9:09:7b:96:f9:68:7c:aa:7d:e0:73:c8:
         ec:f9:eb:b9:d5:d8:44:13:10:a6:65:b3:3e:b3:3a:d9:28:2f:
         32:ca:27:a5:17:ea:67:72:10:e9:a5:47:69:f3:b6:df:9a:dc:
         2b:9c:db:a9:c8:3c:df:84:8f:fc:f6:b0:b0:1f:8f:46:32:42:
         d7:01:bb:57:bc:0e:79:5c:2e:60:03:54:ae:ab:6f:ce:58:df:
         94:32:5e:a1:9e:1e:38:b9:d9:b2:39:0e:a8:b8:48:70:9e:52:
         0f:62:98:e6:49:a7:92:4b:eb:c0:09:5d:2a:23:ee:75:cb:c8:
         c2:5e:c2:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzB6lrnJ3FLyukluF8hkgEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMzA2MDY1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzc4YmY1MmI3OGY0ZWE1N2E2YWY5OWQ4MmFjMjlhNWQ3NGRmMjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqFiImxxmfvzVzYU9DL1vnqYVGeR
+D4sJw/wXfM+mQ23PTeE3xrCmTbkJ44itR26Sf6SUFe7VruBGFsjCbQQ+8jC9Lqo
TLGa9qwtykrfsExY/ulgaUzF6nELSZ2iliLKvByW1gl9K5+5xkBxcJXWEYGKvDhK
6QVU01vzkob46nlU7SoTopmbpz0jVWFkLUuHvIPcfFz8a8fBK6CPy0VKPkaCKwC/
fgCeE0MPjDNiCGYAu7QgaVkF/4y3J1Lhn+eAo+Uvw7ozx8A8EYzQAf1ieixfcf1W
qOIFi4bqPudTZbqDYa7DDCJRmJA9pUVR3M5mfZ4sVwbx56FrLSECTEV1DwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHN4v1K3j06lemr5nYKsKaXXTfJdMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvYzNpX1VyZVBUcVY2YXZtZGdxd3BwZGROOGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRddAwQA
bW//MA0GCSqGSIb3DQEBCwUAA4IBAQBXPCv2ug5ZaK3RsNB4Piej0ebrrC0sv4Y6
PrYNoSShnPpeIo4YjoaRJi3XpULwjW+cfevzdlximBXgyZ4DJ0zntEwHwfizjNaC
BT+NUjlgqqwvBHB698g0W6ni2DIwMS7UqpoGBiXdKBLfdPdJfSuyD+1YlApuGLA7
XEvwB5l/e2KxFGfZCXuW+Wh8qn3gc8js+eu51dhEExCmZbM+szrZKC8yyielF+pn
chDppUdp87bfmtwrnNupyDzfhI/89rCwH49GMkLXAbtXvA55XC5gA1Suq2/OWN+U
Ml6hnh44udmyOQ6ouEhwnlIPYpjmSaeSS+vACV0qI+51y8jCXsKW
-----END CERTIFICATE-----