Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/ibC8LuDew9BW6bWwTjtuPuLsVvY.roa
File:                     ibC8LuDew9BW6bWwTjtuPuLsVvY.roa (raw, json)
Hash identifier:          UpM4tYvcBhbLC4igSQ/Guy/Xo9ovUfSjIA+wuuRUSgY=
Subject key identifier:   89:B0:BC:2E:E0:DE:C3:D0:56:E9:B5:B0:4E:3B:6E:3E:E2:EC:56:F6
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019D09F2F2096658ADD266A94C9205AF4A0B
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/ibC8LuDew9BW6bWwTjtuPuLsVvY.roa
Signing time:             Fri 20 Mar 2026 06:33:29 +0000
ROA not before:           Fri 20 Mar 2026 06:33:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        89.23.80.0/24 maxlen: 24
                          89.23.87.0/24 maxlen: 24
                          89.23.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:09:f2:f2:09:66:58:ad:d2:66:a9:4c:92:05:af:4a:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Mar 20 06:33:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89b0bc2ee0dec3d056e9b5b04e3b6e3ee2ec56f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:37:81:77:a9:d1:25:41:df:a7:5a:63:9a:35:
                    3e:2c:98:8a:83:73:2d:86:0e:18:9d:3f:2c:01:2a:
                    56:5c:4e:9f:ce:c8:f0:ae:3d:9e:ba:e2:d6:1f:db:
                    46:80:b3:7e:9f:11:bf:1c:5d:58:e6:33:4b:71:bd:
                    81:eb:68:25:70:88:27:89:e9:1f:e5:30:fc:27:b6:
                    87:9c:ce:7e:e0:00:1a:1c:8c:ad:bd:eb:01:19:1a:
                    75:33:c7:18:a6:d1:b0:a1:47:1e:8d:8c:38:48:a9:
                    82:3d:ef:d1:db:e6:0a:ca:e8:70:e9:a7:d8:b2:96:
                    a8:13:41:8a:82:47:1f:84:36:86:a5:81:8c:36:97:
                    f5:40:c8:e0:4f:06:5e:ad:ac:a7:77:fb:c6:ef:be:
                    e6:a9:6f:e5:7e:3b:99:8e:b4:31:87:95:c1:be:70:
                    e8:44:2d:c1:54:9c:84:71:5c:6d:c8:bb:b5:82:a0:
                    ca:6e:b0:76:26:15:73:bd:dc:0c:d6:d8:6e:e0:bf:
                    d7:89:04:b2:32:c2:91:9a:19:91:c3:a5:56:45:76:
                    57:9d:1b:ba:31:3d:9b:43:6c:d8:3f:a4:ba:a8:bc:
                    05:c8:76:b4:e6:dc:57:2b:90:0f:99:4a:a1:be:24:
                    e8:f4:3c:fd:f6:30:71:67:66:6b:42:87:70:fc:c7:
                    d8:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B0:BC:2E:E0:DE:C3:D0:56:E9:B5:B0:4E:3B:6E:3E:E2:EC:56:F6
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/ibC8LuDew9BW6bWwTjtuPuLsVvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.80.0/24
                  89.23.87.0/24
                  89.23.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:0f:57:c3:1f:23:38:5e:80:54:53:fb:08:58:33:4f:2c:2d:
         4d:37:96:86:33:51:d2:7b:17:84:24:e2:6a:ec:4e:df:ff:33:
         48:2d:55:4d:9e:cc:f0:e3:59:2f:d6:8c:a2:0f:3a:0b:90:79:
         70:8c:ec:65:5d:c6:70:d7:30:9e:08:55:ee:d5:c1:52:7b:27:
         d5:23:4d:87:f5:cb:81:23:19:6c:fa:94:05:70:77:2a:fb:c9:
         09:63:5e:6f:39:42:6b:9a:b1:d9:15:76:21:1c:7e:a5:17:8f:
         8b:ea:61:d2:72:ac:78:3c:86:fe:90:de:6a:c3:2d:33:2a:16:
         64:79:e8:82:ea:22:12:07:7d:63:8a:ac:96:7b:6a:4b:e0:5b:
         ea:2f:85:5d:45:f2:9f:00:10:f2:95:da:6f:be:ff:bd:f1:32:
         13:25:4a:e3:05:9b:06:b9:3b:66:c0:cf:a3:44:ba:0e:6f:00:
         89:36:53:6a:ea:11:94:da:87:b3:69:3b:91:fb:33:a8:54:a9:
         fc:a1:8c:95:7d:fb:ff:4d:d1:63:ce:75:ab:a2:2c:43:18:0f:
         e8:b9:09:2e:f3:8f:96:fd:7a:2c:10:0b:bc:5b:5e:56:bf:b2:
         b7:0b:5e:e4:42:3d:3b:16:9f:67:4d:b1:74:8b:5f:98:5b:16:
         ba:7a:24:4d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0J8vIJZlit0mapTJIFr0oLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMzIwMDYzMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWIwYmMyZWUwZGVjM2QwNTZlOWI1YjA0ZTNiNmUzZWUyZWM1NmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDeBd6nRJUHfp1pjmjU+LJiKg3Mt
hg4YnT8sASpWXE6fzsjwrj2euuLWH9tGgLN+nxG/HF1Y5jNLcb2B62glcIgniekf
5TD8J7aHnM5+4AAaHIytvesBGRp1M8cYptGwoUcejYw4SKmCPe/R2+YKyuhw6afY
spaoE0GKgkcfhDaGpYGMNpf1QMjgTwZeraynd/vG777mqW/lfjuZjrQxh5XBvnDo
RC3BVJyEcVxtyLu1gqDKbrB2JhVzvdwM1thu4L/XiQSyMsKRmhmRw6VWRXZXnRu6
MT2bQ2zYP6S6qLwFyHa05txXK5APmUqhviTo9Dz99jBxZ2ZrQodw/MfYdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFImwvC7g3sPQVum1sE47bj7i7Fb2MB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvaWJDOEx1RGV3OUJXNmJXd1RqdHVQdUxzVnZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWRdQAwQA
WRdXAwQAWRdcMA0GCSqGSIb3DQEBCwUAA4IBAQBGD1fDHyM4XoBUU/sIWDNPLC1N
N5aGM1HSexeEJOJq7E7f/zNILVVNnszw41kv1oyiDzoLkHlwjOxlXcZw1zCeCFXu
1cFSeyfVI02H9cuBIxls+pQFcHcq+8kJY15vOUJrmrHZFXYhHH6lF4+L6mHScqx4
PIb+kN5qwy0zKhZkeeiC6iISB31jiqyWe2pL4FvqL4VdRfKfABDyldpvvv+98TIT
JUrjBZsGuTtmwM+jRLoObwCJNlNq6hGU2oezaTuR+zOoVKn8oYyVffv/TdFjznWr
oixDGA/ouQku84+W/XosEAu8W15Wv7K3C17kQj07Fp9nTbF0i1+YWxa6eiRN
-----END CERTIFICATE-----