Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/lGO9PqSLR1nQvTIpb_a0eDseOvY.roa
File:                     lGO9PqSLR1nQvTIpb_a0eDseOvY.roa (raw, json)
Hash identifier:          JlKkw54+C0lwZKQ6jWYnhvatcSRO346+GDBqhZRi5lw=
Subject key identifier:   94:63:BD:3E:A4:8B:47:59:D0:BD:32:29:6F:F6:B4:78:3B:1E:3A:F6
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019DECB52AEC0D250A3296C3064BBA612214
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/lGO9PqSLR1nQvTIpb_a0eDseOvY.roa
Signing time:             Sun 03 May 2026 07:19:49 +0000
ROA not before:           Sun 03 May 2026 07:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        89.23.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 May 2026 14:07:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ec:b5:2a:ec:0d:25:0a:32:96:c3:06:4b:ba:61:22:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: May  3 07:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9463bd3ea48b4759d0bd32296ff6b4783b1e3af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:01:d5:41:2e:66:90:de:0e:d9:a3:84:e1:a3:
                    c8:25:a2:fa:c6:f8:24:ae:24:01:54:2b:48:43:d3:
                    85:2a:b7:ca:a5:32:59:fd:cd:47:6e:31:25:c6:75:
                    a6:89:a3:81:10:91:48:8d:92:65:74:2e:4d:bd:3f:
                    a8:45:a0:1f:fe:45:1c:fe:07:bd:20:3d:eb:10:b6:
                    1d:51:80:10:8d:97:c2:59:13:d3:6c:d8:ed:f3:75:
                    2a:8c:d4:4f:87:a4:86:82:a9:e4:7f:99:86:92:2b:
                    7f:e2:69:c2:4f:2a:10:47:5e:96:a5:4c:18:41:d0:
                    41:8f:b2:9f:39:7e:6b:d8:b2:89:03:ea:54:76:f6:
                    db:8d:65:63:cd:08:e5:45:fd:78:f5:f0:82:55:f8:
                    8f:52:18:b1:d2:df:80:69:c8:dd:37:d7:e9:0c:c8:
                    b4:3f:bd:ff:46:1b:ae:38:98:23:1a:5a:f8:02:5d:
                    e9:f5:46:91:18:c2:24:5b:2c:90:f9:2f:71:8f:1a:
                    63:17:4f:1b:a1:c3:ba:9a:e8:28:4b:e1:ad:9d:64:
                    a2:5c:2d:d9:4b:c6:75:e8:22:88:67:61:e3:6d:a7:
                    e2:b1:aa:39:98:f6:61:8b:2f:a0:bb:a4:62:de:22:
                    76:10:da:d9:00:98:54:8d:3d:01:82:22:c9:76:fd:
                    64:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:63:BD:3E:A4:8B:47:59:D0:BD:32:29:6F:F6:B4:78:3B:1E:3A:F6
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/lGO9PqSLR1nQvTIpb_a0eDseOvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:29:1d:c8:ad:52:45:68:8d:5f:d9:a7:a7:ef:46:72:36:4b:
         72:fa:75:ce:dd:32:77:af:5d:88:c8:cb:66:aa:62:0a:ca:a4:
         b5:6e:87:ef:aa:f4:a5:b8:4b:ca:20:da:93:29:23:d8:c3:ba:
         fb:d2:02:ef:91:89:42:25:d7:7b:94:a5:c8:1b:e4:2b:57:bc:
         43:98:9f:79:ff:7f:a2:8a:36:18:35:ca:96:cc:06:2b:aa:a3:
         de:de:8b:86:5e:31:ad:97:17:da:fc:58:2e:d6:c0:d9:ac:06:
         04:73:02:26:67:43:c5:e9:a6:69:d8:6b:62:19:ff:cb:b4:d6:
         c0:25:62:72:f7:fe:62:c9:dd:31:91:7e:ba:82:8a:79:ae:4e:
         aa:81:d6:2c:1d:b8:c7:0f:62:6a:ac:5d:b7:c8:a8:6e:9c:3f:
         30:24:a7:8e:b9:e4:db:c0:a5:21:dd:e5:df:c9:d3:63:8f:29:
         36:4e:0c:cd:c2:a2:6e:e1:36:df:00:1a:8c:72:ab:4f:da:1b:
         46:6c:7e:a8:47:4b:77:c1:fc:4d:21:c6:50:94:47:59:d9:0f:
         95:be:b2:09:04:02:ef:e7:0b:a1:1a:e2:72:70:d8:85:d1:cc:
         84:eb:6a:9d:b4:cc:d3:f4:52:19:92:9d:48:60:34:34:fd:86:
         02:62:16:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3stSrsDSUKMpbDBku6YSIUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwNTAzMDcxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDYzYmQzZWE0OGI0NzU5ZDBiZDMyMjk2ZmY2YjQ3ODNiMWUzYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gHVQS5mkN4O2aOE4aPIJaL6xvgk
riQBVCtIQ9OFKrfKpTJZ/c1HbjElxnWmiaOBEJFIjZJldC5NvT+oRaAf/kUc/ge9
ID3rELYdUYAQjZfCWRPTbNjt83UqjNRPh6SGgqnkf5mGkit/4mnCTyoQR16WpUwY
QdBBj7KfOX5r2LKJA+pUdvbbjWVjzQjlRf149fCCVfiPUhix0t+AacjdN9fpDMi0
P73/RhuuOJgjGlr4Al3p9UaRGMIkWyyQ+S9xjxpjF08bocO6mugoS+GtnWSiXC3Z
S8Z16CKIZ2Hjbafisao5mPZhiy+gu6Ri3iJ2ENrZAJhUjT0BgiLJdv1kqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRjvT6ki0dZ0L0yKW/2tHg7Hjr2MB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvbEdPOVBxU0xSMW5RdlRJcGJfYTBlRHNlT3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdVMA0G
CSqGSIb3DQEBCwUAA4IBAQAkKR3IrVJFaI1f2aen70ZyNkty+nXO3TJ3r12IyMtm
qmIKyqS1bofvqvSluEvKINqTKSPYw7r70gLvkYlCJdd7lKXIG+QrV7xDmJ95/3+i
ijYYNcqWzAYrqqPe3ouGXjGtlxfa/Fgu1sDZrAYEcwImZ0PF6aZp2GtiGf/LtNbA
JWJy9/5iyd0xkX66gop5rk6qgdYsHbjHD2JqrF23yKhunD8wJKeOueTbwKUh3eXf
ydNjjyk2TgzNwqJu4TbfABqMcqtP2htGbH6oR0t3wfxNIcZQlEdZ2Q+VvrIJBALv
5wuhGuJycNiF0cyE62qdtMzT9FIZkp1IYDQ0/YYCYhbW
-----END CERTIFICATE-----