Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/xc-ziwt5L4IQBhtwr3KHv3MBn_E.roa
File:                     xc-ziwt5L4IQBhtwr3KHv3MBn_E.roa (raw, json)
Hash identifier:          Jan/MaJ/3rtTJkw1eayxGH+OJS2zK9UT117u0//wABw=
Subject key identifier:   C5:CF:B3:8B:0B:79:2F:82:10:06:1B:70:AF:72:87:BF:73:01:9F:F1
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       01973B6842560EC6D0C84CE3783E06FC3246
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/xc-ziwt5L4IQBhtwr3KHv3MBn_E.roa
Signing time:             Wed 04 Jun 2025 14:46:17 +0000
ROA not before:           Wed 04 Jun 2025 14:46:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212669
IP address blocks:        89.23.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:68:42:56:0e:c6:d0:c8:4c:e3:78:3e:06:fc:32:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jun  4 14:46:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5cfb38b0b792f8210061b70af7287bf73019ff1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:22:bc:13:ed:7c:cb:b9:f8:dd:19:43:a9:b1:
                    16:d4:96:6c:87:00:94:3d:38:a5:34:85:ce:59:d7:
                    79:fe:cc:ed:f9:65:37:e3:4f:9d:50:52:c9:e0:4b:
                    ba:3d:7d:0f:d1:37:65:d6:7d:5f:85:df:e6:57:21:
                    b6:55:05:c1:22:f9:a6:2e:96:a9:3e:65:95:f7:52:
                    6a:6b:5e:67:a3:d5:90:94:80:b1:92:d3:80:b1:6b:
                    4d:c8:27:1d:1d:35:2b:31:66:3e:e6:2b:e9:36:26:
                    13:31:81:1e:b3:f5:4f:27:bb:2d:88:2d:93:be:9d:
                    41:86:7d:2a:7a:b9:0d:bb:34:86:06:b5:39:5c:5f:
                    e6:a3:48:e3:f8:88:45:96:61:c6:94:d9:79:40:78:
                    18:0a:01:2c:61:8c:04:6f:59:37:c4:91:5f:76:78:
                    81:0e:ae:8d:33:8c:8f:ae:2b:8b:bf:2f:1d:f6:d5:
                    ca:43:fd:a6:33:89:99:8d:6f:42:f5:f6:71:80:e9:
                    93:45:a7:d0:d8:91:41:1f:a4:eb:e3:cc:e3:9a:25:
                    08:e7:a7:5e:d7:16:e8:50:3b:5e:a7:e4:cf:d8:db:
                    b8:b7:d3:79:50:46:65:cb:78:db:83:57:1e:ef:55:
                    3b:b6:9b:da:3d:f3:f1:af:79:71:7f:fd:b0:64:7a:
                    e1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:CF:B3:8B:0B:79:2F:82:10:06:1B:70:AF:72:87:BF:73:01:9F:F1
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/xc-ziwt5L4IQBhtwr3KHv3MBn_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:81:fc:82:24:86:3f:24:7e:8e:5d:a3:28:ac:91:47:c7:6e:
         de:25:86:85:47:49:a9:55:d5:f6:ed:1d:5c:35:5a:69:94:c9:
         94:93:f1:5a:ae:aa:16:5c:84:1f:a4:ff:70:0f:1c:a2:11:ea:
         e7:63:36:86:eb:13:63:fb:f4:1d:49:b8:e6:b2:de:01:f5:c4:
         7f:09:fc:78:5e:4e:a7:73:b3:c6:3d:dd:26:57:b4:87:da:f2:
         7c:dd:ad:d8:10:f5:9d:37:85:11:70:3d:ec:19:75:22:85:61:
         e1:60:5a:08:04:85:63:21:9a:09:cf:10:fb:96:61:fc:0d:7f:
         15:1a:bc:33:66:51:92:7d:95:c6:40:45:4b:66:4a:a8:d2:3e:
         5c:ac:83:c2:05:1d:72:91:28:a8:4a:ac:30:18:27:2f:c7:9b:
         77:ec:3e:83:f0:9c:19:27:ba:32:70:3c:ae:28:59:0c:b0:52:
         62:d5:3e:15:84:18:5e:47:c0:fe:f6:58:59:5a:18:4e:90:d1:
         e2:b9:67:cd:f7:01:db:00:88:e0:ec:5d:96:8c:36:9b:5c:26:
         3d:7d:fe:a4:94:bb:66:bb:3d:26:e6:8d:ac:f3:3f:9a:1d:5e:
         3d:b3:b3:11:f8:0d:f1:21:d4:b6:9d:b6:68:c6:1e:7c:76:56:
         87:a8:eb:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc7aEJWDsbQyEzjeD4G/DJGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwNjA0MTQ0NjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWNmYjM4YjBiNzkyZjgyMTAwNjFiNzBhZjcyODdiZjczMDE5ZmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyK8E+18y7n43RlDqbEW1JZshwCU
PTilNIXOWdd5/szt+WU340+dUFLJ4Eu6PX0P0Tdl1n1fhd/mVyG2VQXBIvmmLpap
PmWV91Jqa15no9WQlICxktOAsWtNyCcdHTUrMWY+5ivpNiYTMYEes/VPJ7stiC2T
vp1Bhn0qerkNuzSGBrU5XF/mo0jj+IhFlmHGlNl5QHgYCgEsYYwEb1k3xJFfdniB
Dq6NM4yPriuLvy8d9tXKQ/2mM4mZjW9C9fZxgOmTRafQ2JFBH6Tr48zjmiUI56de
1xboUDtep+TP2Nu4t9N5UEZly3jbg1ce71U7tpvaPfPxr3lxf/2wZHrhXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXPs4sLeS+CEAYbcK9yh79zAZ/xMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEveGMteml3dDVMNElRQmh0d3IzS0h2M01Cbl9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdMMA0G
CSqGSIb3DQEBCwUAA4IBAQBagfyCJIY/JH6OXaMorJFHx27eJYaFR0mpVdX27R1c
NVpplMmUk/FarqoWXIQfpP9wDxyiEernYzaG6xNj+/QdSbjmst4B9cR/Cfx4Xk6n
c7PGPd0mV7SH2vJ83a3YEPWdN4URcD3sGXUihWHhYFoIBIVjIZoJzxD7lmH8DX8V
GrwzZlGSfZXGQEVLZkqo0j5crIPCBR1ykSioSqwwGCcvx5t37D6D8JwZJ7oycDyu
KFkMsFJi1T4VhBheR8D+9lhZWhhOkNHiuWfN9wHbAIjg7F2WjDabXCY9ff6klLtm
uz0m5o2s8z+aHV49s7MR+A3xIdS2nbZoxh58dlaHqOsU
-----END CERTIFICATE-----