Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/j6Nq6nF9Z8-h3762-SK6F9kbZ24.roa
File:                     j6Nq6nF9Z8-h3762-SK6F9kbZ24.roa (raw, json)
Hash identifier:          +E6cfZwDmEhqN4LgxzzWb5rW4D9f35K4n16nWWHKoCE=
Subject key identifier:   8F:A3:6A:EA:71:7D:67:CF:A1:DF:BE:B6:F9:22:BA:17:D9:1B:67:6E
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019CB504F550B7ECB9C18F9DF046647890EC
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/j6Nq6nF9Z8-h3762-SK6F9kbZ24.roa
Signing time:             Tue 03 Mar 2026 18:45:26 +0000
ROA not before:           Tue 03 Mar 2026 18:45:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.187.16.0/24 maxlen: 24
                          89.187.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 03:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b5:04:f5:50:b7:ec:b9:c1:8f:9d:f0:46:64:78:90:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Mar  3 18:45:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8fa36aea717d67cfa1dfbeb6f922ba17d91b676e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:08:d7:d9:1f:57:1a:99:81:66:2c:5c:21:ce:
                    55:0f:86:dd:40:ab:72:9b:3a:33:7a:06:4b:cc:78:
                    e7:07:5e:5d:97:df:4b:ba:a6:e9:d8:b8:84:23:21:
                    85:1b:27:35:f8:89:a6:6d:a6:4d:34:8e:38:56:c7:
                    7e:30:38:08:a4:45:ae:99:a8:c6:f9:76:78:43:3c:
                    1e:d2:43:a0:72:5f:b3:55:3b:9a:b9:c4:d1:51:d5:
                    45:95:19:42:be:3b:60:52:7a:d7:b1:b6:2c:26:76:
                    4d:cf:1a:1d:12:51:00:53:d3:10:72:ae:db:9d:f5:
                    a8:af:31:a0:4a:85:37:00:04:62:07:f8:85:1b:2b:
                    7e:f2:ba:57:cc:6d:ab:01:90:49:f3:36:e5:30:87:
                    e0:b0:78:89:ec:ec:ef:19:57:bc:0c:52:c4:85:33:
                    9c:2d:c3:6a:7f:e4:f6:10:b9:87:4c:14:40:66:28:
                    33:3b:35:21:c3:e8:91:52:ef:60:98:dc:1e:80:f2:
                    a1:e5:be:ed:47:b5:f5:a0:f4:4d:de:10:db:fe:51:
                    62:00:a2:5b:46:5f:0f:13:0c:d3:73:ec:a3:c9:9a:
                    eb:81:b2:a6:ac:8e:eb:3d:51:a3:e2:da:4b:8d:99:
                    4d:c9:e8:ac:47:64:d8:9d:fd:68:12:b0:ec:ed:d7:
                    63:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:A3:6A:EA:71:7D:67:CF:A1:DF:BE:B6:F9:22:BA:17:D9:1B:67:6E
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/j6Nq6nF9Z8-h3762-SK6F9kbZ24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.16.0/24
                  89.187.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:16:c5:d2:8a:cd:fd:c3:bb:e3:ff:56:d7:23:c3:ef:36:70:
         7c:bc:ad:aa:87:37:32:8e:72:a5:6e:2a:f0:35:2d:be:e6:cf:
         5e:83:85:99:70:a9:8e:fa:e8:b7:01:3a:5a:68:5b:2b:f7:40:
         97:97:38:e0:01:35:c0:a9:c7:6d:ae:4a:14:3b:69:32:e6:49:
         12:b0:6a:5f:ff:c7:6a:5f:80:f8:ff:b7:50:c1:97:28:01:0c:
         84:16:bf:5f:0b:80:e5:7a:74:13:90:81:cc:2b:5b:bc:63:48:
         e7:d8:54:1f:43:09:b4:1d:f1:4c:a2:94:4f:4d:6b:49:86:90:
         96:77:cf:00:09:be:25:a5:24:7b:73:3f:4f:b1:61:57:4d:64:
         d2:5e:11:8a:1e:37:2f:a3:47:f6:fc:d3:4c:40:e6:aa:e1:7f:
         de:fa:e9:0c:72:5f:f6:6a:ce:a2:a7:cc:63:1b:8c:4c:b1:76:
         3f:03:e2:b6:61:37:d5:33:47:20:e0:f5:a4:9e:f2:10:c7:2d:
         ee:63:e4:63:37:d9:be:1f:04:26:a5:8c:2a:ad:8d:3e:69:66:
         87:f9:ec:b0:83:f7:cb:d5:dd:4e:73:bc:d8:48:a0:67:d0:67:
         c5:ce:c0:0e:34:df:be:d2:8e:f3:80:24:19:08:9b:2b:9a:5e:
         8b:7d:e2:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZy1BPVQt+y5wY+d8EZkeJDsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjYwMzAzMTg0NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmEzNmFlYTcxN2Q2N2NmYTFkZmJlYjZmOTIyYmExN2Q5MWI2NzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAjX2R9XGpmBZixcIc5VD4bdQKty
mzozegZLzHjnB15dl99Luqbp2LiEIyGFGyc1+ImmbaZNNI44Vsd+MDgIpEWumajG
+XZ4Qzwe0kOgcl+zVTuaucTRUdVFlRlCvjtgUnrXsbYsJnZNzxodElEAU9MQcq7b
nfWorzGgSoU3AARiB/iFGyt+8rpXzG2rAZBJ8zblMIfgsHiJ7OzvGVe8DFLEhTOc
LcNqf+T2ELmHTBRAZigzOzUhw+iRUu9gmNwegPKh5b7tR7X1oPRN3hDb/lFiAKJb
Rl8PEwzTc+yjyZrrgbKmrI7rPVGj4tpLjZlNyeisR2TYnf1oErDs7ddjxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI+jaupxfWfPod++tvkiuhfZG2duMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvajZOcTZuRjlaOC1oMzc2Mi1TSzZGOWtiWjI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWbsQAwQA
WbseMA0GCSqGSIb3DQEBCwUAA4IBAQBjFsXSis39w7vj/1bXI8PvNnB8vK2qhzcy
jnKlbirwNS2+5s9eg4WZcKmO+ui3ATpaaFsr90CXlzjgATXAqcdtrkoUO2ky5kkS
sGpf/8dqX4D4/7dQwZcoAQyEFr9fC4DlenQTkIHMK1u8Y0jn2FQfQwm0HfFMopRP
TWtJhpCWd88ACb4lpSR7cz9PsWFXTWTSXhGKHjcvo0f2/NNMQOaq4X/e+ukMcl/2
as6ip8xjG4xMsXY/A+K2YTfVM0cg4PWknvIQxy3uY+RjN9m+HwQmpYwqrY0+aWaH
+eywg/fL1d1Oc7zYSKBn0GfFzsAONN++0o7zgCQZCJsrml6LfeJo
-----END CERTIFICATE-----