Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/4lzSf_lx_teYGys7PTCt_oNlv8Y.roa
File:                     4lzSf_lx_teYGys7PTCt_oNlv8Y.roa (raw, json)
Hash identifier:          Sym/z8o9jzxvvQ4mclndpFTN2kQSu1Xu97TweIFgGgQ=
Subject key identifier:   E2:5C:D2:7F:F9:71:FE:D7:98:1B:2B:3B:3D:30:AD:FE:83:65:BF:C6
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019D878DF73DC7659D033508667421FFF3A4
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/4lzSf_lx_teYGys7PTCt_oNlv8Y.roa
Signing time:             Mon 13 Apr 2026 15:55:20 +0000
ROA not before:           Mon 13 Apr 2026 15:55:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207590
IP address blocks:        89.23.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:8d:f7:3d:c7:65:9d:03:35:08:66:74:21:ff:f3:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Apr 13 15:55:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e25cd27ff971fed7981b2b3b3d30adfe8365bfc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:db:b1:d0:0a:a6:a4:15:a9:2e:a3:a8:68:90:
                    0b:58:20:93:3c:a8:5d:f9:6e:e8:d5:a7:e7:b0:a0:
                    86:1c:5c:41:62:d0:e3:8a:8a:28:1b:b8:af:a3:6c:
                    a8:22:e3:e4:d2:20:dc:15:04:f3:3a:b7:15:b3:36:
                    10:22:9e:87:35:a8:b3:1e:47:cf:67:e2:5d:40:e3:
                    41:8f:dd:a5:aa:7f:0c:42:31:60:ec:0d:9f:00:57:
                    99:1d:5d:05:5e:e5:e8:52:e2:21:b4:c9:38:68:ea:
                    7d:ff:45:7d:b3:3c:2e:1f:2f:10:36:08:c2:81:f1:
                    a4:4d:d0:58:f5:3c:fd:f5:ce:6a:16:98:c0:aa:c6:
                    c6:34:11:32:d1:7c:16:dc:a1:89:83:ee:7d:98:79:
                    9a:d0:48:5d:d5:fc:b6:48:e5:84:8a:2b:a4:4a:96:
                    e7:57:ed:aa:08:b0:e0:43:7f:2b:6a:bb:05:f5:2f:
                    c3:ec:12:21:52:1c:a5:32:dc:a7:9b:77:bf:a1:a7:
                    6e:93:a6:2c:44:68:ef:e9:7c:3a:b2:3f:48:c8:e2:
                    23:8d:95:dc:15:d5:e5:18:d3:5b:00:0d:31:98:52:
                    03:db:4c:b7:35:c9:1a:19:83:f8:bc:a5:ae:15:68:
                    be:76:f7:fd:67:b0:cd:59:a5:fd:c0:d7:38:e3:e5:
                    c3:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:5C:D2:7F:F9:71:FE:D7:98:1B:2B:3B:3D:30:AD:FE:83:65:BF:C6
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/4lzSf_lx_teYGys7PTCt_oNlv8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:cf:39:a3:95:47:98:21:c3:1e:66:a2:f2:fe:b5:23:c5:f4:
         7f:58:97:ed:5e:b5:06:50:d7:89:a3:d8:c5:f5:0d:a8:4c:cf:
         fa:f3:c9:78:30:0a:ad:94:54:cb:2f:15:a3:b8:c2:ef:47:b4:
         e0:54:5d:61:66:95:e6:5a:ed:0d:a2:b1:77:a6:15:7c:69:9a:
         0d:a6:b0:9f:2f:04:c9:93:d0:63:62:f9:2b:e4:0c:16:65:0c:
         a4:76:ce:74:f6:a7:c7:7f:c1:4f:3d:1f:df:e4:d3:6c:8a:59:
         08:17:a3:77:d8:91:a7:ad:12:10:21:cc:eb:86:e1:59:43:20:
         64:a0:80:8b:e4:f7:fc:95:e1:37:fe:f1:70:ed:d0:13:14:f2:
         39:85:24:be:7e:e1:0c:7d:74:05:cc:c4:36:8f:90:b4:25:15:
         c0:29:e5:36:c2:e4:f2:65:bd:ad:26:c6:2b:c5:05:83:5b:9d:
         fe:0d:8a:bb:f1:35:1b:ed:e3:ee:dd:26:07:88:74:8b:ac:a9:
         08:0e:e4:f7:ad:f8:f1:3d:51:08:8a:0a:a9:14:9b:89:0c:d9:
         a3:69:8e:4e:4f:48:63:4a:89:73:63:43:39:18:02:70:3f:d4:
         0b:3e:99:78:ed:a1:c2:b0:79:67:04:ca:bc:b0:01:27:2c:9d:
         25:c4:ee:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Hjfc9x2WdAzUIZnQh//OkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwNDEzMTU1NTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjVjZDI3ZmY5NzFmZWQ3OTgxYjJiM2IzZDMwYWRmZTgzNjViZmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9ux0AqmpBWpLqOoaJALWCCTPKhd
+W7o1afnsKCGHFxBYtDjioooG7ivo2yoIuPk0iDcFQTzOrcVszYQIp6HNaizHkfP
Z+JdQONBj92lqn8MQjFg7A2fAFeZHV0FXuXoUuIhtMk4aOp9/0V9szwuHy8QNgjC
gfGkTdBY9Tz99c5qFpjAqsbGNBEy0XwW3KGJg+59mHma0Ehd1fy2SOWEiiukSpbn
V+2qCLDgQ38rarsF9S/D7BIhUhylMtynm3e/oaduk6YsRGjv6Xw6sj9IyOIjjZXc
FdXlGNNbAA0xmFID20y3NckaGYP4vKWuFWi+dvf9Z7DNWaX9wNc44+XDTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJc0n/5cf7XmBsrOz0wrf6DZb/GMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvNGx6U2ZfbHhfdGVZR3lzN1BUQ3Rfb05sdjhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdXMA0G
CSqGSIb3DQEBCwUAA4IBAQAjzzmjlUeYIcMeZqLy/rUjxfR/WJftXrUGUNeJo9jF
9Q2oTM/688l4MAqtlFTLLxWjuMLvR7TgVF1hZpXmWu0NorF3phV8aZoNprCfLwTJ
k9BjYvkr5AwWZQykds509qfHf8FPPR/f5NNsilkIF6N32JGnrRIQIczrhuFZQyBk
oICL5Pf8leE3/vFw7dATFPI5hSS+fuEMfXQFzMQ2j5C0JRXAKeU2wuTyZb2tJsYr
xQWDW53+DYq78TUb7ePu3SYHiHSLrKkIDuT3rfjxPVEIigqpFJuJDNmjaY5OT0hj
SolzY0M5GAJwP9QLPpl47aHCsHlnBMq8sAEnLJ0lxO7h
-----END CERTIFICATE-----