Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/L5nG-3BykiW_LOr6-j5ZiFu3rQ4.roa
File:                     L5nG-3BykiW_LOr6-j5ZiFu3rQ4.roa (raw, json)
Hash identifier:          WM7eqZ3wB69Cjcl2HCd7NTw+yDr/CsjEknSxJBcih+c=
Subject key identifier:   2F:99:C6:FB:70:72:92:25:BF:2C:EA:FA:FA:3E:59:88:5B:B7:AD:0E
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019D615D1EE0A8805EEFA8A096C6655E625D
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/L5nG-3BykiW_LOr6-j5ZiFu3rQ4.roa
Signing time:             Mon 06 Apr 2026 05:56:25 +0000
ROA not before:           Mon 06 Apr 2026 05:56:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7018
IP address blocks:        89.23.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:61:5d:1e:e0:a8:80:5e:ef:a8:a0:96:c6:65:5e:62:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Apr  6 05:56:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f99c6fb70729225bf2ceafafa3e59885bb7ad0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:32:0d:58:96:5b:e5:da:c8:4d:af:05:19:d8:
                    c4:02:f6:3c:8f:9d:9b:85:89:0d:60:5e:f9:78:ca:
                    bb:f6:d5:9a:49:d7:23:61:7b:c7:ff:18:02:28:e8:
                    04:59:3e:60:d4:0a:ca:52:04:3e:8f:74:70:09:48:
                    50:85:ea:e2:d4:37:50:57:63:3f:66:21:d9:0e:26:
                    a0:97:15:bc:ed:00:a6:ac:5f:2d:ec:d6:88:91:a2:
                    7f:bb:de:4c:1b:e5:d6:a0:30:92:5f:91:73:c0:cb:
                    2e:26:68:90:64:09:11:9f:6a:78:1c:cd:27:53:1d:
                    f8:33:38:2c:28:88:71:ea:f9:d8:ff:23:92:bc:28:
                    55:c1:c3:9a:dc:0e:7a:c8:c5:72:58:57:a3:d2:29:
                    e8:37:d3:91:71:2c:03:b0:43:ed:23:74:30:e6:a2:
                    a2:7b:e4:52:aa:be:b2:83:03:4b:ae:8b:ae:33:b7:
                    34:94:b6:bf:c7:d4:e7:97:98:7e:32:2a:54:03:f4:
                    7f:77:0d:b6:06:b6:a6:1f:9e:e1:95:1a:bf:25:b7:
                    1e:f0:f2:6e:b2:64:91:35:7a:a7:54:2d:c3:2e:0a:
                    d2:4f:c3:6c:0a:5b:3b:bf:2a:7c:00:27:e1:69:fd:
                    71:d4:63:b3:d8:b4:ed:09:50:90:9e:a8:39:39:d7:
                    8f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:99:C6:FB:70:72:92:25:BF:2C:EA:FA:FA:3E:59:88:5B:B7:AD:0E
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/L5nG-3BykiW_LOr6-j5ZiFu3rQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:fc:2e:51:7a:56:13:b6:a1:5d:93:16:d8:b0:0e:2b:00:40:
         6c:3c:65:76:0f:87:6e:dc:db:2f:37:39:4b:f7:5f:a2:c8:90:
         2f:d7:9b:6a:0e:86:bb:9a:5d:5b:8b:b3:be:27:d1:ae:ff:58:
         2f:56:fb:cc:07:bf:2d:cf:ce:01:dc:eb:83:41:46:05:49:3d:
         e2:41:66:08:46:d5:dd:a7:f9:a6:d1:0a:e3:a5:eb:1f:25:5f:
         9c:99:c3:d5:78:e0:0c:a0:bb:88:54:30:8e:fc:e7:b5:53:a7:
         00:6c:10:77:46:25:7f:e6:08:ff:24:74:0c:41:97:81:c0:04:
         51:14:ce:98:6c:95:50:d4:23:c2:f6:49:7f:a2:8d:9a:d0:50:
         8b:9c:2b:25:b0:80:62:b6:f6:13:f6:69:9f:d7:95:13:94:f8:
         45:05:cf:17:d6:98:38:f1:61:fd:98:71:ec:e2:57:4f:65:d8:
         8c:fe:dc:20:8c:43:9b:2c:d5:ab:66:bd:e8:7e:e9:e4:ac:8d:
         7c:07:fd:a4:76:9b:bb:a7:72:56:d7:c6:df:e0:5c:5b:fc:94:
         53:f4:82:8b:ac:55:ac:8f:da:59:d1:47:ab:97:4e:04:60:8f:
         15:19:fd:60:7c:05:a8:41:0b:5d:30:20:ab:14:ef:d4:79:f3:
         1f:fe:a7:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1hXR7gqIBe76iglsZlXmJdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwNDA2MDU1NjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjk5YzZmYjcwNzI5MjI1YmYyY2VhZmFmYTNlNTk4ODViYjdhZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszINWJZb5drITa8FGdjEAvY8j52b
hYkNYF75eMq79tWaSdcjYXvH/xgCKOgEWT5g1ArKUgQ+j3RwCUhQheri1DdQV2M/
ZiHZDiaglxW87QCmrF8t7NaIkaJ/u95MG+XWoDCSX5FzwMsuJmiQZAkRn2p4HM0n
Ux34MzgsKIhx6vnY/yOSvChVwcOa3A56yMVyWFej0inoN9ORcSwDsEPtI3Qw5qKi
e+RSqr6ygwNLrouuM7c0lLa/x9Tnl5h+MipUA/R/dw22BramH57hlRq/Jbce8PJu
smSRNXqnVC3DLgrST8NsCls7vyp8ACfhaf1x1GOz2LTtCVCQnqg5OdeP0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+ZxvtwcpIlvyzq+vo+WYhbt60OMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvTDVuRy0zQnlraVdfTE9yNi1qNVppRnUzclE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdRMA0G
CSqGSIb3DQEBCwUAA4IBAQCK/C5RelYTtqFdkxbYsA4rAEBsPGV2D4du3NsvNzlL
91+iyJAv15tqDoa7ml1bi7O+J9Gu/1gvVvvMB78tz84B3OuDQUYFST3iQWYIRtXd
p/mm0QrjpesfJV+cmcPVeOAMoLuIVDCO/Oe1U6cAbBB3RiV/5gj/JHQMQZeBwARR
FM6YbJVQ1CPC9kl/oo2a0FCLnCslsIBitvYT9mmf15UTlPhFBc8X1pg48WH9mHHs
4ldPZdiM/twgjEObLNWrZr3ofunkrI18B/2kdpu7p3JW18bf4Fxb/JRT9IKLrFWs
j9pZ0Uerl04EYI8VGf1gfAWoQQtdMCCrFO/UefMf/qcl
-----END CERTIFICATE-----