Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/NMmpZHqIGv4sdiC0UrFaRriAQZY.roa
File:                     NMmpZHqIGv4sdiC0UrFaRriAQZY.roa (raw, json)
Hash identifier:          wzKOWhFtU0tefnxd/Jf5WIF38kZKs98E2ueOwZH861c=
Subject key identifier:   34:C9:A9:64:7A:88:1A:FE:2C:76:20:B4:52:B1:5A:46:B8:80:41:96
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019D913C464F0F795AE3D9CA984B23174A89
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/NMmpZHqIGv4sdiC0UrFaRriAQZY.roa
Signing time:             Wed 15 Apr 2026 13:02:19 +0000
ROA not before:           Wed 15 Apr 2026 13:02:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26769
IP address blocks:        89.23.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:3c:46:4f:0f:79:5a:e3:d9:ca:98:4b:23:17:4a:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Apr 15 13:02:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34c9a9647a881afe2c7620b452b15a46b8804196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0a:c1:36:96:b0:53:58:e5:eb:16:66:54:b4:
                    97:4c:fb:ed:e8:45:8d:37:28:f2:16:ef:53:e8:0b:
                    5c:01:e4:4d:e0:26:f2:d9:7d:03:92:57:c4:e4:cf:
                    12:b1:ca:a6:76:a2:cc:4d:5c:91:ea:cc:9d:ec:b1:
                    ce:e6:b3:7c:9a:de:23:cb:a2:f1:09:97:8b:9d:31:
                    04:c8:14:86:ef:2a:94:67:13:fc:13:23:fd:6c:fe:
                    4f:ea:93:6f:69:b8:a1:62:54:52:56:9c:d3:04:a6:
                    a2:f8:8d:a0:2f:a9:e8:e2:84:e0:e6:bd:f1:94:33:
                    58:fb:8a:55:a3:eb:6a:ee:8b:11:36:ee:25:69:27:
                    0b:3e:ce:61:16:e2:6e:36:08:74:f9:a6:30:9b:3a:
                    11:f8:71:62:dd:6a:da:ae:da:89:c3:6a:b5:8a:f4:
                    de:2c:29:20:fc:40:c8:35:25:3e:be:93:b1:9c:2c:
                    71:fe:40:7a:f1:9c:2c:71:a5:d0:17:09:68:82:60:
                    18:3d:82:1a:58:a9:15:d4:0d:78:d0:d8:b6:d2:44:
                    e1:ec:a8:2f:ac:72:ef:ed:4d:82:fc:6c:ae:24:53:
                    62:3b:16:60:6a:29:17:83:96:93:20:14:33:0d:51:
                    00:61:ae:25:2d:e4:4a:e3:96:be:0a:15:e9:37:51:
                    3c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:C9:A9:64:7A:88:1A:FE:2C:76:20:B4:52:B1:5A:46:B8:80:41:96
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/NMmpZHqIGv4sdiC0UrFaRriAQZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:3f:89:1e:50:30:97:3e:8d:cd:a4:0b:21:7d:fe:75:00:69:
         a6:75:31:bf:18:11:17:73:63:d9:c5:41:89:4a:7c:87:48:95:
         be:56:9a:78:1b:c7:a1:95:5c:f2:1d:42:85:7b:77:4e:49:10:
         81:7c:74:d3:31:0e:13:31:40:f8:09:77:9c:59:ee:12:0b:8a:
         a3:6a:3d:7e:e0:ac:5f:a2:2f:95:e7:9f:a9:1f:d6:6e:f7:d1:
         01:3a:c5:b0:fc:6b:5b:ec:7c:8a:62:1c:13:b3:a5:82:29:2e:
         bc:63:a1:a1:4f:c0:52:7e:5d:7d:af:d9:cd:27:5a:2b:6d:94:
         35:ac:22:8d:ce:0f:06:1b:6e:74:d7:86:de:71:c5:f1:dc:ac:
         6a:79:8b:20:52:02:41:1f:12:db:14:c1:2e:3c:c3:c3:c9:66:
         7a:5b:3c:03:73:e8:7a:4b:f1:0e:be:18:c8:05:5c:79:93:5b:
         2d:9d:d3:90:5d:15:65:43:5e:7f:42:09:67:66:a6:66:99:63:
         33:77:ec:b7:ea:70:24:df:72:ad:5b:e4:87:7f:92:ec:22:18:
         16:a2:41:c8:fb:29:e2:a3:4f:2e:e2:40:56:7a:c1:f9:74:05:
         45:48:b2:62:84:8f:82:68:dc:a6:0e:2a:6d:9f:cd:c5:e3:c2:
         b2:21:2d:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2RPEZPD3la49nKmEsjF0qJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwNDE1MTMwMjE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGM5YTk2NDdhODgxYWZlMmM3NjIwYjQ1MmIxNWE0NmI4ODA0MTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0grBNpawU1jl6xZmVLSXTPvt6EWN
NyjyFu9T6AtcAeRN4Cby2X0DklfE5M8SscqmdqLMTVyR6syd7LHO5rN8mt4jy6Lx
CZeLnTEEyBSG7yqUZxP8EyP9bP5P6pNvabihYlRSVpzTBKai+I2gL6no4oTg5r3x
lDNY+4pVo+tq7osRNu4laScLPs5hFuJuNgh0+aYwmzoR+HFi3WrartqJw2q1ivTe
LCkg/EDINSU+vpOxnCxx/kB68ZwscaXQFwlogmAYPYIaWKkV1A140Ni20kTh7Kgv
rHLv7U2C/GyuJFNiOxZgaikXg5aTIBQzDVEAYa4lLeRK45a+ChXpN1E81wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTJqWR6iBr+LHYgtFKxWka4gEGWMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvTk1tcFpIcUlHdjRzZGlDMFVyRmFScmlBUVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdQMA0G
CSqGSIb3DQEBCwUAA4IBAQAfP4keUDCXPo3NpAshff51AGmmdTG/GBEXc2PZxUGJ
SnyHSJW+Vpp4G8ehlVzyHUKFe3dOSRCBfHTTMQ4TMUD4CXecWe4SC4qjaj1+4Kxf
oi+V55+pH9Zu99EBOsWw/Gtb7HyKYhwTs6WCKS68Y6GhT8BSfl19r9nNJ1orbZQ1
rCKNzg8GG25014beccXx3KxqeYsgUgJBHxLbFMEuPMPDyWZ6WzwDc+h6S/EOvhjI
BVx5k1stndOQXRVlQ15/QglnZqZmmWMzd+y36nAk33KtW+SHf5LsIhgWokHI+yni
o08u4kBWesH5dAVFSLJihI+CaNymDiptn83F48KyIS0u
-----END CERTIFICATE-----