Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/RmnXvYZt-mmbFhnuP7k2fQRabUA.roa
File:                     RmnXvYZt-mmbFhnuP7k2fQRabUA.roa (raw, json)
Hash identifier:          gHLzUci7yfQ24zvXoIAPAC4wOBAEeqj8cAzMrTtaW54=
Subject key identifier:   46:69:D7:BD:86:6D:FA:69:9B:16:19:EE:3F:B9:36:7D:04:5A:6D:40
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019768BC918EA48C1E3657804ECDC0507B63
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/RmnXvYZt-mmbFhnuP7k2fQRabUA.roa
Signing time:             Fri 13 Jun 2025 10:01:17 +0000
ROA not before:           Fri 13 Jun 2025 10:01:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198510
IP address blocks:        89.23.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:68:bc:91:8e:a4:8c:1e:36:57:80:4e:cd:c0:50:7b:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jun 13 10:01:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4669d7bd866dfa699b1619ee3fb9367d045a6d40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3b:02:9c:5b:f9:64:8c:b3:f4:62:61:8c:b4:
                    72:49:06:ff:b5:31:fc:62:9f:f7:99:4d:f4:05:fd:
                    64:53:9a:77:64:8a:12:1a:be:c9:38:a6:0d:84:09:
                    44:f9:95:dc:61:97:54:28:38:71:a6:84:5b:fd:bc:
                    7f:32:7e:a4:31:a4:42:1e:e6:7f:17:66:7f:7a:13:
                    2f:29:74:b2:9f:5a:cd:2f:03:55:7d:f7:c4:4b:f2:
                    96:a7:4b:ab:5c:2b:b9:72:e4:cf:e6:27:22:b8:74:
                    b4:2d:ad:21:ee:0a:37:f8:3f:c1:96:33:9c:a6:06:
                    3a:b8:c0:84:10:3f:8c:d3:d0:0d:ee:39:c8:c5:b1:
                    2e:d0:a7:e2:34:d0:88:81:36:78:25:53:58:e8:81:
                    22:a9:af:55:02:d6:1c:4a:75:80:1f:a9:df:4a:a2:
                    5f:28:29:cc:60:58:c0:1c:95:77:12:78:60:6a:ee:
                    48:88:84:ee:36:ac:b9:40:d6:c0:e2:0c:07:45:79:
                    ed:38:87:8a:61:80:71:0d:fa:3f:3b:fb:20:67:d6:
                    6a:53:70:35:fb:5e:42:12:55:17:c1:f5:12:35:93:
                    f9:95:a0:eb:0e:a6:88:13:fe:d2:3e:a4:12:13:03:
                    29:fe:67:ce:83:29:2c:92:c4:56:72:4f:be:b8:2a:
                    3c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:69:D7:BD:86:6D:FA:69:9B:16:19:EE:3F:B9:36:7D:04:5A:6D:40
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/RmnXvYZt-mmbFhnuP7k2fQRabUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:36:ef:30:14:d7:40:94:e2:99:9f:5d:c5:3d:d7:b0:e6:78:
         69:31:fc:41:53:d3:b2:ec:1f:e3:2b:1b:24:af:1a:da:23:22:
         79:b9:75:00:23:bb:b5:34:b4:6a:f6:f7:49:5b:72:a8:48:b4:
         38:aa:61:4e:8a:a8:63:f9:df:6b:96:d7:c0:7e:09:f3:fd:89:
         64:40:7e:eb:d2:2a:85:b4:d4:e3:ba:de:fb:b1:bd:39:fe:1d:
         cc:56:8f:de:ce:c0:56:a1:9e:83:f4:b2:24:e4:66:df:0b:4b:
         29:b4:c9:3a:83:5b:27:a8:4a:79:a0:e7:3a:d0:69:92:89:2a:
         fa:96:1b:9c:4c:32:6e:07:d3:52:9d:72:1f:6e:e4:4a:ab:3f:
         01:02:b7:a0:64:fc:10:6b:1b:24:5b:35:75:df:a9:fb:93:2d:
         69:66:69:43:26:a3:0a:d5:c9:ca:a5:47:0d:4a:92:04:89:32:
         dd:86:5d:0f:5f:e8:46:92:cc:d8:30:cb:10:eb:22:c4:8a:4d:
         dc:62:94:bc:f3:eb:0d:c2:eb:9c:5f:f8:f7:89:c3:96:32:13:
         e6:b9:89:2f:80:fe:db:c1:93:df:92:69:a1:a3:69:a1:55:b5:
         22:2c:21:e5:5f:dd:e8:fb:ca:2b:ae:57:8a:be:16:59:50:04:
         fe:36:28:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdovJGOpIweNleATs3AUHtjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwNjEzMTAwMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjY5ZDdiZDg2NmRmYTY5OWIxNjE5ZWUzZmI5MzY3ZDA0NWE2ZDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujsCnFv5ZIyz9GJhjLRySQb/tTH8
Yp/3mU30Bf1kU5p3ZIoSGr7JOKYNhAlE+ZXcYZdUKDhxpoRb/bx/Mn6kMaRCHuZ/
F2Z/ehMvKXSyn1rNLwNVfffES/KWp0urXCu5cuTP5iciuHS0La0h7go3+D/BljOc
pgY6uMCEED+M09AN7jnIxbEu0KfiNNCIgTZ4JVNY6IEiqa9VAtYcSnWAH6nfSqJf
KCnMYFjAHJV3Enhgau5IiITuNqy5QNbA4gwHRXntOIeKYYBxDfo/O/sgZ9ZqU3A1
+15CElUXwfUSNZP5laDrDqaIE/7SPqQSEwMp/mfOgyksksRWck++uCo8xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZp172GbfppmxYZ7j+5Nn0EWm1AMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvUm1uWHZZWnQtbW1iRmhudVA3azJmUVJhYlVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdeMA0G
CSqGSIb3DQEBCwUAA4IBAQARNu8wFNdAlOKZn13FPdew5nhpMfxBU9Oy7B/jKxsk
rxraIyJ5uXUAI7u1NLRq9vdJW3KoSLQ4qmFOiqhj+d9rltfAfgnz/YlkQH7r0iqF
tNTjut77sb05/h3MVo/ezsBWoZ6D9LIk5GbfC0sptMk6g1snqEp5oOc60GmSiSr6
lhucTDJuB9NSnXIfbuRKqz8BAregZPwQaxskWzV136n7ky1pZmlDJqMK1cnKpUcN
SpIEiTLdhl0PX+hGkszYMMsQ6yLEik3cYpS88+sNwuucX/j3icOWMhPmuYkvgP7b
wZPfkmmho2mhVbUiLCHlX93o+8orrleKvhZZUAT+NiiS
-----END CERTIFICATE-----