Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/TNfPxwU7h6uqdog6igyvbUp6NBk.roa
File:                     TNfPxwU7h6uqdog6igyvbUp6NBk.roa (raw, json)
Hash identifier:          XTsUHas8rJOGXriVw2ZChlnITLWs1Kpebo7gPhs20lk=
Subject key identifier:   4C:D7:CF:C7:05:3B:87:AB:AA:76:88:3A:8A:0C:AF:6D:4A:7A:34:19
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019D33B476A2FEA0585982E1DDFD1890A0A7
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/TNfPxwU7h6uqdog6igyvbUp6NBk.roa
Signing time:             Sat 28 Mar 2026 09:09:17 +0000
ROA not before:           Sat 28 Mar 2026 09:09:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199915
IP address blocks:        89.23.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:33:b4:76:a2:fe:a0:58:59:82:e1:dd:fd:18:90:a0:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Mar 28 09:09:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4cd7cfc7053b87abaa76883a8a0caf6d4a7a3419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:90:db:e4:9e:95:93:f6:99:35:c0:de:b6:68:
                    3f:99:9c:28:65:4a:61:f9:16:1a:df:e5:a9:a0:4f:
                    f4:2b:1f:ad:c7:f6:40:86:55:80:84:aa:2e:b7:0a:
                    4b:10:12:36:a0:7c:e6:40:d7:4b:25:f0:86:ec:ad:
                    ef:fd:a6:d8:f3:7f:71:a1:82:ac:eb:46:91:70:98:
                    d0:a9:3c:e1:ea:25:7f:71:50:3e:4c:92:c3:ff:98:
                    66:38:0d:03:b0:4b:b4:b2:b5:25:31:ae:78:b5:5f:
                    59:1d:ec:19:3c:67:c2:66:fe:ee:93:7b:c6:c6:e1:
                    d6:33:5f:89:b3:5c:ce:e9:b8:0a:d1:8c:1e:e2:0e:
                    f2:ca:b0:59:eb:25:29:79:cc:b3:ac:ca:ff:3c:91:
                    89:40:e1:b1:41:53:99:b7:cb:45:58:c3:b6:3c:84:
                    47:81:b8:22:46:9b:87:b5:0d:85:90:24:60:fe:05:
                    0b:f4:2a:5b:78:65:17:2b:ca:cc:8d:c9:ec:fe:ea:
                    f0:3e:6f:4e:b6:56:75:6f:07:f1:91:86:d4:fd:ee:
                    5e:9c:96:9b:ff:03:eb:6d:1a:ef:42:3d:b1:e1:64:
                    05:0b:cf:3a:07:98:b1:03:42:9f:2a:e6:7a:dd:30:
                    d6:eb:02:64:83:cd:e1:32:3a:56:a5:d5:80:0c:12:
                    6b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:D7:CF:C7:05:3B:87:AB:AA:76:88:3A:8A:0C:AF:6D:4A:7A:34:19
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/TNfPxwU7h6uqdog6igyvbUp6NBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:ad:9e:13:41:18:32:81:fb:c8:ca:08:91:31:2d:fe:0e:2c:
         0e:97:9a:45:8d:0b:1f:28:2d:39:58:ff:c6:44:61:43:85:81:
         86:36:f2:b8:57:21:2d:55:28:07:57:86:1e:7e:fe:09:d3:db:
         3d:eb:af:bd:2c:03:0b:01:61:9d:a9:c8:eb:6b:26:84:28:f6:
         c6:f6:45:97:29:ee:d6:86:2a:c6:d6:8b:89:2a:5c:76:51:b6:
         5b:1d:63:96:9d:d9:56:9a:f1:8d:43:53:87:07:02:f0:8b:16:
         da:63:7b:b0:ac:89:5c:4d:29:d8:81:39:be:28:4c:c1:93:de:
         e2:7d:9a:7c:35:32:f4:ad:ea:b6:9d:61:de:1c:4d:e8:e1:6e:
         9d:da:65:a5:57:2a:5d:3d:99:fd:f5:ab:3b:5e:77:f3:8a:ce:
         7b:2e:91:43:98:a0:0e:18:03:f5:fb:9d:b7:b6:15:cf:2c:e9:
         a0:fd:06:23:eb:3e:d8:2b:7b:f5:33:50:70:fe:64:9a:40:dd:
         6b:4f:90:c5:f5:08:b4:8f:49:4a:8c:62:a8:1a:62:83:55:ad:
         24:e9:07:ba:63:1f:4b:37:d0:3b:96:d2:34:ff:e7:f8:7f:ca:
         93:e0:4f:f1:78:d9:e0:22:81:81:2e:de:e1:2f:c9:a6:8e:fc:
         4e:fd:5f:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0ztHai/qBYWYLh3f0YkKCnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMzI4MDkwOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2Q3Y2ZjNzA1M2I4N2FiYWE3Njg4M2E4YTBjYWY2ZDRhN2EzNDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupDb5J6Vk/aZNcDetmg/mZwoZUph
+RYa3+WpoE/0Kx+tx/ZAhlWAhKoutwpLEBI2oHzmQNdLJfCG7K3v/abY839xoYKs
60aRcJjQqTzh6iV/cVA+TJLD/5hmOA0DsEu0srUlMa54tV9ZHewZPGfCZv7uk3vG
xuHWM1+Js1zO6bgK0Ywe4g7yyrBZ6yUpecyzrMr/PJGJQOGxQVOZt8tFWMO2PIRH
gbgiRpuHtQ2FkCRg/gUL9CpbeGUXK8rMjcns/urwPm9OtlZ1bwfxkYbU/e5enJab
/wPrbRrvQj2x4WQFC886B5ixA0KfKuZ63TDW6wJkg83hMjpWpdWADBJr6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzXz8cFO4erqnaIOooMr21KejQZMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvVE5mUHh3VTdoNnVxZG9nNmlneXZiVXA2TkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdSMA0G
CSqGSIb3DQEBCwUAA4IBAQBprZ4TQRgygfvIygiRMS3+DiwOl5pFjQsfKC05WP/G
RGFDhYGGNvK4VyEtVSgHV4Yefv4J09s966+9LAMLAWGdqcjrayaEKPbG9kWXKe7W
hirG1ouJKlx2UbZbHWOWndlWmvGNQ1OHBwLwixbaY3uwrIlcTSnYgTm+KEzBk97i
fZp8NTL0req2nWHeHE3o4W6d2mWlVypdPZn99as7Xnfzis57LpFDmKAOGAP1+523
thXPLOmg/QYj6z7YK3v1M1Bw/mSaQN1rT5DF9Qi0j0lKjGKoGmKDVa0k6Qe6Yx9L
N9A7ltI0/+f4f8qT4E/xeNngIoGBLt7hL8mmjvxO/V/q
-----END CERTIFICATE-----