Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/XEt-JzKNChQRC4F9ye3IlnrxKg0.roa
File:                     XEt-JzKNChQRC4F9ye3IlnrxKg0.roa (raw, json)
Hash identifier:          Cxgtnc2NckykejizLBtChOb2Ai4q2KsLC4cgmZ+mcLM=
Subject key identifier:   5C:4B:7E:27:32:8D:0A:14:11:0B:81:7D:C9:ED:C8:96:7A:F1:2A:0D
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019D96C1A7B9B2AB8CE272C55C2F17374A7E
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/XEt-JzKNChQRC4F9ye3IlnrxKg0.roa
Signing time:             Thu 16 Apr 2026 14:46:06 +0000
ROA not before:           Thu 16 Apr 2026 14:46:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        89.23.76.0/24 maxlen: 24
                          89.23.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:c1:a7:b9:b2:ab:8c:e2:72:c5:5c:2f:17:37:4a:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Apr 16 14:46:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c4b7e27328d0a14110b817dc9edc8967af12a0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f3:31:d4:18:5a:82:04:0e:c7:57:30:6a:e7:
                    59:de:53:68:b9:03:6f:1d:db:1d:51:ae:17:03:5b:
                    24:9c:19:12:4a:82:21:1e:1b:ce:b4:67:9b:6f:f6:
                    82:8b:4a:01:35:14:88:58:aa:7a:72:a8:35:89:33:
                    bd:b6:60:13:8f:ce:bb:d0:c3:18:e4:eb:a9:06:68:
                    94:b2:a9:f7:f9:09:45:a0:54:ab:bb:77:dc:fa:91:
                    80:67:54:b7:64:1e:de:ad:d9:e3:d7:02:94:ba:e6:
                    b8:61:3e:94:49:f4:9e:13:b8:8d:2c:ab:7e:ea:db:
                    78:b5:c2:6f:a5:c4:61:35:3b:cc:47:7c:e4:20:0a:
                    d8:5e:f3:02:71:c9:61:57:bf:36:f0:93:49:30:c7:
                    ee:c0:5e:70:92:e7:13:23:78:de:45:fd:71:57:e6:
                    a9:38:30:ec:17:55:a5:44:07:23:88:ff:f3:82:19:
                    df:33:e9:a3:d7:68:54:71:50:89:20:f1:5b:88:b1:
                    a6:03:0e:05:a8:cf:ca:cd:78:aa:c1:23:8a:7a:9b:
                    c9:64:bf:7f:74:4f:a1:81:36:fa:60:c6:ad:d6:34:
                    3f:d9:1e:b8:71:6f:f9:d6:b0:cd:f7:4b:78:8f:1d:
                    ad:6e:51:69:14:f5:b2:64:75:aa:2c:4a:ad:ea:9e:
                    1a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:4B:7E:27:32:8D:0A:14:11:0B:81:7D:C9:ED:C8:96:7A:F1:2A:0D
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/XEt-JzKNChQRC4F9ye3IlnrxKg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.76.0/24
                  89.23.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:9f:28:04:e7:35:a0:84:62:83:90:08:09:37:ec:75:88:e9:
         58:c9:38:06:dc:4a:c7:f5:88:f7:a0:8b:32:39:88:8d:df:3f:
         e4:f4:1e:16:15:2d:de:49:28:ca:c4:67:50:17:53:db:8d:f9:
         5b:77:b3:a7:4d:b5:63:18:78:63:d7:cb:b9:3e:6b:e2:bd:f4:
         8f:53:5c:c2:3d:92:d2:51:7c:24:0a:41:94:65:c6:4c:2c:dd:
         eb:5d:53:7c:3b:e9:f8:10:11:9a:82:f6:ff:42:0a:9f:67:d4:
         55:34:06:50:2e:55:8d:dd:51:44:b6:fa:1c:35:0b:f7:d5:ce:
         58:91:9d:d9:2b:eb:bf:a7:ff:d7:76:d0:57:23:28:2c:eb:bd:
         e2:38:fc:bf:a0:93:30:b7:aa:0c:56:a1:0d:5b:8f:fb:fb:85:
         1b:a9:32:f9:8c:60:8d:29:f4:95:71:2f:75:b2:36:64:99:49:
         b3:93:74:78:29:72:e1:33:13:05:41:ff:8a:72:31:f4:ed:e8:
         0c:b9:4a:cf:44:7c:df:69:58:c2:74:ee:5e:3c:e8:b8:9e:d9:
         c2:bf:03:e2:03:07:0c:a1:da:2d:91:21:e4:e3:e6:ef:68:a2:
         f3:74:08:b0:4f:11:45:ea:85:f1:5b:4f:b0:ec:a0:70:d3:1b:
         06:f7:04:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2Wwae5squM4nLFXC8XN0p+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwNDE2MTQ0NjA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzRiN2UyNzMyOGQwYTE0MTEwYjgxN2RjOWVkYzg5NjdhZjEyYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPMx1BhaggQOx1cwaudZ3lNouQNv
HdsdUa4XA1sknBkSSoIhHhvOtGebb/aCi0oBNRSIWKp6cqg1iTO9tmATj8670MMY
5OupBmiUsqn3+QlFoFSru3fc+pGAZ1S3ZB7erdnj1wKUuua4YT6USfSeE7iNLKt+
6tt4tcJvpcRhNTvMR3zkIArYXvMCcclhV7828JNJMMfuwF5wkucTI3jeRf1xV+ap
ODDsF1WlRAcjiP/zghnfM+mj12hUcVCJIPFbiLGmAw4FqM/KzXiqwSOKepvJZL9/
dE+hgTb6YMat1jQ/2R64cW/51rDN90t4jx2tblFpFPWyZHWqLEqt6p4aUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFxLficyjQoUEQuBfcntyJZ68SoNMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvWEV0LUp6S05DaFFSQzRGOXllM0lsbnJ4S2cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRdMAwQA
WRdVMA0GCSqGSIb3DQEBCwUAA4IBAQAWnygE5zWghGKDkAgJN+x1iOlYyTgG3ErH
9Yj3oIsyOYiN3z/k9B4WFS3eSSjKxGdQF1Pbjflbd7OnTbVjGHhj18u5PmvivfSP
U1zCPZLSUXwkCkGUZcZMLN3rXVN8O+n4EBGagvb/QgqfZ9RVNAZQLlWN3VFEtvoc
NQv31c5YkZ3ZK+u/p//XdtBXIygs673iOPy/oJMwt6oMVqENW4/7+4UbqTL5jGCN
KfSVcS91sjZkmUmzk3R4KXLhMxMFQf+KcjH07egMuUrPRHzfaVjCdO5ePOi4ntnC
vwPiAwcModotkSHk4+bvaKLzdAiwTxFF6oXxW0+w7KBw0xsG9wRZ
-----END CERTIFICATE-----