Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/pQbdBGq7FHOiwgLYdfVX7zVD-Jk.roa
File:                     pQbdBGq7FHOiwgLYdfVX7zVD-Jk.roa (raw, json)
Hash identifier:          xjfcwrwPsBiKM+SPdeBc2chdvN3MD8dIO0Ls1uO82ck=
Subject key identifier:   A5:06:DD:04:6A:BB:14:73:A2:C2:02:D8:75:F5:57:EF:35:43:F8:99
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019D91C94663C4026333FDE2B0761821CF32
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/pQbdBGq7FHOiwgLYdfVX7zVD-Jk.roa
Signing time:             Wed 15 Apr 2026 15:36:20 +0000
ROA not before:           Wed 15 Apr 2026 15:36:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209104
IP address blocks:        89.23.93.0/24 maxlen: 24
                          109.111.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:c9:46:63:c4:02:63:33:fd:e2:b0:76:18:21:cf:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Apr 15 15:36:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a506dd046abb1473a2c202d875f557ef3543f899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:60:7a:d4:46:66:0c:8c:ec:d1:d6:0b:c0:83:
                    26:65:ca:91:bd:83:19:54:c6:21:8d:01:5f:f8:b4:
                    67:c7:2d:b6:ca:2e:4c:0f:00:a4:8a:42:c9:c2:1a:
                    d7:e9:a1:67:a4:14:22:ed:01:47:bd:85:60:b5:9e:
                    91:1b:b4:1f:1f:22:e7:d8:68:43:b6:13:d1:82:af:
                    56:4e:3e:16:d6:44:54:c8:fc:ce:5e:81:a4:e1:f2:
                    ad:1f:6c:f1:50:38:49:77:6c:7d:aa:6b:77:48:64:
                    04:1c:22:41:bb:40:e6:e4:fa:e3:eb:d1:d5:96:89:
                    98:95:06:12:ee:ad:4e:0e:2a:fe:af:cb:ed:84:27:
                    8d:04:0f:79:a7:00:21:2b:9d:e4:da:7a:a1:e5:02:
                    93:83:9c:b5:f7:0c:13:73:09:b6:0c:4e:2f:5b:d8:
                    5e:2c:6b:de:5d:56:4a:68:4f:23:a0:fa:ee:58:c8:
                    6e:ec:1a:ff:a3:79:0e:d3:e8:ed:ae:f3:c3:5f:a5:
                    17:2b:d9:9c:ba:25:0b:a7:ce:18:22:7b:71:10:b6:
                    3f:8f:06:85:ac:52:33:33:86:1c:4e:ef:6a:c7:e3:
                    1d:fa:06:78:d8:fa:cb:ba:fa:97:2c:ac:e2:4b:6a:
                    5e:96:d5:d1:ec:28:43:98:3d:86:8c:ac:05:2a:60:
                    81:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:06:DD:04:6A:BB:14:73:A2:C2:02:D8:75:F5:57:EF:35:43:F8:99
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/pQbdBGq7FHOiwgLYdfVX7zVD-Jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.93.0/24
                  109.111.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:23:e9:76:73:2a:0e:ee:65:23:67:b2:23:80:24:f6:cb:15:
         f1:e7:77:9f:24:ef:88:cc:48:4d:80:57:36:f4:41:cc:29:c5:
         96:5d:17:ae:15:7b:32:c8:d1:a5:4b:57:2d:11:d4:fb:77:af:
         de:05:58:ac:30:aa:56:da:27:c1:79:58:7a:12:15:19:63:c6:
         d4:da:a3:b2:45:7f:eb:9c:e4:d7:cd:e4:c0:64:07:29:a8:0c:
         c6:37:cd:b4:56:0a:06:51:c2:2b:50:50:26:61:3a:57:48:b9:
         d8:5f:77:14:00:54:db:c5:78:77:f0:a3:a2:92:6a:c1:31:49:
         84:ea:b0:17:f3:3e:11:8d:67:b9:b6:a9:3a:ea:a0:bc:45:86:
         84:17:09:07:df:8e:7d:67:02:b0:b5:94:d3:05:b2:95:64:d8:
         6e:9a:f6:e4:1c:7f:65:bd:9c:74:96:28:e8:92:19:10:90:b9:
         f7:76:4c:cc:5f:41:78:2a:e1:b0:dd:92:c8:67:db:80:9f:9f:
         0e:4c:bf:f7:fb:17:dc:b3:45:ab:5f:e4:8a:2f:88:b8:51:88:
         e6:25:e7:30:82:ee:11:10:97:42:15:6b:19:89:f8:d3:ba:a7:
         01:41:b7:90:54:4b:b0:ed:4c:25:51:37:ef:d1:6d:af:66:2c:
         37:0b:52:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2RyUZjxAJjM/3isHYYIc8yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwNDE1MTUzNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTA2ZGQwNDZhYmIxNDczYTJjMjAyZDg3NWY1NTdlZjM1NDNmODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2WB61EZmDIzs0dYLwIMmZcqRvYMZ
VMYhjQFf+LRnxy22yi5MDwCkikLJwhrX6aFnpBQi7QFHvYVgtZ6RG7QfHyLn2GhD
thPRgq9WTj4W1kRUyPzOXoGk4fKtH2zxUDhJd2x9qmt3SGQEHCJBu0Dm5Prj69HV
lomYlQYS7q1ODir+r8vthCeNBA95pwAhK53k2nqh5QKTg5y19wwTcwm2DE4vW9he
LGveXVZKaE8joPruWMhu7Br/o3kO0+jtrvPDX6UXK9mcuiULp84YIntxELY/jwaF
rFIzM4YcTu9qx+Md+gZ42PrLuvqXLKziS2peltXR7ChDmD2GjKwFKmCBhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKUG3QRquxRzosIC2HX1V+81Q/iZMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvcFFiZEJHcTdGSE9pd2dMWWRmVlg3elZELUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRddAwQA
bW//MA0GCSqGSIb3DQEBCwUAA4IBAQB8I+l2cyoO7mUjZ7IjgCT2yxXx53efJO+I
zEhNgFc29EHMKcWWXReuFXsyyNGlS1ctEdT7d6/eBVisMKpW2ifBeVh6EhUZY8bU
2qOyRX/rnOTXzeTAZAcpqAzGN820VgoGUcIrUFAmYTpXSLnYX3cUAFTbxXh38KOi
kmrBMUmE6rAX8z4RjWe5tqk66qC8RYaEFwkH3459ZwKwtZTTBbKVZNhumvbkHH9l
vZx0lijokhkQkLn3dkzMX0F4KuGw3ZLIZ9uAn58OTL/3+xfcs0WrX+SKL4i4UYjm
Jecwgu4REJdCFWsZifjTuqcBQbeQVEuw7UwlUTfv0W2vZiw3C1L9
-----END CERTIFICATE-----