Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/lk6Hfi9KbB1Ij-185K3YXtagWKE.roa
File:                     lk6Hfi9KbB1Ij-185K3YXtagWKE.roa (raw, json)
Hash identifier:          mdxJ9JVD7IZDkycD97vqs0ohPExMqonhzHpDt9YsSgg=
Subject key identifier:   96:4E:87:7E:2F:4A:6C:1D:48:8F:ED:7C:E4:AD:D8:5E:D6:A0:58:A1
Certificate issuer:       /CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
Certificate serial:       019A3EF87AEC9318DDBEC9A1B1E561B4CA87
Authority key identifier: E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/lk6Hfi9KbB1Ij-185K3YXtagWKE.roa
Signing time:             Sat 01 Nov 2025 10:31:03 +0000
ROA not before:           Sat 01 Nov 2025 10:31:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206077
IP address blocks:        89.29.253.0/24 maxlen: 24
                          185.250.198.0/24 maxlen: 24
                          213.181.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3e:f8:7a:ec:93:18:dd:be:c9:a1:b1:e5:61:b4:ca:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e92c415d1775ae9993e900a7536b46ab144a9aa2
        Validity
            Not Before: Nov  1 10:31:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=964e877e2f4a6c1d488fed7ce4add85ed6a058a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:14:6e:0d:57:ec:d3:67:f4:94:fc:0e:6d:35:
                    78:38:d0:4e:48:ce:bc:f7:ed:d6:28:96:40:6e:87:
                    82:f0:9c:2f:87:aa:f8:b3:68:6b:12:dc:46:91:3c:
                    bc:7b:80:11:bd:e6:db:83:0f:2d:c3:ae:af:0b:91:
                    44:9a:2d:f1:50:8a:53:df:44:09:3b:15:79:f7:b0:
                    f4:05:7a:78:b8:cf:d7:09:08:8f:83:69:b3:02:50:
                    58:e6:37:f2:d5:15:b2:60:1d:b3:15:e4:64:36:f6:
                    fc:4f:7b:8f:6c:f1:9d:c1:d7:2e:4b:db:75:1d:af:
                    77:04:f6:ca:29:cd:80:21:51:51:36:4c:b7:5a:3d:
                    9d:7d:02:84:49:6f:9a:59:5b:df:95:9f:e9:9b:e0:
                    b9:2a:fd:7e:dc:87:eb:bf:de:7b:c2:cc:ba:21:9c:
                    01:fa:8a:ef:11:4a:43:f8:7c:db:cb:16:52:02:13:
                    82:0b:1a:bf:7b:e1:9b:ad:cb:59:82:6a:72:50:d0:
                    d1:45:fc:b5:7f:1a:de:b5:65:04:91:62:cb:d8:7a:
                    16:0a:c4:2d:bc:58:54:ea:93:92:67:61:e7:91:8a:
                    18:d3:68:b8:27:2e:81:7f:db:bd:e1:37:dd:1f:15:
                    c5:2d:56:bc:0d:2d:66:d5:79:87:ad:64:f6:78:e5:
                    64:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:4E:87:7E:2F:4A:6C:1D:48:8F:ED:7C:E4:AD:D8:5E:D6:A0:58:A1
            X509v3 Authority Key Identifier:
                keyid:E9:2C:41:5D:17:75:AE:99:93:E9:00:A7:53:6B:46:AB:14:4A:9A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SxBXRd1rpmT6QCnU2tGqxRKmqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/lk6Hfi9KbB1Ij-185K3YXtagWKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0898be-b037-429f-b504-1d934a048474/1/6SxBXRd1rpmT6QCnU2tGqxRKmqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.29.253.0/24
                  185.250.198.0/24
                  213.181.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:1a:9b:f8:0d:39:07:6f:78:14:6b:5c:f1:94:a5:28:2a:c9:
         58:9d:fd:2e:bd:89:a4:1d:12:a6:38:4c:8a:a7:6f:22:2e:fb:
         9f:79:bd:93:27:ec:87:aa:1d:65:bb:e0:37:2d:80:50:57:42:
         18:5c:bc:a0:24:ff:de:47:ae:1c:0d:38:29:a2:91:be:ec:2c:
         dd:f4:7b:26:2e:2e:b8:9e:05:45:7c:39:26:c0:bd:1b:da:50:
         be:1c:b9:97:fd:0e:1b:4c:24:b3:d8:bd:31:03:d3:bd:f7:b7:
         52:64:21:c2:b8:26:ac:c6:58:cf:9e:7d:2b:eb:e8:9d:36:1c:
         0a:22:7a:0d:20:4e:5b:fb:93:48:6d:c7:00:97:dc:2a:28:5f:
         41:5f:38:56:24:95:8f:7b:3e:e8:0c:07:9c:f9:93:22:5e:b6:
         ec:3f:91:c1:6a:9d:a2:98:b9:af:61:0e:e1:fe:80:e9:2d:b1:
         0b:c1:76:82:4a:04:0a:a3:5c:f2:cd:1b:9e:4e:ad:9a:de:0f:
         39:16:d2:43:2d:02:6e:a7:dd:75:d0:cf:e8:73:86:01:fd:e0:
         d3:8b:31:51:a0:90:98:52:94:09:ff:00:02:52:65:16:a8:01:
         af:2e:b6:58:66:cb:4b:ba:2d:17:fd:98:15:4b:10:c2:2d:6d:
         be:0c:d6:a5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZo++HrskxjdvsmhseVhtMqHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MmM0MTVkMTc3NWFlOTk5M2U5MDBhNzUzNmI0NmFiMTQ0
YTlhYTIwHhcNMjUxMTAxMTAzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjRlODc3ZTJmNGE2YzFkNDg4ZmVkN2NlNGFkZDg1ZWQ2YTA1OGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthRuDVfs02f0lPwObTV4ONBOSM68
9+3WKJZAboeC8Jwvh6r4s2hrEtxGkTy8e4ARvebbgw8tw66vC5FEmi3xUIpT30QJ
OxV597D0BXp4uM/XCQiPg2mzAlBY5jfy1RWyYB2zFeRkNvb8T3uPbPGdwdcuS9t1
Ha93BPbKKc2AIVFRNky3Wj2dfQKESW+aWVvflZ/pm+C5Kv1+3Ifrv957wsy6IZwB
+orvEUpD+HzbyxZSAhOCCxq/e+GbrctZgmpyUNDRRfy1fxretWUEkWLL2HoWCsQt
vFhU6pOSZ2HnkYoY02i4Jy6Bf9u94TfdHxXFLVa8DS1m1XmHrWT2eOVk2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJZOh34vSmwdSI/tfOSt2F7WoFihMB8GA1UdIwQY
MBaAFOksQV0Xda6Zk+kAp1NrRqsUSpqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQt
MWQ5MzRhMDQ4NDc0LzEvbGs2SGZpOUtiQjFJai0xODVLM1lYdGFnV0tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODk4YmUtYjAzNy00MjlmLWI1MDQtMWQ5MzRhMDQ4NDc0
LzEvNlN4QlhSZDFycG1UNlFDblUydEdxeFJLbXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWR39AwQA
ufrGAwQA1bVNMA0GCSqGSIb3DQEBCwUAA4IBAQBiGpv4DTkHb3gUa1zxlKUoKslY
nf0uvYmkHRKmOEyKp28iLvufeb2TJ+yHqh1lu+A3LYBQV0IYXLygJP/eR64cDTgp
opG+7Czd9HsmLi64ngVFfDkmwL0b2lC+HLmX/Q4bTCSz2L0xA9O997dSZCHCuCas
xljPnn0r6+idNhwKInoNIE5b+5NIbccAl9wqKF9BXzhWJJWPez7oDAec+ZMiXrbs
P5HBap2imLmvYQ7h/oDpLbELwXaCSgQKo1zyzRueTq2a3g85FtJDLQJup9110M/o
c4YB/eDTizFRoJCYUpQJ/wACUmUWqAGvLrZYZstLui0X/ZgVSxDCLW2+DNal
-----END CERTIFICATE-----