Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/xntX6e2Ro6nx0pT-_XXXd4WhiXI.roa
File:                     xntX6e2Ro6nx0pT-_XXXd4WhiXI.roa (raw, json)
Hash identifier:          kzeIDxQTqDwFVlgdOpzmjaQaiKiE2/aOOhhrIPQ8aQQ=
Subject key identifier:   C6:7B:57:E9:ED:91:A3:A9:F1:D2:94:FE:FD:75:D7:77:85:A1:89:72
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019A0CAB965B3A2FD6C74C8B8FA77EEF78EE
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/xntX6e2Ro6nx0pT-_XXXd4WhiXI.roa
Signing time:             Wed 22 Oct 2025 16:06:03 +0000
ROA not before:           Wed 22 Oct 2025 16:06:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206766
IP address blocks:        89.187.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0c:ab:96:5b:3a:2f:d6:c7:4c:8b:8f:a7:7e:ef:78:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Oct 22 16:06:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c67b57e9ed91a3a9f1d294fefd75d77785a18972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f9:f2:3f:e5:29:42:ff:bf:fd:73:77:b3:7d:
                    b9:d9:11:21:be:c0:fd:8d:db:69:dc:3e:db:1c:fd:
                    2b:5e:f5:1d:78:8a:a6:76:ec:be:0b:01:d8:bf:36:
                    e3:45:07:e4:4c:44:3e:6a:54:90:17:1d:18:9b:cb:
                    8e:34:f3:5b:a2:e2:a6:57:85:32:37:46:29:b9:bd:
                    96:6e:20:85:6d:4a:61:1e:6b:80:91:13:5a:a7:50:
                    0f:b9:2c:8d:47:a2:6e:5b:06:1a:86:4b:ff:93:1b:
                    50:a0:a3:1b:cb:52:ac:eb:c1:c7:7b:25:da:80:52:
                    3d:2c:96:c9:9a:6d:93:b6:0d:fe:9a:0c:f9:30:38:
                    6a:f8:b3:2d:a6:9f:bc:77:9e:da:7b:f8:45:0d:01:
                    3c:a5:fe:66:4b:a8:ab:1c:a4:5e:56:d3:04:6b:77:
                    b4:e2:5b:bf:2b:17:c5:10:3a:96:55:9b:0a:dd:b2:
                    12:c8:7e:3f:b1:ba:cf:31:ba:03:05:05:d7:35:5e:
                    9a:c8:f4:45:db:94:12:26:63:61:9d:a2:2b:48:09:
                    30:8c:59:5c:43:6f:d1:3c:d6:35:e6:72:db:a4:b5:
                    28:7b:49:ad:62:eb:a3:e1:8e:3b:b1:1d:51:07:48:
                    db:63:96:d2:5a:7b:87:bb:c5:fd:8f:76:63:9d:d1:
                    17:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:7B:57:E9:ED:91:A3:A9:F1:D2:94:FE:FD:75:D7:77:85:A1:89:72
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/xntX6e2Ro6nx0pT-_XXXd4WhiXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:56:51:20:8c:15:e5:17:db:6e:b4:27:38:97:f7:c2:2d:31:
         ff:62:1c:f0:50:10:fb:28:ee:bf:e0:54:c3:64:ee:d8:f0:dc:
         9f:a8:9b:a6:11:aa:ac:ec:31:86:a9:35:bd:c2:c1:1d:6c:94:
         1b:89:fd:c5:58:0f:33:bd:0d:89:b5:04:a6:62:4f:fd:ef:8b:
         0e:96:f2:ab:1d:f5:1e:20:06:29:5e:ae:40:5f:5b:75:15:09:
         f2:c0:6c:c3:63:43:c1:a5:26:86:98:6e:ca:c6:bd:7a:f8:1f:
         40:b1:72:dd:b1:b7:65:f5:61:80:bb:bc:08:9b:e5:eb:dd:7d:
         cd:1e:44:14:c0:9d:d1:2e:6a:dc:94:6c:b0:79:4b:35:4b:8b:
         53:dd:14:a8:cf:7f:92:82:bc:85:22:b7:1d:3f:26:a4:c2:11:
         01:11:dc:8e:71:9a:0a:52:6b:c1:da:40:a7:2e:08:24:4f:34:
         ac:81:84:9c:ef:e7:4a:76:00:bc:97:a0:61:9f:ae:7d:93:42:
         26:d6:11:25:f4:fd:d1:8c:25:31:84:77:b1:8f:22:1f:10:cb:
         fb:37:c3:7c:c9:50:df:50:1b:ba:04:45:c9:49:fe:81:20:34:
         3e:3b:44:a6:99:00:5c:87:44:49:dc:41:53:9f:14:3f:07:ad:
         3b:37:4c:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoMq5ZbOi/Wx0yLj6d+73juMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUxMDIyMTYwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjdiNTdlOWVkOTFhM2E5ZjFkMjk0ZmVmZDc1ZDc3Nzg1YTE4OTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfnyP+UpQv+//XN3s3252REhvsD9
jdtp3D7bHP0rXvUdeIqmduy+CwHYvzbjRQfkTEQ+alSQFx0Ym8uONPNbouKmV4Uy
N0Ypub2WbiCFbUphHmuAkRNap1APuSyNR6JuWwYahkv/kxtQoKMby1Ks68HHeyXa
gFI9LJbJmm2Ttg3+mgz5MDhq+LMtpp+8d57ae/hFDQE8pf5mS6irHKReVtMEa3e0
4lu/KxfFEDqWVZsK3bISyH4/sbrPMboDBQXXNV6ayPRF25QSJmNhnaIrSAkwjFlc
Q2/RPNY15nLbpLUoe0mtYuuj4Y47sR1RB0jbY5bSWnuHu8X9j3ZjndEXkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZ7V+ntkaOp8dKU/v1113eFoYlyMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEveG50WDZlMlJvNm54MHBULV9YWFhkNFdoaVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsQMA0G
CSqGSIb3DQEBCwUAA4IBAQB0VlEgjBXlF9tutCc4l/fCLTH/YhzwUBD7KO6/4FTD
ZO7Y8NyfqJumEaqs7DGGqTW9wsEdbJQbif3FWA8zvQ2JtQSmYk/974sOlvKrHfUe
IAYpXq5AX1t1FQnywGzDY0PBpSaGmG7Kxr16+B9AsXLdsbdl9WGAu7wIm+Xr3X3N
HkQUwJ3RLmrclGyweUs1S4tT3RSoz3+SgryFIrcdPyakwhEBEdyOcZoKUmvB2kCn
LggkTzSsgYSc7+dKdgC8l6Bhn659k0Im1hEl9P3RjCUxhHexjyIfEMv7N8N8yVDf
UBu6BEXJSf6BIDQ+O0SmmQBch0RJ3EFTnxQ/B607N0x/
-----END CERTIFICATE-----