Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/bPxYWT1wnngqDhHRNDBAtz9BJgs.roa
File:                     bPxYWT1wnngqDhHRNDBAtz9BJgs.roa (raw, json)
Hash identifier:          nWexsycSC4zjDn7e4SR1Q+j4Ka0KKXzBUyIVuPqcH7c=
Subject key identifier:   6C:FC:58:59:3D:70:9E:78:2A:0E:11:D1:34:30:40:B7:3F:41:26:0B
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       0198A2824BAC07D9F598A5B9AF0131F7C7B4
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/bPxYWT1wnngqDhHRNDBAtz9BJgs.roa
Signing time:             Wed 13 Aug 2025 08:18:24 +0000
ROA not before:           Wed 13 Aug 2025 08:18:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401838
IP address blocks:        89.23.80.0/24 maxlen: 24
                          89.23.87.0/24 maxlen: 24
                          89.23.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:82:4b:ac:07:d9:f5:98:a5:b9:af:01:31:f7:c7:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Aug 13 08:18:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6cfc58593d709e782a0e11d1343040b73f41260b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:74:9a:a8:5b:a0:85:1e:07:34:80:7e:2d:88:
                    3d:de:e0:44:81:1d:4d:b7:b2:36:78:a0:74:32:e5:
                    fe:aa:63:80:e0:27:7d:8b:74:07:97:d6:20:1f:40:
                    96:4b:12:18:04:3f:e0:7a:bb:a9:32:30:0a:3e:9f:
                    44:e8:e5:2f:3d:dc:1a:71:33:24:7f:20:ca:40:cc:
                    54:3e:07:4b:1f:82:7a:50:78:7e:3f:59:78:6a:dc:
                    60:7c:68:20:81:fd:4b:85:dc:a5:22:28:31:c6:46:
                    ca:09:ff:54:eb:2d:96:82:34:ad:5f:d2:93:9c:a1:
                    e0:75:fb:8c:f9:43:23:1f:73:21:e1:28:af:35:ca:
                    9c:29:2e:29:66:0c:c7:1f:f6:6f:4e:1a:e8:41:f3:
                    8f:d5:d5:b3:45:98:f6:32:2e:9e:f0:9a:b9:1d:46:
                    c1:17:b5:00:ed:aa:86:a6:fd:76:4e:bf:9c:ab:f0:
                    f5:5d:12:36:a7:4c:0f:c4:e0:f4:9f:67:10:cc:fb:
                    45:80:6a:d3:0b:1a:14:7b:54:b0:9c:4f:2b:00:3b:
                    3e:98:dd:13:ee:ca:b6:f3:4d:af:16:ad:83:e2:dd:
                    d2:86:ac:dd:84:8f:a7:1e:4f:16:0c:9e:dc:1c:09:
                    82:ab:d6:84:00:df:f2:3a:a8:a9:73:c1:e8:11:fd:
                    33:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:FC:58:59:3D:70:9E:78:2A:0E:11:D1:34:30:40:B7:3F:41:26:0B
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/bPxYWT1wnngqDhHRNDBAtz9BJgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.80.0/24
                  89.23.87.0/24
                  89.23.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:7f:6a:87:fd:22:b2:83:03:b5:61:39:fe:75:45:d4:a3:96:
         7d:d9:d3:16:5b:7d:57:0f:ac:bd:a9:68:3f:b6:45:49:e2:3f:
         bf:de:b4:8b:8f:b3:32:78:ef:97:32:d3:c8:0a:18:9b:d5:63:
         3d:c0:4b:5d:78:8d:64:d8:c1:92:58:47:e0:ca:90:9e:c7:5c:
         91:36:83:68:81:1f:99:a2:94:4b:0a:c4:65:df:1e:1e:99:fa:
         b1:bf:0e:9b:13:ef:ce:36:43:12:82:1e:84:ef:1c:45:d2:7e:
         75:2c:5e:2f:f0:3a:c0:d5:89:79:f4:de:f5:ed:52:08:5f:3a:
         2c:f9:4f:2f:64:97:8e:cc:d3:42:a5:0e:33:43:54:ec:79:11:
         eb:a6:ae:56:63:0f:e2:17:8e:fb:96:b5:55:30:d3:d8:68:14:
         a3:c2:cc:c7:64:e6:fe:44:ad:27:82:06:c9:f7:28:ed:35:08:
         de:e6:fa:f4:a6:1f:6a:53:0a:fd:cc:4d:ba:68:c5:5e:97:5e:
         d2:21:a7:a2:6e:87:73:64:1b:10:7c:5b:5b:7e:b7:8c:57:42:
         d4:e6:e7:04:94:2b:31:7e:7c:60:0a:8f:95:59:7a:bf:4e:99:
         ab:85:4b:47:e7:8d:08:43:08:2d:cf:f8:b7:e6:96:1d:d7:d9:
         17:34:1a:78
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZiigkusB9n1mKW5rwEx98e0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwODEzMDgxODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2ZjNTg1OTNkNzA5ZTc4MmEwZTExZDEzNDMwNDBiNzNmNDEyNjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23SaqFughR4HNIB+LYg93uBEgR1N
t7I2eKB0MuX+qmOA4Cd9i3QHl9YgH0CWSxIYBD/gerupMjAKPp9E6OUvPdwacTMk
fyDKQMxUPgdLH4J6UHh+P1l4atxgfGgggf1LhdylIigxxkbKCf9U6y2WgjStX9KT
nKHgdfuM+UMjH3Mh4SivNcqcKS4pZgzHH/ZvThroQfOP1dWzRZj2Mi6e8Jq5HUbB
F7UA7aqGpv12Tr+cq/D1XRI2p0wPxOD0n2cQzPtFgGrTCxoUe1SwnE8rADs+mN0T
7sq2802vFq2D4t3ShqzdhI+nHk8WDJ7cHAmCq9aEAN/yOqipc8HoEf0zdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGz8WFk9cJ54Kg4R0TQwQLc/QSYLMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvYlB4WVdUMXdubmdxRGhIUk5EQkF0ejlCSmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWRdQAwQA
WRdXAwQAWRdcMA0GCSqGSIb3DQEBCwUAA4IBAQAff2qH/SKygwO1YTn+dUXUo5Z9
2dMWW31XD6y9qWg/tkVJ4j+/3rSLj7MyeO+XMtPIChib1WM9wEtdeI1k2MGSWEfg
ypCex1yRNoNogR+ZopRLCsRl3x4emfqxvw6bE+/ONkMSgh6E7xxF0n51LF4v8DrA
1Yl59N717VIIXzos+U8vZJeOzNNCpQ4zQ1TseRHrpq5WYw/iF477lrVVMNPYaBSj
wszHZOb+RK0nggbJ9yjtNQje5vr0ph9qUwr9zE26aMVel17SIaeibodzZBsQfFtb
freMV0LU5ucElCsxfnxgCo+VWXq/TpmrhUtH540IQwgtz/i35pYd19kXNBp4
-----END CERTIFICATE-----