Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/ZgLRGBOuTRlKdAwAIwUuWyAMLkc.roa
File:                     ZgLRGBOuTRlKdAwAIwUuWyAMLkc.roa (raw, json)
Hash identifier:          8GL12T13sCWwu0TNyAChyir1hWBQIOYdOllBDYRok7Y=
Subject key identifier:   66:02:D1:18:13:AE:4D:19:4A:74:0C:00:23:05:2E:5B:20:0C:2E:47
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       0198AAFE8794E7FD7BDC841371C079C9B7C6
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/ZgLRGBOuTRlKdAwAIwUuWyAMLkc.roa
Signing time:             Thu 14 Aug 2025 23:51:04 +0000
ROA not before:           Thu 14 Aug 2025 23:51:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398493
IP address blocks:        89.187.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:aa:fe:87:94:e7:fd:7b:dc:84:13:71:c0:79:c9:b7:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Aug 14 23:51:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6602d11813ae4d194a740c0023052e5b200c2e47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:82:04:5d:87:6e:34:94:c1:57:79:1e:eb:bd:
                    25:95:b4:1d:d0:a0:c5:8f:12:97:e8:46:82:09:86:
                    fb:1f:13:cc:cc:e6:bf:50:7e:ce:04:66:89:87:3e:
                    eb:49:26:aa:ea:33:7a:f8:17:70:64:d2:71:de:43:
                    39:61:c1:93:7a:bc:74:07:8e:12:80:9a:1c:c1:13:
                    71:6a:41:35:80:e8:0f:bc:0d:ac:cc:01:6b:99:82:
                    0b:d7:1f:84:ce:72:5c:e2:0a:70:57:f4:89:3b:f6:
                    99:19:e2:69:e3:ab:95:67:c5:ac:b0:91:6a:74:82:
                    30:58:24:a0:9c:66:7d:4c:71:e9:e5:fc:fc:1d:18:
                    b9:dd:3d:4b:f3:73:2f:61:89:68:2c:fa:c2:82:0e:
                    90:2f:06:9b:28:67:f6:b1:62:f6:4e:f1:fa:d3:00:
                    22:7a:42:37:a1:7d:32:f9:e4:7e:bf:18:f0:ed:fd:
                    f3:c4:06:e8:5d:5d:60:fb:b9:f0:e8:8a:0d:6b:12:
                    ec:3b:c2:54:82:a5:d4:82:ff:d8:17:ee:81:65:99:
                    bd:19:7a:cb:b2:a3:b9:a8:eb:16:18:36:92:ea:27:
                    bf:9d:7b:70:db:2e:41:73:44:e3:06:d0:0e:bf:88:
                    83:04:47:92:77:6c:66:3d:29:36:ee:72:f3:b1:89:
                    d6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:02:D1:18:13:AE:4D:19:4A:74:0C:00:23:05:2E:5B:20:0C:2E:47
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/ZgLRGBOuTRlKdAwAIwUuWyAMLkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:cf:c7:c0:0a:b1:bc:8b:f6:61:4b:15:ca:8a:d1:64:d2:11:
         55:17:15:ff:05:9b:cc:bf:50:1b:ee:75:d3:18:25:96:a1:0c:
         60:f3:4b:6b:56:49:91:25:62:5d:1c:6c:b6:42:a5:fb:6f:5d:
         38:ab:dc:84:86:b6:6d:74:e5:17:0e:fe:dd:08:7a:b5:27:77:
         d7:ab:af:fe:6d:61:3b:cd:04:ee:4d:90:3b:2f:a8:80:ab:10:
         b8:f5:9e:42:96:8e:c3:3c:77:8e:b6:a6:b9:b7:22:1b:1d:38:
         60:cf:98:1e:77:66:bc:e8:d2:4a:40:7c:85:75:73:46:8c:87:
         e3:a2:0e:cb:b6:ea:1d:2e:6d:ac:d3:5e:8f:c1:3b:52:6d:6b:
         9b:f4:95:56:4a:f3:b2:f4:d2:3b:cf:42:3c:af:64:66:c1:44:
         e6:0d:6d:4c:50:73:c4:c8:ab:cf:07:38:4f:9c:03:94:8d:b2:
         6e:ff:44:40:95:32:38:36:a0:d7:4f:86:f9:b3:96:79:b6:64:
         94:5c:0f:2e:67:4a:be:41:7e:21:e8:aa:7e:0f:72:1b:23:5c:
         37:32:2a:cb:a8:e9:c8:21:b4:1d:c6:b5:ba:db:71:b9:76:be:
         5c:b9:1d:2d:ed:77:9e:f7:93:b1:b4:32:c6:b7:50:18:a2:8c:
         69:61:b4:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiq/oeU5/173IQTccB5ybfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwODE0MjM1MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjAyZDExODEzYWU0ZDE5NGE3NDBjMDAyMzA1MmU1YjIwMGMyZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYIEXYduNJTBV3ke670llbQd0KDF
jxKX6EaCCYb7HxPMzOa/UH7OBGaJhz7rSSaq6jN6+BdwZNJx3kM5YcGTerx0B44S
gJocwRNxakE1gOgPvA2szAFrmYIL1x+EznJc4gpwV/SJO/aZGeJp46uVZ8WssJFq
dIIwWCSgnGZ9THHp5fz8HRi53T1L83MvYYloLPrCgg6QLwabKGf2sWL2TvH60wAi
ekI3oX0y+eR+vxjw7f3zxAboXV1g+7nw6IoNaxLsO8JUgqXUgv/YF+6BZZm9GXrL
sqO5qOsWGDaS6ie/nXtw2y5Bc0TjBtAOv4iDBEeSd2xmPSk27nLzsYnWGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYC0RgTrk0ZSnQMACMFLlsgDC5HMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvWmdMUkdCT3VUUmxLZEF3QUl3VXVXeUFNTGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsQMA0G
CSqGSIb3DQEBCwUAA4IBAQCpz8fACrG8i/ZhSxXKitFk0hFVFxX/BZvMv1Ab7nXT
GCWWoQxg80trVkmRJWJdHGy2QqX7b104q9yEhrZtdOUXDv7dCHq1J3fXq6/+bWE7
zQTuTZA7L6iAqxC49Z5Clo7DPHeOtqa5tyIbHThgz5ged2a86NJKQHyFdXNGjIfj
og7LtuodLm2s016PwTtSbWub9JVWSvOy9NI7z0I8r2RmwUTmDW1MUHPEyKvPBzhP
nAOUjbJu/0RAlTI4NqDXT4b5s5Z5tmSUXA8uZ0q+QX4h6Kp+D3IbI1w3MirLqOnI
IbQdxrW623G5dr5cuR0t7Xee95OxtDLGt1AYooxpYbSB
-----END CERTIFICATE-----