Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/9d66fc-31d4-4ab1-8eae-541f48924952/1/XtZEW_Ge-fj7ts452exDji_sEMc.roa
File:                     XtZEW_Ge-fj7ts452exDji_sEMc.roa (raw, json)
Hash identifier:          Z3qqH40xAjBbJprbXnVydXKDBxTyDTfpQSqRlWz/dFs=
Subject key identifier:   5E:D6:44:5B:F1:9E:F9:F8:FB:B6:CE:39:D9:EC:43:8E:2F:EC:10:C7
Certificate issuer:       /CN=ab83e64f72dd5889fb13dc218c683f6e2facf5b2
Certificate serial:       019861018F7832CDB61644BAC55C4238EB5A
Authority key identifier: AB:83:E6:4F:72:DD:58:89:FB:13:DC:21:8C:68:3F:6E:2F:AC:F5:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4PmT3LdWIn7E9whjGg_bi-s9bI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/9d66fc-31d4-4ab1-8eae-541f48924952/1/XtZEW_Ge-fj7ts452exDji_sEMc.roa
Signing time:             Thu 31 Jul 2025 15:02:28 +0000
ROA not before:           Thu 31 Jul 2025 15:02:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58327
IP address blocks:        5.252.252.0/22 maxlen: 24
                          89.150.32.0/24 maxlen: 24
                          89.150.37.0/24 maxlen: 24
                          89.150.39.0/24 maxlen: 24
                          89.150.42.0/24 maxlen: 24
                          94.101.124.0/22 maxlen: 24
                          176.120.168.0/21 maxlen: 24
                          185.74.193.0/24 maxlen: 24
                          185.74.194.0/23 maxlen: 24
                          185.74.194.0/24 maxlen: 24
                          185.74.195.0/24 maxlen: 24
                          185.194.25.0/24 maxlen: 24
                          185.221.191.0/24 maxlen: 24
                          185.224.93.0/24 maxlen: 24
                          185.224.94.0/23 maxlen: 24
                          185.224.94.0/24 maxlen: 24
                          185.224.95.0/24 maxlen: 24
                          185.226.228.0/24 maxlen: 24
                          185.230.144.0/24 maxlen: 24
                          185.232.135.0/24 maxlen: 24
                          185.239.4.0/22 maxlen: 24
                          188.212.32.0/23 maxlen: 24
                          193.242.188.0/23 maxlen: 24
                          2a09:4e40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/9d66fc-31d4-4ab1-8eae-541f48924952/1/q4PmT3LdWIn7E9whjGg_bi-s9bI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/9d66fc-31d4-4ab1-8eae-541f48924952/1/q4PmT3LdWIn7E9whjGg_bi-s9bI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4PmT3LdWIn7E9whjGg_bi-s9bI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:61:01:8f:78:32:cd:b6:16:44:ba:c5:5c:42:38:eb:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab83e64f72dd5889fb13dc218c683f6e2facf5b2
        Validity
            Not Before: Jul 31 15:02:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ed6445bf19ef9f8fbb6ce39d9ec438e2fec10c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:97:84:9d:d4:5a:32:51:57:a6:96:6f:cb:13:
                    64:1b:0a:50:57:9e:c1:cd:5b:20:42:41:2e:b1:e9:
                    cf:97:99:ee:b4:0a:9d:90:8d:79:c3:4f:2f:46:27:
                    32:95:4c:66:7b:59:07:5c:00:cf:3f:2c:1c:46:a5:
                    b4:bf:15:06:6b:9d:cd:9e:37:86:f5:7e:79:7e:51:
                    b6:5c:91:06:9f:24:ff:d7:24:ae:80:72:40:25:1c:
                    e2:7e:a8:87:1b:59:86:3c:3c:b9:e0:53:97:fa:ba:
                    66:f9:3a:c3:a7:46:80:9b:cb:fb:2a:c3:9d:35:c0:
                    38:6a:94:08:c1:67:71:6f:d4:3a:e4:d7:53:0e:01:
                    be:95:98:01:26:e0:59:31:eb:f8:19:66:60:2b:6a:
                    04:a5:6f:55:c4:62:f3:98:21:16:7f:06:ec:dd:d3:
                    1e:ef:3e:9b:f8:7d:d5:92:1d:42:d5:97:25:a8:72:
                    8f:ec:9c:7f:76:1d:22:c1:ee:d7:f8:d7:04:77:c6:
                    44:f4:ca:4a:cc:cb:02:38:9e:0e:87:e1:32:13:65:
                    8f:ab:b7:98:a3:29:4b:96:b9:13:63:26:7e:6a:e4:
                    2a:c5:9c:24:52:ca:1a:6a:58:cc:05:34:70:9b:79:
                    9f:70:23:6f:48:2c:0f:15:4b:68:4d:fb:13:23:c8:
                    d3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D6:44:5B:F1:9E:F9:F8:FB:B6:CE:39:D9:EC:43:8E:2F:EC:10:C7
            X509v3 Authority Key Identifier:
                keyid:AB:83:E6:4F:72:DD:58:89:FB:13:DC:21:8C:68:3F:6E:2F:AC:F5:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4PmT3LdWIn7E9whjGg_bi-s9bI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/9d66fc-31d4-4ab1-8eae-541f48924952/1/XtZEW_Ge-fj7ts452exDji_sEMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/9d66fc-31d4-4ab1-8eae-541f48924952/1/q4PmT3LdWIn7E9whjGg_bi-s9bI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.252.0/22
                  89.150.32.0/24
                  89.150.37.0/24
                  89.150.39.0/24
                  89.150.42.0/24
                  94.101.124.0/22
                  176.120.168.0/21
                  185.74.193.0-185.74.195.255
                  185.194.25.0/24
                  185.221.191.0/24
                  185.224.93.0-185.224.95.255
                  185.226.228.0/24
                  185.230.144.0/24
                  185.232.135.0/24
                  185.239.4.0/22
                  188.212.32.0/23
                  193.242.188.0/23
                IPv6:
                  2a09:4e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:37:7e:06:42:48:48:65:85:59:c8:9c:a0:86:55:1d:65:38:
         8c:d9:a4:b6:e1:14:02:02:a5:e7:49:fd:9f:ee:08:95:79:f4:
         30:2c:e0:76:99:20:c6:c7:4b:0f:80:7b:54:62:0d:8b:da:89:
         e7:61:25:6b:c4:a3:99:92:80:a8:86:7e:e4:b3:12:ae:0d:d2:
         40:cb:e9:8a:e1:ce:b0:3b:99:7d:eb:b9:5c:38:92:a4:ab:68:
         d0:54:9a:9a:97:2e:b2:95:53:41:5e:ae:ed:47:00:d0:34:01:
         49:56:21:0d:cd:01:e3:7b:bc:14:e9:89:b5:1d:ab:51:63:7a:
         79:7a:6e:c1:03:38:38:e3:76:b4:6a:6a:02:67:cc:4c:17:6c:
         28:44:83:e1:6d:f1:f2:35:a4:48:1a:03:a0:41:61:f1:9b:c1:
         aa:fd:73:72:15:a1:30:72:2c:99:c6:89:cf:d8:4b:06:73:7a:
         ee:83:51:de:14:94:ff:30:cf:d9:6a:af:66:c7:c0:83:f2:c7:
         36:12:e5:19:a6:3d:1c:84:58:50:cd:5c:3a:f9:b8:06:3f:8c:
         ec:71:bb:57:ce:c5:bb:51:5b:42:72:74:b6:e9:4c:28:8d:c3:
         67:06:e1:92:74:3a:e9:90:19:ae:0f:b8:2d:52:3c:83:8f:69:
         90:b7:ba:2a
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgISAZhhAY94Ms22FkS6xVxCOOtaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiODNlNjRmNzJkZDU4ODlmYjEzZGMyMThjNjgzZjZlMmZh
Y2Y1YjIwHhcNMjUwNzMxMTUwMjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQ2NDQ1YmYxOWVmOWY4ZmJiNmNlMzlkOWVjNDM4ZTJmZWMxMGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJeEndRaMlFXppZvyxNkGwpQV57B
zVsgQkEusenPl5nutAqdkI15w08vRicylUxme1kHXADPPywcRqW0vxUGa53NnjeG
9X55flG2XJEGnyT/1ySugHJAJRzifqiHG1mGPDy54FOX+rpm+TrDp0aAm8v7KsOd
NcA4apQIwWdxb9Q65NdTDgG+lZgBJuBZMev4GWZgK2oEpW9VxGLzmCEWfwbs3dMe
7z6b+H3Vkh1C1ZclqHKP7Jx/dh0iwe7X+NcEd8ZE9MpKzMsCOJ4Oh+EyE2WPq7eY
oylLlrkTYyZ+auQqxZwkUsoaaljMBTRwm3mfcCNvSCwPFUtoTfsTI8jT7wIDAQAB
o4ICizCCAocwHQYDVR0OBBYEFF7WRFvxnvn4+7bOOdnsQ44v7BDHMB8GA1UdIwQY
MBaAFKuD5k9y3ViJ+xPcIYxoP24vrPWyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTRQbVQzTGRXSW43RTl3aGpHZ19iaS1zOWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS85ZDY2ZmMtMzFkNC00YWIxLThlYWUt
NTQxZjQ4OTI0OTUyLzEvWHRaRVdfR2UtZmo3dHM0NTJleERqaV9zRU1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS85ZDY2ZmMtMzFkNC00YWIxLThlYWUtNTQxZjQ4OTI0OTUy
LzEvcTRQbVQzTGRXSW43RTl3aGpHZ19iaS1zOWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGgBggrBgEFBQcBBwEB/wSBkDCBjTB8BAIAATB2AwQCBfz8
AwQAWZYgAwQAWZYlAwQAWZYnAwQAWZYqAwQCXmV8AwQDsHioMAwDBAC5SsEDBAK5
SsADBAC5whkDBAC53b8wDAMEALngXQMEBbngQAMEALni5AMEALnmkAMEALnohwME
ArnvBAMEAbzUIAMEAcHyvDANBAIAAjAHAwUDKglOQDANBgkqhkiG9w0BAQsFAAOC
AQEAJDd+BkJISGWFWcicoIZVHWU4jNmktuEUAgKl50n9n+4IlXn0MCzgdpkgxsdL
D4B7VGINi9qJ52Ela8SjmZKAqIZ+5LMSrg3SQMvpiuHOsDuZfeu5XDiSpKto0FSa
mpcuspVTQV6u7UcA0DQBSVYhDc0B43u8FOmJtR2rUWN6eXpuwQM4OON2tGpqAmfM
TBdsKESD4W3x8jWkSBoDoEFh8ZvBqv1zchWhMHIsmcaJz9hLBnN67oNR3hSU/zDP
2WqvZsfAg/LHNhLlGaY9HIRYUM1cOvm4Bj+M7HG7V87Fu1FbQnJ0tulMKI3DZwbh
knQ66ZAZrg+4LVI8g49pkLe6Kg==
-----END CERTIFICATE-----
Generated at Thu Aug 7 03:22:35 2025 by rpki-client