Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/njDYe726b4g2WziR2Ptwk7nKcuY.roa
File:                     njDYe726b4g2WziR2Ptwk7nKcuY.roa (raw, json)
Hash identifier:          VXhuuRrPIfDG/tnSpO40Vj0Xu3bXnbZugw4OVwrCghg=
Subject key identifier:   9E:30:D8:7B:BD:BA:6F:88:36:5B:38:91:D8:FB:70:93:B9:CA:72:E6
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01986A02F0D98D2F22EBA8EE7B8BAFF0EE05
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/njDYe726b4g2WziR2Ptwk7nKcuY.roa
Signing time:             Sat 02 Aug 2025 09:00:34 +0000
ROA not before:           Sat 02 Aug 2025 09:00:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59592
IP address blocks:        5.230.206.0/24 maxlen: 32
                          5.230.220.0/24 maxlen: 32
                          5.231.87.0/24 maxlen: 32
                          5.231.200.0/24 maxlen: 32
                          185.13.158.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6a:02:f0:d9:8d:2f:22:eb:a8:ee:7b:8b:af:f0:ee:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Aug  2 09:00:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e30d87bbdba6f88365b3891d8fb7093b9ca72e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cd:97:77:c0:aa:9d:43:ec:92:b6:ed:da:c3:
                    93:0e:66:22:b1:87:11:0d:2b:3e:78:45:2e:e2:ed:
                    7d:cf:c3:dd:c2:f8:a3:99:c9:9c:f3:40:81:73:c2:
                    d0:e2:ca:c2:63:f9:5b:fe:39:04:ee:81:84:4b:68:
                    85:ba:1d:c8:96:24:79:40:ac:35:05:fe:f8:59:e8:
                    5b:ec:4f:18:00:3b:2f:91:d8:1c:21:e9:87:1b:48:
                    05:e8:de:c1:ef:f9:a9:97:65:9f:59:07:2a:f8:c9:
                    21:e6:59:5f:bc:ec:08:28:a2:43:5a:0d:00:26:69:
                    ce:1e:c1:01:45:ab:dd:cc:f6:a2:10:7d:96:c9:c6:
                    1b:8e:68:0f:43:4c:71:ed:e7:dc:73:11:ad:45:41:
                    98:70:15:a1:83:59:01:f9:aa:cc:32:b4:65:38:5e:
                    fb:6c:f7:32:5a:b8:19:88:34:4e:b4:6e:64:6a:7f:
                    0c:68:4d:ad:94:22:ef:f1:40:1d:0e:db:6b:bd:ae:
                    31:4b:50:47:84:5c:21:bb:3f:a7:17:10:52:f3:43:
                    15:de:fb:76:aa:88:3d:0f:62:c7:08:a1:02:7e:17:
                    6a:0e:7e:4c:c9:eb:0c:51:2c:46:3e:b5:db:2a:d8:
                    70:88:f5:a0:ee:bc:81:c5:e4:6f:3b:2e:4d:b4:af:
                    d1:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:30:D8:7B:BD:BA:6F:88:36:5B:38:91:D8:FB:70:93:B9:CA:72:E6
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/njDYe726b4g2WziR2Ptwk7nKcuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.230.206.0/24
                  5.230.220.0/24
                  5.231.87.0/24
                  5.231.200.0/24
                  185.13.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:8d:b1:c5:e7:8e:6e:93:80:f1:16:4e:95:30:4d:9e:f7:fb:
         40:24:da:25:82:cb:4f:21:49:14:26:94:9b:e1:78:f7:39:f1:
         b9:b5:a4:ae:a9:f4:63:d5:45:d9:17:22:aa:e1:aa:15:98:e7:
         d1:27:9a:2d:db:0d:24:75:01:fd:f1:22:d3:a1:36:a9:ba:58:
         66:ad:7c:a6:a0:f4:4d:4a:32:23:55:85:20:64:98:24:1d:67:
         1c:55:d9:f8:8a:f3:0b:23:52:6f:6d:64:56:06:d7:aa:84:07:
         59:44:2d:c1:52:84:84:db:90:d8:2c:93:41:de:16:66:20:af:
         cc:f7:23:40:ba:c8:5f:ea:fa:2e:d4:11:15:a5:d3:c5:3a:b6:
         7b:8e:33:c7:cd:b0:b2:8e:81:dd:21:80:24:b4:f8:ae:a7:e5:
         43:c2:07:2d:5f:fc:55:21:e4:a3:33:58:5a:8e:4f:62:aa:b5:
         a4:b2:18:7e:ba:4d:01:ed:02:56:97:4b:69:90:15:f7:e0:7f:
         2f:5c:ba:73:d6:0d:5a:6d:1c:c6:b7:65:fa:62:5d:f8:d3:09:
         be:10:ea:6e:2e:28:93:ee:73:ab:9c:73:ca:07:57:33:a1:a2:
         48:37:b3:f1:cc:ec:8d:19:1d:f7:a0:94:9b:61:c1:30:3b:b0:
         9f:95:df:f7
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZhqAvDZjS8i66jue4uv8O4FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwODAyMDkwMDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTMwZDg3YmJkYmE2Zjg4MzY1YjM4OTFkOGZiNzA5M2I5Y2E3MmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAss2Xd8CqnUPskrbt2sOTDmYisYcR
DSs+eEUu4u19z8Pdwvijmcmc80CBc8LQ4srCY/lb/jkE7oGES2iFuh3IliR5QKw1
Bf74Wehb7E8YADsvkdgcIemHG0gF6N7B7/mpl2WfWQcq+Mkh5llfvOwIKKJDWg0A
JmnOHsEBRavdzPaiEH2WycYbjmgPQ0xx7efccxGtRUGYcBWhg1kB+arMMrRlOF77
bPcyWrgZiDROtG5kan8MaE2tlCLv8UAdDttrva4xS1BHhFwhuz+nFxBS80MV3vt2
qog9D2LHCKECfhdqDn5MyesMUSxGPrXbKthwiPWg7ryBxeRvOy5NtK/R8QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJ4w2Hu9um+INls4kdj7cJO5ynLmMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvbmpEWWU3MjZiNGcyV3ppUjJQdHdrN25LY3VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQABebOAwQA
BebcAwQABedXAwQABefIAwQAuQ2eMA0GCSqGSIb3DQEBCwUAA4IBAQA9jbHF545u
k4DxFk6VME2e9/tAJNolgstPIUkUJpSb4Xj3OfG5taSuqfRj1UXZFyKq4aoVmOfR
J5ot2w0kdQH98SLToTapulhmrXymoPRNSjIjVYUgZJgkHWccVdn4ivMLI1JvbWRW
BteqhAdZRC3BUoSE25DYLJNB3hZmIK/M9yNAushf6vou1BEVpdPFOrZ7jjPHzbCy
joHdIYAktPiup+VDwgctX/xVIeSjM1hajk9iqrWkshh+uk0B7QJWl0tpkBX34H8v
XLpz1g1abRzGt2X6Yl340wm+EOpuLiiT7nOrnHPKB1czoaJIN7PxzOyNGR33oJSb
YcEwO7Cfld/3
-----END CERTIFICATE-----
Generated at Sat Aug 9 23:11:27 2025 by rpki-client