Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/GYbgIpUJ2seJS9kIar91PzjOsTk.roa
File:                     GYbgIpUJ2seJS9kIar91PzjOsTk.roa (raw, json)
Hash identifier:          Sft+eVNlVqLwMwv3LlRPAhyfnZin5Qt8K2ft9glXOtM=
Subject key identifier:   19:86:E0:22:95:09:DA:C7:89:4B:D9:08:6A:BF:75:3F:38:CE:B1:39
Certificate issuer:       /CN=6764b9eeca258ae78c4d51321a8bdfef9a2b6a3c
Certificate serial:       019888558CA277A698286E5550856475A04C
Authority key identifier: 67:64:B9:EE:CA:25:8A:E7:8C:4D:51:32:1A:8B:DF:EF:9A:2B:6A:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/GYbgIpUJ2seJS9kIar91PzjOsTk.roa
Signing time:             Fri 08 Aug 2025 06:19:24 +0000
ROA not before:           Fri 08 Aug 2025 06:19:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20912
IP address blocks:        193.36.108.0/22 maxlen: 22
                          193.36.108.0/23 maxlen: 23
                          193.36.108.0/24 maxlen: 24
                          193.36.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 08:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:88:55:8c:a2:77:a6:98:28:6e:55:50:85:64:75:a0:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6764b9eeca258ae78c4d51321a8bdfef9a2b6a3c
        Validity
            Not Before: Aug  8 06:19:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1986e0229509dac7894bd9086abf753f38ceb139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:79:f6:91:f4:e8:0e:42:d8:57:24:2b:51:f9:
                    2d:ed:e8:21:e8:b7:c2:ac:44:65:07:70:36:fb:4d:
                    76:6c:62:a7:01:c4:76:7b:b3:75:fb:6b:ee:11:ab:
                    ed:00:a8:cd:ad:ac:12:92:c3:38:7c:3d:c4:3b:f3:
                    5e:ad:c8:13:cc:14:d6:e1:d3:62:bb:c7:a8:f4:ef:
                    90:f8:64:63:06:46:ce:2a:f3:6d:ce:13:a2:c6:72:
                    1d:a2:29:8a:6a:94:a1:7e:71:dd:8b:71:f1:f3:ae:
                    92:2c:ef:83:fe:80:94:e4:f4:20:7e:37:a1:0c:b9:
                    ac:b9:be:9c:d4:c7:d2:21:74:d0:68:a1:84:2b:1e:
                    5c:93:23:56:09:e5:a3:5a:67:23:cc:c2:56:00:b5:
                    c2:91:a1:68:e0:65:68:0a:e0:85:5e:a7:34:aa:fe:
                    40:43:dd:5b:bc:f9:1a:78:28:ca:d1:d8:1c:3e:a7:
                    68:6d:37:30:78:a0:01:ac:63:75:2d:60:41:e1:65:
                    61:55:4b:a0:7a:38:3e:40:ae:f4:ca:32:3a:65:a5:
                    82:f3:dd:9a:bf:8f:05:42:43:03:1e:fd:e5:1f:20:
                    38:76:e8:7e:94:3b:c1:db:a5:8e:74:89:09:9a:cd:
                    75:77:01:3f:3f:fd:fe:54:db:0d:b3:b7:91:05:61:
                    4f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:86:E0:22:95:09:DA:C7:89:4B:D9:08:6A:BF:75:3F:38:CE:B1:39
            X509v3 Authority Key Identifier:
                keyid:67:64:B9:EE:CA:25:8A:E7:8C:4D:51:32:1A:8B:DF:EF:9A:2B:6A:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/GYbgIpUJ2seJS9kIar91PzjOsTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:ae:55:36:f3:c1:95:c3:29:56:ea:d8:22:dd:45:33:d0:86:
         53:b2:15:e1:d7:89:3e:ce:bb:d4:13:43:1d:c5:f4:33:04:1e:
         ef:cc:36:27:c6:65:b5:c1:54:cb:3f:c7:fd:1e:e6:2c:49:51:
         1d:ed:ae:20:f6:a0:3d:e2:d3:8c:63:38:c2:27:02:6c:a1:74:
         97:45:1f:0c:4d:05:35:4f:86:47:f3:37:0a:ab:3b:a1:0f:12:
         98:8c:12:61:d7:29:9c:a1:91:1c:85:2b:f7:78:96:44:6a:45:
         cf:ca:20:08:a9:a6:fa:81:ff:73:55:f3:cb:d4:2b:03:ec:05:
         09:3c:a6:14:6e:ff:83:8c:f3:2e:2f:95:ef:3d:4b:7b:a6:5b:
         81:9a:46:f9:16:c8:d6:85:56:a1:64:c0:c1:f8:22:84:ae:f3:
         ec:3a:8e:1c:28:d9:ba:e4:2f:06:b3:91:0b:3c:3e:26:4c:c0:
         77:56:35:07:28:12:81:f8:a3:db:40:b0:08:4e:a5:f8:35:2c:
         23:52:43:d6:6f:f2:16:1b:ea:5b:45:3f:eb:4f:eb:a6:5b:6f:
         53:76:04:ce:40:4d:aa:8a:fb:16:ad:cb:f5:6f:77:8b:56:e4:
         19:89:a3:bb:86:47:5e:6a:38:45:3a:23:5e:cf:03:87:0c:b7:
         0b:10:fd:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiIVYyid6aYKG5VUIVkdaBMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NjRiOWVlY2EyNThhZTc4YzRkNTEzMjFhOGJkZmVmOWEy
YjZhM2MwHhcNMjUwODA4MDYxOTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTg2ZTAyMjk1MDlkYWM3ODk0YmQ5MDg2YWJmNzUzZjM4Y2ViMTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynn2kfToDkLYVyQrUfkt7egh6LfC
rERlB3A2+012bGKnAcR2e7N1+2vuEavtAKjNrawSksM4fD3EO/NercgTzBTW4dNi
u8eo9O+Q+GRjBkbOKvNtzhOixnIdoimKapShfnHdi3Hx866SLO+D/oCU5PQgfjeh
DLmsub6c1MfSIXTQaKGEKx5ckyNWCeWjWmcjzMJWALXCkaFo4GVoCuCFXqc0qv5A
Q91bvPkaeCjK0dgcPqdobTcweKABrGN1LWBB4WVhVUugejg+QK70yjI6ZaWC892a
v48FQkMDHv3lHyA4duh+lDvB26WOdIkJms11dwE/P/3+VNsNs7eRBWFPYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmG4CKVCdrHiUvZCGq/dT84zrE5MB8GA1UdIwQY
MBaAFGdkue7KJYrnjE1RMhqL3++aK2o8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjJTNTdzb2xpdWVNVFZFeUdvdmY3NW9yYWp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9lMzMzNWYtNDExNC00NDgyLThlMTIt
NDI1NmE0NmFmZWVjLzEvR1liZ0lwVUoyc2VKUzlrSWFyOTFQempPc1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9lMzMzNWYtNDExNC00NDgyLThlMTItNDI1NmE0NmFmZWVj
LzEvWjJTNTdzb2xpdWVNVFZFeUdvdmY3NW9yYWp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSRsMA0G
CSqGSIb3DQEBCwUAA4IBAQCwrlU288GVwylW6tgi3UUz0IZTshXh14k+zrvUE0Md
xfQzBB7vzDYnxmW1wVTLP8f9HuYsSVEd7a4g9qA94tOMYzjCJwJsoXSXRR8MTQU1
T4ZH8zcKqzuhDxKYjBJh1ymcoZEchSv3eJZEakXPyiAIqab6gf9zVfPL1CsD7AUJ
PKYUbv+DjPMuL5XvPUt7pluBmkb5FsjWhVahZMDB+CKErvPsOo4cKNm65C8Gs5EL
PD4mTMB3VjUHKBKB+KPbQLAITqX4NSwjUkPWb/IWG+pbRT/rT+umW29TdgTOQE2q
ivsWrcv1b3eLVuQZiaO7hkdeajhFOiNezwOHDLcLEP3A
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:41:22 2025 by rpki-client