Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/l9EgD7Cv7e532Hlt9LLUu3z8_dw.roa
File:                     l9EgD7Cv7e532Hlt9LLUu3z8_dw.roa (raw, json)
Hash identifier:          4Xh0ogOpmmD0jHDBdjnr8Hc05bJosT/Z9VheuQZJvIw=
Subject key identifier:   97:D1:20:0F:B0:AF:ED:EE:77:D8:79:6D:F4:B2:D4:BB:7C:FC:FD:DC
Certificate issuer:       /CN=c1ab247c636ad389bf9f8c5074c8220230e8edcc
Certificate serial:       01982F680FF045FCE6EB98E6D759BED31F8D
Authority key identifier: C1:AB:24:7C:63:6A:D3:89:BF:9F:8C:50:74:C8:22:02:30:E8:ED:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/waskfGNq04m_n4xQdMgiAjDo7cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/l9EgD7Cv7e532Hlt9LLUu3z8_dw.roa
Signing time:             Mon 21 Jul 2025 23:53:25 +0000
ROA not before:           Mon 21 Jul 2025 23:53:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44964
IP address blocks:        37.203.240.0/21 maxlen: 21
                          37.203.240.0/24 maxlen: 24
                          37.203.242.0/24 maxlen: 29
                          37.203.242.32/28 maxlen: 28
                          37.203.242.48/29 maxlen: 29
                          37.203.242.64/27 maxlen: 27
                          37.203.242.128/26 maxlen: 26
                          37.203.242.192/26 maxlen: 26
                          37.203.243.0/24 maxlen: 24
                          37.203.245.0/24 maxlen: 24
                          37.203.246.0/24 maxlen: 24
                          37.203.247.0/24 maxlen: 24
                          93.188.40.0/21 maxlen: 21
                          93.188.41.79/32 maxlen: 32
                          2a00:c8c0::/47 maxlen: 47
                          2a00:c8c0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/waskfGNq04m_n4xQdMgiAjDo7cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/waskfGNq04m_n4xQdMgiAjDo7cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/waskfGNq04m_n4xQdMgiAjDo7cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2f:68:0f:f0:45:fc:e6:eb:98:e6:d7:59:be:d3:1f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1ab247c636ad389bf9f8c5074c8220230e8edcc
        Validity
            Not Before: Jul 21 23:53:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97d1200fb0afedee77d8796df4b2d4bb7cfcfddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e5:6f:76:71:51:13:a8:a3:c0:c9:bc:e9:50:
                    ee:07:92:84:c5:a9:d7:a7:4a:26:8f:64:03:86:0c:
                    22:c6:27:d0:3a:04:cd:5c:f6:11:68:26:10:c4:b5:
                    22:79:16:f1:72:17:ac:3f:4e:b9:64:91:51:eb:2d:
                    5e:0f:77:40:a6:42:51:c6:0f:b1:6b:52:ee:be:f5:
                    38:7e:b7:bc:81:ce:58:69:27:af:52:6a:95:48:39:
                    e8:ce:ae:10:85:f5:af:42:e7:77:7b:3d:8a:de:1b:
                    ae:b8:89:42:a0:73:2d:88:8e:1e:64:37:7d:e8:e4:
                    58:54:67:7a:9f:95:f4:eb:63:5d:e9:61:ef:b5:2b:
                    12:2b:2c:c7:e5:5a:65:5b:cc:17:e9:4e:42:2c:0b:
                    a2:25:c3:58:c3:18:11:ab:1d:a2:b3:f2:ca:d2:95:
                    c3:2a:b7:93:54:f2:36:c6:9c:20:44:e0:53:41:55:
                    3c:76:ac:00:3b:18:69:d9:1d:ab:bd:b2:49:2f:ed:
                    80:72:f8:67:ff:18:25:ac:9b:6b:7b:cb:88:c9:ca:
                    fe:f4:f4:74:0b:cf:1f:90:98:cb:2f:68:5f:98:3a:
                    56:d3:2e:88:d5:6c:28:f5:b3:0f:ae:66:f6:d4:bf:
                    24:26:0b:8d:db:86:ad:6b:64:a8:3f:9c:b5:cd:c6:
                    d6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:D1:20:0F:B0:AF:ED:EE:77:D8:79:6D:F4:B2:D4:BB:7C:FC:FD:DC
            X509v3 Authority Key Identifier:
                keyid:C1:AB:24:7C:63:6A:D3:89:BF:9F:8C:50:74:C8:22:02:30:E8:ED:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/waskfGNq04m_n4xQdMgiAjDo7cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/l9EgD7Cv7e532Hlt9LLUu3z8_dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/waskfGNq04m_n4xQdMgiAjDo7cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.203.240.0/21
                  93.188.40.0/21
                IPv6:
                  2a00:c8c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         2c:93:1e:df:9d:9b:49:a8:3f:e8:a0:71:21:07:f3:4c:1f:ce:
         fd:76:40:90:b6:83:b8:c6:19:5f:bc:b9:9f:88:48:ba:40:8d:
         4a:9c:c3:01:0d:2d:36:65:f7:34:74:0a:ba:08:05:32:8c:75:
         31:e1:e0:a4:91:3a:3a:88:3d:a0:04:3d:6a:8d:64:92:c2:d5:
         2e:4e:76:57:00:77:5d:45:6b:ae:76:88:6c:b2:31:27:74:ac:
         29:bf:61:91:fc:a1:b4:4d:6a:50:be:9b:0d:a9:1f:22:58:b5:
         6e:41:dc:fa:e0:b5:1e:50:cf:09:6a:7f:4e:6f:eb:65:3e:a0:
         0e:68:91:cf:3c:dc:4d:e7:7f:e1:33:00:ae:d4:b6:8b:ed:95:
         a1:1b:0c:b6:4e:a7:f8:43:ab:fa:c7:df:35:15:b3:98:b7:91:
         4c:73:84:76:ac:71:f0:71:d0:7c:6b:87:00:b4:48:22:00:a9:
         6e:8f:79:c4:e4:01:3c:21:fc:7f:53:5d:f5:42:f1:83:5c:be:
         a1:5a:8a:48:20:d1:2d:99:95:71:11:30:bb:50:98:16:a5:d2:
         6a:85:14:e3:78:4b:a9:04:15:6f:ed:a6:80:0c:60:c4:1b:4e:
         c9:04:43:2c:24:44:1b:a2:72:18:d0:65:75:e1:4f:17:35:1c:
         d9:ce:d2:2f
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZgvaA/wRfzm65jm11m+0x+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYWIyNDdjNjM2YWQzODliZjlmOGM1MDc0YzgyMjAyMzBl
OGVkY2MwHhcNMjUwNzIxMjM1MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2QxMjAwZmIwYWZlZGVlNzdkODc5NmRmNGIyZDRiYjdjZmNmZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeVvdnFRE6ijwMm86VDuB5KExanX
p0omj2QDhgwixifQOgTNXPYRaCYQxLUieRbxchesP065ZJFR6y1eD3dApkJRxg+x
a1LuvvU4fre8gc5YaSevUmqVSDnozq4QhfWvQud3ez2K3huuuIlCoHMtiI4eZDd9
6ORYVGd6n5X062Nd6WHvtSsSKyzH5VplW8wX6U5CLAuiJcNYwxgRqx2is/LK0pXD
KreTVPI2xpwgROBTQVU8dqwAOxhp2R2rvbJJL+2Acvhn/xglrJtre8uIycr+9PR0
C88fkJjLL2hfmDpW0y6I1Wwo9bMPrmb21L8kJguN24ata2SoP5y1zcbWAwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJfRIA+wr+3ud9h5bfSy1Lt8/P3cMB8GA1UdIwQY
MBaAFMGrJHxjatOJv5+MUHTIIgIw6O3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2Fza2ZHTnEwNG1fbjR4UWRNZ2lBakRvN2N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81NjY5MzgtZTJhOC00OGIzLTgxNmIt
MjdiMTEzY2ZmNTNiLzEvbDlFZ0Q3Q3Y3ZTUzMkhsdDlMTFV1M3o4X2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81NjY5MzgtZTJhOC00OGIzLTgxNmItMjdiMTEzY2ZmNTNi
LzEvd2Fza2ZHTnEwNG1fbjR4UWRNZ2lBakRvN2N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDJcvwAwQD
XbwoMA8EAgACMAkDBwEqAMjAAAAwDQYJKoZIhvcNAQELBQADggEBACyTHt+dm0mo
P+igcSEH80wfzv12QJC2g7jGGV+8uZ+ISLpAjUqcwwENLTZl9zR0CroIBTKMdTHh
4KSROjqIPaAEPWqNZJLC1S5OdlcAd11Fa652iGyyMSd0rCm/YZH8obRNalC+mw2p
HyJYtW5B3PrgtR5Qzwlqf05v62U+oA5okc883E3nf+EzAK7UtovtlaEbDLZOp/hD
q/rH3zUVs5i3kUxzhHascfBx0HxrhwC0SCIAqW6PecTkATwh/H9TXfVC8YNcvqFa
ikgg0S2ZlXERMLtQmBal0mqFFON4S6kEFW/tpoAMYMQbTskEQywkRBuichjQZXXh
Txc1HNnO0i8=
-----END CERTIFICATE-----
Generated at Wed Aug 6 14:09:16 2025 by rpki-client