Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/0KTmbSRfcRK8-n1qcmKR418DNUs.roa
File:                     0KTmbSRfcRK8-n1qcmKR418DNUs.roa (raw, json)
Hash identifier:          P50v6XitnoLdzzBD57fVGVtkTs/as999tNUAveVrHNg=
Subject key identifier:   D0:A4:E6:6D:24:5F:71:12:BC:FA:7D:6A:72:62:91:E3:5F:03:35:4B
Certificate issuer:       /CN=ce7cacfa735ceeafdd2a214c09ee72469425250e
Certificate serial:       019855917725509A879062B6D93C2E190FDA
Authority key identifier: CE:7C:AC:FA:73:5C:EE:AF:DD:2A:21:4C:09:EE:72:46:94:25:25:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znys-nNc7q_dKiFMCe5yRpQlJQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/0KTmbSRfcRK8-n1qcmKR418DNUs.roa
Signing time:             Tue 29 Jul 2025 09:44:13 +0000
ROA not before:           Tue 29 Jul 2025 09:44:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.124.148.0/24 maxlen: 24
                          185.124.149.0/24 maxlen: 24
                          185.124.150.0/24 maxlen: 24
                          185.124.151.0/24 maxlen: 24
                          193.58.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/znys-nNc7q_dKiFMCe5yRpQlJQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/znys-nNc7q_dKiFMCe5yRpQlJQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znys-nNc7q_dKiFMCe5yRpQlJQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 06:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:55:91:77:25:50:9a:87:90:62:b6:d9:3c:2e:19:0f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce7cacfa735ceeafdd2a214c09ee72469425250e
        Validity
            Not Before: Jul 29 09:44:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0a4e66d245f7112bcfa7d6a726291e35f03354b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0c:e7:5b:dc:42:08:4f:b9:24:41:bb:9f:00:
                    00:24:40:51:3b:8e:38:97:99:8a:cb:90:38:3b:0c:
                    75:7a:b8:c6:99:41:5f:bd:ce:4b:e2:65:f1:57:e5:
                    07:be:77:1d:6f:92:7b:45:0b:67:74:4d:9e:7d:60:
                    ee:be:09:58:a0:1e:0a:ba:24:f4:25:6d:1b:d5:1e:
                    6f:cb:ec:89:00:38:29:9a:e5:73:40:a0:6c:35:43:
                    84:8f:36:bb:2e:32:c7:9b:85:14:a6:fc:54:35:e8:
                    57:14:09:86:2a:7a:34:7d:70:0b:7f:b8:cf:3d:81:
                    d3:94:cc:c9:f2:36:06:47:e1:02:72:14:a1:06:57:
                    85:2d:86:75:13:17:4a:46:7f:59:33:ca:c4:ee:7a:
                    4a:60:f5:ed:76:c4:e9:bc:60:82:c3:29:1d:60:57:
                    c6:90:ed:15:92:8e:c0:7b:92:71:cf:ba:1c:1b:94:
                    af:de:86:3d:f9:cf:00:6d:fd:b1:25:7a:90:91:c8:
                    1c:88:bb:95:8c:e2:2b:5a:3b:4f:79:d3:07:65:89:
                    92:b5:1d:68:5d:1c:4e:de:3f:16:c4:b4:38:e2:f3:
                    24:06:35:2b:a0:b0:fa:9c:3a:fa:48:d9:24:0b:a2:
                    24:bc:68:f7:20:54:75:9e:30:ef:19:b2:ea:99:73:
                    3d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:A4:E6:6D:24:5F:71:12:BC:FA:7D:6A:72:62:91:E3:5F:03:35:4B
            X509v3 Authority Key Identifier:
                keyid:CE:7C:AC:FA:73:5C:EE:AF:DD:2A:21:4C:09:EE:72:46:94:25:25:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znys-nNc7q_dKiFMCe5yRpQlJQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/0KTmbSRfcRK8-n1qcmKR418DNUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/znys-nNc7q_dKiFMCe5yRpQlJQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.148.0/22
                  193.58.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:57:8b:f7:88:15:db:e7:d4:21:84:a2:ed:bd:7b:1d:cf:a2:
         50:f8:e1:c4:58:9b:2c:29:82:27:de:89:d4:f8:c4:82:5a:1d:
         25:46:b0:08:e6:fa:2c:04:64:13:4a:bf:30:1c:24:c6:c0:cf:
         95:49:d8:5f:68:b2:b2:af:ad:64:81:cd:10:fe:97:e1:af:73:
         4b:a6:ae:48:ad:28:b1:59:73:b5:b5:ce:35:cb:0b:a8:e2:d4:
         cf:08:04:5d:38:3c:11:2d:95:b8:fa:66:43:8a:2a:75:75:30:
         8e:a5:1b:5d:8c:f6:de:14:66:6e:d8:a8:15:d5:5b:ac:0f:7b:
         5f:aa:b1:8e:63:ab:1b:5c:53:a4:c7:bf:46:1b:e8:f7:83:30:
         fc:6f:66:43:c5:c8:8f:17:74:d3:e6:4c:7a:19:f6:8b:9e:22:
         25:4d:62:5f:60:99:0f:74:05:a3:e5:2c:87:f1:f1:79:e9:c3:
         39:95:78:77:76:c5:d5:d5:d5:4a:c7:47:97:4d:3c:36:8b:c5:
         97:6b:b9:6c:47:a6:e3:8f:07:4a:a2:03:de:61:fd:e2:60:7e:
         85:a2:45:24:a6:6a:4b:6b:3f:04:f1:9b:c5:1f:eb:5c:d6:ce:
         ee:38:47:2d:29:c8:8b:84:f5:99:da:6e:17:2c:42:50:4d:06:
         2d:ec:62:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhVkXclUJqHkGK22TwuGQ/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlN2NhY2ZhNzM1Y2VlYWZkZDJhMjE0YzA5ZWU3MjQ2OTQy
NTI1MGUwHhcNMjUwNzI5MDk0NDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGE0ZTY2ZDI0NWY3MTEyYmNmYTdkNmE3MjYyOTFlMzVmMDMzNTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwznW9xCCE+5JEG7nwAAJEBRO444
l5mKy5A4Owx1erjGmUFfvc5L4mXxV+UHvncdb5J7RQtndE2efWDuvglYoB4KuiT0
JW0b1R5vy+yJADgpmuVzQKBsNUOEjza7LjLHm4UUpvxUNehXFAmGKno0fXALf7jP
PYHTlMzJ8jYGR+ECchShBleFLYZ1ExdKRn9ZM8rE7npKYPXtdsTpvGCCwykdYFfG
kO0Vko7Ae5Jxz7ocG5Sv3oY9+c8Abf2xJXqQkcgciLuVjOIrWjtPedMHZYmStR1o
XRxO3j8WxLQ44vMkBjUroLD6nDr6SNkkC6IkvGj3IFR1njDvGbLqmXM9NwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNCk5m0kX3ESvPp9anJikeNfAzVLMB8GA1UdIwQY
MBaAFM58rPpzXO6v3SohTAnuckaUJSUOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem55cy1uTmM3cV9kS2lGTUNlNXlScFFsSlE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9hNjM2ZWQtZDIwZi00ODAyLTkyODYt
Yjg0ZWRhMmU4NDZhLzEvMEtUbWJTUmZjUks4LW4xcWNtS1I0MThETlVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9hNjM2ZWQtZDIwZi00ODAyLTkyODYtYjg0ZWRhMmU4NDZh
LzEvem55cy1uTmM3cV9kS2lGTUNlNXlScFFsSlE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuXyUAwQA
wTp1MA0GCSqGSIb3DQEBCwUAA4IBAQBXV4v3iBXb59QhhKLtvXsdz6JQ+OHEWJss
KYIn3onU+MSCWh0lRrAI5vosBGQTSr8wHCTGwM+VSdhfaLKyr61kgc0Q/pfhr3NL
pq5IrSixWXO1tc41ywuo4tTPCARdODwRLZW4+mZDiip1dTCOpRtdjPbeFGZu2KgV
1VusD3tfqrGOY6sbXFOkx79GG+j3gzD8b2ZDxciPF3TT5kx6GfaLniIlTWJfYJkP
dAWj5SyH8fF56cM5lXh3dsXV1dVKx0eXTTw2i8WXa7lsR6bjjwdKogPeYf3iYH6F
okUkpmpLaz8E8ZvFH+tc1s7uOEctKciLhPWZ2m4XLEJQTQYt7GKz
-----END CERTIFICATE-----
Generated at Wed Aug 6 13:05:42 2025 by rpki-client