Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/aVSDFG9S0qVagyGCDyRaZCcj4uM.roa
File:                     aVSDFG9S0qVagyGCDyRaZCcj4uM.roa (raw, json)
Hash identifier:          10vd3ei8CEhJdvfMHANX2v90tno0+7P3mxjOYtPwbi4=
Subject key identifier:   69:54:83:14:6F:52:D2:A5:5A:83:21:82:0F:24:5A:64:27:23:E2:E3
Certificate issuer:       /CN=4ca66f3c0f25774e696d2a46723277eb961128c3
Certificate serial:       019866AD9786D5AFCCAC9CC8351692F13954
Authority key identifier: 4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/aVSDFG9S0qVagyGCDyRaZCcj4uM.roa
Signing time:             Fri 01 Aug 2025 17:28:28 +0000
ROA not before:           Fri 01 Aug 2025 17:28:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208191
IP address blocks:        176.65.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 05:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:66:ad:97:86:d5:af:cc:ac:9c:c8:35:16:92:f1:39:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca66f3c0f25774e696d2a46723277eb961128c3
        Validity
            Not Before: Aug  1 17:28:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=695483146f52d2a55a8321820f245a642723e2e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:74:0b:f9:a3:56:bd:ce:07:1e:66:b7:38:ef:
                    d2:63:26:b9:2a:d4:73:60:f8:e6:ab:48:29:6d:12:
                    62:1d:1f:ea:2e:38:20:59:6d:a3:a4:e2:32:1b:63:
                    94:24:42:a4:41:cd:9d:ed:33:c6:12:be:03:65:87:
                    8a:48:35:2a:90:69:b9:51:2d:6f:71:3b:64:f6:a8:
                    f9:04:94:bb:41:29:5e:34:4f:3a:65:b7:5d:e0:12:
                    c4:e0:fa:ca:7a:df:5a:a9:d4:df:79:4c:78:91:01:
                    92:fb:c7:fd:18:62:c4:91:88:3f:0d:c5:35:c4:3f:
                    8d:34:ab:ff:10:ac:6a:95:c6:e7:51:69:48:86:c9:
                    53:bd:c6:e3:37:1a:cf:e5:4a:61:83:d9:ce:f0:c4:
                    4e:aa:ca:9b:73:22:a3:d6:9f:2f:75:41:81:6a:08:
                    90:b7:e5:b2:23:5d:e9:31:80:b0:55:9f:1e:12:d4:
                    89:a9:01:45:35:a5:84:bf:88:0a:6f:53:14:52:10:
                    cf:ff:54:29:43:4f:18:17:71:9b:02:db:c5:9c:27:
                    a3:0c:e2:8c:20:f7:8f:ba:98:ab:e0:84:85:b3:6f:
                    81:cd:2d:1a:f6:d0:95:d5:61:f6:7b:4f:ea:f3:4b:
                    fe:9e:b9:f8:4f:3c:f9:09:88:98:4e:b2:53:c2:37:
                    c7:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:54:83:14:6F:52:D2:A5:5A:83:21:82:0F:24:5A:64:27:23:E2:E3
            X509v3 Authority Key Identifier:
                keyid:4C:A6:6F:3C:0F:25:77:4E:69:6D:2A:46:72:32:77:EB:96:11:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKZvPA8ld05pbSpGcjJ365YRKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/aVSDFG9S0qVagyGCDyRaZCcj4uM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/204017-f046-4b69-b3e5-319b0c874440/1/TKZvPA8ld05pbSpGcjJ365YRKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.65.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:be:eb:a6:c6:67:fc:cf:f3:8f:5e:0b:4a:4a:50:3f:1f:09:
         77:9a:6c:e5:ab:20:94:f0:cc:89:46:6a:7c:72:6b:c1:8c:8d:
         64:02:d7:0c:44:ab:0c:84:85:53:2a:20:35:07:d3:00:7b:31:
         7a:53:9c:e3:c8:51:c0:23:d3:42:a2:81:a8:77:59:87:72:ba:
         03:28:50:33:d1:6e:1a:22:27:bc:23:13:bd:53:18:74:cb:00:
         ad:8b:f1:74:1c:0e:cb:99:9e:b1:69:2f:fc:f6:0b:8c:22:5e:
         a1:20:1f:d4:9e:a4:8e:7d:bd:1e:ef:40:1f:2c:2d:bd:77:b7:
         40:57:e4:68:8e:15:e5:5c:64:ff:d3:ef:64:8a:66:49:c3:ba:
         76:f1:5f:e9:2e:d6:ad:b4:1e:da:7c:ed:e1:3e:41:f4:dc:31:
         b6:6f:df:a2:ef:7a:a0:47:87:ab:a6:ff:b3:bd:4e:0a:d9:11:
         78:0a:77:32:18:89:91:2f:31:b4:75:46:61:84:35:49:a0:1b:
         db:e2:c7:e4:01:9b:13:94:56:8b:a9:62:17:c9:78:8f:33:15:
         76:c5:5e:68:96:c0:af:ab:c6:70:cf:f5:84:b8:db:98:b2:e9:
         b2:82:8f:67:c1:af:8f:1a:55:63:b0:8f:cf:27:c9:f0:51:54:
         12:5f:4a:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhmrZeG1a/MrJzINRaS8TlUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTY2ZjNjMGYyNTc3NGU2OTZkMmE0NjcyMzI3N2ViOTYx
MTI4YzMwHhcNMjUwODAxMTcyODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTU0ODMxNDZmNTJkMmE1NWE4MzIxODIwZjI0NWE2NDI3MjNlMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnQL+aNWvc4HHma3OO/SYya5KtRz
YPjmq0gpbRJiHR/qLjggWW2jpOIyG2OUJEKkQc2d7TPGEr4DZYeKSDUqkGm5US1v
cTtk9qj5BJS7QSleNE86Zbdd4BLE4PrKet9aqdTfeUx4kQGS+8f9GGLEkYg/DcU1
xD+NNKv/EKxqlcbnUWlIhslTvcbjNxrP5Uphg9nO8MROqsqbcyKj1p8vdUGBagiQ
t+WyI13pMYCwVZ8eEtSJqQFFNaWEv4gKb1MUUhDP/1QpQ08YF3GbAtvFnCejDOKM
IPePupir4ISFs2+BzS0a9tCV1WH2e0/q80v+nrn4Tzz5CYiYTrJTwjfHVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlUgxRvUtKlWoMhgg8kWmQnI+LjMB8GA1UdIwQY
MBaAFEymbzwPJXdOaW0qRnIyd+uWESjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUt
MzE5YjBjODc0NDQwLzEvYVZTREZHOVMwcVZhZ3lHQ0R5UmFaQ2NqNHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8yMDQwMTctZjA0Ni00YjY5LWIzZTUtMzE5YjBjODc0NDQw
LzEvVEtadlBBOGxkMDVwYlNwR2NqSjM2NVlSS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsEGGMA0G
CSqGSIb3DQEBCwUAA4IBAQBBvuumxmf8z/OPXgtKSlA/Hwl3mmzlqyCU8MyJRmp8
cmvBjI1kAtcMRKsMhIVTKiA1B9MAezF6U5zjyFHAI9NCooGod1mHcroDKFAz0W4a
Iie8IxO9Uxh0ywCti/F0HA7LmZ6xaS/89guMIl6hIB/UnqSOfb0e70AfLC29d7dA
V+RojhXlXGT/0+9kimZJw7p28V/pLtattB7afO3hPkH03DG2b9+i73qgR4erpv+z
vU4K2RF4CncyGImRLzG0dUZhhDVJoBvb4sfkAZsTlFaLqWIXyXiPMxV2xV5olsCv
q8Zwz/WEuNuYsumygo9nwa+PGlVjsI/PJ8nwUVQSX0qV
-----END CERTIFICATE-----
Generated at Wed Aug 6 12:28:43 2025 by rpki-client