Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/IhgmMXkohjSQGNi-FluDnNiX1yE.roa
File:                     IhgmMXkohjSQGNi-FluDnNiX1yE.roa (raw, json)
Hash identifier:          enXCL1nnyoZP3p3QFY4PWbAm+jf1sDR/et981D6sBLY=
Subject key identifier:   22:18:26:31:79:28:86:34:90:18:D8:BE:16:5B:83:9C:D8:97:D7:21
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       01987459A6E089B4371074CEF537A82E5566
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/IhgmMXkohjSQGNi-FluDnNiX1yE.roa
Signing time:             Mon 04 Aug 2025 09:11:29 +0000
ROA not before:           Mon 04 Aug 2025 09:11:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44208
IP address blocks:        31.170.48.0/20 maxlen: 24
                          94.74.128.0/18 maxlen: 24
                          94.74.136.0/24 maxlen: 24
                          94.74.165.0/24 maxlen: 24
                          94.74.166.0/23 maxlen: 23
                          94.74.168.0/23 maxlen: 24
                          94.74.190.0/24 maxlen: 24
                          176.46.153.0/24 maxlen: 24
                          176.46.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 18:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:59:a6:e0:89:b4:37:10:74:ce:f5:37:a8:2e:55:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Aug  4 09:11:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22182631792886349018d8be165b839cd897d721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:91:dd:ea:6f:23:c5:5e:7e:a0:82:14:31:b0:
                    b0:54:d4:47:0a:b8:6e:ec:09:ba:2b:db:d5:c3:13:
                    68:ea:f0:6e:2e:c5:c9:28:6c:c7:83:86:62:aa:ba:
                    2d:5f:5a:20:c6:39:5b:63:e0:d7:e5:a9:f6:d8:89:
                    53:94:41:fe:e5:ca:3c:3c:09:5f:11:2f:4b:df:6f:
                    2e:27:50:57:cd:b1:8f:2c:f4:8c:b4:71:30:96:2a:
                    b0:86:fc:c1:9a:19:c3:34:1e:ef:e0:dd:2a:0e:08:
                    da:a7:7a:55:84:28:bc:8f:4d:22:87:56:a4:cd:b8:
                    60:38:f4:2e:8f:15:ad:87:59:db:ef:6a:86:f4:79:
                    54:bb:55:92:31:16:b2:90:4c:ea:0e:96:4e:19:78:
                    6c:8c:c6:8a:92:db:d3:f3:99:7d:8f:a3:ba:f3:31:
                    9e:37:6f:4c:b3:52:50:c2:98:ba:7c:6d:22:9c:03:
                    d7:0f:bf:94:54:9e:af:99:c4:8b:82:19:ac:87:19:
                    08:b8:83:33:74:73:5d:2f:19:37:90:51:f9:05:6b:
                    6f:38:2e:92:3c:f8:e1:da:e5:aa:22:30:a1:48:8c:
                    83:8c:9d:ae:cb:05:3d:53:51:d4:da:da:a6:22:ee:
                    32:96:60:00:2a:f1:57:c7:a3:a1:25:5f:7e:60:a1:
                    ed:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:18:26:31:79:28:86:34:90:18:D8:BE:16:5B:83:9C:D8:97:D7:21
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/IhgmMXkohjSQGNi-FluDnNiX1yE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.170.48.0/20
                  94.74.128.0/18
                  176.46.153.0-176.46.154.255

    Signature Algorithm: sha256WithRSAEncryption
         05:2b:c6:f8:e7:db:ea:ca:52:c6:66:3f:6e:5b:77:73:ba:b6:
         ae:fc:0d:1c:f8:8f:ad:e3:6f:fc:79:b1:39:51:75:e7:13:9a:
         1a:9d:93:03:6d:b5:98:fe:88:61:0b:66:db:4c:64:f3:5c:de:
         60:e5:72:cf:5f:63:cc:82:8c:b9:e9:3c:fc:c7:b6:82:ea:55:
         f9:be:5a:02:ec:59:b5:54:6b:7b:e8:67:ce:07:e4:b1:70:fa:
         76:1e:cf:38:3c:c1:86:67:f9:62:4e:63:59:1b:01:83:1f:1d:
         a7:85:e0:51:e6:c2:90:ee:db:63:c5:61:25:cb:8c:47:69:81:
         61:86:71:a9:a5:ff:37:ab:fb:b7:7c:1b:6a:64:45:9c:5a:74:
         7a:5c:99:b2:5d:ed:af:8e:1a:17:f9:75:8c:c6:37:59:df:55:
         c6:f3:97:e0:d6:51:28:a1:42:12:50:b7:c2:b0:a9:b5:77:8a:
         f5:87:35:c5:0b:05:40:12:0b:98:e4:2e:dc:af:3c:59:6e:ec:
         d9:10:db:96:40:5b:1c:eb:89:55:e1:29:93:04:4f:52:4b:9c:
         65:da:53:a1:e7:04:28:5a:dd:c6:5c:78:90:1b:98:f3:33:b2:
         29:59:dd:d8:fb:3d:9b:eb:b2:f6:2a:bd:fa:3d:2a:74:27:1b:
         e1:56:0c:52
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZh0WabgibQ3EHTO9TeoLlVmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUwODA0MDkxMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjE4MjYzMTc5Mjg4NjM0OTAxOGQ4YmUxNjViODM5Y2Q4OTdkNzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ZHd6m8jxV5+oIIUMbCwVNRHCrhu
7Am6K9vVwxNo6vBuLsXJKGzHg4ZiqrotX1ogxjlbY+DX5an22IlTlEH+5co8PAlf
ES9L328uJ1BXzbGPLPSMtHEwliqwhvzBmhnDNB7v4N0qDgjap3pVhCi8j00ih1ak
zbhgOPQujxWth1nb72qG9HlUu1WSMRaykEzqDpZOGXhsjMaKktvT85l9j6O68zGe
N29Ms1JQwpi6fG0inAPXD7+UVJ6vmcSLghmshxkIuIMzdHNdLxk3kFH5BWtvOC6S
PPjh2uWqIjChSIyDjJ2uywU9U1HU2tqmIu4ylmAAKvFXx6OhJV9+YKHt3QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFCIYJjF5KIY0kBjYvhZbg5zYl9chMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvSWhnbU1Ya29oalNRR05pLUZsdURuTmlYMXlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQEH6owAwQG
XkqAMAwDBACwLpkDBACwLpowDQYJKoZIhvcNAQELBQADggEBAAUrxvjn2+rKUsZm
P25bd3O6tq78DRz4j63jb/x5sTlRdecTmhqdkwNttZj+iGELZttMZPNc3mDlcs9f
Y8yCjLnpPPzHtoLqVfm+WgLsWbVUa3voZ84H5LFw+nYezzg8wYZn+WJOY1kbAYMf
HaeF4FHmwpDu22PFYSXLjEdpgWGGcaml/zer+7d8G2pkRZxadHpcmbJd7a+OGhf5
dYzGN1nfVcbzl+DWUSihQhJQt8KwqbV3ivWHNcULBUASC5jkLtyvPFlu7NkQ25ZA
WxzriVXhKZMET1JLnGXaU6HnBCha3cZceJAbmPMzsilZ3dj7PZvrsvYqvfo9KnQn
G+FWDFI=
-----END CERTIFICATE-----
Generated at Sun Aug 10 04:24:47 2025 by rpki-client