Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/OiQ4Rd9OJUGQ798H-77FK1uTPuw.roa
File:                     OiQ4Rd9OJUGQ798H-77FK1uTPuw.roa (raw, json)
Hash identifier:          OYSrfcSonyP87gEHzJWFDf1QCoB9hpLtpuFirEV2r8I=
Subject key identifier:   3A:24:38:45:DF:4E:25:41:90:EF:DF:07:FB:BE:C5:2B:5B:93:3E:EC
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01988027FA375E6EF7C59EBB5B7B7A363E87
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/OiQ4Rd9OJUGQ798H-77FK1uTPuw.roa
Signing time:             Wed 06 Aug 2025 16:12:40 +0000
ROA not before:           Wed 06 Aug 2025 16:12:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35346
IP address blocks:        45.67.116.0/24 maxlen: 24
                          91.242.64.0/18 maxlen: 24
                          91.242.68.0/23 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          91.242.80.0/24 maxlen: 24
                          91.242.82.0/24 maxlen: 24
                          91.242.99.0/24 maxlen: 24
                          91.242.102.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          91.242.108.0/22 maxlen: 22
                          91.242.112.0/20 maxlen: 20
                          91.242.112.0/24 maxlen: 24
                          91.242.113.0/24 maxlen: 24
                          91.242.114.0/24 maxlen: 24
                          91.242.115.0/24 maxlen: 24
                          91.242.116.0/24 maxlen: 24
                          91.242.117.0/24 maxlen: 24
                          91.242.118.0/24 maxlen: 24
                          91.242.119.0/24 maxlen: 24
                          91.242.120.0/24 maxlen: 24
                          91.242.121.0/24 maxlen: 24
                          91.242.122.0/24 maxlen: 24
                          178.175.176.0/22 maxlen: 24
                          194.114.144.0/24 maxlen: 25
                          194.114.144.128/27 maxlen: 27
                          2a07:5540::/29 maxlen: 29
                          2a07:c040::/29 maxlen: 29
                          2a09:700::/29 maxlen: 29
                          2a09:15c0::/29 maxlen: 29
                          2a09:3ac0::/29 maxlen: 29
                          2a09:4440::/29 maxlen: 29
                          2a09:4c40::/29 maxlen: 29
                          2a09:63c0::/29 maxlen: 29
                          2a09:7640::/29 maxlen: 29
                          2a09:7b40::/29 maxlen: 29
                          2a09:7f00::/29 maxlen: 29
                          2a09:a480::/29 maxlen: 29
                          2a09:bdc0::/29 maxlen: 29
                          2a09:ca40::/29 maxlen: 29
                          2a09:e400::/29 maxlen: 29
                          2a09:f6c0::/29 maxlen: 29
                          2a09:f940::/29 maxlen: 29
                          2a09:fdc0::/29 maxlen: 29
                          2a0a:3700::/29 maxlen: 29
                          2a0a:3780::/29 maxlen: 29
                          2a0a:6000::/29 maxlen: 29
                          2a0a:ef00::/29 maxlen: 29
                          2a0b:280::/29 maxlen: 29
                          2a0b:5d00::/29 maxlen: 29
                          2a0c:380::/29 maxlen: 29
                          2a0c:3600::/32 maxlen: 32
                          2a0c:3780::/29 maxlen: 29
                          2a0c:57c0::/29 maxlen: 29
                          2a0c:ae00::/29 maxlen: 29
                          2a0d:1a00::/29 maxlen: 29
                          2a0d:dac0::/29 maxlen: 29
                          2a0d:fb00::/29 maxlen: 29
                          2a0e:f80::/29 maxlen: 29
                          2a0e:2080::/29 maxlen: 29
                          2a0e:2500::/29 maxlen: 29
                          2a0e:3380::/29 maxlen: 29
                          2a0e:3540::/29 maxlen: 29
                          2a0e:3c40::/29 maxlen: 29
                          2a0e:7880::/29 maxlen: 29
                          2a0e:b000::/29 maxlen: 29
                          2a0e:c3c0::/29 maxlen: 29
                          2a0e:c700::/29 maxlen: 29
                          2a0e:c800::/29 maxlen: 29
                          2a0e:d180::/29 maxlen: 29
                          2a0e:d880::/29 maxlen: 29
                          2a0e:e540::/29 maxlen: 29
                          2a0e:e8c0::/29 maxlen: 29
                          2a0e:e940::/29 maxlen: 29
                          2a0e:f540::/29 maxlen: 29
                          2a0f:740::/29 maxlen: 29
                          2a0f:1b40::/29 maxlen: 29
                          2a0f:3900::/29 maxlen: 29
                          2a0f:4840::/29 maxlen: 29
                          2a0f:6200::/29 maxlen: 29
                          2a0f:82c0::/29 maxlen: 29
                          2a0f:9380::/29 maxlen: 29
                          2a0f:b200::/29 maxlen: 29
                          2a0f:da00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:80:27:fa:37:5e:6e:f7:c5:9e:bb:5b:7b:7a:36:3e:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Aug  6 16:12:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a243845df4e254190efdf07fbbec52b5b933eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2d:06:fd:c0:ad:73:47:31:e5:08:2a:5d:35:
                    53:ac:a9:f4:07:3f:8f:89:cf:3c:89:17:01:d7:3e:
                    84:b8:fd:b4:3a:a8:ab:a9:86:b4:c0:70:c8:8a:78:
                    5f:ad:45:53:3c:ab:87:54:53:3c:ae:10:69:92:ed:
                    27:17:9a:53:d4:ed:56:0d:89:fa:6b:6f:b4:01:93:
                    76:13:9e:67:14:24:1d:52:8b:78:c9:4e:9d:66:51:
                    d7:ca:4f:ad:b1:f8:b5:9b:fa:f3:97:ea:98:86:60:
                    d3:86:f6:32:a8:7e:fd:7c:26:a2:b8:c0:20:97:e8:
                    2a:5f:a1:67:88:6c:64:85:b8:f8:e0:ff:bd:b8:75:
                    e8:4d:af:45:f7:c1:6f:1e:40:cf:16:99:36:33:19:
                    ff:f6:6d:2c:33:0d:7a:9a:2e:73:c9:9f:18:51:80:
                    2f:a2:96:5d:36:a9:3e:a4:cf:bc:81:a3:53:c1:be:
                    f2:e3:88:1f:41:ff:68:1d:31:79:ed:74:24:f1:b0:
                    04:34:2d:51:72:80:9c:ed:2e:74:ec:bc:0f:af:0c:
                    bc:04:6d:04:52:c5:31:2f:3c:a6:41:de:b7:e4:86:
                    3c:8a:ad:d2:da:62:e7:db:95:52:95:88:01:c5:ad:
                    dd:51:5e:e1:3c:59:cf:70:e7:ca:08:fc:a2:75:1c:
                    0f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:24:38:45:DF:4E:25:41:90:EF:DF:07:FB:BE:C5:2B:5B:93:3E:EC
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/OiQ4Rd9OJUGQ798H-77FK1uTPuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.116.0/24
                  91.242.64.0/18
                  178.175.176.0/22
                  194.114.144.0/24
                IPv6:
                  2a07:5540::/29
                  2a07:c040::/29
                  2a09:700::/29
                  2a09:15c0::/29
                  2a09:3ac0::/29
                  2a09:4440::/29
                  2a09:4c40::/29
                  2a09:63c0::/29
                  2a09:7640::/29
                  2a09:7b40::/29
                  2a09:7f00::/29
                  2a09:a480::/29
                  2a09:bdc0::/29
                  2a09:ca40::/29
                  2a09:e400::/29
                  2a09:f6c0::/29
                  2a09:f940::/29
                  2a09:fdc0::/29
                  2a0a:3700::/29
                  2a0a:3780::/29
                  2a0a:6000::/29
                  2a0a:ef00::/29
                  2a0b:280::/29
                  2a0b:5d00::/29
                  2a0c:380::/29
                  2a0c:3600::/32
                  2a0c:3780::/29
                  2a0c:57c0::/29
                  2a0c:ae00::/29
                  2a0d:1a00::/29
                  2a0d:dac0::/29
                  2a0d:fb00::/29
                  2a0e:f80::/29
                  2a0e:2080::/29
                  2a0e:2500::/29
                  2a0e:3380::/29
                  2a0e:3540::/29
                  2a0e:3c40::/29
                  2a0e:7880::/29
                  2a0e:b000::/29
                  2a0e:c3c0::/29
                  2a0e:c700::/29
                  2a0e:c800::/29
                  2a0e:d180::/29
                  2a0e:d880::/29
                  2a0e:e540::/29
                  2a0e:e8c0::/29
                  2a0e:e940::/29
                  2a0e:f540::/29
                  2a0f:740::/29
                  2a0f:1b40::/29
                  2a0f:3900::/29
                  2a0f:4840::/29
                  2a0f:6200::/29
                  2a0f:82c0::/29
                  2a0f:9380::/29
                  2a0f:b200::/29
                  2a0f:da00::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:55:0e:5b:d4:2d:ba:68:82:6a:3f:31:72:37:e3:40:44:c0:
         e2:3f:ce:50:15:13:1c:b9:f2:28:69:5b:e3:c2:c9:31:71:88:
         6b:19:ce:35:6b:a0:91:49:64:22:24:f5:44:8c:3c:87:58:f2:
         d3:80:69:b8:e7:73:68:cc:a9:b7:c3:27:03:e7:65:5c:0d:62:
         2d:24:9d:ff:f4:bd:1b:9e:0d:bf:01:9d:92:f9:64:29:b1:30:
         0d:36:af:cb:ee:36:df:12:1e:45:58:fd:1d:c7:b3:29:08:f0:
         ca:54:41:e0:40:f7:aa:a7:7a:07:94:33:86:37:46:c4:e7:61:
         47:2a:d4:f2:ab:62:af:31:4f:76:1a:76:b4:5e:59:51:38:54:
         9f:f9:81:f5:6f:b7:1b:01:de:88:97:66:c6:38:8b:e4:df:c8:
         a2:41:0c:aa:8d:28:86:37:14:54:f9:c5:37:15:2e:99:f6:0f:
         df:21:90:95:94:98:4b:13:73:b8:08:3b:9a:f8:e8:9d:60:dc:
         20:cb:7e:bb:92:43:48:6a:bf:f7:71:51:f7:87:79:7b:8a:12:
         64:f0:d7:f7:54:fa:f2:0b:d8:6d:f3:b9:5a:9d:e9:70:9f:08:
         d8:65:33:15:03:d6:a0:1e:b4:37:1e:de:a3:e5:9c:5c:ee:e3:
         b1:1f:3e:90
-----BEGIN CERTIFICATE-----
MIIGtzCCBZ+gAwIBAgISAZiAJ/o3Xm73xZ67W3t6Nj6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwODA2MTYxMjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTI0Mzg0NWRmNGUyNTQxOTBlZmRmMDdmYmJlYzUyYjViOTMzZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAli0G/cCtc0cx5QgqXTVTrKn0Bz+P
ic88iRcB1z6EuP20OqirqYa0wHDIinhfrUVTPKuHVFM8rhBpku0nF5pT1O1WDYn6
a2+0AZN2E55nFCQdUot4yU6dZlHXyk+tsfi1m/rzl+qYhmDThvYyqH79fCaiuMAg
l+gqX6FniGxkhbj44P+9uHXoTa9F98FvHkDPFpk2Mxn/9m0sMw16mi5zyZ8YUYAv
opZdNqk+pM+8gaNTwb7y44gfQf9oHTF57XQk8bAENC1RcoCc7S507LwPrwy8BG0E
UsUxLzymQd635IY8iq3S2mLn25VSlYgBxa3dUV7hPFnPcOfKCPyidRwPbQIDAQAB
o4IDwzCCA78wHQYDVR0OBBYEFDokOEXfTiVBkO/fB/u+xStbkz7sMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvT2lRNFJkOU9KVUdRNzk4SC03N0ZLMXVUUHV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB1wYIKwYBBQUHAQcBAf8EggHGMIIBwjAeBAIAATAYAwQA
LUN0AwQGW/JAAwQCsq+wAwQAwnKQMIIBngQCAAIwggGWAwUDKgdVQAMFAyoHwEAD
BQMqCQcAAwUDKgkVwAMFAyoJOsADBQMqCURAAwUDKglMQAMFAyoJY8ADBQMqCXZA
AwUDKgl7QAMFAyoJfwADBQMqCaSAAwUDKgm9wAMFAyoJykADBQMqCeQAAwUDKgn2
wAMFAyoJ+UADBQMqCf3AAwUDKgo3AAMFAyoKN4ADBQMqCmAAAwUDKgrvAAMFAyoL
AoADBQMqC10AAwUDKgwDgAMFACoMNgADBQMqDDeAAwUDKgxXwAMFAyoMrgADBQMq
DRoAAwUDKg3awAMFAyoN+wADBQMqDg+AAwUDKg4ggAMFAyoOJQADBQMqDjOAAwUD
Kg41QAMFAyoOPEADBQMqDniAAwUDKg6wAAMFAyoOw8ADBQMqDscAAwUDKg7IAAMF
AyoO0YADBQMqDtiAAwUDKg7lQAMFAyoO6MADBQMqDulAAwUDKg71QAMFAyoPB0AD
BQMqDxtAAwUDKg85AAMFAyoPSEADBQMqD2IAAwUDKg+CwAMFAyoPk4ADBQMqD7IA
AwUDKg/aADANBgkqhkiG9w0BAQsFAAOCAQEAklUOW9QtumiCaj8xcjfjQETA4j/O
UBUTHLnyKGlb48LJMXGIaxnONWugkUlkIiT1RIw8h1jy04BpuOdzaMypt8MnA+dl
XA1iLSSd//S9G54NvwGdkvlkKbEwDTavy+423xIeRVj9HcezKQjwylRB4ED3qqd6
B5QzhjdGxOdhRyrU8qtirzFPdhp2tF5ZUThUn/mB9W+3GwHeiJdmxjiL5N/IokEM
qo0ohjcUVPnFNxUumfYP3yGQlZSYSxNzuAg7mvjonWDcIMt+u5JDSGq/93FR94d5
e4oSZPDX91T68gvYbfO5Wp3pcJ8I2GUzFQPWoB60Nx7eo+WcXO7jsR8+kA==
-----END CERTIFICATE-----
Generated at Sat Aug 9 22:38:46 2025 by rpki-client