Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/v0ygM5ko9tgsiV9gTnymwBnpZD8.roa
File:                     v0ygM5ko9tgsiV9gTnymwBnpZD8.roa (raw, json)
Hash identifier:          Qr8YJSCtuGUwCDefoz4H2ImMBPjSdowCdy9x6G8wdbw=
Subject key identifier:   BF:4C:A0:33:99:28:F6:D8:2C:89:5F:60:4E:7C:A6:C0:19:E9:64:3F
Certificate issuer:       /CN=b53005619688efbaffd06e108a43bdf20643e0d6
Certificate serial:       01987AA6CF56E5A29D180E4BBD53E7F7D387
Authority key identifier: B5:30:05:61:96:88:EF:BA:FF:D0:6E:10:8A:43:BD:F2:06:43:E0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tTAFYZaI77r_0G4QikO98gZD4NY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/v0ygM5ko9tgsiV9gTnymwBnpZD8.roa
Signing time:             Tue 05 Aug 2025 14:33:29 +0000
ROA not before:           Tue 05 Aug 2025 14:33:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        89.186.51.0/24 maxlen: 24
                          89.186.52.0/24 maxlen: 24
                          89.186.53.0/24 maxlen: 24
                          89.186.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/tTAFYZaI77r_0G4QikO98gZD4NY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/tTAFYZaI77r_0G4QikO98gZD4NY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tTAFYZaI77r_0G4QikO98gZD4NY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7a:a6:cf:56:e5:a2:9d:18:0e:4b:bd:53:e7:f7:d3:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b53005619688efbaffd06e108a43bdf20643e0d6
        Validity
            Not Before: Aug  5 14:33:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf4ca0339928f6d82c895f604e7ca6c019e9643f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:97:4f:fa:c9:aa:9c:59:a2:35:ed:40:d6:5f:
                    a9:34:5a:05:e7:d4:f3:24:13:07:0c:87:39:7f:7f:
                    03:90:77:08:57:b2:08:18:57:c8:30:6a:f7:5f:04:
                    18:d1:02:bf:04:ff:7f:a3:e0:d8:10:36:8d:65:d5:
                    ac:11:54:4f:10:bf:6c:cd:d6:9b:40:a4:7f:8e:55:
                    60:80:bb:a4:8b:df:f9:43:30:1e:7e:14:f9:3b:2d:
                    f5:07:1f:57:c3:e9:df:96:60:53:23:6c:7c:27:d7:
                    9a:be:b0:2a:f2:91:b2:03:5b:86:af:80:af:74:d1:
                    57:0f:1d:36:ab:89:28:17:81:ba:ad:8a:dd:a9:1a:
                    aa:7b:c2:18:22:60:47:05:ca:a9:03:92:3d:a4:72:
                    b9:94:51:ba:80:45:8e:fd:6e:0a:e6:b4:e4:7a:83:
                    37:83:89:80:4c:46:39:8e:f9:81:4c:82:78:b3:65:
                    f5:ba:27:f1:91:bb:a1:8b:8a:5b:f2:3a:d3:15:b2:
                    f6:41:57:02:ea:b3:2e:eb:8d:6f:56:10:ac:33:f4:
                    2a:60:2b:da:61:74:d8:1b:cb:79:9e:ad:d3:0e:6a:
                    44:bd:98:a7:cf:85:81:3c:92:9e:56:ac:22:e4:01:
                    1f:c6:08:ee:24:07:a9:72:12:1f:f7:e2:89:38:bc:
                    e5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4C:A0:33:99:28:F6:D8:2C:89:5F:60:4E:7C:A6:C0:19:E9:64:3F
            X509v3 Authority Key Identifier:
                keyid:B5:30:05:61:96:88:EF:BA:FF:D0:6E:10:8A:43:BD:F2:06:43:E0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tTAFYZaI77r_0G4QikO98gZD4NY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/v0ygM5ko9tgsiV9gTnymwBnpZD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/995fbd-91fb-43bb-8f26-cd4bd44275c5/1/tTAFYZaI77r_0G4QikO98gZD4NY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.186.51.0-89.186.54.255

    Signature Algorithm: sha256WithRSAEncryption
         78:c4:fc:ab:28:53:b5:7c:23:2f:37:2b:2f:59:f6:e6:4b:6d:
         a1:d6:6b:86:5a:d9:cb:92:76:af:ee:06:30:2d:bb:4d:5f:50:
         97:4d:14:b6:68:02:48:de:dd:b7:c3:56:c4:5f:6e:47:70:05:
         e2:08:9b:f9:3c:34:fd:b8:5f:3e:d5:54:d3:72:ca:74:84:f6:
         f0:0a:00:89:19:a2:fe:e9:d9:9b:e2:3d:ce:db:d4:d7:67:72:
         79:1e:7f:98:41:c2:35:3b:0e:6c:e8:d2:dc:35:c0:05:6b:53:
         34:40:e5:2e:10:2d:c3:c5:14:19:da:b6:fe:1b:ae:4b:22:d0:
         e1:ab:0a:72:74:99:e2:cd:eb:ee:1b:28:31:41:97:90:d1:f0:
         68:3a:e0:bc:5c:b1:7d:ae:10:1a:9c:88:96:cd:95:02:2f:73:
         ea:d9:2c:c3:68:6a:cb:e1:09:bf:b2:e6:c6:fa:6e:d4:92:89:
         33:f8:b4:96:f3:17:24:84:6e:e0:92:b9:72:1e:2b:00:50:d2:
         d4:ef:f3:dd:94:08:f7:58:1a:fd:75:07:df:18:f1:8f:71:84:
         9c:e9:cd:71:71:6f:f1:18:fd:5f:c9:21:cf:0a:24:09:95:63:
         d3:9d:02:fb:ac:f2:b5:c0:8d:72:dc:25:88:f4:35:4e:73:c3:
         02:7e:29:f4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZh6ps9W5aKdGA5LvVPn99OHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MzAwNTYxOTY4OGVmYmFmZmQwNmUxMDhhNDNiZGYyMDY0
M2UwZDYwHhcNMjUwODA1MTQzMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjRjYTAzMzk5MjhmNmQ4MmM4OTVmNjA0ZTdjYTZjMDE5ZTk2NDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJdP+smqnFmiNe1A1l+pNFoF59Tz
JBMHDIc5f38DkHcIV7IIGFfIMGr3XwQY0QK/BP9/o+DYEDaNZdWsEVRPEL9szdab
QKR/jlVggLuki9/5QzAefhT5Oy31Bx9Xw+nflmBTI2x8J9eavrAq8pGyA1uGr4Cv
dNFXDx02q4koF4G6rYrdqRqqe8IYImBHBcqpA5I9pHK5lFG6gEWO/W4K5rTkeoM3
g4mATEY5jvmBTIJ4s2X1uifxkbuhi4pb8jrTFbL2QVcC6rMu641vVhCsM/QqYCva
YXTYG8t5nq3TDmpEvZinz4WBPJKeVqwi5AEfxgjuJAepchIf9+KJOLzl5wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFL9MoDOZKPbYLIlfYE58psAZ6WQ/MB8GA1UdIwQY
MBaAFLUwBWGWiO+6/9BuEIpDvfIGQ+DWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFRBRllaYUk3N3JfMEc0UWlrTzk4Z1pENE5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy85OTVmYmQtOTFmYi00M2JiLThmMjYt
Y2Q0YmQ0NDI3NWM1LzEvdjB5Z001a285dGdzaVY5Z1RueW13Qm5wWkQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy85OTVmYmQtOTFmYi00M2JiLThmMjYtY2Q0YmQ0NDI3NWM1
LzEvdFRBRllaYUk3N3JfMEc0UWlrTzk4Z1pENE5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABZujMD
BABZujYwDQYJKoZIhvcNAQELBQADggEBAHjE/KsoU7V8Iy83Ky9Z9uZLbaHWa4Za
2cuSdq/uBjAtu01fUJdNFLZoAkje3bfDVsRfbkdwBeIIm/k8NP24Xz7VVNNyynSE
9vAKAIkZov7p2ZviPc7b1Ndncnkef5hBwjU7Dmzo0tw1wAVrUzRA5S4QLcPFFBna
tv4brksi0OGrCnJ0meLN6+4bKDFBl5DR8Gg64LxcsX2uEBqciJbNlQIvc+rZLMNo
asvhCb+y5sb6btSSiTP4tJbzFySEbuCSuXIeKwBQ0tTv892UCPdYGv11B98Y8Y9x
hJzpzXFxb/EY/V/JIc8KJAmVY9OdAvus8rXAjXLcJYj0NU5zwwJ+KfQ=
-----END CERTIFICATE-----
Generated at Sat Aug 9 22:37:52 2025 by rpki-client