Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/efEQ2t5-27GCJoja1RT7zqYpRZU.roa
File:                     efEQ2t5-27GCJoja1RT7zqYpRZU.roa (raw, json)
Hash identifier:          /QSM1HZG6HqyXeHgaLiZJmI3qBi0aRESNP6xoXN4sdI=
Subject key identifier:   79:F1:10:DA:DE:7E:DB:B1:82:26:88:DA:D5:14:FB:CE:A6:29:45:95
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01987AC8AF7FDE4F240E96ABFA2597E29AFC
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/efEQ2t5-27GCJoja1RT7zqYpRZU.roa
Signing time:             Tue 05 Aug 2025 15:10:29 +0000
ROA not before:           Tue 05 Aug 2025 15:10:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        31.210.48.0/24 maxlen: 24
                          31.210.50.0/24 maxlen: 24
                          77.92.143.0/24 maxlen: 24
                          77.92.145.0/24 maxlen: 24
                          77.92.146.0/24 maxlen: 24
                          78.135.66.0/24 maxlen: 24
                          78.135.72.0/24 maxlen: 24
                          78.135.81.0/24 maxlen: 24
                          78.135.92.0/24 maxlen: 24
                          78.135.93.0/24 maxlen: 24
                          78.135.100.0/24 maxlen: 24
                          78.135.104.0/24 maxlen: 24
                          185.17.139.0/24 maxlen: 24
                          188.132.129.0/24 maxlen: 24
                          188.132.130.0/24 maxlen: 24
                          188.132.153.0/24 maxlen: 24
                          188.132.165.0/24 maxlen: 24
                          188.132.168.0/24 maxlen: 24
                          188.132.183.0/24 maxlen: 24
                          188.132.184.0/24 maxlen: 24
                          188.132.185.0/24 maxlen: 24
                          188.132.186.0/24 maxlen: 24
                          188.132.189.0/24 maxlen: 24
                          188.132.199.0/24 maxlen: 24
                          188.132.201.0/24 maxlen: 24
                          188.132.202.0/24 maxlen: 24
                          188.132.209.0/24 maxlen: 24
                          188.132.212.0/24 maxlen: 24
                          188.132.213.0/24 maxlen: 24
                          188.132.234.0/24 maxlen: 24
                          188.132.235.0/24 maxlen: 24
                          212.68.58.0/24 maxlen: 24
                          212.68.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 10:07:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7a:c8:af:7f:de:4f:24:0e:96:ab:fa:25:97:e2:9a:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Aug  5 15:10:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79f110dade7edbb1822688dad514fbcea6294595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6a:41:25:21:d0:73:96:d7:60:d7:da:01:ca:
                    05:63:7d:2d:05:f2:d2:52:b3:36:b4:a4:73:9f:4e:
                    59:59:82:5d:d3:4a:a0:e9:1e:16:5b:8b:36:62:ae:
                    12:2b:bf:81:d7:a8:11:84:e0:64:ca:7d:60:a4:76:
                    48:68:6c:f2:36:99:79:d4:4f:af:68:fe:c4:0f:92:
                    20:69:4a:de:3a:f2:a3:a8:6e:92:00:1b:b8:ca:71:
                    fa:af:d3:82:83:1b:b1:61:70:0e:88:0f:1c:60:b4:
                    b1:7a:6d:db:65:e4:36:1c:a0:42:d0:46:30:e8:13:
                    8b:19:98:81:61:a3:4b:7e:2a:6a:53:9f:40:33:a5:
                    8b:65:fa:9d:64:33:a6:74:84:20:99:b6:db:27:9a:
                    18:83:db:1a:69:ed:a8:1d:4b:21:0c:6c:16:ab:3e:
                    07:18:57:0c:38:90:ad:fa:0d:70:29:ad:ad:d1:4f:
                    24:c3:0b:a8:bd:a3:06:8c:d5:e0:df:2d:73:95:46:
                    31:f9:54:d1:60:80:ae:76:68:a0:fd:51:1f:95:cd:
                    3c:f8:9c:d9:41:6f:0b:e1:4b:75:51:e0:b0:b6:e2:
                    7a:90:b9:55:0c:ac:3f:80:d5:f7:88:73:11:81:ae:
                    a3:e9:c8:53:80:3e:27:54:44:0f:e3:c9:62:25:ab:
                    33:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:F1:10:DA:DE:7E:DB:B1:82:26:88:DA:D5:14:FB:CE:A6:29:45:95
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/efEQ2t5-27GCJoja1RT7zqYpRZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.48.0/24
                  31.210.50.0/24
                  77.92.143.0/24
                  77.92.145.0-77.92.146.255
                  78.135.66.0/24
                  78.135.72.0/24
                  78.135.81.0/24
                  78.135.92.0/23
                  78.135.100.0/24
                  78.135.104.0/24
                  185.17.139.0/24
                  188.132.129.0-188.132.130.255
                  188.132.153.0/24
                  188.132.165.0/24
                  188.132.168.0/24
                  188.132.183.0-188.132.186.255
                  188.132.189.0/24
                  188.132.199.0/24
                  188.132.201.0-188.132.202.255
                  188.132.209.0/24
                  188.132.212.0/23
                  188.132.234.0/23
                  212.68.58.0/24
                  212.68.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:64:95:5f:7f:20:19:ff:08:3c:29:48:8a:7f:a6:5c:fe:96:
         17:df:4a:23:26:59:47:b3:12:8d:ed:62:a4:7e:f2:4c:62:fe:
         d0:a1:54:c6:c6:1e:42:23:68:55:66:14:8d:82:7c:70:9d:70:
         1b:dc:82:27:cc:21:0c:18:f9:5b:6a:74:85:a6:ad:1b:51:f8:
         9f:9f:0a:a8:24:4a:da:af:07:0d:c0:51:17:66:82:f2:b6:e9:
         44:49:71:cf:06:3e:3b:ee:e3:a7:6e:f3:98:5b:50:10:ea:f4:
         28:ff:0e:ff:c5:9b:ca:2f:4a:7c:1d:2a:7d:41:d3:fd:44:d6:
         9e:2f:f5:a5:8c:9c:72:35:5e:29:97:70:bf:ca:4e:79:49:9b:
         56:ab:66:26:8a:d1:dd:e6:d2:ee:af:0c:ef:a1:d0:e7:8b:d5:
         0e:bd:bf:22:f2:68:e0:0a:ca:f5:bf:3e:7f:ab:79:69:e4:55:
         07:3c:61:a2:70:45:eb:f1:21:ad:f1:f3:9b:7a:62:c0:88:de:
         34:fd:a2:bd:1e:ac:9b:c3:c4:0a:23:18:3f:01:78:8c:a3:ee:
         0a:95:9b:d8:88:d6:32:c4:93:55:c5:54:0b:b2:21:ac:c6:32:
         f3:1c:3f:f5:0d:ef:d3:0a:47:93:aa:fd:c5:c4:3f:3b:d3:14:
         86:e2:d8:b3
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAZh6yK9/3k8kDpar+iWX4pr8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwODA1MTUxMDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWYxMTBkYWRlN2VkYmIxODIyNjg4ZGFkNTE0ZmJjZWE2Mjk0NTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWpBJSHQc5bXYNfaAcoFY30tBfLS
UrM2tKRzn05ZWYJd00qg6R4WW4s2Yq4SK7+B16gRhOBkyn1gpHZIaGzyNpl51E+v
aP7ED5IgaUreOvKjqG6SABu4ynH6r9OCgxuxYXAOiA8cYLSxem3bZeQ2HKBC0EYw
6BOLGZiBYaNLfipqU59AM6WLZfqdZDOmdIQgmbbbJ5oYg9saae2oHUshDGwWqz4H
GFcMOJCt+g1wKa2t0U8kwwuovaMGjNXg3y1zlUYx+VTRYICudmig/VEflc08+JzZ
QW8L4Ut1UeCwtuJ6kLlVDKw/gNX3iHMRga6j6chTgD4nVEQP48liJasz/QIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFHnxENreftuxgiaI2tUU+86mKUWVMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvZWZFUTJ0NS0yN0dDSm9qYTFSVDd6cVlwUlpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbADBAAf
0jADBAAf0jIDBABNXI8wDAMEAE1ckQMEAE1ckgMEAE6HQgMEAE6HSAMEAE6HUQME
AU6HXAMEAE6HZAMEAE6HaAMEALkRizAMAwQAvISBAwQAvISCAwQAvISZAwQAvISl
AwQAvISoMAwDBAC8hLcDBAC8hLoDBAC8hL0DBAC8hMcwDAMEALyEyQMEALyEygME
ALyE0QMEAbyE1AMEAbyE6gMEANREOgMEANREPDANBgkqhkiG9w0BAQsFAAOCAQEA
ZmSVX38gGf8IPClIin+mXP6WF99KIyZZR7MSje1ipH7yTGL+0KFUxsYeQiNoVWYU
jYJ8cJ1wG9yCJ8whDBj5W2p0haatG1H4n58KqCRK2q8HDcBRF2aC8rbpRElxzwY+
O+7jp27zmFtQEOr0KP8O/8Wbyi9KfB0qfUHT/UTWni/1pYyccjVeKZdwv8pOeUmb
VqtmJorR3ebS7q8M76HQ54vVDr2/IvJo4ArK9b8+f6t5aeRVBzxhonBF6/EhrfHz
m3piwIjeNP2ivR6sm8PECiMYPwF4jKPuCpWb2IjWMsSTVcVUC7IhrMYy8xw/9Q3v
0wpHk6r9xcQ/O9MUhuLYsw==
-----END CERTIFICATE-----
Generated at Wed Aug 6 16:20:24 2025 by rpki-client