Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/bNvYJ9gWJ8kNfuPGM2gMblNP1Vg.roa
File:                     bNvYJ9gWJ8kNfuPGM2gMblNP1Vg.roa (raw, json)
Hash identifier:          5xJ3XMGQJkGgc451AByVlt+IeOC4SDhL73xVYav4LWU=
Subject key identifier:   6C:DB:D8:27:D8:16:27:C9:0D:7E:E3:C6:33:68:0C:6E:53:4F:D5:58
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       0198566532A89B1228BCACF53889D032346A
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/bNvYJ9gWJ8kNfuPGM2gMblNP1Vg.roa
Signing time:             Tue 29 Jul 2025 13:35:29 +0000
ROA not before:           Tue 29 Jul 2025 13:35:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215287
IP address blocks:        79.172.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 11:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:56:65:32:a8:9b:12:28:bc:ac:f5:38:89:d0:32:34:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jul 29 13:35:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6cdbd827d81627c90d7ee3c633680c6e534fd558
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f1:7f:8c:cd:76:0a:6c:a5:34:32:85:63:14:
                    fb:fc:79:52:d6:00:5d:f9:12:9e:ab:cf:a0:1e:22:
                    bf:e7:09:ff:fe:a5:8d:2f:58:10:b2:b1:af:41:fe:
                    01:de:91:ee:9a:73:d8:3b:93:0c:d8:7b:32:b3:ac:
                    d3:03:9c:1f:8e:49:89:e3:32:9f:c0:1c:fb:51:a5:
                    d6:6f:ee:bf:6b:ba:1a:d5:a6:05:ee:21:1b:78:d6:
                    7c:51:1e:cc:f8:a6:25:3a:5a:5c:56:2a:2e:18:3e:
                    6a:b8:17:d0:fc:5d:cf:61:23:17:3f:db:ad:94:e0:
                    66:89:8b:8f:79:f9:af:76:8a:c2:10:59:b6:a6:0d:
                    bd:af:b8:cf:c7:03:74:ec:67:80:d3:77:c9:4c:0f:
                    ca:cc:b7:be:3a:dc:50:47:ff:b2:e1:1c:f9:f3:5f:
                    4c:3f:4b:27:8c:bb:b9:87:20:38:39:62:88:1a:e5:
                    aa:50:9c:0b:ba:ca:3b:47:2e:d0:e4:80:87:1a:43:
                    a0:00:ca:d6:e4:c7:39:65:f5:a8:27:a8:ee:d5:a8:
                    a1:a0:0e:0e:a4:ad:b0:86:84:30:2f:e7:8f:5b:d2:
                    cc:ad:46:d5:60:67:47:13:25:94:5f:4b:fb:4c:10:
                    58:91:f6:00:55:62:6d:ba:db:4a:ac:fa:34:c7:24:
                    61:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:DB:D8:27:D8:16:27:C9:0D:7E:E3:C6:33:68:0C:6E:53:4F:D5:58
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/bNvYJ9gWJ8kNfuPGM2gMblNP1Vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:e4:94:35:54:d1:d9:22:c5:7e:69:07:a9:cf:a6:ba:81:cb:
         5c:a4:42:5d:0d:66:1f:e8:6d:2f:29:97:b9:c8:f5:4b:71:32:
         55:fd:e5:28:4e:8d:51:f3:d8:d7:3a:41:a4:e5:a8:33:34:7f:
         10:7c:55:59:22:21:6d:f8:63:51:31:b5:ae:fe:ba:b8:54:fd:
         08:33:fd:cf:59:59:04:1d:a0:a1:3e:ce:d0:7c:57:65:3f:11:
         ee:93:94:3a:84:d1:b3:09:86:74:98:15:b6:9a:a5:c5:5e:2b:
         5d:a2:d4:76:19:5f:c4:a0:ba:ed:08:2e:74:d2:c4:d4:ae:18:
         22:db:1d:2c:35:77:ae:bc:99:6b:bc:17:92:90:0f:86:01:b7:
         8d:6c:28:8f:3d:9d:1b:93:33:d0:6d:df:e7:ec:b2:de:b3:0f:
         b8:ee:33:c8:d7:1d:09:be:e4:05:5f:53:c3:5f:d6:d0:32:30:
         fb:24:25:49:c1:08:0b:ff:80:52:67:ce:cc:a7:ad:c8:e8:67:
         70:d1:63:44:81:24:f0:05:45:d5:c1:73:41:63:ba:48:b8:33:
         9b:df:28:c8:8b:35:57:39:bc:38:c0:ab:68:cc:f0:28:10:c6:
         4a:f1:66:d8:2d:03:2c:38:dc:3e:f8:ca:d3:ff:82:42:9e:0f:
         9d:ef:e7:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhWZTKomxIovKz1OInQMjRqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNzI5MTMzNTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2RiZDgyN2Q4MTYyN2M5MGQ3ZWUzYzYzMzY4MGM2ZTUzNGZkNTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfF/jM12CmylNDKFYxT7/HlS1gBd
+RKeq8+gHiK/5wn//qWNL1gQsrGvQf4B3pHumnPYO5MM2Hsys6zTA5wfjkmJ4zKf
wBz7UaXWb+6/a7oa1aYF7iEbeNZ8UR7M+KYlOlpcViouGD5quBfQ/F3PYSMXP9ut
lOBmiYuPefmvdorCEFm2pg29r7jPxwN07GeA03fJTA/KzLe+OtxQR/+y4Rz5819M
P0snjLu5hyA4OWKIGuWqUJwLuso7Ry7Q5ICHGkOgAMrW5Mc5ZfWoJ6ju1aihoA4O
pK2whoQwL+ePW9LMrUbVYGdHEyWUX0v7TBBYkfYAVWJtuttKrPo0xyRhSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzb2CfYFifJDX7jxjNoDG5TT9VYMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvYk52WUo5Z1dKOGtOZnVQR00yZ01ibE5QMVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zIMA0G
CSqGSIb3DQEBCwUAA4IBAQBB5JQ1VNHZIsV+aQepz6a6gctcpEJdDWYf6G0vKZe5
yPVLcTJV/eUoTo1R89jXOkGk5agzNH8QfFVZIiFt+GNRMbWu/rq4VP0IM/3PWVkE
HaChPs7QfFdlPxHuk5Q6hNGzCYZ0mBW2mqXFXitdotR2GV/EoLrtCC500sTUrhgi
2x0sNXeuvJlrvBeSkA+GAbeNbCiPPZ0bkzPQbd/n7LLesw+47jPI1x0JvuQFX1PD
X9bQMjD7JCVJwQgL/4BSZ87Mp63I6Gdw0WNEgSTwBUXVwXNBY7pIuDOb3yjIizVX
Obw4wKtozPAoEMZK8WbYLQMsONw++MrT/4JCng+d7+ej
-----END CERTIFICATE-----
Generated at Wed Aug 6 18:33:41 2025 by rpki-client