Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/o-bQ1skgFBLQm3ifxToIizGZ4qc.roa
File:                     o-bQ1skgFBLQm3ifxToIizGZ4qc.roa (raw, json)
Hash identifier:          A1hDqVD/F4VWhfWj+NNZ6Ng9IUa12cnxudp7YEOGqSQ=
Subject key identifier:   A3:E6:D0:D6:C9:20:14:12:D0:9B:78:9F:C5:3A:08:8B:31:99:E2:A7
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01985BE807D4004F292AD92A7DDD3A9BF7A4
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/o-bQ1skgFBLQm3ifxToIizGZ4qc.roa
Signing time:             Wed 30 Jul 2025 15:16:29 +0000
ROA not before:           Wed 30 Jul 2025 15:16:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206097
IP address blocks:        45.88.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 13:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5b:e8:07:d4:00:4f:29:2a:d9:2a:7d:dd:3a:9b:f7:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jul 30 15:16:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3e6d0d6c9201412d09b789fc53a088b3199e2a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:25:ba:b6:c7:e8:8d:c4:a9:7d:cd:af:dc:22:
                    65:27:51:78:e0:f7:23:28:b6:8e:89:33:04:84:8d:
                    ef:4a:60:0a:3f:db:2f:76:9b:1d:ee:c4:6a:06:fe:
                    5a:d7:94:b9:be:ff:42:cb:14:f9:b3:dc:f1:77:22:
                    66:5e:cb:05:39:90:3a:34:a5:24:a8:c7:5f:f3:1a:
                    67:c4:58:a3:54:0d:f8:0c:75:2d:46:31:4d:44:a9:
                    2b:7f:f8:0f:4e:ea:fe:0a:9d:30:69:80:1f:4c:c7:
                    cb:c8:8b:da:4f:3a:a0:b5:74:5b:10:e8:04:ac:15:
                    8d:fa:02:da:43:e2:f3:35:03:75:94:ec:3a:18:f8:
                    87:5f:20:6b:26:00:17:23:67:4c:20:78:b4:4b:36:
                    6f:59:6a:83:ac:66:8a:0e:1c:71:a1:b9:7a:e4:15:
                    52:c6:3d:06:2e:5a:3d:60:1c:d5:5a:0e:00:4c:6b:
                    f1:9c:d4:45:5b:80:2b:50:44:17:e1:c3:6e:14:9c:
                    7c:33:d8:5a:f1:2c:df:dd:d7:d0:1e:78:11:96:ab:
                    94:dd:b1:13:cc:94:56:bd:31:da:a4:d3:3e:49:97:
                    23:1d:b9:92:2f:16:38:28:48:b1:63:e5:f1:7e:23:
                    8d:65:52:61:4e:17:37:cb:70:32:5e:90:ad:7b:22:
                    42:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:E6:D0:D6:C9:20:14:12:D0:9B:78:9F:C5:3A:08:8B:31:99:E2:A7
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/o-bQ1skgFBLQm3ifxToIizGZ4qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:eb:36:fd:cf:31:b0:0c:6b:df:98:2c:11:a2:77:2b:4f:90:
         35:3e:7f:2d:b3:ce:b8:70:5a:4f:81:8c:0c:9c:7f:7a:95:54:
         af:84:87:f4:f9:fb:ef:b8:90:22:4e:1d:6e:c4:98:ed:d9:bf:
         d3:0a:a1:48:06:0c:0e:4d:88:44:37:c4:7d:00:21:de:94:0c:
         1a:3d:7b:95:75:1e:0a:bb:7e:aa:93:dd:42:dc:5f:70:7a:c0:
         05:5e:df:ff:f1:ae:6d:d8:57:b1:83:85:1e:b0:e1:4d:78:47:
         21:88:46:89:28:8f:a6:e7:b5:b8:88:2d:da:22:da:f2:35:e3:
         51:c5:99:4b:47:e9:74:75:48:d5:0c:5d:81:30:69:95:b9:87:
         81:37:43:60:a8:ee:f5:fe:29:aa:63:87:11:77:9d:a9:ed:00:
         f8:46:11:8a:e4:7e:91:2c:3b:6f:74:8b:73:79:ce:c0:5d:e9:
         6c:ad:76:32:f3:cd:ab:1d:78:db:fc:a0:f6:e6:65:d9:47:d9:
         e7:6e:2e:1d:4f:2b:e2:d6:ed:76:f1:75:ab:65:33:aa:7b:10:
         9b:07:19:c0:f5:30:7b:53:99:04:2b:76:0b:90:e7:54:74:7a:
         fe:2a:2f:84:5e:e8:fa:b5:3e:32:15:1b:fd:31:e7:43:09:4e:
         0d:28:5b:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhb6AfUAE8pKtkqfd06m/ekMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwNzMwMTUxNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2U2ZDBkNmM5MjAxNDEyZDA5Yjc4OWZjNTNhMDg4YjMxOTllMmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9yW6tsfojcSpfc2v3CJlJ1F44Pcj
KLaOiTMEhI3vSmAKP9svdpsd7sRqBv5a15S5vv9CyxT5s9zxdyJmXssFOZA6NKUk
qMdf8xpnxFijVA34DHUtRjFNRKkrf/gPTur+Cp0waYAfTMfLyIvaTzqgtXRbEOgE
rBWN+gLaQ+LzNQN1lOw6GPiHXyBrJgAXI2dMIHi0SzZvWWqDrGaKDhxxobl65BVS
xj0GLlo9YBzVWg4ATGvxnNRFW4ArUEQX4cNuFJx8M9ha8Szf3dfQHngRlquU3bET
zJRWvTHapNM+SZcjHbmSLxY4KEixY+XxfiONZVJhThc3y3AyXpCteyJCoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPm0NbJIBQS0Jt4n8U6CIsxmeKnMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvby1iUTFza2dGQkxRbTNpZnhUb0lpekdaNHFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVgMMA0G
CSqGSIb3DQEBCwUAA4IBAQB+6zb9zzGwDGvfmCwRoncrT5A1Pn8ts864cFpPgYwM
nH96lVSvhIf0+fvvuJAiTh1uxJjt2b/TCqFIBgwOTYhEN8R9ACHelAwaPXuVdR4K
u36qk91C3F9wesAFXt//8a5t2Fexg4UesOFNeEchiEaJKI+m57W4iC3aItryNeNR
xZlLR+l0dUjVDF2BMGmVuYeBN0NgqO71/imqY4cRd52p7QD4RhGK5H6RLDtvdItz
ec7AXelsrXYy882rHXjb/KD25mXZR9nnbi4dTyvi1u128XWrZTOqexCbBxnA9TB7
U5kEK3YLkOdUdHr+Ki+EXuj6tT4yFRv9MedDCU4NKFtS
-----END CERTIFICATE-----
Generated at Wed Aug 6 16:17:05 2025 by rpki-client