Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/y1QG8rNRxHH4G33_dAf5mFctTJc.roa
File:                     y1QG8rNRxHH4G33_dAf5mFctTJc.roa (raw, json)
Hash identifier:          OIUUq3pDqUrl985i9SFZTK/n+FEDeMGsYB2+Lkw9VRM=
Subject key identifier:   CB:54:06:F2:B3:51:C4:71:F8:1B:7D:FF:74:07:F9:98:57:2D:4C:97
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01975DEFADAA595188E1B9CF9C3434534985
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/y1QG8rNRxHH4G33_dAf5mFctTJc.roa
Signing time:             Wed 11 Jun 2025 07:41:17 +0000
ROA not before:           Wed 11 Jun 2025 07:41:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        45.135.182.0/24 maxlen: 24
                          45.135.183.0/24 maxlen: 24
                          89.34.106.0/24 maxlen: 24
                          93.114.183.0/24 maxlen: 24
                          93.115.106.0/24 maxlen: 24
                          93.115.203.0/24 maxlen: 24
                          94.177.106.0/24 maxlen: 24
                          194.85.251.0/24 maxlen: 24
                          202.71.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5d:ef:ad:aa:59:51:88:e1:b9:cf:9c:34:34:53:49:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun 11 07:41:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb5406f2b351c471f81b7dff7407f998572d4c97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2c:7f:e0:1e:60:e7:61:c6:f0:b5:9e:60:c4:
                    40:8b:68:c4:64:be:19:27:76:91:32:5b:9c:0d:fe:
                    2d:a8:a9:b2:fc:ab:ee:6b:74:f7:59:d7:6d:56:38:
                    33:79:35:fb:73:73:47:97:62:3e:9e:0c:f6:c0:db:
                    79:50:d1:d2:d7:6d:d2:df:6d:11:15:3a:da:a6:cd:
                    6e:67:79:5d:70:e4:f8:34:99:62:df:7d:eb:78:5a:
                    5a:cd:9d:1c:04:90:01:ea:2f:cc:5e:c4:b9:20:52:
                    2d:05:b1:d6:79:85:34:d9:ec:22:53:6d:7f:9b:e8:
                    de:79:9e:61:b0:1b:5c:fd:fe:85:60:2a:60:96:2b:
                    d8:81:b9:b4:d3:11:7c:fc:7e:8f:dc:76:19:3e:5d:
                    4f:cb:b4:c0:1a:30:8f:e6:dd:84:f7:2c:32:69:27:
                    3b:fd:01:16:58:3b:57:8b:f1:23:10:f7:90:fa:d1:
                    ce:2e:e7:fd:40:0a:60:b0:08:7f:94:ab:44:86:ad:
                    d8:23:77:db:06:c1:4f:7b:b4:c8:84:00:7f:36:db:
                    ca:1e:d5:fc:ec:7a:68:96:b5:e6:99:f7:23:9b:55:
                    1a:5a:76:2b:71:9c:71:f9:ed:ea:50:f5:d9:67:2c:
                    15:7e:98:c8:e1:34:95:d9:07:60:2d:df:cf:72:99:
                    61:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:54:06:F2:B3:51:C4:71:F8:1B:7D:FF:74:07:F9:98:57:2D:4C:97
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/y1QG8rNRxHH4G33_dAf5mFctTJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.182.0/23
                  89.34.106.0/24
                  93.114.183.0/24
                  93.115.106.0/24
                  93.115.203.0/24
                  94.177.106.0/24
                  194.85.251.0/24
                  202.71.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:85:f9:4d:61:a4:64:70:ea:7d:0b:75:5d:c6:c2:15:32:41:
         fc:4a:3e:6b:6a:e4:53:07:db:df:ac:70:52:c4:1c:38:4a:28:
         2d:96:f4:c1:58:e6:d9:75:32:c1:bf:71:c2:dc:16:53:93:f5:
         0b:f5:e0:83:ff:1b:8b:df:b7:8a:ee:a3:4b:26:a1:cf:f0:63:
         8d:10:2f:a1:95:3f:91:55:b6:20:fe:ab:50:53:15:2c:1e:91:
         44:4f:81:0e:17:30:8f:fa:48:1b:44:0d:c0:d4:15:4e:4b:af:
         7b:b4:cf:b4:ad:68:aa:10:9d:20:ee:18:a2:81:6a:b1:65:85:
         4c:00:9b:ab:3c:d0:bc:cf:fe:7b:0b:02:ba:81:c9:e7:5a:94:
         19:e2:9e:52:c7:78:5b:cd:e6:ce:11:59:5a:5c:7d:c1:b5:38:
         6e:e0:49:d6:b7:ff:8e:85:10:9a:f5:a1:23:c1:28:b4:8a:67:
         21:8b:e7:be:0e:7e:59:8d:3d:66:1e:dc:97:4e:67:c1:12:2d:
         64:91:56:3f:a9:74:17:b8:67:d3:f2:42:fd:62:63:28:08:27:
         fc:20:be:65:de:d3:00:ca:75:d0:cd:34:61:22:7a:3b:bf:5d:
         dd:cc:8e:73:40:1a:aa:20:78:02:94:b9:46:df:d2:6b:03:4d:
         5f:60:cc:25
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZdd762qWVGI4bnPnDQ0U0mFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwNjExMDc0MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjU0MDZmMmIzNTFjNDcxZjgxYjdkZmY3NDA3Zjk5ODU3MmQ0Yzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSx/4B5g52HG8LWeYMRAi2jEZL4Z
J3aRMlucDf4tqKmy/Kvua3T3WddtVjgzeTX7c3NHl2I+ngz2wNt5UNHS123S320R
FTraps1uZ3ldcOT4NJli333reFpazZ0cBJAB6i/MXsS5IFItBbHWeYU02ewiU21/
m+jeeZ5hsBtc/f6FYCpglivYgbm00xF8/H6P3HYZPl1Py7TAGjCP5t2E9ywyaSc7
/QEWWDtXi/EjEPeQ+tHOLuf9QApgsAh/lKtEhq3YI3fbBsFPe7TIhAB/NtvKHtX8
7HpolrXmmfcjm1UaWnYrcZxx+e3qUPXZZywVfpjI4TSV2QdgLd/Pcplh8QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFMtUBvKzUcRx+Bt9/3QH+ZhXLUyXMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEveTFRRzhyTlJ4SEg0RzMzX2RBZjVtRmN0VEpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBLYe2AwQA
WSJqAwQAXXK3AwQAXXNqAwQAXXPLAwQAXrFqAwQAwlX7AwQAykcPMA0GCSqGSIb3
DQEBCwUAA4IBAQBqhflNYaRkcOp9C3VdxsIVMkH8Sj5rauRTB9vfrHBSxBw4Sigt
lvTBWObZdTLBv3HC3BZTk/UL9eCD/xuL37eK7qNLJqHP8GONEC+hlT+RVbYg/qtQ
UxUsHpFET4EOFzCP+kgbRA3A1BVOS697tM+0rWiqEJ0g7hiigWqxZYVMAJurPNC8
z/57CwK6gcnnWpQZ4p5Sx3hbzebOEVlaXH3BtThu4EnWt/+OhRCa9aEjwSi0imch
i+e+Dn5ZjT1mHtyXTmfBEi1kkVY/qXQXuGfT8kL9YmMoCCf8IL5l3tMAynXQzTRh
Ino7v13dzI5zQBqqIHgClLlG39JrA01fYMwl
-----END CERTIFICATE-----
Generated at Sun Jun 15 18:36:55 2025 by rpki-client