Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/lOoV_awaoXNj1bfhx0bx4WIBK_o.roa
File:                     lOoV_awaoXNj1bfhx0bx4WIBK_o.roa (raw, json)
Hash identifier:          Oj6EJtwaCyCNiMtSUcVlupYUT3Tc0ATPehxbzKeY1zw=
Subject key identifier:   94:EA:15:FD:AC:1A:A1:73:63:D5:B7:E1:C7:46:F1:E1:62:01:2B:FA
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       019623715564D919BEB64215F3919BAC117C
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/lOoV_awaoXNj1bfhx0bx4WIBK_o.roa
Signing time:             Fri 11 Apr 2025 06:02:32 +0000
ROA not before:           Fri 11 Apr 2025 06:02:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54994
IP address blocks:        91.194.205.0/24 maxlen: 24
                          91.202.200.0/24 maxlen: 24
                          93.188.135.0/24 maxlen: 24
                          148.253.34.0/24 maxlen: 24
                          148.253.36.0/24 maxlen: 24
                          148.253.41.0/24 maxlen: 24
                          148.253.42.0/24 maxlen: 24
                          148.253.44.0/24 maxlen: 24
                          148.253.47.0/24 maxlen: 24
                          148.253.60.0/24 maxlen: 24
                          148.253.61.0/24 maxlen: 24
                          148.253.62.0/24 maxlen: 24
                          148.253.63.0/24 maxlen: 24
                          148.253.228.0/24 maxlen: 24
                          148.253.229.0/24 maxlen: 24
                          148.253.231.0/24 maxlen: 24
                          148.253.232.0/24 maxlen: 24
                          148.253.233.0/24 maxlen: 24
                          148.253.234.0/24 maxlen: 24
                          148.253.235.0/24 maxlen: 24
                          148.253.237.0/24 maxlen: 24
                          148.253.239.0/24 maxlen: 24
                          148.253.244.0/24 maxlen: 24
                          148.253.245.0/24 maxlen: 24
                          148.253.246.0/24 maxlen: 24
                          148.253.248.0/24 maxlen: 24
                          151.249.92.0/24 maxlen: 24
                          151.249.93.0/24 maxlen: 24
                          151.249.94.0/24 maxlen: 24
                          163.171.64.0/24 maxlen: 24
                          163.171.67.0/24 maxlen: 24
                          163.171.70.0/24 maxlen: 24
                          163.171.71.0/24 maxlen: 24
                          163.171.77.0/24 maxlen: 24
                          163.171.84.0/24 maxlen: 24
                          163.171.85.0/24 maxlen: 24
                          163.171.87.0/24 maxlen: 24
                          163.171.93.0/24 maxlen: 24
                          163.171.94.0/24 maxlen: 24
                          163.171.96.0/24 maxlen: 24
                          163.171.97.0/24 maxlen: 24
                          163.171.98.0/24 maxlen: 24
                          163.171.101.0/24 maxlen: 24
                          163.171.102.0/24 maxlen: 24
                          163.171.103.0/24 maxlen: 24
                          163.171.104.0/24 maxlen: 24
                          163.171.119.0/24 maxlen: 24
                          163.171.126.0/24 maxlen: 24
                          163.171.143.0/24 maxlen: 24
                          163.171.153.0/24 maxlen: 24
                          163.171.166.0/24 maxlen: 24
                          163.171.176.0/24 maxlen: 24
                          163.171.177.0/24 maxlen: 24
                          163.171.182.0/24 maxlen: 24
                          163.171.188.0/24 maxlen: 24
                          163.171.198.0/24 maxlen: 24
                          163.171.207.0/24 maxlen: 24
                          163.171.222.0/24 maxlen: 24
                          163.171.224.0/24 maxlen: 24
                          163.171.225.0/24 maxlen: 24
                          163.171.230.0/24 maxlen: 24
                          163.171.231.0/24 maxlen: 24
                          163.171.234.0/24 maxlen: 24
                          163.171.249.0/24 maxlen: 24
                          163.171.252.0/24 maxlen: 24
                          185.27.230.0/24 maxlen: 24
                          194.107.19.0/24 maxlen: 24
                          2a01:53c0:ffc6::/48 maxlen: 48
                          2a01:53c0:ffe7::/48 maxlen: 48
                          2a01:53c0:fff2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 06:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:23:71:55:64:d9:19:be:b6:42:15:f3:91:9b:ac:11:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Apr 11 06:02:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94ea15fdac1aa17363d5b7e1c746f1e162012bfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:fe:19:1c:2e:85:b8:54:e7:da:af:31:52:31:
                    88:76:68:19:a4:9c:08:43:e5:04:db:8b:61:bd:3a:
                    9f:bf:a3:07:81:fa:d6:91:7f:f0:91:c5:73:f3:06:
                    51:61:7b:ee:1c:08:b9:81:11:7f:b2:55:41:1a:97:
                    f2:40:c2:7a:fc:df:c7:5f:8b:e1:55:f3:e2:9f:50:
                    17:54:a7:a8:ab:c2:6c:5a:24:21:fe:7e:f5:57:40:
                    42:00:87:c4:09:66:53:c7:d2:91:d5:e4:8e:96:49:
                    e7:fc:64:1e:4c:9b:4c:0b:91:e3:03:83:c9:5d:03:
                    68:76:71:0a:7b:8a:58:80:8e:53:55:29:69:53:6a:
                    64:c0:ea:28:28:c7:3c:12:94:b3:dc:4a:c6:5d:49:
                    4e:b9:f9:ae:96:5d:c6:67:89:3b:d0:a1:20:9f:7f:
                    2b:ae:28:d6:3c:ab:4b:42:da:32:86:ef:71:d7:90:
                    0d:52:72:81:73:1f:75:fa:9c:fe:cd:da:19:ff:51:
                    fd:18:8c:19:ca:0d:17:86:af:0f:00:2b:71:f9:66:
                    6d:be:be:f8:5d:f0:df:6a:8d:17:e2:33:3f:b5:e5:
                    71:5d:3f:ba:8e:a0:60:f3:3b:40:83:4b:e5:b5:6c:
                    68:03:65:a9:95:e6:66:ce:c9:fa:70:7f:5d:d8:fc:
                    b2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:EA:15:FD:AC:1A:A1:73:63:D5:B7:E1:C7:46:F1:E1:62:01:2B:FA
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/lOoV_awaoXNj1bfhx0bx4WIBK_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.205.0/24
                  91.202.200.0/24
                  93.188.135.0/24
                  148.253.34.0/24
                  148.253.36.0/24
                  148.253.41.0-148.253.42.255
                  148.253.44.0/24
                  148.253.47.0/24
                  148.253.60.0/22
                  148.253.228.0/23
                  148.253.231.0-148.253.235.255
                  148.253.237.0/24
                  148.253.239.0/24
                  148.253.244.0-148.253.246.255
                  148.253.248.0/24
                  151.249.92.0-151.249.94.255
                  163.171.64.0/24
                  163.171.67.0/24
                  163.171.70.0/23
                  163.171.77.0/24
                  163.171.84.0/23
                  163.171.87.0/24
                  163.171.93.0-163.171.94.255
                  163.171.96.0-163.171.98.255
                  163.171.101.0-163.171.104.255
                  163.171.119.0/24
                  163.171.126.0/24
                  163.171.143.0/24
                  163.171.153.0/24
                  163.171.166.0/24
                  163.171.176.0/23
                  163.171.182.0/24
                  163.171.188.0/24
                  163.171.198.0/24
                  163.171.207.0/24
                  163.171.222.0/24
                  163.171.224.0/23
                  163.171.230.0/23
                  163.171.234.0/24
                  163.171.249.0/24
                  163.171.252.0/24
                  185.27.230.0/24
                  194.107.19.0/24
                IPv6:
                  2a01:53c0:ffc6::/48
                  2a01:53c0:ffe7::/48
                  2a01:53c0:fff2::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:43:dc:e5:e8:90:a3:f1:be:6d:6c:8a:2b:66:43:09:c9:d8:
         04:df:d9:cb:38:e3:08:aa:d6:6a:9b:98:f8:4a:91:07:ec:69:
         05:fd:1f:a1:80:2f:74:8d:27:25:44:86:50:04:cb:f5:53:21:
         10:8d:e6:58:4c:a9:34:46:c2:bb:9f:ba:60:55:cd:02:8d:a1:
         9f:de:41:49:8e:a6:f8:3a:ae:09:22:9b:19:90:1c:c6:f7:d8:
         f0:55:b2:67:79:4e:99:1b:f7:46:4d:b7:90:6a:27:87:bb:71:
         33:fe:9e:e9:f8:4d:10:5b:10:c3:1c:00:5a:65:24:2b:fa:ef:
         96:c1:d0:c6:c1:8d:37:5f:e1:f1:58:05:e3:27:e2:76:99:df:
         af:24:e4:1e:1e:17:63:14:73:8a:76:f0:b4:ea:84:4e:36:65:
         d0:6c:24:6a:15:0e:2d:d8:cf:88:6f:46:04:b1:43:d5:84:ed:
         30:d6:13:27:14:e1:01:a7:fd:47:84:78:ea:a4:94:05:7e:59:
         7f:cb:cf:da:95:fd:cb:c9:5e:ab:46:83:46:1e:45:c2:e2:bd:
         de:41:16:5a:06:9c:58:af:95:e9:79:73:93:38:83:08:1d:a7:
         54:39:38:13:ff:3d:b8:eb:e1:52:31:c9:4f:c7:61:c4:b8:ad:
         1c:31:22:4e
-----BEGIN CERTIFICATE-----
MIIGXjCCBUagAwIBAgISAZYjcVVk2Rm+tkIV85GbrBF8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjUwNDExMDYwMjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGVhMTVmZGFjMWFhMTczNjNkNWI3ZTFjNzQ2ZjFlMTYyMDEyYmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkv4ZHC6FuFTn2q8xUjGIdmgZpJwI
Q+UE24thvTqfv6MHgfrWkX/wkcVz8wZRYXvuHAi5gRF/slVBGpfyQMJ6/N/HX4vh
VfPin1AXVKeoq8JsWiQh/n71V0BCAIfECWZTx9KR1eSOlknn/GQeTJtMC5HjA4PJ
XQNodnEKe4pYgI5TVSlpU2pkwOooKMc8EpSz3ErGXUlOufmull3GZ4k70KEgn38r
rijWPKtLQtoyhu9x15ANUnKBcx91+pz+zdoZ/1H9GIwZyg0Xhq8PACtx+WZtvr74
XfDfao0X4jM/teVxXT+6jqBg8ztAg0vltWxoA2WpleZmzsn6cH9d2PyyiwIDAQAB
o4IDajCCA2YwHQYDVR0OBBYEFJTqFf2sGqFzY9W34cdG8eFiASv6MB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvbE9vVl9hd2FvWE5qMWJmaHgwYng0V0lCS19vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBfgYIKwYBBQUHAQcBAf8EggFtMIIBaTCCAUIEAgABMIIB
OgMEAFvCzQMEAFvKyAMEAF28hwMEAJT9IgMEAJT9JDAMAwQAlP0pAwQAlP0qAwQA
lP0sAwQAlP0vAwQClP08AwQBlP3kMAwDBACU/ecDBAKU/egDBACU/e0DBACU/e8w
DAMEApT99AMEAJT99gMEAJT9+DAMAwQCl/lcAwQAl/leAwQAo6tAAwQAo6tDAwQB
o6tGAwQAo6tNAwQBo6tUAwQAo6tXMAwDBACjq10DBACjq14wDAMEBaOrYAMEAKOr
YjAMAwQAo6tlAwQAo6toAwQAo6t3AwQAo6t+AwQAo6uPAwQAo6uZAwQAo6umAwQB
o6uwAwQAo6u2AwQAo6u8AwQAo6vGAwQAo6vPAwQAo6veAwQBo6vgAwQBo6vmAwQA
o6vqAwQAo6v5AwQAo6v8AwQAuRvmAwQAwmsTMCEEAgACMBsDBwAqAVPA/8YDBwAq
AVPA/+cDBwAqAVPA//IwDQYJKoZIhvcNAQELBQADggEBABZD3OXokKPxvm1siitm
QwnJ2ATf2cs44wiq1mqbmPhKkQfsaQX9H6GAL3SNJyVEhlAEy/VTIRCN5lhMqTRG
wrufumBVzQKNoZ/eQUmOpvg6rgkimxmQHMb32PBVsmd5Tpkb90ZNt5BqJ4e7cTP+
nun4TRBbEMMcAFplJCv675bB0MbBjTdf4fFYBeMn4naZ368k5B4eF2MUc4p28LTq
hE42ZdBsJGoVDi3Yz4hvRgSxQ9WE7TDWEycU4QGn/UeEeOqklAV+WX/Lz9qV/cvJ
XqtGg0YeRcLivd5BFloGnFivlel5c5M4gwgdp1Q5OBP/Pbjr4VIxyU/HYcS4rRwx
Ik4=
-----END CERTIFICATE-----
Generated at Fri May 2 13:19:20 2025 by rpki-client