Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/iOBndMAtRYjdd4nI6OQWrWkGyaM.roa
File:                     iOBndMAtRYjdd4nI6OQWrWkGyaM.roa (raw, json)
Hash identifier:          AELuuM2xWBmQmKZq9h3C0xBIjOiYeyVIInHWWjjNIic=
Subject key identifier:   88:E0:67:74:C0:2D:45:88:DD:77:89:C8:E8:E4:16:AD:69:06:C9:A3
Certificate issuer:       /CN=84bfc451fc4f2411addd00a9fbb17346ad6e8996
Certificate serial:       019880C919BAE8597FA466A8965ED3CDDE0A
Authority key identifier: 84:BF:C4:51:FC:4F:24:11:AD:DD:00:A9:FB:B1:73:46:AD:6E:89:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hL_EUfxPJBGt3QCp-7FzRq1uiZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/iOBndMAtRYjdd4nI6OQWrWkGyaM.roa
Signing time:             Wed 06 Aug 2025 19:08:39 +0000
ROA not before:           Wed 06 Aug 2025 19:08:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207375
IP address blocks:        31.14.182.0/24 maxlen: 24
                          37.156.69.0/24 maxlen: 24
                          37.156.70.0/24 maxlen: 24
                          45.81.169.0/24 maxlen: 24
                          45.81.170.0/23 maxlen: 23
                          45.81.170.0/24 maxlen: 24
                          45.81.171.0/24 maxlen: 24
                          84.247.44.0/23 maxlen: 25
                          85.204.109.0/24 maxlen: 24
                          86.105.24.0/24 maxlen: 24
                          86.105.232.0/24 maxlen: 24
                          86.107.186.0/23 maxlen: 23
                          89.32.171.0/24 maxlen: 24
                          89.32.240.0/21 maxlen: 21
                          89.33.17.0/24 maxlen: 24
                          89.33.30.0/24 maxlen: 24
                          89.33.65.0/24 maxlen: 24
                          89.35.34.0/24 maxlen: 24
                          89.35.76.0/24 maxlen: 24
                          89.35.88.0/24 maxlen: 24
                          89.35.91.0/24 maxlen: 24
                          89.35.163.0/24 maxlen: 24
                          89.35.248.0/24 maxlen: 24
                          89.37.40.0/24 maxlen: 24
                          89.46.40.0/23 maxlen: 23
                          89.47.176.0/23 maxlen: 23
                          89.47.178.0/24 maxlen: 24
                          89.47.180.0/23 maxlen: 23
                          89.47.182.0/24 maxlen: 24
                          93.113.72.0/21 maxlen: 21
                          176.223.144.0/20 maxlen: 20
                          188.211.172.0/22 maxlen: 22
                          188.212.157.0/24 maxlen: 24
                          188.213.86.0/23 maxlen: 23
                          188.240.70.0/24 maxlen: 24
                          193.164.216.0/23 maxlen: 23
                          2a00:bba0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/hL_EUfxPJBGt3QCp-7FzRq1uiZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/hL_EUfxPJBGt3QCp-7FzRq1uiZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hL_EUfxPJBGt3QCp-7FzRq1uiZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:80:c9:19:ba:e8:59:7f:a4:66:a8:96:5e:d3:cd:de:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84bfc451fc4f2411addd00a9fbb17346ad6e8996
        Validity
            Not Before: Aug  6 19:08:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88e06774c02d4588dd7789c8e8e416ad6906c9a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d6:c1:48:0e:8d:51:99:02:52:d6:0f:4e:c0:
                    0e:5e:bd:94:34:e9:d9:f0:53:79:49:e1:ed:80:4e:
                    e9:5b:d5:11:9f:db:18:4e:03:c4:ee:01:f3:2a:91:
                    6e:af:9a:7b:fe:62:7e:f5:ea:54:73:35:8c:ba:2a:
                    c7:27:fe:57:51:d0:96:8f:33:6b:18:bb:d7:f3:cb:
                    43:46:8d:ab:e6:9a:d4:91:6d:42:6d:21:e9:63:5e:
                    12:93:0b:fc:98:ab:28:b0:8b:55:9a:1b:63:79:ea:
                    29:aa:fa:fc:72:55:05:4d:aa:1d:95:04:8e:97:83:
                    e1:90:c1:8e:0e:ff:9c:a0:b8:1d:30:15:d5:5a:f1:
                    2e:df:63:e4:93:c4:34:64:7e:74:0a:29:95:84:bc:
                    eb:8b:8f:49:31:be:10:ad:c4:53:36:f4:0c:51:dd:
                    ff:d1:e6:3b:87:03:26:69:81:0f:ad:63:a0:e3:c3:
                    83:4a:f3:90:f0:9d:47:b2:bd:c3:16:0f:31:df:74:
                    e1:b7:a8:ba:1e:ab:72:23:cc:40:1c:a2:b0:d8:f0:
                    a6:ab:7e:2e:4a:30:a8:d4:79:79:01:73:1d:f8:cc:
                    cc:ae:c0:e3:13:7f:a7:89:76:0d:0d:fe:2c:29:b8:
                    d8:3f:f1:90:97:2c:d3:b4:3a:84:49:45:b0:41:5b:
                    b0:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:E0:67:74:C0:2D:45:88:DD:77:89:C8:E8:E4:16:AD:69:06:C9:A3
            X509v3 Authority Key Identifier:
                keyid:84:BF:C4:51:FC:4F:24:11:AD:DD:00:A9:FB:B1:73:46:AD:6E:89:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hL_EUfxPJBGt3QCp-7FzRq1uiZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/iOBndMAtRYjdd4nI6OQWrWkGyaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/b7be64-86d4-443b-9686-f66317977968/1/hL_EUfxPJBGt3QCp-7FzRq1uiZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.182.0/24
                  37.156.69.0-37.156.70.255
                  45.81.169.0-45.81.171.255
                  84.247.44.0/23
                  85.204.109.0/24
                  86.105.24.0/24
                  86.105.232.0/24
                  86.107.186.0/23
                  89.32.171.0/24
                  89.32.240.0/21
                  89.33.17.0/24
                  89.33.30.0/24
                  89.33.65.0/24
                  89.35.34.0/24
                  89.35.76.0/24
                  89.35.88.0/24
                  89.35.91.0/24
                  89.35.163.0/24
                  89.35.248.0/24
                  89.37.40.0/24
                  89.46.40.0/23
                  89.47.176.0-89.47.178.255
                  89.47.180.0-89.47.182.255
                  93.113.72.0/21
                  176.223.144.0/20
                  188.211.172.0/22
                  188.212.157.0/24
                  188.213.86.0/23
                  188.240.70.0/24
                  193.164.216.0/23
                IPv6:
                  2a00:bba0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:30:77:1c:d2:b5:01:0f:42:7d:f3:fd:ba:8c:05:1a:62:36:
         04:52:9f:f1:b8:b0:e7:86:63:65:70:32:05:91:09:08:dd:4c:
         39:a2:11:9c:5f:eb:c7:ee:8e:c2:fa:51:7b:b2:2b:9f:de:77:
         8a:19:a9:f0:8d:52:54:f6:bd:9a:f0:1b:52:0d:64:55:be:11:
         3b:cd:18:dc:c5:9d:17:00:d0:ef:51:0f:42:e3:cb:fb:17:1a:
         89:cd:fb:04:11:29:6a:29:1b:13:a9:4b:dc:a7:78:e9:b7:5d:
         e5:f7:14:1e:b9:ec:ec:d3:9b:a9:e5:6a:ac:f1:95:0d:30:20:
         c9:17:3f:74:45:9b:5c:0d:f7:ab:21:a9:23:c1:80:ef:1e:7e:
         a5:d2:31:a5:32:4d:0b:0a:ac:d3:14:29:b1:6f:85:3a:51:dd:
         e4:6c:69:5e:23:f0:2c:e6:95:c7:37:40:63:4e:b5:dd:d9:f3:
         7c:85:b4:6d:2d:9c:69:f4:32:6c:cd:ee:8c:98:10:63:0a:86:
         23:58:e6:3a:38:d8:50:fd:fe:b7:b1:72:12:de:d0:79:b9:05:
         91:d1:1d:db:15:67:38:dd:2a:54:b1:fe:51:22:84:f8:94:0d:
         b3:a7:03:4b:ec:b8:a2:06:7d:21:bb:d7:3a:41:bb:fd:07:2e:
         4c:a3:2d:3d
-----BEGIN CERTIFICATE-----
MIIF4DCCBMigAwIBAgISAZiAyRm66Fl/pGaoll7Tzd4KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YmZjNDUxZmM0ZjI0MTFhZGRkMDBhOWZiYjE3MzQ2YWQ2
ZTg5OTYwHhcNMjUwODA2MTkwODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGUwNjc3NGMwMmQ0NTg4ZGQ3Nzg5YzhlOGU0MTZhZDY5MDZjOWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNbBSA6NUZkCUtYPTsAOXr2UNOnZ
8FN5SeHtgE7pW9URn9sYTgPE7gHzKpFur5p7/mJ+9epUczWMuirHJ/5XUdCWjzNr
GLvX88tDRo2r5prUkW1CbSHpY14Skwv8mKsosItVmhtjeeopqvr8clUFTaodlQSO
l4PhkMGODv+coLgdMBXVWvEu32Pkk8Q0ZH50CimVhLzri49JMb4QrcRTNvQMUd3/
0eY7hwMmaYEPrWOg48ODSvOQ8J1Hsr3DFg8x33Tht6i6HqtyI8xAHKKw2PCmq34u
SjCo1Hl5AXMd+MzMrsDjE3+niXYNDf4sKbjYP/GQlyzTtDqESUWwQVuwMwIDAQAB
o4IC7DCCAugwHQYDVR0OBBYEFIjgZ3TALUWI3XeJyOjkFq1pBsmjMB8GA1UdIwQY
MBaAFIS/xFH8TyQRrd0Aqfuxc0atbomWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExfRVVmeFBKQkd0M1FDcC03RnpScTF1aVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9iN2JlNjQtODZkNC00NDNiLTk2ODYt
ZjY2MzE3OTc3OTY4LzEvaU9CbmRNQXRSWWpkZDRuSTZPUVdyV2tHeWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9iN2JlNjQtODZkNC00NDNiLTk2ODYtZjY2MzE3OTc3OTY4
LzEvaExfRVVmeFBKQkd0M1FDcC03RnpScTF1aVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAAYIKwYBBQUHAQcBAf8EgfAwge0wgdsEAgABMIHUAwQA
Hw62MAwDBAAlnEUDBAAlnEYwDAMEAC1RqQMEAi1RqAMEAVT3LAMEAFXMbQMEAFZp
GAMEAFZp6AMEAVZrugMEAFkgqwMEA1kg8AMEAFkhEQMEAFkhHgMEAFkhQQMEAFkj
IgMEAFkjTAMEAFkjWAMEAFkjWwMEAFkjowMEAFkj+AMEAFklKAMEAVkuKDAMAwQE
WS+wAwQAWS+yMAwDBAJZL7QDBABZL7YDBANdcUgDBASw35ADBAK806wDBAC81J0D
BAG81VYDBAC88EYDBAHBpNgwDQQCAAIwBwMFACoAu6AwDQYJKoZIhvcNAQELBQAD
ggEBAF4wdxzStQEPQn3z/bqMBRpiNgRSn/G4sOeGY2VwMgWRCQjdTDmiEZxf68fu
jsL6UXuyK5/ed4oZqfCNUlT2vZrwG1INZFW+ETvNGNzFnRcA0O9RD0Ljy/sXGonN
+wQRKWopGxOpS9yneOm3XeX3FB657OzTm6nlaqzxlQ0wIMkXP3RFm1wN96shqSPB
gO8efqXSMaUyTQsKrNMUKbFvhTpR3eRsaV4j8Czmlcc3QGNOtd3Z83yFtG0tnGn0
MmzN7oyYEGMKhiNY5jo42FD9/rexchLe0Hm5BZHRHdsVZzjdKlSx/lEihPiUDbOn
A0vsuKIGfSG71zpBu/0HLkyjLT0=
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:48:41 2025 by rpki-client