Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/s7l_bnMW4yM__kf16EKQOzQgrww.roa
File:                     s7l_bnMW4yM__kf16EKQOzQgrww.roa (raw, json)
Hash identifier:          /3bgCp/Da/4SFXCfZPlSInxEPHoPc1PmEApRmcXOz4c=
Subject key identifier:   B3:B9:7F:6E:73:16:E3:23:3F:FE:47:F5:E8:42:90:3B:34:20:AF:0C
Certificate issuer:       /CN=f62eeb879085c94194297dd9e4cd249cd2516515
Certificate serial:       01987921B60653FC990AB1536E25AD39A2BA
Authority key identifier: F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/s7l_bnMW4yM__kf16EKQOzQgrww.roa
Signing time:             Tue 05 Aug 2025 07:28:29 +0000
ROA not before:           Tue 05 Aug 2025 07:28:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197540
IP address blocks:        2.56.96.0/22 maxlen: 22
                          5.45.96.0/20 maxlen: 32
                          5.181.48.0/22 maxlen: 22
                          5.252.224.0/22 maxlen: 22
                          37.120.160.0/19 maxlen: 32
                          37.120.160.0/20 maxlen: 22
                          37.120.176.0/22 maxlen: 22
                          37.120.182.0/23 maxlen: 24
                          37.120.184.0/21 maxlen: 22
                          37.221.192.0/21 maxlen: 32
                          45.9.60.0/22 maxlen: 22
                          45.83.104.0/22 maxlen: 22
                          45.90.4.0/22 maxlen: 22
                          45.129.180.0/22 maxlen: 22
                          45.132.244.0/22 maxlen: 22
                          45.136.28.0/22 maxlen: 22
                          45.142.176.0/22 maxlen: 22
                          45.157.176.0/22 maxlen: 22
                          46.38.224.0/20 maxlen: 32
                          46.38.240.0/21 maxlen: 32
                          46.38.248.0/22 maxlen: 32
                          46.38.252.0/22 maxlen: 32
                          46.232.248.0/22 maxlen: 22
                          81.16.16.0/22 maxlen: 22
                          85.209.48.0/22 maxlen: 22
                          85.235.64.0/22 maxlen: 22
                          89.58.0.0/22 maxlen: 22
                          89.58.4.0/22 maxlen: 22
                          89.58.8.0/22 maxlen: 22
                          89.58.12.0/22 maxlen: 22
                          89.58.16.0/21 maxlen: 21
                          89.58.20.0/24 maxlen: 24
                          89.58.24.0/22 maxlen: 22
                          89.58.28.0/22 maxlen: 22
                          89.58.32.0/22 maxlen: 22
                          89.58.36.0/22 maxlen: 22
                          89.58.40.0/22 maxlen: 22
                          89.58.44.0/22 maxlen: 22
                          89.58.48.0/22 maxlen: 22
                          89.58.52.0/22 maxlen: 22
                          89.58.56.0/22 maxlen: 22
                          89.58.60.0/22 maxlen: 22
                          91.132.144.0/22 maxlen: 22
                          91.204.44.0/22 maxlen: 24
                          92.60.36.0/22 maxlen: 22
                          93.177.64.0/22 maxlen: 22
                          152.89.104.0/22 maxlen: 22
                          185.16.60.0/22 maxlen: 32
                          185.162.248.0/22 maxlen: 32
                          185.163.116.0/22 maxlen: 22
                          185.170.112.0/22 maxlen: 32
                          185.183.156.0/22 maxlen: 32
                          185.194.140.0/22 maxlen: 22
                          185.207.104.0/22 maxlen: 32
                          185.228.136.0/22 maxlen: 32
                          185.233.104.0/22 maxlen: 32
                          185.243.8.0/22 maxlen: 32
                          185.244.192.0/22 maxlen: 32
                          188.68.32.0/19 maxlen: 32
                          192.145.44.0/22 maxlen: 22
                          193.30.120.0/22 maxlen: 22
                          193.31.24.0/22 maxlen: 22
                          194.13.80.0/22 maxlen: 22
                          194.55.12.0/22 maxlen: 22
                          194.59.204.0/22 maxlen: 22
                          195.128.100.0/22 maxlen: 22
                          213.109.160.0/22 maxlen: 22
                          2a03:4000::/32 maxlen: 48
                          2a03:4001::/32 maxlen: 48
                          2a0a:4cc0::/40 maxlen: 40
                          2a0a:4cc0::/43 maxlen: 43
                          2a0a:4cc0:40::/43 maxlen: 43
                          2a0a:4cc0:80::/43 maxlen: 43
                          2a0a:4cc0:c0::/43 maxlen: 43
                          2a0a:4cc0:fe::/48 maxlen: 48
                          2a0a:4cc0:100::/48 maxlen: 48
                          2a0a:4cc0:2000:4000::/56 maxlen: 56
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:79:21:b6:06:53:fc:99:0a:b1:53:6e:25:ad:39:a2:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f62eeb879085c94194297dd9e4cd249cd2516515
        Validity
            Not Before: Aug  5 07:28:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3b97f6e7316e3233ffe47f5e842903b3420af0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:8f:35:47:95:af:53:b6:08:c5:52:12:04:66:
                    bb:55:c3:24:47:cb:ee:46:12:e6:ab:30:56:85:a3:
                    48:d4:1f:6a:5a:06:76:63:42:2f:d4:69:db:64:b4:
                    1f:6f:5e:e7:7b:35:e0:7f:ba:a5:da:73:cf:07:b3:
                    cf:c4:c0:0f:00:8b:e9:4d:d5:05:9b:e2:62:04:b0:
                    0d:f2:0c:36:12:13:d4:9d:c8:6c:f4:57:69:79:5d:
                    cd:2a:16:fa:79:3b:28:f4:21:7d:59:21:4f:30:01:
                    03:df:b8:59:fb:51:e5:73:02:5a:d0:80:fb:40:93:
                    66:c4:8a:7e:7e:a6:1c:b6:22:a7:d4:fe:6b:f3:1d:
                    53:e7:a8:c2:c6:9a:bb:06:e1:3e:22:8d:c7:9b:55:
                    01:cc:37:16:7d:64:7a:ac:1c:17:56:b0:0c:6a:1e:
                    c4:29:e6:63:35:69:b7:58:f1:63:b7:5d:f1:96:57:
                    43:97:a9:1a:f6:0f:30:12:52:65:f8:33:22:62:bf:
                    af:02:84:2b:5e:0b:d0:66:64:7a:0f:f9:0b:2c:9a:
                    7e:85:ff:ce:be:f9:56:5d:f1:9a:46:bb:e8:3e:3e:
                    3e:1e:0e:bc:7f:33:c0:6e:6f:5c:73:4b:cf:3e:49:
                    e3:65:28:6d:6c:96:a1:37:24:59:68:4c:c6:db:cc:
                    8f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:B9:7F:6E:73:16:E3:23:3F:FE:47:F5:E8:42:90:3B:34:20:AF:0C
            X509v3 Authority Key Identifier:
                keyid:F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/s7l_bnMW4yM__kf16EKQOzQgrww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.96.0/22
                  5.45.96.0/20
                  5.181.48.0/22
                  5.252.224.0/22
                  37.120.160.0/19
                  37.221.192.0/21
                  45.9.60.0/22
                  45.83.104.0/22
                  45.90.4.0/22
                  45.129.180.0/22
                  45.132.244.0/22
                  45.136.28.0/22
                  45.142.176.0/22
                  45.157.176.0/22
                  46.38.224.0/19
                  46.232.248.0/22
                  81.16.16.0/22
                  85.209.48.0/22
                  85.235.64.0/22
                  89.58.0.0/18
                  91.132.144.0/22
                  91.204.44.0/22
                  92.60.36.0/22
                  93.177.64.0/22
                  152.89.104.0/22
                  185.16.60.0/22
                  185.162.248.0/22
                  185.163.116.0/22
                  185.170.112.0/22
                  185.183.156.0/22
                  185.194.140.0/22
                  185.207.104.0/22
                  185.228.136.0/22
                  185.233.104.0/22
                  185.243.8.0/22
                  185.244.192.0/22
                  188.68.32.0/19
                  192.145.44.0/22
                  193.30.120.0/22
                  193.31.24.0/22
                  194.13.80.0/22
                  194.55.12.0/22
                  194.59.204.0/22
                  195.128.100.0/22
                  213.109.160.0/22
                IPv6:
                  2a03:4000::/31
                  2a0a:4cc0::-2a0a:4cc0:100:ffff:ffff:ffff:ffff:ffff
                  2a0a:4cc0:2000:4000::/56

    Signature Algorithm: sha256WithRSAEncryption
         44:7e:73:99:7c:20:39:59:3e:5c:86:60:ea:78:ff:59:ec:6c:
         af:38:f4:34:11:07:d3:fe:c4:7e:59:dc:fb:a9:43:74:0e:0a:
         86:ad:e5:32:e0:53:4e:8d:9e:6a:ac:7a:4f:88:64:2c:ec:cc:
         2d:ce:cc:e3:dc:de:ff:9c:a6:02:6b:2a:69:c2:43:0f:0d:10:
         ac:90:b6:8c:7b:dc:83:ab:5d:f0:22:f4:78:c8:3c:ae:02:4a:
         9b:29:17:18:46:85:4d:3d:04:93:3e:89:9a:4e:b9:b0:97:52:
         43:33:42:74:3c:93:04:ee:08:03:90:bc:1b:8b:52:f9:ed:bd:
         75:1f:b5:c8:9d:b2:c3:dd:b3:9c:06:cb:8f:79:89:ff:b9:76:
         a7:6c:48:59:14:38:bb:e6:b1:2b:84:58:68:94:69:e8:51:c7:
         6d:86:2d:10:32:89:ef:b2:1c:1a:5f:da:46:37:99:bb:80:3e:
         b7:90:06:06:2d:07:9d:b9:a0:55:e3:e5:cb:d1:e3:92:d6:35:
         ec:fa:dc:e6:89:a6:33:1d:27:1f:dc:07:d8:03:bc:82:8c:8c:
         a4:8d:42:db:f0:30:38:1b:42:3e:c9:2c:99:99:c7:41:23:d2:
         18:2c:a3:8d:3e:0d:c5:bc:8a:96:38:63:03:a7:52:b1:78:19:
         97:3b:7b:ff
-----BEGIN CERTIFICATE-----
MIIGOjCCBSKgAwIBAgISAZh5IbYGU/yZCrFTbiWtOaK6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmVlYjg3OTA4NWM5NDE5NDI5N2RkOWU0Y2QyNDljZDI1
MTY1MTUwHhcNMjUwODA1MDcyODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2I5N2Y2ZTczMTZlMzIzM2ZmZTQ3ZjVlODQyOTAzYjM0MjBhZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3481R5WvU7YIxVISBGa7VcMkR8vu
RhLmqzBWhaNI1B9qWgZ2Y0Iv1GnbZLQfb17nezXgf7ql2nPPB7PPxMAPAIvpTdUF
m+JiBLAN8gw2EhPUnchs9FdpeV3NKhb6eTso9CF9WSFPMAED37hZ+1HlcwJa0ID7
QJNmxIp+fqYctiKn1P5r8x1T56jCxpq7BuE+Io3Hm1UBzDcWfWR6rBwXVrAMah7E
KeZjNWm3WPFjt13xlldDl6ka9g8wElJl+DMiYr+vAoQrXgvQZmR6D/kLLJp+hf/O
vvlWXfGaRrvoPj4+Hg68fzPAbm9cc0vPPknjZShtbJahNyRZaEzG28yPxwIDAQAB
o4IDRjCCA0IwHQYDVR0OBBYEFLO5f25zFuMjP/5H9ehCkDs0IK8MMB8GA1UdIwQY
MBaAFPYu64eQhclBlCl92eTNJJzSUWUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzIt
NWZiZjlhMjliNmUxLzEvczdsX2JuTVc0eU1fX2tmMTZFS1FPelFncnd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzItNWZiZjlhMjliNmUx
LzEvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBWgYIKwYBBQUHAQcBAf8EggFJMIIBRTCCARYEAgABMIIB
DgMEAgI4YAMEBAUtYAMEAgW1MAMEAgX84AMEBSV4oAMEAyXdwAMEAi0JPAMEAi1T
aAMEAi1aBAMEAi2BtAMEAi2E9AMEAi2IHAMEAi2OsAMEAi2dsAMEBS4m4AMEAi7o
+AMEAlEQEAMEAlXRMAMEAlXrQAMEBlk6AAMEAluEkAMEAlvMLAMEAlw8JAMEAl2x
QAMEAphZaAMEArkQPAMEArmi+AMEArmjdAMEArmqcAMEArm3nAMEArnCjAMEArnP
aAMEArnkiAMEArnpaAMEArnzCAMEArn0wAMEBbxEIAMEAsCRLAMEAsEeeAMEAsEf
GAMEAsINUAMEAsI3DAMEAsI7zAMEAsOAZAMEAtVtoDApBAIAAjAjAwUBKgNAADAQ
AwUGKgpMwAMHACoKTMABAAMIACoKTMAgAEAwDQYJKoZIhvcNAQELBQADggEBAER+
c5l8IDlZPlyGYOp4/1nsbK849DQRB9P+xH5Z3PupQ3QOCoat5TLgU06Nnmqsek+I
ZCzszC3OzOPc3v+cpgJrKmnCQw8NEKyQtox73IOrXfAi9HjIPK4CSpspFxhGhU09
BJM+iZpOubCXUkMzQnQ8kwTuCAOQvBuLUvntvXUftcidssPds5wGy495if+5dqds
SFkUOLvmsSuEWGiUaehRx22GLRAyie+yHBpf2kY3mbuAPreQBgYtB525oFXj5cvR
45LWNez63OaJpjMdJx/cB9gDvIKMjKSNQtvwMDgbQj7JLJmZx0Ej0hgso40+DcW8
ipY4YwOnUrF4GZc7e/8=
-----END CERTIFICATE-----
Generated at Sat Aug 9 22:37:03 2025 by rpki-client