Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/0t-N62F11L22RXi8LFNfQS2TvDQ.roa
File:                     0t-N62F11L22RXi8LFNfQS2TvDQ.roa (raw, json)
Hash identifier:          fZ442BH/ml9qRqaBuzjKJulrHPDUDH1jI4JlwuQOcx8=
Subject key identifier:   D2:DF:8D:EB:61:75:D4:BD:B6:45:78:BC:2C:53:5F:41:2D:93:BC:34
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       01985FAA3D0A7FF237A6B85609E713A2AE8D
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/0t-N62F11L22RXi8LFNfQS2TvDQ.roa
Signing time:             Thu 31 Jul 2025 08:47:28 +0000
ROA not before:           Thu 31 Jul 2025 08:47:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        37.220.80.0/24 maxlen: 24
                          37.220.87.0/24 maxlen: 24
                          45.8.96.0/24 maxlen: 24
                          45.8.97.0/24 maxlen: 24
                          45.8.98.0/24 maxlen: 24
                          45.8.99.0/24 maxlen: 24
                          45.89.190.0/24 maxlen: 24
                          45.95.234.0/24 maxlen: 24
                          46.19.64.0/24 maxlen: 24
                          46.19.65.0/24 maxlen: 24
                          46.19.66.0/24 maxlen: 24
                          46.19.67.0/24 maxlen: 24
                          81.200.144.0/24 maxlen: 24
                          81.200.145.0/24 maxlen: 24
                          81.200.146.0/24 maxlen: 24
                          81.200.147.0/24 maxlen: 24
                          81.200.148.0/24 maxlen: 24
                          81.200.149.0/24 maxlen: 24
                          81.200.150.0/24 maxlen: 24
                          81.200.151.0/24 maxlen: 24
                          81.200.152.0/24 maxlen: 24
                          81.200.153.0/24 maxlen: 24
                          81.200.158.0/24 maxlen: 24
                          85.92.110.0/24 maxlen: 24
                          85.92.111.0/24 maxlen: 24
                          92.118.113.0/24 maxlen: 24
                          92.118.114.0/24 maxlen: 24
                          92.118.115.0/24 maxlen: 24
                          94.198.216.0/24 maxlen: 24
                          94.198.217.0/24 maxlen: 24
                          94.198.218.0/24 maxlen: 24
                          94.198.219.0/24 maxlen: 24
                          94.198.220.0/24 maxlen: 24
                          94.198.221.0/24 maxlen: 24
                          94.198.223.0/24 maxlen: 24
                          185.247.185.0/24 maxlen: 24
                          195.80.50.0/24 maxlen: 24
                          195.80.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5f:aa:3d:0a:7f:f2:37:a6:b8:56:09:e7:13:a2:ae:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jul 31 08:47:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2df8deb6175d4bdb64578bc2c535f412d93bc34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:3c:74:fc:bc:4e:68:6b:8d:9a:51:c0:ad:1c:
                    97:63:06:d0:35:17:49:b2:e2:d6:7a:37:64:78:bb:
                    0b:20:92:89:2c:2b:8e:ba:04:cf:bd:35:29:b9:aa:
                    46:74:3e:71:8c:7d:5d:f4:68:89:8f:36:8f:43:c3:
                    ea:c3:40:10:77:bf:45:a5:01:9f:d7:91:5d:4e:2d:
                    65:a3:48:31:a7:71:4d:ec:3f:23:f1:6d:e1:9c:1c:
                    7f:d5:3c:3b:2a:d4:8d:96:9a:0b:c5:4e:2c:b7:e0:
                    dd:51:a3:74:56:95:6c:7f:1e:da:dd:d1:64:ba:93:
                    db:2c:e8:df:c1:c1:c0:6d:8e:6b:c8:01:66:5d:eb:
                    79:77:b1:15:cb:cb:65:bf:0b:74:84:ae:e6:66:47:
                    66:38:a5:b7:b7:79:bd:ee:3e:df:20:f8:8e:77:8e:
                    7e:eb:2a:08:7e:54:a2:b3:2a:26:ee:4c:6b:fb:d4:
                    51:f8:28:97:1f:7e:4e:c8:4b:98:33:83:c1:ea:77:
                    bf:21:e5:68:ee:39:ab:99:36:32:1e:ec:78:0a:c5:
                    be:49:02:68:af:93:75:c7:2b:18:7d:9f:e6:cf:d6:
                    fa:71:1a:ec:79:a7:ce:54:89:0b:34:24:86:e3:28:
                    e7:6f:78:98:18:20:ab:30:c3:6f:b1:da:a0:d2:7a:
                    26:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:DF:8D:EB:61:75:D4:BD:B6:45:78:BC:2C:53:5F:41:2D:93:BC:34
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/0t-N62F11L22RXi8LFNfQS2TvDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.220.80.0/24
                  37.220.87.0/24
                  45.8.96.0/22
                  45.89.190.0/24
                  45.95.234.0/24
                  46.19.64.0/22
                  81.200.144.0-81.200.153.255
                  81.200.158.0/24
                  85.92.110.0/23
                  92.118.113.0-92.118.115.255
                  94.198.216.0-94.198.221.255
                  94.198.223.0/24
                  185.247.185.0/24
                  195.80.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:db:43:72:7d:fb:8e:21:a8:53:05:37:6f:12:74:56:f9:01:
         29:97:f7:3c:64:ed:6d:f6:56:0f:83:10:e1:b6:84:b5:09:de:
         d4:55:33:20:c2:3e:4f:26:9c:d2:c4:db:1d:2d:f9:c0:9f:60:
         fd:bd:e1:2e:46:02:42:9b:a7:47:cb:f8:60:2a:31:6f:41:ae:
         c6:f2:c8:97:d3:d6:ee:e5:9b:0c:1d:8a:f5:ba:ba:aa:e6:8f:
         af:c3:b3:93:b8:f4:f8:58:11:35:19:5d:49:8b:fb:9e:e0:48:
         fd:8d:ba:81:d3:be:05:7e:3d:f8:6b:97:c1:c5:53:9c:4c:86:
         24:12:f6:47:bc:65:ba:b6:c6:82:46:93:aa:25:7d:76:c4:58:
         b9:a6:2f:01:89:52:3e:2e:7b:49:e7:6b:76:8c:2f:96:b6:1e:
         c9:40:b8:1f:f9:2a:47:e6:d5:b9:af:f6:1d:bc:81:9e:1e:ae:
         62:2c:e4:f5:34:49:81:6e:10:a5:d9:43:33:56:d4:53:bb:1d:
         d3:55:de:6c:66:e1:9b:fb:1b:7f:3a:38:51:18:5a:ad:60:1e:
         3d:b7:a0:4b:9c:25:35:80:8c:ba:ea:1b:d4:16:10:12:e0:b5:
         80:50:03:1a:bf:8b:5e:71:17:3f:69:48:92:d4:f7:17:d3:62:
         ec:1f:4e:74
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAZhfqj0Kf/I3prhWCecToq6NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjUwNzMxMDg0NzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmRmOGRlYjYxNzVkNGJkYjY0NTc4YmMyYzUzNWY0MTJkOTNiYzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zx0/LxOaGuNmlHArRyXYwbQNRdJ
suLWejdkeLsLIJKJLCuOugTPvTUpuapGdD5xjH1d9GiJjzaPQ8Pqw0AQd79FpQGf
15FdTi1lo0gxp3FN7D8j8W3hnBx/1Tw7KtSNlpoLxU4st+DdUaN0VpVsfx7a3dFk
upPbLOjfwcHAbY5ryAFmXet5d7EVy8tlvwt0hK7mZkdmOKW3t3m97j7fIPiOd45+
6yoIflSisyom7kxr+9RR+CiXH35OyEuYM4PB6ne/IeVo7jmrmTYyHux4CsW+SQJo
r5N1xysYfZ/mz9b6cRrseafOVIkLNCSG4yjnb3iYGCCrMMNvsdqg0nomJwIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFNLfjethddS9tkV4vCxTX0Etk7w0MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvMHQtTjYyRjExTDIyUlhpOExGTmZRUzJUdkRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwcgQCAAEwbAMEACXcUAME
ACXcVwMEAi0IYAMEAC1ZvgMEAC1f6gMEAi4TQDAMAwQEUciQAwQBUciYAwQAUcie
AwQBVVxuMAwDBABcdnEDBAJcdnAwDAMEA17G2AMEAV7G3AMEAF7G3wMEALn3uQME
AcNQMjANBgkqhkiG9w0BAQsFAAOCAQEAkdtDcn37jiGoUwU3bxJ0VvkBKZf3PGTt
bfZWD4MQ4baEtQne1FUzIMI+Tyac0sTbHS35wJ9g/b3hLkYCQpunR8v4YCoxb0Gu
xvLIl9PW7uWbDB2K9bq6quaPr8Ozk7j0+FgRNRldSYv7nuBI/Y26gdO+BX49+GuX
wcVTnEyGJBL2R7xlurbGgkaTqiV9dsRYuaYvAYlSPi57SedrdowvlrYeyUC4H/kq
R+bVua/2HbyBnh6uYizk9TRJgW4QpdlDM1bUU7sd01XebGbhm/sbfzo4URharWAe
PbegS5wlNYCMuuob1BYQEuC1gFADGr+LXnEXP2lIktT3F9Ni7B9OdA==
-----END CERTIFICATE-----
Generated at Wed Aug 6 13:05:32 2025 by rpki-client