Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8bf7ea-883a-4c43-946c-82dafe104bc5/1/2v75CPULcI9CQTgUgKA7wOOjUHs.roa
File:                     2v75CPULcI9CQTgUgKA7wOOjUHs.roa (raw, json)
Hash identifier:          4skO2m890CCoH5bzrMskMd9FJwnSr2evwgk4W1zKGP4=
Subject key identifier:   DA:FE:F9:08:F5:0B:70:8F:42:41:38:14:80:A0:3B:C0:E3:A3:50:7B
Certificate issuer:       /CN=03f3fe6075082be8e588329b43d761bf6e7b01d0
Certificate serial:       01987649DDBF21662D4755E448EC706C24EE
Authority key identifier: 03:F3:FE:60:75:08:2B:E8:E5:88:32:9B:43:D7:61:BF:6E:7B:01:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A_P-YHUIK-jliDKbQ9dhv257AdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/8bf7ea-883a-4c43-946c-82dafe104bc5/1/2v75CPULcI9CQTgUgKA7wOOjUHs.roa
Signing time:             Mon 04 Aug 2025 18:13:28 +0000
ROA not before:           Mon 04 Aug 2025 18:13:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209823
IP address blocks:        195.24.245.0/24 maxlen: 24
                          2a12:5541:1::/48 maxlen: 48
                          2a12:5541:2::/48 maxlen: 48
                          2a12:5541:a::/48 maxlen: 48
                          2a12:5541:200::/48 maxlen: 48
                          2a12:5541:331::/48 maxlen: 48
                          2a12:5542::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/8bf7ea-883a-4c43-946c-82dafe104bc5/1/A_P-YHUIK-jliDKbQ9dhv257AdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/8bf7ea-883a-4c43-946c-82dafe104bc5/1/A_P-YHUIK-jliDKbQ9dhv257AdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A_P-YHUIK-jliDKbQ9dhv257AdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:76:49:dd:bf:21:66:2d:47:55:e4:48:ec:70:6c:24:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03f3fe6075082be8e588329b43d761bf6e7b01d0
        Validity
            Not Before: Aug  4 18:13:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dafef908f50b708f4241381480a03bc0e3a3507b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:7f:27:2c:c5:24:21:10:0d:2c:a0:73:8c:e4:
                    50:5d:7d:3f:6e:44:c9:ce:4b:4f:7a:6a:48:2f:58:
                    b2:a4:75:6b:cb:76:dc:91:b4:09:a3:8a:f9:2b:46:
                    6a:12:68:bb:d7:43:8f:ae:d0:b0:4d:8d:80:54:62:
                    3e:74:70:8a:2c:d2:70:11:32:40:e0:a8:e5:a3:e3:
                    d0:69:7f:3c:e9:b7:1a:9d:14:32:f2:1c:d7:5a:60:
                    1c:b7:40:78:2d:ea:81:59:d0:97:d9:29:db:96:04:
                    d2:a7:72:28:41:7d:31:3f:4a:de:dc:65:d8:fa:e0:
                    8f:de:81:86:a7:99:e3:87:a2:b4:fa:97:6d:e9:8c:
                    d0:11:57:66:04:9d:28:68:1e:0f:8a:df:ce:a3:13:
                    bd:ef:93:46:3c:45:1b:5b:18:e3:28:7c:8d:7c:65:
                    86:af:15:8d:d3:e6:3f:18:8a:e3:d2:3c:d3:da:c7:
                    21:fe:48:f2:39:40:0e:f8:2a:5f:19:5f:b9:3c:c7:
                    e7:e7:eb:94:3b:40:dc:4e:7d:73:7a:b2:91:5b:48:
                    ba:b7:02:63:83:cb:d9:f8:e8:cc:ef:ca:8f:3b:fd:
                    3e:d6:96:d1:68:05:35:ed:27:28:4b:c3:2c:7f:e8:
                    08:04:3b:b2:65:b4:45:d2:d4:f3:53:6d:d9:32:bc:
                    36:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:FE:F9:08:F5:0B:70:8F:42:41:38:14:80:A0:3B:C0:E3:A3:50:7B
            X509v3 Authority Key Identifier:
                keyid:03:F3:FE:60:75:08:2B:E8:E5:88:32:9B:43:D7:61:BF:6E:7B:01:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A_P-YHUIK-jliDKbQ9dhv257AdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8bf7ea-883a-4c43-946c-82dafe104bc5/1/2v75CPULcI9CQTgUgKA7wOOjUHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8bf7ea-883a-4c43-946c-82dafe104bc5/1/A_P-YHUIK-jliDKbQ9dhv257AdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.245.0/24
                IPv6:
                  2a12:5541:1::-2a12:5541:2:ffff:ffff:ffff:ffff:ffff
                  2a12:5541:a::/48
                  2a12:5541:200::/48
                  2a12:5541:331::/48
                  2a12:5542::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:72:4b:c4:e1:c0:65:c9:52:e6:86:bf:b0:38:6d:10:c3:c8:
         47:cc:10:ef:c8:92:29:95:c1:88:90:31:69:9c:f2:39:bc:ee:
         86:c2:a2:fc:f2:e3:90:09:7a:ca:5b:44:c9:47:1a:e1:68:1d:
         11:1b:9f:a8:35:7c:90:11:f3:75:5e:cb:32:36:27:03:77:67:
         5e:4f:c2:bc:04:60:f4:89:5b:fd:57:9d:61:75:96:b2:e2:78:
         68:61:3b:df:a7:25:ef:9a:f2:42:13:ea:e4:ae:0a:ab:7f:5f:
         02:e8:8f:8e:e8:2f:48:85:62:ee:00:d9:5d:d7:4c:87:59:7d:
         a1:93:46:f9:29:47:33:68:ee:64:67:cf:d8:6f:86:7d:22:b8:
         37:a9:46:e5:d5:5c:00:d4:b3:70:c3:48:8e:6b:88:17:78:cc:
         6a:66:af:6e:bf:d8:0b:0d:32:08:8d:1c:ef:e8:b6:e7:4c:fe:
         5d:70:4d:58:b8:cc:31:2e:c0:91:bb:6b:6d:ba:f4:38:1b:94:
         f7:0e:9b:ab:f4:df:8a:f6:a8:4b:e0:71:bc:91:8b:a9:ca:ee:
         5e:54:b1:76:1a:bb:ba:4c:1d:26:66:8a:92:5e:6b:f9:53:a2:
         65:c6:2a:36:47:48:bc:a9:c7:6c:c6:30:8b:3a:42:b3:19:ad:
         7e:31:a5:32
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZh2Sd2/IWYtR1XkSOxwbCTuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZjNmZTYwNzUwODJiZThlNTg4MzI5YjQzZDc2MWJmNmU3
YjAxZDAwHhcNMjUwODA0MTgxMzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWZlZjkwOGY1MGI3MDhmNDI0MTM4MTQ4MGEwM2JjMGUzYTM1MDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3H8nLMUkIRANLKBzjORQXX0/bkTJ
zktPempIL1iypHVry3bckbQJo4r5K0ZqEmi710OPrtCwTY2AVGI+dHCKLNJwETJA
4Kjlo+PQaX886bcanRQy8hzXWmAct0B4LeqBWdCX2SnblgTSp3IoQX0xP0re3GXY
+uCP3oGGp5njh6K0+pdt6YzQEVdmBJ0oaB4Pit/OoxO975NGPEUbWxjjKHyNfGWG
rxWN0+Y/GIrj0jzT2sch/kjyOUAO+CpfGV+5PMfn5+uUO0DcTn1zerKRW0i6twJj
g8vZ+OjM78qPO/0+1pbRaAU17ScoS8Msf+gIBDuyZbRF0tTzU23ZMrw2pQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFNr++Qj1C3CPQkE4FICgO8Djo1B7MB8GA1UdIwQY
MBaAFAPz/mB1CCvo5Ygym0PXYb9uewHQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQV9QLVlIVUlLLWpsaURLYlE5ZGh2MjU3QWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84YmY3ZWEtODgzYS00YzQzLTk0NmMt
ODJkYWZlMTA0YmM1LzEvMnY3NUNQVUxjSTlDUVRnVWdLQTd3T09qVUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84YmY3ZWEtODgzYS00YzQzLTk0NmMtODJkYWZlMTA0YmM1
LzEvQV9QLVlIVUlLLWpsaURLYlE5ZGh2MjU3QWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAMBAIAATAGAwQAwxj1MDwE
AgACMDYwEgMHACoSVUEAAQMHACoSVUEAAgMHACoSVUEACgMHACoSVUECAAMHACoS
VUEDMQMFACoSVUIwDQYJKoZIhvcNAQELBQADggEBAJlyS8ThwGXJUuaGv7A4bRDD
yEfMEO/IkimVwYiQMWmc8jm87obCovzy45AJespbRMlHGuFoHREbn6g1fJAR83Ve
yzI2JwN3Z15PwrwEYPSJW/1XnWF1lrLieGhhO9+nJe+a8kIT6uSuCqt/XwLoj47o
L0iFYu4A2V3XTIdZfaGTRvkpRzNo7mRnz9hvhn0iuDepRuXVXADUs3DDSI5riBd4
zGpmr26/2AsNMgiNHO/otudM/l1wTVi4zDEuwJG7a2269DgblPcOm6v034r2qEvg
cbyRi6nK7l5UsXYau7pMHSZmipJea/lTomXGKjZHSLypx2zGMIs6QrMZrX4xpTI=
-----END CERTIFICATE-----
Generated at Sat Aug 9 22:37:32 2025 by rpki-client