Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/OMQe6XLaDFvX4eUUy9jzs5IyrGw.roa
File:                     OMQe6XLaDFvX4eUUy9jzs5IyrGw.roa (raw, json)
Hash identifier:          PwDGGWv3z2Za9iovBKnVfhH+AiZJH0ZVQmprQh8N6Ng=
Subject key identifier:   38:C4:1E:E9:72:DA:0C:5B:D7:E1:E5:14:CB:D8:F3:B3:92:32:AC:6C
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01976A0C91714235C23B6B3E3531A1A9B1CF
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/OMQe6XLaDFvX4eUUy9jzs5IyrGw.roa
Signing time:             Fri 13 Jun 2025 16:08:17 +0000
ROA not before:           Fri 13 Jun 2025 16:08:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        45.86.244.0/24 maxlen: 24
                          45.94.47.0/24 maxlen: 24
                          45.95.97.0/24 maxlen: 24
                          45.130.128.0/24 maxlen: 24
                          45.134.184.0/24 maxlen: 24
                          45.151.104.0/24 maxlen: 24
                          45.154.58.0/24 maxlen: 24
                          45.154.228.0/24 maxlen: 24
                          85.209.130.0/24 maxlen: 24
                          185.164.59.0/24 maxlen: 24
                          192.156.217.0/24 maxlen: 24
                          193.8.1.0/24 maxlen: 24
                          193.39.245.0/24 maxlen: 24
                          193.254.234.0/24 maxlen: 24
                          194.62.30.0/24 maxlen: 24
                          194.62.66.0/24 maxlen: 24
                          195.66.26.0/24 maxlen: 24
                          2a0f:e7c4:10::/48 maxlen: 48
                          2a11:3500::/29 maxlen: 29
                          2a13:8c86:120::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 14:25:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:6a:0c:91:71:42:35:c2:3b:6b:3e:35:31:a1:a9:b1:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 13 16:08:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38c41ee972da0c5bd7e1e514cbd8f3b39232ac6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6d:e0:20:e1:0a:c9:49:32:91:5f:41:49:05:
                    73:9d:65:37:fe:be:14:bb:c8:fb:b8:9e:c8:4f:c5:
                    56:c0:e1:61:ff:e2:c4:9c:c0:fc:02:5f:fb:c7:94:
                    46:03:2a:03:d3:93:cc:95:2e:60:de:10:2b:59:1b:
                    a4:fe:50:f1:e7:0a:c4:ea:02:78:bd:b2:f4:11:10:
                    17:e9:a2:66:bd:b2:a1:8a:f5:f3:6b:ab:53:65:7e:
                    68:72:d3:2d:a1:aa:08:0b:e2:99:f4:e2:b6:82:57:
                    f7:ea:9d:d1:b2:26:93:3e:8a:9f:21:00:80:e3:bb:
                    16:6a:74:73:a3:c3:cc:8c:7f:94:02:01:f2:a7:ef:
                    5b:68:f1:9c:95:25:a2:99:8a:7b:57:1f:86:42:a2:
                    fb:d6:b0:27:e7:63:f2:0f:14:8a:72:c5:c4:61:51:
                    46:39:30:e3:d4:49:2a:1b:46:3e:61:f6:f2:a8:3d:
                    0c:14:80:f9:37:06:b9:9e:bb:0c:e3:d1:39:dc:7a:
                    0d:79:d1:4d:f0:fc:bd:38:1d:e8:f0:ec:8a:17:07:
                    4b:75:88:ab:16:fe:2f:39:b3:76:bd:3b:b3:96:2b:
                    90:2a:db:eb:ef:a5:82:72:49:2c:94:0d:8a:b9:13:
                    4e:37:21:3c:73:d0:5c:f1:50:8c:5f:06:18:9a:5c:
                    e0:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:C4:1E:E9:72:DA:0C:5B:D7:E1:E5:14:CB:D8:F3:B3:92:32:AC:6C
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/OMQe6XLaDFvX4eUUy9jzs5IyrGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.244.0/24
                  45.94.47.0/24
                  45.95.97.0/24
                  45.130.128.0/24
                  45.134.184.0/24
                  45.151.104.0/24
                  45.154.58.0/24
                  45.154.228.0/24
                  85.209.130.0/24
                  185.164.59.0/24
                  192.156.217.0/24
                  193.8.1.0/24
                  193.39.245.0/24
                  193.254.234.0/24
                  194.62.30.0/24
                  194.62.66.0/24
                  195.66.26.0/24
                IPv6:
                  2a0f:e7c4:10::/48
                  2a11:3500::/29
                  2a13:8c86:120::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:e4:21:a3:79:0a:f5:aa:91:2e:da:1a:98:d2:80:a3:f4:0e:
         21:f3:35:22:7e:cd:1e:6e:34:f1:cc:15:e5:b6:06:76:0f:c0:
         07:74:6c:4c:80:5e:2a:61:df:95:12:34:1c:e6:7c:33:b4:49:
         d7:da:22:51:89:14:53:e7:a9:f1:8f:dd:61:1b:e9:dd:67:46:
         94:b5:de:fd:9a:bd:26:c2:60:99:f8:ad:3e:11:27:ed:50:03:
         cb:6f:81:33:d5:cc:20:62:39:fd:20:a4:0e:62:7f:1f:67:ae:
         64:c8:46:59:09:62:dd:fc:b6:d2:fb:49:ce:56:cb:e0:70:19:
         ef:1d:85:37:62:b0:ea:a2:5b:67:23:c4:1b:c8:60:92:cf:b1:
         c6:9e:0a:e7:eb:44:ec:cb:64:41:0c:f1:51:9d:3c:6c:95:9b:
         95:3c:74:93:0e:20:5c:e4:40:dd:aa:90:cc:9e:7d:2b:ac:ad:
         4b:1b:ec:25:45:15:af:35:87:ab:6f:77:fc:4e:18:d0:bc:ba:
         1a:11:d2:20:04:09:ee:67:b3:e8:ef:c9:70:96:e2:7a:3b:04:
         e0:c9:13:71:e0:98:e2:fe:ca:cb:16:e0:4e:ca:39:fe:cb:6f:
         5d:09:09:9b:e6:a6:f7:d2:13:58:50:b1:dd:39:60:4a:99:54:
         67:66:ad:38
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgISAZdqDJFxQjXCO2s+NTGhqbHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjEzMTYwODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGM0MWVlOTcyZGEwYzViZDdlMWU1MTRjYmQ4ZjNiMzkyMzJhYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvW3gIOEKyUkykV9BSQVznWU3/r4U
u8j7uJ7IT8VWwOFh/+LEnMD8Al/7x5RGAyoD05PMlS5g3hArWRuk/lDx5wrE6gJ4
vbL0ERAX6aJmvbKhivXza6tTZX5octMtoaoIC+KZ9OK2glf36p3RsiaTPoqfIQCA
47sWanRzo8PMjH+UAgHyp+9baPGclSWimYp7Vx+GQqL71rAn52PyDxSKcsXEYVFG
OTDj1EkqG0Y+YfbyqD0MFID5Nwa5nrsM49E53HoNedFN8Py9OB3o8OyKFwdLdYir
Fv4vObN2vTuzliuQKtvr76WCckkslA2KuRNONyE8c9Bc8VCMXwYYmlzgfwIDAQAB
o4ICjTCCAokwHQYDVR0OBBYEFDjEHuly2gxb1+HlFMvY87OSMqxsMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvT01RZTZYTGFERnZYNGVVVXk5anpzNUl5ckd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGiBggrBgEFBQcBBwEB/wSBkjCBjzBsBAIAATBmAwQALVb0
AwQALV4vAwQALV9hAwQALYKAAwQALYa4AwQALZdoAwQALZo6AwQALZrkAwQAVdGC
AwQAuaQ7AwQAwJzZAwQAwQgBAwQAwSf1AwQAwf7qAwQAwj4eAwQAwj5CAwQAw0Ia
MB8EAgACMBkDBwAqD+fEABADBQMqETUAAwcAKhOMhgEgMA0GCSqGSIb3DQEBCwUA
A4IBAQBb5CGjeQr1qpEu2hqY0oCj9A4h8zUifs0ebjTxzBXltgZ2D8AHdGxMgF4q
Yd+VEjQc5nwztEnX2iJRiRRT56nxj91hG+ndZ0aUtd79mr0mwmCZ+K0+ESftUAPL
b4Ez1cwgYjn9IKQOYn8fZ65kyEZZCWLd/LbS+0nOVsvgcBnvHYU3YrDqoltnI8Qb
yGCSz7HGngrn60Tsy2RBDPFRnTxslZuVPHSTDiBc5EDdqpDMnn0rrK1LG+wlRRWv
NYerb3f8ThjQvLoaEdIgBAnuZ7Po78lwluJ6OwTgyRNx4Jji/srLFuBOyjn+y29d
CQmb5qb30hNYULHdOWBKmVRnZq04
-----END CERTIFICATE-----
Generated at Mon Jun 16 17:03:48 2025 by rpki-client