Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/j9WZYSGRdVfvzLNu1mDZtYatwaY.roa
File:                     j9WZYSGRdVfvzLNu1mDZtYatwaY.roa (raw, json)
Hash identifier:          nUy51L/tmtGCGiZiltuVFci4bpVMC+ZdBO8uYz2YP0g=
Subject key identifier:   8F:D5:99:61:21:91:75:57:EF:CC:B3:6E:D6:60:D9:B5:86:AD:C1:A6
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       01986142904210E77E54EF68C96361FF43AA
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/j9WZYSGRdVfvzLNu1mDZtYatwaY.roa
Signing time:             Thu 31 Jul 2025 16:13:28 +0000
ROA not before:           Thu 31 Jul 2025 16:13:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208905
IP address blocks:        80.91.84.0/23 maxlen: 24
                          81.2.144.0/22 maxlen: 24
                          81.2.188.0/23 maxlen: 24
                          213.146.169.0/24 maxlen: 24
                          213.146.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:61:42:90:42:10:e7:7e:54:ef:68:c9:63:61:ff:43:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Jul 31 16:13:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fd5996121917557efccb36ed660d9b586adc1a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:50:4b:0c:de:66:f3:78:ae:71:36:ac:fb:41:
                    6d:dd:d5:b5:9e:f8:07:f3:61:4b:84:4c:8d:a4:d9:
                    e9:47:87:6b:bf:74:e8:64:7e:b7:c8:02:65:10:93:
                    17:bd:96:cd:97:e8:cc:76:15:9e:ef:43:ad:ec:91:
                    5c:a1:1c:e0:cb:80:55:2a:e6:69:47:ac:c5:3a:fd:
                    cd:c2:9c:52:9c:0a:4c:45:39:6a:05:95:d3:f4:07:
                    ef:1d:a3:e7:79:1b:03:5f:2e:3f:0f:25:0d:b9:21:
                    de:62:6c:40:de:1b:49:89:3e:37:9f:b3:ea:28:dc:
                    77:30:4c:11:8e:76:38:c3:37:de:fa:7a:91:31:3d:
                    be:36:58:c6:91:a5:02:17:b0:b1:46:16:b9:25:6e:
                    7b:dd:ed:6a:ca:ba:cf:d3:c0:e1:e2:0a:58:80:14:
                    ba:62:6d:00:d1:cd:0e:29:ad:6b:20:90:be:58:ff:
                    28:70:8f:a6:51:20:22:81:0f:66:16:7b:92:06:93:
                    01:84:37:07:4e:f4:7e:06:57:67:43:e1:12:af:51:
                    dc:e1:e9:29:1a:8e:51:8a:56:5e:6b:2a:00:76:fc:
                    f9:62:91:59:7e:f5:f4:36:c2:77:e3:d8:61:8c:c7:
                    1e:9c:0a:1d:19:61:98:e6:67:72:2b:07:81:27:aa:
                    11:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D5:99:61:21:91:75:57:EF:CC:B3:6E:D6:60:D9:B5:86:AD:C1:A6
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/j9WZYSGRdVfvzLNu1mDZtYatwaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.84.0/23
                  81.2.144.0/22
                  81.2.188.0/23
                  213.146.169.0-213.146.170.255

    Signature Algorithm: sha256WithRSAEncryption
         34:59:b8:0b:6b:0d:d6:b2:cb:49:7c:82:15:bb:c1:5a:61:e4:
         f7:3f:6c:8d:13:69:d1:76:54:8a:08:fc:4a:60:f9:0b:db:c8:
         27:5d:61:8c:0d:8d:b8:21:84:f9:68:22:a3:35:d6:29:34:c9:
         68:a2:b4:f4:08:49:a5:a9:be:21:56:70:ae:e0:6e:a1:1e:78:
         a2:4e:df:4c:ea:01:95:50:61:05:5d:e5:15:0b:16:36:1c:eb:
         a1:6c:6d:92:11:63:6e:89:3e:b2:b0:3d:6e:7d:c4:52:e7:ae:
         1b:0a:9c:b8:3d:f1:99:0d:4b:2d:58:7f:a0:01:df:c4:93:46:
         e0:ee:e5:cb:d4:99:a2:c9:c4:1c:86:b7:30:0a:29:ff:e6:aa:
         93:98:2d:b1:24:1d:5d:92:41:2e:10:62:31:11:c9:d2:b8:34:
         4e:b3:4e:2a:5b:67:6f:83:43:ee:90:71:fa:1c:7d:8f:22:89:
         52:27:01:15:ac:34:16:46:00:2f:58:24:1e:17:39:4d:57:b3:
         bd:27:52:57:8c:f8:b0:d4:8b:d7:3d:ab:fb:cb:10:a8:bc:29:
         12:8b:a0:79:11:4d:3d:d0:73:d5:72:64:ec:44:ac:7b:cd:61:
         65:bb:b2:72:0b:b8:98:63:fd:98:fc:ff:00:17:0a:04:af:98:
         1c:e3:bc:94
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZhhQpBCEOd+VO9oyWNh/0OqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjUwNzMxMTYxMzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQ1OTk2MTIxOTE3NTU3ZWZjY2IzNmVkNjYwZDliNTg2YWRjMWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFBLDN5m83iucTas+0Ft3dW1nvgH
82FLhEyNpNnpR4drv3ToZH63yAJlEJMXvZbNl+jMdhWe70Ot7JFcoRzgy4BVKuZp
R6zFOv3NwpxSnApMRTlqBZXT9AfvHaPneRsDXy4/DyUNuSHeYmxA3htJiT43n7Pq
KNx3MEwRjnY4wzfe+nqRMT2+NljGkaUCF7CxRha5JW573e1qyrrP08Dh4gpYgBS6
Ym0A0c0OKa1rIJC+WP8ocI+mUSAigQ9mFnuSBpMBhDcHTvR+BldnQ+ESr1Hc4ekp
Go5RilZeayoAdvz5YpFZfvX0NsJ349hhjMcenAodGWGY5mdyKweBJ6oRdQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFI/VmWEhkXVX78yzbtZg2bWGrcGmMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvajlXWllTR1JkVmZ2ekxOdTFtRFp0WWF0d2FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQBUFtUAwQC
UQKQAwQBUQK8MAwDBADVkqkDBADVkqowDQYJKoZIhvcNAQELBQADggEBADRZuAtr
Ddayy0l8ghW7wVph5Pc/bI0TadF2VIoI/Epg+QvbyCddYYwNjbghhPloIqM11ik0
yWiitPQISaWpviFWcK7gbqEeeKJO30zqAZVQYQVd5RULFjYc66FsbZIRY26JPrKw
PW59xFLnrhsKnLg98ZkNSy1Yf6AB38STRuDu5cvUmaLJxByGtzAKKf/mqpOYLbEk
HV2SQS4QYjERydK4NE6zTipbZ2+DQ+6QcfocfY8iiVInARWsNBZGAC9YJB4XOU1X
s70nUleM+LDUi9c9q/vLEKi8KRKLoHkRTT3Qc9VyZOxErHvNYWW7snILuJhj/Zj8
/wAXCgSvmBzjvJQ=
-----END CERTIFICATE-----
Generated at Wed Aug 6 10:12:33 2025 by rpki-client