Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/C4MNgq18cvxf83OQ2a7SHZXs0bk.roa
File:                     C4MNgq18cvxf83OQ2a7SHZXs0bk.roa (raw, json)
Hash identifier:          YBvyTalJF4E6gKuPqpO7kx9msLhgX0QH8eZaRl4nsl0=
Subject key identifier:   0B:83:0D:82:AD:7C:72:FC:5F:F3:73:90:D9:AE:D2:1D:95:EC:D1:B9
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019840C3B83118856DADA1DBBCC4A2AFD788
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/C4MNgq18cvxf83OQ2a7SHZXs0bk.roa
Signing time:             Fri 25 Jul 2025 08:47:05 +0000
ROA not before:           Fri 25 Jul 2025 08:47:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        77.76.4.0/22 maxlen: 22
                          78.128.10.0/23 maxlen: 23
                          78.128.12.0/22 maxlen: 22
                          78.128.16.0/20 maxlen: 20
                          78.128.36.0/22 maxlen: 22
                          78.128.40.0/23 maxlen: 23
                          78.128.52.0/22 maxlen: 22
                          78.128.56.0/22 maxlen: 22
                          78.128.82.0/23 maxlen: 23
                          78.128.84.0/22 maxlen: 22
                          78.128.88.0/22 maxlen: 22
                          78.128.96.0/23 maxlen: 23
                          78.128.100.0/22 maxlen: 22
                          78.128.104.0/22 maxlen: 22
                          78.128.116.0/23 maxlen: 23
                          78.128.120.0/23 maxlen: 23
                          78.128.122.0/24 maxlen: 24
                          78.142.10.0/23 maxlen: 23
                          78.142.12.0/22 maxlen: 22
                          78.142.30.0/23 maxlen: 23
                          84.201.224.0/20 maxlen: 20
                          91.148.162.0/23 maxlen: 23
                          91.148.164.0/23 maxlen: 23
                          91.148.169.0/24 maxlen: 24
                          91.148.170.0/23 maxlen: 23
                          91.148.172.0/22 maxlen: 22
                          91.148.176.0/21 maxlen: 21
                          91.148.186.0/23 maxlen: 23
                          130.185.227.0/24 maxlen: 24
                          193.24.240.0/22 maxlen: 22
                          193.200.14.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 02:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:40:c3:b8:31:18:85:6d:ad:a1:db:bc:c4:a2:af:d7:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jul 25 08:47:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b830d82ad7c72fc5ff37390d9aed21d95ecd1b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e8:b3:f4:d0:66:98:37:a6:58:94:c6:5b:a0:
                    76:56:42:ed:36:7e:4b:41:ae:3b:02:2f:83:be:e6:
                    65:02:ff:25:47:2c:1a:29:c2:04:fe:70:59:cd:d2:
                    44:03:cd:1f:24:1f:39:b3:95:be:97:b3:2b:8a:79:
                    59:9e:ac:6b:6e:69:94:38:5b:e1:4c:6a:2b:af:7f:
                    d4:b8:96:8c:43:56:9e:0b:e7:fc:c5:e2:b2:7c:b6:
                    0d:0d:d7:07:6d:0a:14:7a:ce:8d:eb:f5:00:b1:9a:
                    6c:f5:ee:36:34:fa:30:88:10:82:38:4b:dc:24:eb:
                    df:c6:52:37:17:2f:91:2a:a0:4e:e6:44:d9:79:09:
                    4b:c3:af:b5:1d:35:2f:7d:ac:95:a2:60:8f:f4:05:
                    8b:e3:51:b2:13:4d:6e:88:9a:ad:da:02:2b:e7:0c:
                    9b:da:bc:99:99:9e:3f:98:90:b4:bf:9f:fa:f6:bb:
                    d5:72:f9:bc:dc:fe:e0:cf:55:94:ab:f7:48:0d:4b:
                    59:9b:56:8e:a0:87:af:b9:51:80:43:f9:9b:f0:ad:
                    ba:50:4e:e2:7d:66:79:0f:28:90:6c:64:8d:d4:71:
                    11:27:22:cf:bc:1f:e1:52:1a:81:01:e6:90:b9:71:
                    a3:30:61:a1:af:1a:74:ee:5a:6f:a0:70:a2:8c:10:
                    72:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:83:0D:82:AD:7C:72:FC:5F:F3:73:90:D9:AE:D2:1D:95:EC:D1:B9
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/C4MNgq18cvxf83OQ2a7SHZXs0bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.76.4.0/22
                  78.128.10.0-78.128.31.255
                  78.128.36.0-78.128.41.255
                  78.128.52.0-78.128.59.255
                  78.128.82.0-78.128.91.255
                  78.128.96.0/23
                  78.128.100.0-78.128.107.255
                  78.128.116.0/23
                  78.128.120.0-78.128.122.255
                  78.142.10.0-78.142.15.255
                  78.142.30.0/23
                  84.201.224.0/20
                  91.148.162.0-91.148.165.255
                  91.148.169.0-91.148.183.255
                  91.148.186.0/23
                  130.185.227.0/24
                  193.24.240.0/22
                  193.200.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:38:c9:55:42:ca:3f:03:80:ac:79:cd:e1:c8:9c:f5:1b:4e:
         9b:01:4d:3f:30:bb:a4:19:9e:a5:37:0a:b6:4c:51:b4:13:6c:
         bb:cc:e5:de:86:eb:5e:ab:b2:b0:d1:48:00:e0:3e:83:27:3d:
         1c:06:a5:a9:0d:06:5b:a3:ff:2d:93:19:08:63:df:22:d7:73:
         4f:72:e6:a9:f7:81:e1:e8:1f:4f:74:bf:ac:37:b6:38:15:de:
         d9:1d:76:5e:63:fe:3f:80:a2:b1:fa:8b:41:3f:74:66:29:3d:
         e4:6e:af:2f:04:d5:e7:1e:90:cf:85:3c:d8:d5:84:18:90:5c:
         82:e2:56:b3:c6:f0:f6:50:44:80:66:90:52:1f:2b:48:22:8e:
         c7:7d:0c:b8:ab:de:db:7d:a3:95:9c:9e:f6:fc:35:8d:ea:08:
         2d:1a:a5:44:4f:6e:82:44:ad:4f:d6:f6:f1:c5:b6:df:0d:a9:
         fe:c4:c7:ff:60:ee:a3:c2:4f:16:17:c6:26:bc:77:0d:21:45:
         57:b7:6f:55:77:4d:1d:7d:1a:b8:89:f9:36:a7:94:c9:36:84:
         08:f5:9f:4e:7d:b9:dc:51:0a:4b:1a:d4:f9:46:f1:b9:e1:8e:
         02:b3:de:b0:1d:fe:5f:fb:b6:67:93:7d:be:e4:39:8d:5d:ef:
         21:21:8c:51
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgISAZhAw7gxGIVtraHbvMSir9eIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwNzI1MDg0NzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjgzMGQ4MmFkN2M3MmZjNWZmMzczOTBkOWFlZDIxZDk1ZWNkMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluiz9NBmmDemWJTGW6B2VkLtNn5L
Qa47Ai+DvuZlAv8lRywaKcIE/nBZzdJEA80fJB85s5W+l7MrinlZnqxrbmmUOFvh
TGorr3/UuJaMQ1aeC+f8xeKyfLYNDdcHbQoUes6N6/UAsZps9e42NPowiBCCOEvc
JOvfxlI3Fy+RKqBO5kTZeQlLw6+1HTUvfayVomCP9AWL41GyE01uiJqt2gIr5wyb
2ryZmZ4/mJC0v5/69rvVcvm83P7gz1WUq/dIDUtZm1aOoIevuVGAQ/mb8K26UE7i
fWZ5DyiQbGSN1HERJyLPvB/hUhqBAeaQuXGjMGGhrxp07lpvoHCijBByMwIDAQAB
o4ICvDCCArgwHQYDVR0OBBYEFAuDDYKtfHL8X/NzkNmu0h2V7NG5MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvQzRNTmdxMThjdnhmODNPUTJhN1NIWlhzMGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHRBggrBgEFBQcBBwEB/wSBwTCBvjCBuwQCAAEwgbQDBAJN
TAQwDAMEAU6ACgMEBU6AADAMAwQCToAkAwQBToAoMAwDBAJOgDQDBAJOgDgwDAME
AU6AUgMEAk6AWAMEAU6AYDAMAwQCToBkAwQCToBoAwQBToB0MAwDBANOgHgDBABO
gHowDAMEAU6OCgMEBE6OAAMEAU6OHgMEBFTJ4DAMAwQBW5SiAwQBW5SkMAwDBABb
lKkDBANblLADBAFblLoDBACCueMDBALBGPADBAHByA4wDQYJKoZIhvcNAQELBQAD
ggEBAEg4yVVCyj8DgKx5zeHInPUbTpsBTT8wu6QZnqU3CrZMUbQTbLvM5d6G616r
srDRSADgPoMnPRwGpakNBluj/y2TGQhj3yLXc09y5qn3geHoH090v6w3tjgV3tkd
dl5j/j+AorH6i0E/dGYpPeRury8E1ecekM+FPNjVhBiQXILiVrPG8PZQRIBmkFIf
K0gijsd9DLir3tt9o5Wcnvb8NY3qCC0apURPboJErU/W9vHFtt8Nqf7Ex/9g7qPC
TxYXxia8dw0hRVe3b1V3TR19GriJ+TanlMk2hAj1n059udxRCksa1PlG8bnhjgKz
3rAd/l/7tmeTfb7kOY1d7yEhjFE=
-----END CERTIFICATE-----
Generated at Mon Aug 4 08:16:26 2025 by rpki-client