Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/uU2H6qSRGLLnoKTSGyF0Io1Dgek.roa
File:                     uU2H6qSRGLLnoKTSGyF0Io1Dgek.roa (raw, json)
Hash identifier:          0tShiFWC9qx5g93KA8rmafPcKueJbV7L+FBUY/M5d1w=
Subject key identifier:   B9:4D:87:EA:A4:91:18:B2:E7:A0:A4:D2:1B:21:74:22:8D:43:81:E9
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       0198612AC3A6DEC8EF6EA338858CC4345160
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/uU2H6qSRGLLnoKTSGyF0Io1Dgek.roa
Signing time:             Thu 31 Jul 2025 15:47:29 +0000
ROA not before:           Thu 31 Jul 2025 15:47:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        46.3.67.0/24 maxlen: 24
                          46.3.76.0/24 maxlen: 24
                          46.3.86.0/23 maxlen: 23
                          46.232.26.0/23 maxlen: 24
                          46.232.26.0/24 maxlen: 24
                          46.232.27.0/24 maxlen: 24
                          46.232.28.0/22 maxlen: 24
                          46.232.28.0/24 maxlen: 24
                          46.232.29.0/24 maxlen: 24
                          46.232.30.0/24 maxlen: 24
                          46.232.31.0/24 maxlen: 24
                          46.232.32.0/20 maxlen: 24
                          46.232.80.0/20 maxlen: 20
                          46.232.80.0/24 maxlen: 24
                          46.232.81.0/24 maxlen: 24
                          46.232.82.0/24 maxlen: 24
                          46.232.83.0/24 maxlen: 24
                          46.232.84.0/24 maxlen: 24
                          46.232.85.0/24 maxlen: 24
                          46.232.86.0/24 maxlen: 24
                          46.232.87.0/24 maxlen: 24
                          46.232.88.0/24 maxlen: 24
                          46.232.89.0/24 maxlen: 24
                          46.232.90.0/24 maxlen: 24
                          46.232.91.0/24 maxlen: 24
                          46.232.92.0/24 maxlen: 24
                          46.232.93.0/24 maxlen: 24
                          46.232.94.0/24 maxlen: 24
                          46.232.95.0/24 maxlen: 24
                          149.126.192.0/24 maxlen: 24
                          149.126.197.0/24 maxlen: 24
                          149.126.200.0/24 maxlen: 24
                          149.126.215.0/24 maxlen: 24
                          149.126.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 07:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:61:2a:c3:a6:de:c8:ef:6e:a3:38:85:8c:c4:34:51:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jul 31 15:47:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b94d87eaa49118b2e7a0a4d21b2174228d4381e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:75:69:f1:7c:bd:d3:f5:f5:46:3d:7b:15:85:
                    76:55:f7:77:54:13:18:ed:c9:10:22:f1:af:2a:66:
                    7e:0d:09:05:bf:0c:d9:10:da:89:98:18:81:80:00:
                    a7:d3:26:8b:11:95:cc:8b:ca:bb:cb:7f:11:08:b7:
                    d6:fd:1b:ab:4c:7d:94:34:d6:32:91:22:68:57:ea:
                    d9:4e:99:29:af:83:c7:74:7b:9c:77:d5:a6:09:01:
                    b7:89:ba:f3:2f:5e:16:56:11:95:e6:3a:96:8a:c8:
                    e2:88:20:5b:26:6e:be:04:30:0c:42:2b:18:4e:42:
                    c4:b8:e7:c9:6a:11:81:22:42:41:02:3e:0f:87:90:
                    ac:88:f9:fd:0a:02:b6:95:f4:3a:5d:9a:ab:7a:13:
                    31:6e:c8:64:e2:4c:fd:d5:7c:fd:cc:13:77:a1:81:
                    f7:a5:75:bc:1b:f2:c2:2d:16:ad:64:c8:44:bd:bf:
                    c5:e2:f0:36:46:8f:43:f3:72:c4:79:8a:05:02:ba:
                    df:f6:f6:3e:cd:36:1a:b0:e0:0b:6f:ce:2e:83:c2:
                    50:f5:b6:c9:31:5c:5e:f0:f9:8e:85:c5:04:79:0e:
                    51:26:a6:9b:81:db:22:a2:5a:17:24:81:cb:f5:d8:
                    c4:95:ca:b8:8e:d7:70:33:ba:24:fa:16:0f:e2:52:
                    9d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:4D:87:EA:A4:91:18:B2:E7:A0:A4:D2:1B:21:74:22:8D:43:81:E9
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/uU2H6qSRGLLnoKTSGyF0Io1Dgek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.67.0/24
                  46.3.76.0/24
                  46.3.86.0/23
                  46.232.26.0-46.232.47.255
                  46.232.80.0/20
                  149.126.192.0/24
                  149.126.197.0/24
                  149.126.200.0/24
                  149.126.215.0/24
                  149.126.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:1b:0a:a5:7e:46:c9:29:05:5b:f2:e1:94:8b:73:9d:1e:12:
         41:2e:2b:31:64:02:15:59:08:a8:12:34:fd:8f:7e:8f:73:49:
         c8:60:49:eb:45:5e:1a:5c:fa:50:6a:f1:3f:41:94:ee:00:8d:
         80:09:e7:ba:d6:ca:96:6d:6b:2e:23:66:ca:b6:03:59:4f:e6:
         d4:5d:25:88:39:5c:ac:16:4b:66:34:b4:c8:39:f8:76:8f:e6:
         05:dc:17:2a:23:55:57:4c:09:f0:85:61:c6:7c:7f:e8:27:e0:
         bb:dd:06:f4:78:fe:13:3d:53:56:d7:96:86:1a:bc:c5:c6:c9:
         c7:13:02:ad:7d:b5:57:28:1d:2d:13:73:1a:b7:5d:cf:03:cd:
         8d:4b:8e:44:10:a0:02:67:29:a4:39:ed:1c:1e:2c:44:b8:80:
         67:b7:0c:99:07:84:c6:24:43:b9:57:b7:65:6d:10:fc:21:a8:
         c0:21:70:7c:12:cb:ad:d9:bb:e3:8c:50:72:49:8f:eb:04:eb:
         89:8a:4d:ec:6a:56:5e:de:b5:26:21:11:8d:3e:c3:dd:45:38:
         70:9f:1b:03:91:0c:17:53:21:4e:a0:b4:8b:ee:1b:57:6b:16:
         d1:57:35:ea:55:e4:de:50:5e:0e:52:b0:f1:41:e8:02:be:9d:
         ba:1d:20:ba
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZhhKsOm3sjvbqM4hYzENFFgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwNzMxMTU0NzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTRkODdlYWE0OTExOGIyZTdhMGE0ZDIxYjIxNzQyMjhkNDM4MWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3XVp8Xy90/X1Rj17FYV2Vfd3VBMY
7ckQIvGvKmZ+DQkFvwzZENqJmBiBgACn0yaLEZXMi8q7y38RCLfW/RurTH2UNNYy
kSJoV+rZTpkpr4PHdHucd9WmCQG3ibrzL14WVhGV5jqWisjiiCBbJm6+BDAMQisY
TkLEuOfJahGBIkJBAj4Ph5CsiPn9CgK2lfQ6XZqrehMxbshk4kz91Xz9zBN3oYH3
pXW8G/LCLRatZMhEvb/F4vA2Ro9D83LEeYoFArrf9vY+zTYasOALb84ug8JQ9bbJ
MVxe8PmOhcUEeQ5RJqabgdsioloXJIHL9djElcq4jtdwM7ok+hYP4lKdxwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFLlNh+qkkRiy56Ck0hshdCKNQ4HpMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvdVUySDZxU1JHTExub0tUU0d5RjBJbzFEZ2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQALgNDAwQA
LgNMAwQBLgNWMAwDBAEu6BoDBAQu6CADBAQu6FADBACVfsADBACVfsUDBACVfsgD
BACVftcDBACVfvYwDQYJKoZIhvcNAQELBQADggEBAGEbCqV+RskpBVvy4ZSLc50e
EkEuKzFkAhVZCKgSNP2Pfo9zSchgSetFXhpc+lBq8T9BlO4AjYAJ57rWypZtay4j
Zsq2A1lP5tRdJYg5XKwWS2Y0tMg5+HaP5gXcFyojVVdMCfCFYcZ8f+gn4LvdBvR4
/hM9U1bXloYavMXGyccTAq19tVcoHS0Tcxq3Xc8DzY1LjkQQoAJnKaQ57RweLES4
gGe3DJkHhMYkQ7lXt2VtEPwhqMAhcHwSy63Zu+OMUHJJj+sE64mKTexqVl7etSYh
EY0+w91FOHCfGwORDBdTIU6gtIvuG1drFtFXNepV5N5QXg5SsPFB6AK+nbodILo=
-----END CERTIFICATE-----
Generated at Wed Aug 6 14:07:46 2025 by rpki-client