Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/xZI_bvE6JftjTV0B3dxc_5kYW0g.roa
File:                     xZI_bvE6JftjTV0B3dxc_5kYW0g.roa (raw, json)
Hash identifier:          AB1DpoviLX3AxgItOuLbSEQmOM0xIHXrb99sosPXy80=
Subject key identifier:   C5:92:3F:6E:F1:3A:25:FB:63:4D:5D:01:DD:DC:5C:FF:99:18:5B:48
Certificate issuer:       /CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
Certificate serial:       01987C61EC73D2282A39AC213C1062D01063
Authority key identifier: 64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/xZI_bvE6JftjTV0B3dxc_5kYW0g.roa
Signing time:             Tue 05 Aug 2025 22:37:28 +0000
ROA not before:           Tue 05 Aug 2025 22:37:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47962
IP address blocks:        37.122.152.0/22 maxlen: 22
                          37.122.152.0/23 maxlen: 23
                          37.122.153.0/24 maxlen: 24
                          37.122.154.0/23 maxlen: 23
                          37.122.154.0/24 maxlen: 24
                          37.122.155.0/24 maxlen: 24
                          37.122.156.0/23 maxlen: 23
                          37.122.156.0/24 maxlen: 24
                          37.122.157.0/24 maxlen: 24
                          176.106.224.0/22 maxlen: 24
                          176.106.230.0/23 maxlen: 23
                          176.106.230.0/24 maxlen: 24
                          176.106.231.0/24 maxlen: 24
                          2a0f:6a80::/29 maxlen: 29
                          2a0f:6a80:1::/48 maxlen: 48
                          2a0f:6a80:888::/48 maxlen: 48
                          2a0f:6a80:999::/48 maxlen: 48
                          2a0f:6a80:1001::/48 maxlen: 48
                          2a0f:6a80:1002::/48 maxlen: 48
                          2a0f:6a80:1003::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7c:61:ec:73:d2:28:2a:39:ac:21:3c:10:62:d0:10:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
        Validity
            Not Before: Aug  5 22:37:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5923f6ef13a25fb634d5d01dddc5cff99185b48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6d:ed:18:bc:eb:d3:c9:3f:7b:54:d2:02:f7:
                    20:9f:5e:9a:21:4b:b5:18:c4:f5:19:87:67:14:a9:
                    78:70:e6:20:22:ce:65:f0:c3:3a:21:13:67:fe:7b:
                    fb:9a:b2:4c:f8:9e:b9:09:78:48:60:a1:31:ee:bd:
                    d4:90:70:76:89:1a:68:66:6a:72:2b:88:b9:c4:e0:
                    c4:fe:6a:76:c8:79:a5:04:cc:d2:ad:46:dd:19:ca:
                    cd:59:2c:2d:c9:93:77:00:dc:9d:5f:b7:00:ea:d1:
                    1e:42:24:67:b0:b8:7c:67:ce:df:9a:ac:5d:91:95:
                    b2:70:f9:2f:f1:bb:3c:2a:ec:8a:78:16:53:76:2c:
                    c0:3d:8a:a2:01:b7:e2:0a:b0:7f:01:db:69:13:50:
                    cd:85:06:b9:58:06:df:d6:bc:43:2a:5e:05:ba:00:
                    65:f1:03:04:81:a1:91:49:8e:23:fa:c3:53:75:04:
                    b5:1e:70:2e:c4:9c:52:22:f2:b9:c0:ec:95:a3:2f:
                    e5:e8:8a:29:6c:a7:8f:7f:f0:19:55:48:92:1a:fb:
                    94:49:bb:73:c0:52:c1:f6:4b:d8:d2:0c:be:1f:12:
                    8a:8a:eb:cb:8b:c8:0e:ce:2d:79:4f:03:86:8c:32:
                    ac:36:9d:da:de:4e:d6:c6:45:88:b1:ea:cf:05:9e:
                    f6:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:92:3F:6E:F1:3A:25:FB:63:4D:5D:01:DD:DC:5C:FF:99:18:5B:48
            X509v3 Authority Key Identifier:
                keyid:64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/xZI_bvE6JftjTV0B3dxc_5kYW0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.122.152.0-37.122.157.255
                  176.106.224.0/22
                  176.106.230.0/23
                IPv6:
                  2a0f:6a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:47:2d:40:f3:46:bc:4f:21:4f:0b:6c:d7:c6:79:15:16:a2:
         6a:c0:64:02:f6:b2:f4:07:40:55:8c:d9:a7:42:2e:a3:6a:7e:
         86:d2:f4:bb:ca:96:b7:a0:96:fb:1f:e7:3c:59:7b:03:e6:43:
         b0:2b:e3:af:20:23:a7:ee:c2:5f:83:bb:e4:57:54:b8:40:be:
         06:80:ca:ad:d8:45:0a:b0:5b:69:2f:bd:cc:2f:c4:bc:2f:f0:
         ec:3e:cc:18:ac:b0:15:5a:8d:75:86:72:1c:82:76:f4:36:d5:
         0a:eb:73:5f:1d:fe:0b:bb:d2:dd:42:c4:12:78:2e:be:d0:eb:
         a3:b4:c8:73:5b:47:02:29:2e:55:04:d0:d5:c1:df:2c:85:98:
         ff:5e:c4:92:4a:61:0a:4a:ea:48:2d:a1:17:5f:9c:2d:51:7a:
         58:39:ec:31:03:62:ad:68:0b:a5:c0:8b:e9:dd:49:ee:3e:82:
         cc:3b:0c:4f:2b:5c:f4:8b:be:7c:c4:7f:0b:1b:56:30:03:45:
         cc:84:5c:86:68:e8:fe:92:9f:f1:98:38:57:36:89:13:86:94:
         3b:fe:de:d5:c2:ad:11:85:80:45:06:f7:e6:87:8a:54:26:b9:
         c4:d7:21:9c:84:c1:81:6c:7a:3b:5a:9b:61:3c:8a:07:c7:40:
         f8:ad:7b:98
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZh8Yexz0igqOawhPBBi0BBjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDE3MWY5M2NjMWNhNzE2ZmM4MDZlMzZhNTU4NTJjZGY0
ZjFjMWMwHhcNMjUwODA1MjIzNzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTkyM2Y2ZWYxM2EyNWZiNjM0ZDVkMDFkZGRjNWNmZjk5MTg1YjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvW3tGLzr08k/e1TSAvcgn16aIUu1
GMT1GYdnFKl4cOYgIs5l8MM6IRNn/nv7mrJM+J65CXhIYKEx7r3UkHB2iRpoZmpy
K4i5xODE/mp2yHmlBMzSrUbdGcrNWSwtyZN3ANydX7cA6tEeQiRnsLh8Z87fmqxd
kZWycPkv8bs8KuyKeBZTdizAPYqiAbfiCrB/AdtpE1DNhQa5WAbf1rxDKl4FugBl
8QMEgaGRSY4j+sNTdQS1HnAuxJxSIvK5wOyVoy/l6IopbKePf/AZVUiSGvuUSbtz
wFLB9kvY0gy+HxKKiuvLi8gOzi15TwOGjDKsNp3a3k7WxkWIserPBZ72LQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFMWSP27xOiX7Y01dAd3cXP+ZGFtIMB8GA1UdIwQY
MBaAFGTRcfk8wcpxb8gG42pVhSzfTxwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAt
YTQ2MzVkZjQ3ZDcwLzEveFpJX2J2RTZKZnRqVFYwQjNkeGNfNWtZVzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAtYTQ2MzVkZjQ3ZDcw
LzEvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaMAwDBAMlepgD
BAElepwDBAKwauADBAGwauYwDQQCAAIwBwMFAyoPaoAwDQYJKoZIhvcNAQELBQAD
ggEBAAJHLUDzRrxPIU8LbNfGeRUWomrAZAL2svQHQFWM2adCLqNqfobS9LvKlreg
lvsf5zxZewPmQ7Ar468gI6fuwl+Du+RXVLhAvgaAyq3YRQqwW2kvvcwvxLwv8Ow+
zBissBVajXWGchyCdvQ21Qrrc18d/gu70t1CxBJ4Lr7Q66O0yHNbRwIpLlUE0NXB
3yyFmP9exJJKYQpK6kgtoRdfnC1Relg57DEDYq1oC6XAi+ndSe4+gsw7DE8rXPSL
vnzEfwsbVjADRcyEXIZo6P6Sn/GYOFc2iROGlDv+3tXCrRGFgEUG9+aHilQmucTX
IZyEwYFsejtam2E8igfHQPite5g=
-----END CERTIFICATE-----
Generated at Sat Aug 9 22:37:09 2025 by rpki-client