Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/4c849f-8650-4a1e-be59-1e63bbd70d96/1/AM62_hNG9hkzgdOgJu_7Pl-u4oI.roa
File:                     AM62_hNG9hkzgdOgJu_7Pl-u4oI.roa (raw, json)
Hash identifier:          aTW9umwh2RX7kyAdVmGDBiqiexRFNiZSuIDuhZf0vOA=
Subject key identifier:   00:CE:B6:FE:13:46:F6:19:33:81:D3:A0:26:EF:FB:3E:5F:AE:E2:82
Certificate issuer:       /CN=c01399b467c906662de00ec766cc7e000eaec27b
Certificate serial:       0198551FD0E226340D9FAA785223081B8128
Authority key identifier: C0:13:99:B4:67:C9:06:66:2D:E0:0E:C7:66:CC:7E:00:0E:AE:C2:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wBOZtGfJBmYt4A7HZsx-AA6uwns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/4c849f-8650-4a1e-be59-1e63bbd70d96/1/AM62_hNG9hkzgdOgJu_7Pl-u4oI.roa
Signing time:             Tue 29 Jul 2025 07:40:05 +0000
ROA not before:           Tue 29 Jul 2025 07:40:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210666
IP address blocks:        91.216.22.0/24 maxlen: 24
                          2001:67c:11c8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/4c849f-8650-4a1e-be59-1e63bbd70d96/1/wBOZtGfJBmYt4A7HZsx-AA6uwns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/4c849f-8650-4a1e-be59-1e63bbd70d96/1/wBOZtGfJBmYt4A7HZsx-AA6uwns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wBOZtGfJBmYt4A7HZsx-AA6uwns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 10:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:55:1f:d0:e2:26:34:0d:9f:aa:78:52:23:08:1b:81:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c01399b467c906662de00ec766cc7e000eaec27b
        Validity
            Not Before: Jul 29 07:40:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00ceb6fe1346f6193381d3a026effb3e5faee282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0c:94:f9:dd:7e:42:e1:e7:3a:b9:d6:c5:6a:
                    85:04:11:5d:af:4e:1f:e4:a6:70:6c:c8:62:94:ee:
                    30:d3:49:3f:e2:34:ee:12:ae:b6:38:de:d7:0d:7a:
                    02:4e:af:38:66:c0:58:4a:26:1e:f9:e1:29:a4:28:
                    44:f9:fc:74:4a:6c:a0:b7:28:aa:22:5d:06:3a:53:
                    9f:6f:4c:4c:2f:f2:52:5c:0a:3c:97:93:f7:d3:96:
                    60:54:d2:c2:f8:29:a0:b2:e7:6f:d7:55:51:e6:7d:
                    73:7c:d1:c9:59:4c:22:49:b9:64:03:a7:36:72:92:
                    04:ef:ec:2a:30:d8:8f:52:df:ce:ce:86:01:0c:53:
                    3e:89:56:26:26:38:92:d4:2e:53:ec:c4:85:78:23:
                    c2:1f:c3:59:71:15:38:96:ff:3e:2d:72:76:81:3c:
                    63:f7:fa:e0:ed:3e:f5:88:b5:52:db:cc:b8:2e:1a:
                    ce:0d:36:cd:dc:6d:09:23:e6:63:c4:09:52:b0:23:
                    00:0b:ce:4c:12:70:7e:f7:0d:d5:2e:fb:96:9f:69:
                    41:c7:18:f6:fb:47:6e:89:8a:17:cc:36:1c:a2:02:
                    e8:2e:7a:4a:3a:e2:5f:63:30:76:7e:fb:80:b9:44:
                    57:42:0a:58:95:8e:79:3f:ea:84:ce:ea:66:7e:df:
                    5e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:CE:B6:FE:13:46:F6:19:33:81:D3:A0:26:EF:FB:3E:5F:AE:E2:82
            X509v3 Authority Key Identifier:
                keyid:C0:13:99:B4:67:C9:06:66:2D:E0:0E:C7:66:CC:7E:00:0E:AE:C2:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wBOZtGfJBmYt4A7HZsx-AA6uwns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/4c849f-8650-4a1e-be59-1e63bbd70d96/1/AM62_hNG9hkzgdOgJu_7Pl-u4oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/4c849f-8650-4a1e-be59-1e63bbd70d96/1/wBOZtGfJBmYt4A7HZsx-AA6uwns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.22.0/24
                IPv6:
                  2001:67c:11c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:b2:cb:6e:cc:83:ba:7a:72:19:f2:88:b0:db:5a:37:20:d0:
         8e:09:4a:88:8a:cc:7a:96:72:52:34:59:2c:0c:6f:86:23:15:
         c1:66:57:d4:62:fe:44:38:12:4a:2c:dd:42:43:9c:a4:c7:fb:
         ad:7f:e1:ce:ff:8d:79:84:9f:f3:5f:81:23:79:2b:84:a7:be:
         36:1d:ba:dd:87:ab:eb:97:ad:33:5a:2e:30:76:17:03:00:b9:
         46:f0:9e:f1:93:f6:1a:4f:4a:5a:e8:62:b1:6e:17:8b:17:91:
         51:3e:06:db:9d:ab:09:02:aa:a5:9f:8c:d6:62:af:b2:01:02:
         dc:b0:7c:0f:18:56:9f:f7:76:da:cb:45:56:ad:2d:81:22:67:
         b4:49:a1:d1:47:a3:98:e7:d2:0f:4b:80:21:be:b5:7e:63:50:
         c3:26:a1:65:0d:10:04:00:7c:7b:17:b9:06:13:89:7d:25:46:
         f8:46:2a:2e:5f:d3:ca:af:61:b6:60:6d:78:a3:4f:ff:21:81:
         cd:de:e3:28:b6:0b:fc:13:dc:54:96:de:c4:74:38:fc:d0:8d:
         e1:08:a2:10:59:0e:53:95:f8:b1:23:81:97:1d:17:33:94:59:
         9a:69:67:4d:7b:e4:61:35:e4:2c:3d:f6:8f:da:d3:f6:1d:be:
         00:13:7f:d9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZhVH9DiJjQNn6p4UiMIG4EoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMTM5OWI0NjdjOTA2NjYyZGUwMGVjNzY2Y2M3ZTAwMGVh
ZWMyN2IwHhcNMjUwNzI5MDc0MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGNlYjZmZTEzNDZmNjE5MzM4MWQzYTAyNmVmZmIzZTVmYWVlMjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwyU+d1+QuHnOrnWxWqFBBFdr04f
5KZwbMhilO4w00k/4jTuEq62ON7XDXoCTq84ZsBYSiYe+eEppChE+fx0Smygtyiq
Il0GOlOfb0xML/JSXAo8l5P305ZgVNLC+Cmgsudv11VR5n1zfNHJWUwiSblkA6c2
cpIE7+wqMNiPUt/OzoYBDFM+iVYmJjiS1C5T7MSFeCPCH8NZcRU4lv8+LXJ2gTxj
9/rg7T71iLVS28y4LhrODTbN3G0JI+ZjxAlSsCMAC85MEnB+9w3VLvuWn2lBxxj2
+0duiYoXzDYcogLoLnpKOuJfYzB2fvuAuURXQgpYlY55P+qEzupmft9evQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFADOtv4TRvYZM4HToCbv+z5fruKCMB8GA1UdIwQY
MBaAFMATmbRnyQZmLeAOx2bMfgAOrsJ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0JPWnRHZkpCbVl0NEE3SFpzeC1BQTZ1d25zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80Yzg0OWYtODY1MC00YTFlLWJlNTkt
MWU2M2JiZDcwZDk2LzEvQU02Ml9oTkc5aGt6Z2RPZ0p1XzdQbC11NG9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80Yzg0OWYtODY1MC00YTFlLWJlNTktMWU2M2JiZDcwZDk2
LzEvd0JPWnRHZkpCbVl0NEE3SFpzeC1BQTZ1d25zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9gWMA8E
AgACMAkDBwAgAQZ8EcgwDQYJKoZIhvcNAQELBQADggEBAKCyy27Mg7p6chnyiLDb
Wjcg0I4JSoiKzHqWclI0WSwMb4YjFcFmV9Ri/kQ4Ekos3UJDnKTH+61/4c7/jXmE
n/NfgSN5K4SnvjYdut2Hq+uXrTNaLjB2FwMAuUbwnvGT9hpPSlroYrFuF4sXkVE+
BtudqwkCqqWfjNZir7IBAtywfA8YVp/3dtrLRVatLYEiZ7RJodFHo5jn0g9LgCG+
tX5jUMMmoWUNEAQAfHsXuQYTiX0lRvhGKi5f08qvYbZgbXijT/8hgc3e4yi2C/wT
3FSW3sR0OPzQjeEIohBZDlOV+LEjgZcdFzOUWZppZ0175GE15Cw99o/a0/YdvgAT
f9k=
-----END CERTIFICATE-----
Generated at Fri Aug 8 13:02:34 2025 by rpki-client