Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vxwcAJ-qOTUrO-2SqZhxZutNFbQ.roa
File:                     vxwcAJ-qOTUrO-2SqZhxZutNFbQ.roa (raw, json)
Hash identifier:          PvTRjk9c9O6pw4VBfWFJMay0O4Yn9eZaLuWX7/UYCAE=
Subject key identifier:   BF:1C:1C:00:9F:AA:39:35:2B:3B:ED:92:A9:98:71:66:EB:4D:15:B4
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0197C71BE21CB3137A109B1F414D967AED93
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vxwcAJ-qOTUrO-2SqZhxZutNFbQ.roa
Signing time:             Tue 01 Jul 2025 17:49:42 +0000
ROA not before:           Tue 01 Jul 2025 17:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        62.76.229.0/24 maxlen: 24
                          193.124.4.0/24 maxlen: 24
                          193.124.7.0/24 maxlen: 24
                          194.58.155.0/24 maxlen: 24
                          194.87.53.0/24 maxlen: 24
                          194.87.119.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.179.0/24 maxlen: 24
                          194.87.228.0/24 maxlen: 24
                          194.135.24.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.29.0/24 maxlen: 24
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.241.0/24 maxlen: 24
                          212.193.0.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:1b:e2:1c:b3:13:7a:10:9b:1f:41:4d:96:7a:ed:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  1 17:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf1c1c009faa39352b3bed92a9987166eb4d15b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:75:57:6f:e2:3c:45:9d:11:11:95:e5:7d:47:
                    75:1d:96:12:75:6b:d2:09:37:52:e8:af:f7:98:a2:
                    1e:0d:76:85:e6:1e:92:0d:d4:c7:17:a5:fd:2d:df:
                    7c:f8:24:2b:48:3b:7d:4e:c3:b6:23:e2:c8:e4:df:
                    1e:dd:aa:a7:ac:2f:99:8f:b1:e0:bb:dc:f8:c4:3f:
                    39:f4:32:fa:41:b4:dd:e6:0b:73:40:c8:82:70:e9:
                    e3:ad:e0:ab:2e:b7:00:d6:3f:e4:63:b1:42:13:9c:
                    3e:ad:2f:68:4c:2c:16:0b:72:6b:c0:c7:db:f3:5a:
                    81:ca:24:64:71:ab:b7:16:27:83:a1:25:71:72:22:
                    6a:9a:43:84:7d:17:40:63:36:5b:5a:d9:22:aa:58:
                    d4:45:44:c2:f3:42:33:fd:49:d6:24:a7:28:43:cb:
                    4a:22:5f:18:6d:54:82:c1:53:35:10:f4:fd:ff:0b:
                    84:03:58:07:dd:dc:23:27:ed:81:40:fb:70:75:42:
                    ca:27:55:79:88:dd:33:96:2e:ec:12:50:d7:9c:38:
                    88:bf:e0:54:06:6a:3c:dc:3d:d8:e6:f4:c7:2b:4f:
                    d2:e7:a1:5a:92:b3:a4:c6:a9:2a:4b:1c:c2:ac:da:
                    75:9e:d1:86:aa:03:7e:c6:de:4c:6a:9a:b3:57:d8:
                    4e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:1C:1C:00:9F:AA:39:35:2B:3B:ED:92:A9:98:71:66:EB:4D:15:B4
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vxwcAJ-qOTUrO-2SqZhxZutNFbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.229.0/24
                  193.124.4.0/24
                  193.124.7.0/24
                  194.58.155.0/24
                  194.87.53.0/24
                  194.87.119.0/24
                  194.87.169.0/24
                  194.87.179.0/24
                  194.87.228.0/24
                  194.135.24.0/24
                  195.133.24.0/23
                  195.133.29.0/24
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.241.0/24
                  212.193.0.0/24
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:55:5c:6c:97:ea:7b:36:b6:64:b8:04:dc:56:67:b6:36:80:
         71:d6:1b:b9:3d:f2:e9:8c:77:91:ae:2b:08:80:e3:30:8f:3a:
         6a:e6:a9:1a:37:3f:0e:d9:00:16:b7:6c:cf:0b:3e:de:b9:2a:
         83:99:a7:03:a3:91:0b:07:4a:62:c5:45:b3:f6:0b:f4:00:78:
         6f:2b:cc:3f:21:af:44:f1:e0:8d:5b:9c:58:08:25:a8:aa:9b:
         97:db:f2:38:87:ae:e6:93:2e:18:46:de:cd:a0:8f:1c:f8:26:
         e8:90:bf:ec:b3:70:f0:c9:29:1d:29:9f:d8:fa:e2:ef:fd:97:
         d4:22:4e:98:9a:c0:59:9a:87:da:13:c7:a5:35:1c:bf:51:6b:
         a8:f8:d0:c4:26:ae:aa:91:91:e1:dc:7f:e2:45:a3:a3:ce:48:
         7a:c1:35:a9:0a:26:a3:69:87:b3:e2:68:4b:9a:47:48:8c:8a:
         1f:89:a2:26:28:80:83:89:34:76:5d:42:3c:42:3b:3b:d5:61:
         b6:3a:c6:52:6f:65:7f:4e:58:db:c6:f3:64:60:52:ac:ac:73:
         89:81:fb:1f:1a:82:5e:67:02:0c:91:6d:d8:77:a0:8b:42:fb:
         90:68:09:64:51:b5:48:08:8b:28:70:a4:1f:65:65:d8:f3:c7:
         ad:3f:97:c6
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgISAZfHG+IcsxN6EJsfQU2Weu2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNzAxMTc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjFjMWMwMDlmYWEzOTM1MmIzYmVkOTJhOTk4NzE2NmViNGQxNWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHVXb+I8RZ0REZXlfUd1HZYSdWvS
CTdS6K/3mKIeDXaF5h6SDdTHF6X9Ld98+CQrSDt9TsO2I+LI5N8e3aqnrC+Zj7Hg
u9z4xD859DL6QbTd5gtzQMiCcOnjreCrLrcA1j/kY7FCE5w+rS9oTCwWC3JrwMfb
81qByiRkcau3FieDoSVxciJqmkOEfRdAYzZbWtkiqljURUTC80Iz/UnWJKcoQ8tK
Il8YbVSCwVM1EPT9/wuEA1gH3dwjJ+2BQPtwdULKJ1V5iN0zli7sElDXnDiIv+BU
Bmo83D3Y5vTHK0/S56FakrOkxqkqSxzCrNp1ntGGqgN+xt5MapqzV9hOBQIDAQAB
o4ICiDCCAoQwHQYDVR0OBBYEFL8cHACfqjk1KzvtkqmYcWbrTRW0MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdnh3Y0FKLXFPVFVyTy0yU3FaaHhadXRORmJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGdBggrBgEFBQcBBwEB/wSBjTCBijByBAIAATBsAwQAPkzl
AwQAwXwEAwQAwXwHAwQAwjqbAwQAwlc1AwQAwld3AwQAwlepAwQAwlezAwQAwlfk
AwQAwocYAwQBw4UYAwQAw4UdAwQBw4UoAwQBw4UyAwQBw4VcAwQA1MDxAwQA1MEA
AwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEA
UlVcbJfqeza2ZLgE3FZntjaAcdYbuT3y6Yx3ka4rCIDjMI86auapGjc/DtkAFrds
zws+3rkqg5mnA6ORCwdKYsVFs/YL9AB4byvMPyGvRPHgjVucWAglqKqbl9vyOIeu
5pMuGEbezaCPHPgm6JC/7LNw8MkpHSmf2Pri7/2X1CJOmJrAWZqH2hPHpTUcv1Fr
qPjQxCauqpGR4dx/4kWjo85IesE1qQomo2mHs+JoS5pHSIyKH4miJiiAg4k0dl1C
PEI7O9VhtjrGUm9lf05Y28bzZGBSrKxziYH7HxqCXmcCDJFt2Hegi0L7kGgJZFG1
SAiLKHCkH2Vl2PPHrT+Xxg==
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:56:33 2025 by rpki-client