Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/eXCTbvYVehPg2Ha0B0bl-hboXJI.roa
File:                     eXCTbvYVehPg2Ha0B0bl-hboXJI.roa (raw, json)
Hash identifier:          FlUTAoocjZm0O60ObzsblCGTGUuGU71rYp5yHyyLz2o=
Subject key identifier:   79:70:93:6E:F6:15:7A:13:E0:D8:76:B4:07:46:E5:FA:16:E8:5C:92
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019823DF7E0494F93707E44382818980F83F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/eXCTbvYVehPg2Ha0B0bl-hboXJI.roa
Signing time:             Sat 19 Jul 2025 18:08:25 +0000
ROA not before:           Sat 19 Jul 2025 18:08:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        163.5.30.0/24 maxlen: 24
                          163.5.59.0/24 maxlen: 24
                          163.5.66.0/24 maxlen: 24
                          163.5.84.0/24 maxlen: 24
                          163.5.89.0/24 maxlen: 24
                          163.5.104.0/24 maxlen: 24
                          163.5.106.0/24 maxlen: 24
                          163.5.112.0/24 maxlen: 24
                          163.5.121.0/24 maxlen: 24
                          163.5.128.0/24 maxlen: 24
                          163.5.129.0/24 maxlen: 24
                          163.5.139.0/24 maxlen: 24
                          163.5.143.0/24 maxlen: 24
                          163.5.146.0/24 maxlen: 24
                          163.5.151.0/24 maxlen: 24
                          163.5.160.0/24 maxlen: 24
                          163.5.167.0/24 maxlen: 24
                          163.5.173.0/24 maxlen: 24
                          163.5.178.0/24 maxlen: 24
                          163.5.182.0/24 maxlen: 24
                          163.5.186.0/24 maxlen: 24
                          163.5.189.0/24 maxlen: 24
                          163.5.190.0/24 maxlen: 24
                          163.5.201.0/24 maxlen: 24
                          163.5.203.0/24 maxlen: 24
                          163.5.204.0/24 maxlen: 24
                          163.5.205.0/24 maxlen: 24
                          163.5.206.0/24 maxlen: 24
                          163.5.209.0/24 maxlen: 24
                          163.5.218.0/24 maxlen: 24
                          163.5.221.0/24 maxlen: 24
                          163.5.224.0/24 maxlen: 24
                          163.5.228.0/24 maxlen: 24
                          163.5.237.0/24 maxlen: 24
                          163.5.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 21:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:23:df:7e:04:94:f9:37:07:e4:43:82:81:89:80:f8:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul 19 18:08:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7970936ef6157a13e0d876b40746e5fa16e85c92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:13:c9:c5:f7:ef:af:83:7f:d2:a1:8f:7b:32:
                    0f:de:98:27:85:5a:9c:56:68:c1:1e:4d:42:d9:a2:
                    46:97:1c:65:2d:02:1a:4a:87:d8:bd:cc:39:04:f7:
                    aa:58:1e:80:72:a8:18:e8:de:4d:d6:3a:5f:e9:2d:
                    e4:23:41:8c:3d:c4:9f:98:75:8d:08:b7:9e:98:91:
                    a6:22:3a:52:a6:97:a4:a5:81:99:cb:5d:e9:12:83:
                    52:97:0e:19:0b:b6:7a:8c:bd:b1:ce:57:11:75:00:
                    bf:eb:a9:d7:0a:d8:ee:8a:e8:21:f5:eb:dc:ce:b7:
                    c3:a8:5f:db:4a:18:c1:46:8d:ef:6d:c4:db:63:8e:
                    67:fd:a6:68:97:34:f2:09:3f:00:2a:77:ef:62:84:
                    c5:2c:79:01:54:98:a3:49:84:69:12:6b:27:43:12:
                    4f:9d:aa:de:7e:ad:8c:9a:95:7b:2a:72:dc:02:c7:
                    2f:9c:4e:93:6b:1d:1a:e8:d9:e6:05:bc:cd:07:c9:
                    43:74:ec:3c:14:63:15:0d:20:0c:1a:22:4f:22:96:
                    42:86:d4:35:25:67:14:9e:17:9b:eb:d7:0d:db:58:
                    87:d0:62:9b:0b:7b:ba:49:8a:fc:ef:0a:c1:04:73:
                    f6:95:9a:1e:a2:7d:85:f0:0a:3f:90:d5:27:5a:21:
                    bc:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:70:93:6E:F6:15:7A:13:E0:D8:76:B4:07:46:E5:FA:16:E8:5C:92
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/eXCTbvYVehPg2Ha0B0bl-hboXJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.30.0/24
                  163.5.59.0/24
                  163.5.66.0/24
                  163.5.84.0/24
                  163.5.89.0/24
                  163.5.104.0/24
                  163.5.106.0/24
                  163.5.112.0/24
                  163.5.121.0/24
                  163.5.128.0/23
                  163.5.139.0/24
                  163.5.143.0/24
                  163.5.146.0/24
                  163.5.151.0/24
                  163.5.160.0/24
                  163.5.167.0/24
                  163.5.173.0/24
                  163.5.178.0/24
                  163.5.182.0/24
                  163.5.186.0/24
                  163.5.189.0-163.5.190.255
                  163.5.201.0/24
                  163.5.203.0-163.5.206.255
                  163.5.209.0/24
                  163.5.218.0/24
                  163.5.221.0/24
                  163.5.224.0/24
                  163.5.228.0/24
                  163.5.237.0/24
                  163.5.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:f6:f7:3d:8b:d3:09:1f:f4:3b:a0:25:8e:7d:3b:71:dc:ea:
         77:bd:09:db:fa:40:62:82:6d:fa:ca:f3:86:c5:f4:7f:33:4e:
         c3:94:8c:da:99:e4:fd:ce:b7:85:36:74:c8:99:8b:30:70:4a:
         85:f2:1d:41:b7:8a:7b:77:20:63:5e:c9:61:fd:9c:8e:6d:0c:
         98:42:1e:68:b1:a0:c2:7d:7a:c0:34:50:f0:83:e1:6a:8a:a5:
         53:97:31:3a:d9:ec:ec:db:5d:21:9d:79:17:c3:96:67:79:ff:
         96:39:30:c3:aa:e3:8e:fa:0f:af:36:5f:ad:5a:cc:8f:b9:f5:
         6b:1b:80:f5:ba:22:56:1a:73:e0:6b:a0:de:f9:04:2c:9b:ff:
         bd:93:62:b6:16:62:fa:d0:09:6f:bb:fc:c2:95:0d:50:b6:87:
         f5:92:fa:a3:1d:44:f5:25:8c:45:62:fa:b1:47:b6:36:5e:81:
         7e:ef:a6:68:91:7b:f6:c1:73:2f:dd:a8:34:d7:59:ce:3a:72:
         e5:4c:24:2f:6f:51:a9:bb:d6:1a:62:2f:50:50:f1:88:6b:52:
         b6:7e:ea:76:e3:0a:65:22:45:19:a1:ed:6c:57:fd:aa:59:19:
         e4:36:d0:3c:10:4c:e4:d4:82:7d:61:98:da:7b:75:76:dd:9d:
         fa:72:5c:99
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAZgj334ElPk3B+RDgoGJgPg/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwNzE5MTgwODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTcwOTM2ZWY2MTU3YTEzZTBkODc2YjQwNzQ2ZTVmYTE2ZTg1YzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhPJxffvr4N/0qGPezIP3pgnhVqc
VmjBHk1C2aJGlxxlLQIaSofYvcw5BPeqWB6AcqgY6N5N1jpf6S3kI0GMPcSfmHWN
CLeemJGmIjpSppekpYGZy13pEoNSlw4ZC7Z6jL2xzlcRdQC/66nXCtjuiugh9evc
zrfDqF/bShjBRo3vbcTbY45n/aZolzTyCT8AKnfvYoTFLHkBVJijSYRpEmsnQxJP
narefq2MmpV7KnLcAscvnE6Tax0a6NnmBbzNB8lDdOw8FGMVDSAMGiJPIpZChtQ1
JWcUnheb69cN21iH0GKbC3u6SYr87wrBBHP2lZoeon2F8Ao/kNUnWiG8owIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFHlwk272FXoT4Nh2tAdG5foW6FySMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvZVhDVGJ2WVZlaFBnMkhhMEIwYmwtaGJvWEpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHhBggrBgEFBQcBBwEB/wSB0TCBzjCBywQCAAEwgcQDBACj
BR4DBACjBTsDBACjBUIDBACjBVQDBACjBVkDBACjBWgDBACjBWoDBACjBXADBACj
BXkDBAGjBYADBACjBYsDBACjBY8DBACjBZIDBACjBZcDBACjBaADBACjBacDBACj
Ba0DBACjBbIDBACjBbYDBACjBbowDAMEAKMFvQMEAKMFvgMEAKMFyTAMAwQAowXL
AwQAowXOAwQAowXRAwQAowXaAwQAowXdAwQAowXgAwQAowXkAwQAowXtAwQAowXx
MA0GCSqGSIb3DQEBCwUAA4IBAQAS9vc9i9MJH/Q7oCWOfTtx3Op3vQnb+kBigm36
yvOGxfR/M07DlIzameT9zreFNnTImYswcEqF8h1Bt4p7dyBjXslh/ZyObQyYQh5o
saDCfXrANFDwg+FqiqVTlzE62ezs210hnXkXw5Znef+WOTDDquOO+g+vNl+tWsyP
ufVrG4D1uiJWGnPga6De+QQsm/+9k2K2FmL60Alvu/zClQ1Qtof1kvqjHUT1JYxF
YvqxR7Y2XoF+76ZokXv2wXMv3ag011nOOnLlTCQvb1Gpu9YaYi9QUPGIa1K2fup2
4wplIkUZoe1sV/2qWRnkNtA8EEzk1IJ9YZjae3V23Z36clyZ
-----END CERTIFICATE-----
Generated at Thu Jul 24 03:51:43 2025 by rpki-client