Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/ir7-RH8I6LOM7faVYPUvWtPtBkc.roa
File:                     ir7-RH8I6LOM7faVYPUvWtPtBkc.roa (raw, json)
Hash identifier:          c3S12HvLqchLUsT4f7tqk56b2aJYvGDiRT3Sw4rhzw0=
Subject key identifier:   8A:BE:FE:44:7F:08:E8:B3:8C:ED:F6:95:60:F5:2F:5A:D3:ED:06:47
Certificate issuer:       /CN=f13219221cc0a21326ce006c42825bac2be31e17
Certificate serial:       019827C912E8B2DF864FFDF5836222FB8A20
Authority key identifier: F1:32:19:22:1C:C0:A2:13:26:CE:00:6C:42:82:5B:AC:2B:E3:1E:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TIZIhzAohMmzgBsQoJbrCvjHhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/ir7-RH8I6LOM7faVYPUvWtPtBkc.roa
Signing time:             Sun 20 Jul 2025 12:22:25 +0000
ROA not before:           Sun 20 Jul 2025 12:22:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        37.99.128.0/18 maxlen: 24
                          46.184.0.0/17 maxlen: 24
                          46.184.90.0/24 maxlen: 24
                          94.77.192.0/18 maxlen: 24
                          185.139.120.0/22 maxlen: 24
                          188.248.0.0/15 maxlen: 24
                          2a02:888::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/8TIZIhzAohMmzgBsQoJbrCvjHhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/8TIZIhzAohMmzgBsQoJbrCvjHhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TIZIhzAohMmzgBsQoJbrCvjHhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:27:c9:12:e8:b2:df:86:4f:fd:f5:83:62:22:fb:8a:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13219221cc0a21326ce006c42825bac2be31e17
        Validity
            Not Before: Jul 20 12:22:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8abefe447f08e8b38cedf69560f52f5ad3ed0647
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:4c:60:a0:47:63:f0:45:3e:2d:4c:88:04:95:
                    71:d4:eb:74:bd:ec:81:10:65:69:f7:dd:30:5c:9a:
                    54:56:5f:f7:ad:4e:3a:01:4f:89:c5:65:02:05:09:
                    c1:24:cf:47:27:b8:84:ab:9c:92:4d:4b:dd:02:82:
                    99:22:74:3d:c7:a5:a8:f4:42:b4:3f:5c:eb:16:0f:
                    47:8d:a4:f8:f8:42:d6:3f:18:96:d2:f5:0f:46:e4:
                    5a:41:a9:21:57:3d:1b:89:2d:7c:00:c3:34:e7:22:
                    5f:f9:bc:aa:7a:c8:b7:1b:14:67:71:a0:1d:b3:60:
                    19:79:29:73:24:91:d0:4b:5e:84:b2:7e:b4:59:9c:
                    e6:e5:66:73:74:69:25:f1:ef:18:80:3f:47:25:34:
                    8a:a6:6d:f6:7b:5a:cf:d9:9c:67:70:81:f9:86:09:
                    85:a5:8d:46:e0:9e:19:8b:7e:e5:d7:b1:aa:8e:e6:
                    d4:9c:33:ce:fb:62:d0:f3:b3:39:a8:93:4b:97:2b:
                    85:45:b3:2e:b2:24:84:fa:1c:09:93:d5:a7:bb:8e:
                    e0:a8:c9:7b:63:43:8e:c2:ac:7c:fa:26:03:08:e1:
                    e6:9d:aa:75:4f:5a:e8:e0:9d:83:bb:e3:26:ac:dd:
                    df:97:7e:31:89:41:31:98:c3:f5:c3:46:ee:7a:59:
                    3d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:BE:FE:44:7F:08:E8:B3:8C:ED:F6:95:60:F5:2F:5A:D3:ED:06:47
            X509v3 Authority Key Identifier:
                keyid:F1:32:19:22:1C:C0:A2:13:26:CE:00:6C:42:82:5B:AC:2B:E3:1E:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TIZIhzAohMmzgBsQoJbrCvjHhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/ir7-RH8I6LOM7faVYPUvWtPtBkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/34244d-03c8-4780-87c3-45e696a5ae45/1/8TIZIhzAohMmzgBsQoJbrCvjHhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.99.128.0/18
                  46.184.0.0/17
                  94.77.192.0/18
                  185.139.120.0/22
                  188.248.0.0/15
                IPv6:
                  2a02:888::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:b8:2d:e2:96:29:b6:7c:45:74:b4:ea:c7:86:9e:ea:ef:53:
         3d:4d:f7:af:c2:5e:dd:ff:d0:01:c6:e8:13:06:61:95:0d:fe:
         ba:c8:41:2f:87:17:92:08:61:2b:05:40:bd:ff:03:c4:5e:e7:
         bf:ee:13:1b:ed:ea:cd:6f:fc:f8:73:a0:36:e9:f7:56:10:9e:
         35:3f:17:bf:b6:b1:6a:de:3c:12:4d:46:96:19:9b:f7:62:7d:
         65:7d:74:68:d3:28:20:66:e3:2c:a2:0b:ec:ee:04:c1:2d:5a:
         84:77:ed:3e:1e:e5:ff:86:4b:b0:09:9b:f6:fc:62:b7:82:50:
         75:4f:11:dd:ec:a7:cb:2c:b6:9f:56:94:c5:46:fc:e3:cd:52:
         00:f8:d9:91:b5:9b:7f:9d:6d:94:42:96:27:95:56:37:73:55:
         ed:64:e5:3f:be:46:9e:e2:38:cc:3f:42:c8:e0:dc:51:f9:f9:
         2d:e2:88:4f:37:49:38:e5:87:22:1c:d8:3d:3b:9d:9d:b2:89:
         0f:6f:f5:d0:2d:f7:f5:ef:4c:53:3e:f3:18:3b:ab:5c:d6:e8:
         da:b5:27:d2:2e:25:1f:2a:9f:12:a3:42:6d:fc:c9:a0:93:7e:
         42:58:8e:ba:62:30:56:22:9c:21:71:7b:39:c9:f9:0b:dd:da:
         63:67:05:b1
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZgnyRLost+GT/31g2Ii+4ogMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzIxOTIyMWNjMGEyMTMyNmNlMDA2YzQyODI1YmFjMmJl
MzFlMTcwHhcNMjUwNzIwMTIyMjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWJlZmU0NDdmMDhlOGIzOGNlZGY2OTU2MGY1MmY1YWQzZWQwNjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kxgoEdj8EU+LUyIBJVx1Ot0veyB
EGVp990wXJpUVl/3rU46AU+JxWUCBQnBJM9HJ7iEq5ySTUvdAoKZInQ9x6Wo9EK0
P1zrFg9HjaT4+ELWPxiW0vUPRuRaQakhVz0biS18AMM05yJf+byqesi3GxRncaAd
s2AZeSlzJJHQS16Esn60WZzm5WZzdGkl8e8YgD9HJTSKpm32e1rP2ZxncIH5hgmF
pY1G4J4Zi37l17GqjubUnDPO+2LQ87M5qJNLlyuFRbMusiSE+hwJk9Wnu47gqMl7
Y0OOwqx8+iYDCOHmnap1T1ro4J2Du+MmrN3fl34xiUExmMP1w0buelk98wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFIq+/kR/COizjO32lWD1L1rT7QZHMB8GA1UdIwQY
MBaAFPEyGSIcwKITJs4AbEKCW6wr4x4XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRJWkloekFvaE1temdCc1FvSmJyQ3ZqSGhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zNDI0NGQtMDNjOC00NzgwLTg3YzMt
NDVlNjk2YTVhZTQ1LzEvaXI3LVJIOEk2TE9NN2ZhVllQVXZXdFB0QmtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zNDI0NGQtMDNjOC00NzgwLTg3YzMtNDVlNjk2YTVhZTQ1
LzEvOFRJWkloekFvaE1temdCc1FvSmJyQ3ZqSGhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAjBAIAATAdAwQGJWOAAwQH
LrgAAwQGXk3AAwQCuYt4AwMBvPgwDQQCAAIwBwMFAyoCCIgwDQYJKoZIhvcNAQEL
BQADggEBAHC4LeKWKbZ8RXS06seGnurvUz1N96/CXt3/0AHG6BMGYZUN/rrIQS+H
F5IIYSsFQL3/A8Re57/uExvt6s1v/PhzoDbp91YQnjU/F7+2sWrePBJNRpYZm/di
fWV9dGjTKCBm4yyiC+zuBMEtWoR37T4e5f+GS7AJm/b8YreCUHVPEd3sp8sstp9W
lMVG/OPNUgD42ZG1m3+dbZRClieVVjdzVe1k5T++Rp7iOMw/Qsjg3FH5+S3iiE83
STjlhyIc2D07nZ2yiQ9v9dAt9/XvTFM+8xg7q1zW6Nq1J9IuJR8qnxKjQm38yaCT
fkJYjrpiMFYinCFxeznJ+Qvd2mNnBbE=
-----END CERTIFICATE-----
Generated at Sun Jul 27 09:20:33 2025 by rpki-client