Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/OUXqqWfQTCMLecmZJOetX8nDJq4.roa
File:                     OUXqqWfQTCMLecmZJOetX8nDJq4.roa (raw, json)
Hash identifier:          sVR/luDbfjaWQ+Na2uxCSWiX3jfCtfpibuRPwKT8RuI=
Subject key identifier:   39:45:EA:A9:67:D0:4C:23:0B:79:C9:99:24:E7:AD:5F:C9:C3:26:AE
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       0197F943A23E84FE11C15A787FE737F8A7C6
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/OUXqqWfQTCMLecmZJOetX8nDJq4.roa
Signing time:             Fri 11 Jul 2025 11:34:08 +0000
ROA not before:           Fri 11 Jul 2025 11:34:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        94.154.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:43:a2:3e:84:fe:11:c1:5a:78:7f:e7:37:f8:a7:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Jul 11 11:34:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3945eaa967d04c230b79c99924e7ad5fc9c326ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f0:80:5d:ab:23:31:1a:a8:f2:e6:6b:19:ad:
                    f7:de:5e:a3:a7:3a:82:a7:b4:34:71:4c:cb:0c:82:
                    f1:44:65:e3:f9:74:65:c3:92:4e:c4:a2:28:34:e0:
                    a8:4c:1b:5b:9a:a0:1b:c2:c1:11:19:d0:cb:fd:e6:
                    13:77:4f:65:48:36:f3:33:3f:aa:8e:18:d6:46:11:
                    ea:e7:85:52:5c:a0:fa:52:cd:7f:34:59:19:c3:8a:
                    05:1f:24:cd:70:68:9c:8c:01:d7:7e:92:2f:92:44:
                    b0:4c:7a:8b:57:c6:60:51:0a:11:5d:d1:03:4c:ab:
                    fe:75:31:0a:bf:8e:88:09:b2:c3:41:6d:f7:94:9a:
                    04:70:6b:52:cf:86:72:94:8e:4e:ca:1e:42:1a:41:
                    7e:99:21:32:82:0b:3c:ca:1e:8c:86:77:1e:e8:2b:
                    34:00:59:18:e2:0f:43:62:ad:a4:97:82:eb:78:f6:
                    2f:d9:f9:25:8c:09:20:f4:2a:31:54:55:be:9f:ed:
                    5a:08:af:bd:e6:16:14:ce:cc:bd:d9:bc:6a:d6:78:
                    71:25:60:0c:aa:8d:0f:d6:9e:d5:3a:a9:ea:cd:2f:
                    a6:18:86:1d:df:ed:7d:b6:fa:a3:a9:ab:8e:3d:b7:
                    2b:36:c0:30:e3:e2:90:25:c5:8a:b1:e8:8a:d1:e8:
                    ee:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:45:EA:A9:67:D0:4C:23:0B:79:C9:99:24:E7:AD:5F:C9:C3:26:AE
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/OUXqqWfQTCMLecmZJOetX8nDJq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:17:ac:df:d9:31:aa:b5:ea:e2:20:54:85:fe:7e:50:3f:6e:
         40:2e:8f:56:58:f7:97:37:b6:13:6a:06:7d:9e:e6:a0:7e:39:
         84:fa:58:0a:45:a5:e4:0e:a9:7c:47:37:1d:61:83:6c:8a:9a:
         4e:fd:3e:6a:71:e3:c6:c0:1a:59:da:0e:39:0d:99:e2:84:5c:
         6e:76:09:42:95:7e:a8:a3:54:43:8c:38:c0:a4:9c:35:86:29:
         f2:53:15:6c:80:18:c7:4f:f9:f0:c8:4f:57:52:b1:8d:c8:cd:
         b9:7a:72:21:ad:94:a8:90:a1:a3:c5:b0:c7:f2:f3:c6:a2:e5:
         8d:31:e9:c7:4f:86:a0:2b:0b:cf:b6:9b:c2:31:7a:5c:64:b9:
         98:77:1d:c6:ab:59:73:88:2a:00:e5:9d:72:9c:99:9f:8c:9a:
         69:b3:fc:f2:7b:ba:dd:28:2c:c7:48:77:2b:89:38:af:76:18:
         f8:34:a9:74:e8:7d:db:35:ed:cb:02:6e:83:cd:7e:32:91:3b:
         f3:c3:40:9a:51:0d:3f:b6:15:74:ae:ad:f5:a2:b5:1d:29:8e:
         91:3b:ce:e5:da:f6:f6:fe:f9:92:53:a0:1a:f2:9c:3b:a4:05:
         58:9b:7c:7f:6d:bb:5c:15:35:bb:13:8d:75:cc:06:43:e3:50:
         90:a1:f6:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf5Q6I+hP4RwVp4f+c3+KfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjUwNzExMTEzNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQ1ZWFhOTY3ZDA0YzIzMGI3OWM5OTkyNGU3YWQ1ZmM5YzMyNmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/CAXasjMRqo8uZrGa333l6jpzqC
p7Q0cUzLDILxRGXj+XRlw5JOxKIoNOCoTBtbmqAbwsERGdDL/eYTd09lSDbzMz+q
jhjWRhHq54VSXKD6Us1/NFkZw4oFHyTNcGicjAHXfpIvkkSwTHqLV8ZgUQoRXdED
TKv+dTEKv46ICbLDQW33lJoEcGtSz4ZylI5Oyh5CGkF+mSEyggs8yh6Mhnce6Cs0
AFkY4g9DYq2kl4LrePYv2fkljAkg9CoxVFW+n+1aCK+95hYUzsy92bxq1nhxJWAM
qo0P1p7VOqnqzS+mGIYd3+19tvqjqauOPbcrNsAw4+KQJcWKseiK0ejuEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlF6qln0EwjC3nJmSTnrV/JwyauMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvT1VYcXFXZlFUQ01MZWNtWkpPZXRYOG5ESnE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpolMA0G
CSqGSIb3DQEBCwUAA4IBAQAEF6zf2TGqteriIFSF/n5QP25ALo9WWPeXN7YTagZ9
nuagfjmE+lgKRaXkDql8RzcdYYNsippO/T5qcePGwBpZ2g45DZnihFxudglClX6o
o1RDjDjApJw1hinyUxVsgBjHT/nwyE9XUrGNyM25enIhrZSokKGjxbDH8vPGouWN
MenHT4agKwvPtpvCMXpcZLmYdx3Gq1lziCoA5Z1ynJmfjJpps/zye7rdKCzHSHcr
iTivdhj4NKl06H3bNe3LAm6DzX4ykTvzw0CaUQ0/thV0rq31orUdKY6RO87l2vb2
/vmSU6Aa8pw7pAVYm3x/bbtcFTW7E411zAZD41CQofZx
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:56:31 2025 by rpki-client