Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/V44zBaIrT2vwhrVFAcN5IRAmoy4.roa
File:                     V44zBaIrT2vwhrVFAcN5IRAmoy4.roa (raw, json)
Hash identifier:          IDJvYejslYQFS3URSy/7ffz5ilsUpAhyf+EqD49d/+Y=
Subject key identifier:   57:8E:33:05:A2:2B:4F:6B:F0:86:B5:45:01:C3:79:21:10:26:A3:2E
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       0197F458C859B350EF4703E4F273C28C5E87
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/V44zBaIrT2vwhrVFAcN5IRAmoy4.roa
Signing time:             Thu 10 Jul 2025 12:39:08 +0000
ROA not before:           Thu 10 Jul 2025 12:39:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24589
IP address blocks:        31.42.80.0/20 maxlen: 20
                          83.243.88.0/21 maxlen: 21
                          84.38.136.0/21 maxlen: 21
                          87.99.64.0/19 maxlen: 19
                          87.99.64.0/24 maxlen: 24
                          87.99.65.0/24 maxlen: 24
                          87.99.66.0/24 maxlen: 24
                          87.99.67.0/24 maxlen: 24
                          87.99.95.0/24 maxlen: 24
                          88.135.128.0/19 maxlen: 19
                          91.90.224.0/19 maxlen: 29
                          91.90.225.0/24 maxlen: 24
                          91.90.230.0/24 maxlen: 24
                          91.90.231.0/24 maxlen: 24
                          91.90.236.0/24 maxlen: 24
                          91.90.237.0/25 maxlen: 25
                          91.90.238.0/24 maxlen: 24
                          91.90.252.64/29 maxlen: 29
                          91.90.255.0/24 maxlen: 24
                          91.233.214.0/23 maxlen: 23
                          109.197.208.0/21 maxlen: 21
                          109.197.208.0/24 maxlen: 24
                          109.229.192.0/19 maxlen: 19
                          171.25.218.0/23 maxlen: 23
                          176.103.176.0/22 maxlen: 22
                          176.103.184.0/24 maxlen: 24
                          176.106.48.0/20 maxlen: 20
                          176.106.100.0/23 maxlen: 23
                          176.106.160.0/20 maxlen: 20
                          176.106.176.0/21 maxlen: 21
                          185.47.10.0/24 maxlen: 24
                          185.47.11.0/24 maxlen: 24
                          185.220.196.0/22 maxlen: 22
                          185.220.196.0/24 maxlen: 24
                          193.111.244.0/22 maxlen: 22
                          193.238.212.0/22 maxlen: 22
                          193.238.212.128/25 maxlen: 25
                          193.238.216.0/21 maxlen: 21
                          194.9.212.0/22 maxlen: 22
                          194.9.212.0/24 maxlen: 24
                          195.69.88.0/22 maxlen: 22
                          213.110.64.0/22 maxlen: 22
                          213.110.72.0/22 maxlen: 23
                          213.110.76.0/22 maxlen: 22
                          213.110.80.0/20 maxlen: 20
                          2a01:8ca0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:58:c8:59:b3:50:ef:47:03:e4:f2:73:c2:8c:5e:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jul 10 12:39:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=578e3305a22b4f6bf086b54501c379211026a32e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:64:25:16:9f:fd:cd:75:3d:30:c0:11:c3:e1:
                    cc:ca:18:69:7d:db:85:dc:70:36:7e:8a:e3:bd:06:
                    68:d2:ba:98:8c:42:ce:11:32:ea:c7:3b:8a:b2:2f:
                    66:0a:2f:8c:71:ee:e8:12:bd:eb:ca:4f:71:6a:7a:
                    36:bb:ad:43:9d:b1:1c:09:f3:1b:9b:e9:4b:de:be:
                    02:9b:79:6c:d6:d4:ad:c9:2d:88:08:68:93:ec:87:
                    ab:e3:76:df:e1:b2:80:94:15:9d:31:09:13:0c:e2:
                    5c:21:e0:c8:5a:de:4b:7b:f7:d7:35:43:6f:0d:c7:
                    0a:f5:62:94:34:81:f0:03:59:d5:79:a0:29:d3:dc:
                    63:f5:07:83:de:1f:37:83:6a:35:1c:8d:b1:91:cb:
                    2b:2e:38:51:f3:d9:47:b6:ec:dc:c0:15:7a:92:08:
                    7c:60:c5:63:c7:87:50:41:07:b1:11:55:da:ab:71:
                    3a:31:4c:c2:63:2c:23:d3:fe:9e:1c:30:af:20:91:
                    17:e3:ca:df:f7:53:ca:65:2f:f6:68:e7:e8:be:3c:
                    a9:df:84:b9:d5:9f:47:1a:e1:a7:80:15:89:35:e0:
                    11:21:f9:50:47:10:23:17:09:6f:8a:ea:39:fa:b1:
                    93:db:8f:38:85:80:7e:fb:8b:03:22:a2:e4:1c:18:
                    ae:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:8E:33:05:A2:2B:4F:6B:F0:86:B5:45:01:C3:79:21:10:26:A3:2E
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/V44zBaIrT2vwhrVFAcN5IRAmoy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.80.0/20
                  83.243.88.0/21
                  84.38.136.0/21
                  87.99.64.0/19
                  88.135.128.0/19
                  91.90.224.0/19
                  91.233.214.0/23
                  109.197.208.0/21
                  109.229.192.0/19
                  171.25.218.0/23
                  176.103.176.0/22
                  176.103.184.0/24
                  176.106.48.0/20
                  176.106.100.0/23
                  176.106.160.0-176.106.183.255
                  185.47.10.0/23
                  185.220.196.0/22
                  193.111.244.0/22
                  193.238.212.0-193.238.223.255
                  194.9.212.0/22
                  195.69.88.0/22
                  213.110.64.0/22
                  213.110.72.0-213.110.95.255
                IPv6:
                  2a01:8ca0::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:a6:18:55:34:90:4f:35:0a:f6:ef:81:87:da:ad:8d:fd:f6:
         9a:d4:37:c5:40:82:25:5b:cf:98:81:87:f1:0b:5f:5e:ab:48:
         f3:c8:89:a5:7e:c2:8f:23:59:29:84:67:d1:0e:a9:c1:ef:94:
         05:ab:12:b4:f0:4b:db:50:fb:ac:0e:9c:0d:f9:4c:c2:8e:18:
         19:c5:4e:64:12:fa:b7:09:ef:04:ee:9c:e2:84:72:cb:8a:70:
         c2:a4:91:e6:6d:53:f4:48:96:eb:64:38:f6:41:ed:b3:27:8d:
         a7:8e:1d:ad:e5:bb:eb:a4:64:17:57:60:36:45:f7:39:31:ea:
         8e:7f:f1:a2:a6:d5:35:7b:23:58:f0:09:d3:3c:cc:2a:83:7a:
         0c:d6:dd:72:d0:32:5e:08:5f:4e:06:81:4b:4b:29:6e:a0:01:
         75:74:f8:f2:55:ef:0a:f4:90:ab:06:c3:b7:23:a9:de:b9:ce:
         9f:fa:fa:a4:83:68:31:63:8c:81:98:10:c2:37:d1:d5:aa:0b:
         42:ab:da:49:2c:92:4d:c6:f3:7c:41:bf:87:35:ff:1d:ba:9b:
         9a:65:5b:36:90:70:6c:9f:d7:6c:84:36:b7:3d:a3:8a:8f:83:
         9b:5d:85:cd:85:1e:45:9e:0c:fc:40:be:2e:b4:f1:98:0d:58:
         3a:75:13:06
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgISAZf0WMhZs1DvRwPk8nPCjF6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUwNzEwMTIzOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzhlMzMwNWEyMmI0ZjZiZjA4NmI1NDUwMWMzNzkyMTEwMjZhMzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGQlFp/9zXU9MMARw+HMyhhpfduF
3HA2forjvQZo0rqYjELOETLqxzuKsi9mCi+Mce7oEr3ryk9xano2u61DnbEcCfMb
m+lL3r4Cm3ls1tStyS2ICGiT7Ier43bf4bKAlBWdMQkTDOJcIeDIWt5Le/fXNUNv
DccK9WKUNIHwA1nVeaAp09xj9QeD3h83g2o1HI2xkcsrLjhR89lHtuzcwBV6kgh8
YMVjx4dQQQexEVXaq3E6MUzCYywj0/6eHDCvIJEX48rf91PKZS/2aOfovjyp34S5
1Z9HGuGngBWJNeARIflQRxAjFwlviuo5+rGT2484hYB++4sDIqLkHBiutwIDAQAB
o4ICuTCCArUwHQYDVR0OBBYEFFeOMwWiK09r8Ia1RQHDeSEQJqMuMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvVjQ0ekJhSXJUMnZ3aHJWRkFjTjVJUkFtb3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHOBggrBgEFBQcBBwEB/wSBvjCBuzCBqQQCAAEwgaIDBAQf
KlADBANT81gDBANUJogDBAVXY0ADBAVYh4ADBAVbWuADBAFb6dYDBANtxdADBAVt
5cADBAGrGdoDBAKwZ7ADBACwZ7gDBASwajADBAGwamQwDAMEBbBqoAMEA7BqsAME
AbkvCgMEArncxAMEAsFv9DAMAwQCwe7UAwQFwe7AAwQCwgnUAwQCw0VYAwQC1W5A
MAwDBAPVbkgDBAXVbkAwDQQCAAIwBwMFACoBjKAwDQYJKoZIhvcNAQELBQADggEB
ACGmGFU0kE81CvbvgYfarY399prUN8VAgiVbz5iBh/ELX16rSPPIiaV+wo8jWSmE
Z9EOqcHvlAWrErTwS9tQ+6wOnA35TMKOGBnFTmQS+rcJ7wTunOKEcsuKcMKkkeZt
U/RIlutkOPZB7bMnjaeOHa3lu+ukZBdXYDZF9zkx6o5/8aKm1TV7I1jwCdM8zCqD
egzW3XLQMl4IX04GgUtLKW6gAXV0+PJV7wr0kKsGw7cjqd65zp/6+qSDaDFjjIGY
EMI30dWqC0Kr2kkskk3G83xBv4c1/x26m5plWzaQcGyf12yENrc9o4qPg5tdhc2F
HkWeDPxAvi608ZgNWDp1EwY=
-----END CERTIFICATE-----
Generated at Sat Jul 26 08:19:43 2025 by rpki-client