Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/29SLMo34FhaAnpTCRG4-JhzaoEU.roa
File:                     29SLMo34FhaAnpTCRG4-JhzaoEU.roa (raw, json)
Hash identifier:          2fi9WOSprxmNRnuIjRed7XskP0Ewr4AfYM3eX1Xq9nE=
Subject key identifier:   DB:D4:8B:32:8D:F8:16:16:80:9E:94:C2:44:6E:3E:26:1C:DA:A0:45
Certificate issuer:       /CN=53bbbbaa3ee24c7ad9b2c60432e14eda3849b5e2
Certificate serial:       0197E979945D0802C4CD393F8E9A45AE42E3
Authority key identifier: 53:BB:BB:AA:3E:E2:4C:7A:D9:B2:C6:04:32:E1:4E:DA:38:49:B5:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7u7qj7iTHrZssYEMuFO2jhJteI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/29SLMo34FhaAnpTCRG4-JhzaoEU.roa
Signing time:             Tue 08 Jul 2025 09:59:08 +0000
ROA not before:           Tue 08 Jul 2025 09:59:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198022
IP address blocks:        185.92.160.0/23 maxlen: 23
                          185.211.220.0/23 maxlen: 23
                          185.211.222.0/24 maxlen: 24
                          185.211.223.0/24 maxlen: 24
                          212.79.200.0/21 maxlen: 21
                          212.79.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/U7u7qj7iTHrZssYEMuFO2jhJteI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/U7u7qj7iTHrZssYEMuFO2jhJteI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7u7qj7iTHrZssYEMuFO2jhJteI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 01:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:79:94:5d:08:02:c4:cd:39:3f:8e:9a:45:ae:42:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53bbbbaa3ee24c7ad9b2c60432e14eda3849b5e2
        Validity
            Not Before: Jul  8 09:59:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbd48b328df81616809e94c2446e3e261cdaa045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:10:48:e9:95:3e:a1:4c:69:ff:d8:a3:02:5c:
                    68:ba:14:f3:cc:c1:bc:75:08:d6:fc:da:3c:ef:c1:
                    65:1a:d0:9e:1d:91:64:a5:8e:2b:9a:e6:cd:47:cf:
                    1a:15:1e:c5:a4:e8:5c:19:f1:c6:c2:b7:ec:73:28:
                    b9:7f:1c:f4:ef:39:12:68:ac:dc:8d:9d:d2:03:54:
                    77:0b:2e:41:21:90:fa:6c:12:cd:b6:f0:40:bf:e6:
                    40:f2:c7:34:d3:fb:b3:90:0a:0d:64:11:7b:5b:63:
                    c5:67:e9:37:ac:4e:90:28:c1:58:79:66:dc:9b:a2:
                    02:d6:5e:4a:d8:03:40:6e:4c:84:da:92:76:dc:88:
                    4a:47:e4:46:2c:75:53:cb:47:2e:4a:d2:12:9a:b3:
                    7a:27:ff:69:99:8d:7b:0a:f4:c4:49:4e:81:64:41:
                    6a:72:8d:d4:4d:f1:ff:92:a8:84:dd:a7:4b:20:0a:
                    77:25:64:9d:9d:fe:a6:81:df:50:9e:da:9c:2d:1b:
                    0d:6e:e5:c0:58:fd:4a:46:b7:c8:d3:47:2e:c8:a2:
                    d4:a1:39:93:4b:da:63:76:4d:1c:91:9d:7b:4b:83:
                    b0:99:d2:4f:30:6a:4f:22:03:be:40:60:91:4f:31:
                    5f:a1:9b:7b:7a:45:c6:67:81:7d:b7:87:29:5f:7e:
                    2f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D4:8B:32:8D:F8:16:16:80:9E:94:C2:44:6E:3E:26:1C:DA:A0:45
            X509v3 Authority Key Identifier:
                keyid:53:BB:BB:AA:3E:E2:4C:7A:D9:B2:C6:04:32:E1:4E:DA:38:49:B5:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7u7qj7iTHrZssYEMuFO2jhJteI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/29SLMo34FhaAnpTCRG4-JhzaoEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/U7u7qj7iTHrZssYEMuFO2jhJteI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.160.0/23
                  185.211.220.0/22
                  212.79.200.0-212.79.211.255

    Signature Algorithm: sha256WithRSAEncryption
         3c:e2:f9:fa:f6:b1:26:44:33:5f:85:10:3d:e4:67:f2:8c:05:
         52:7c:c1:62:c4:7e:57:cc:2c:92:8e:eb:44:a7:12:32:61:d3:
         12:05:48:23:eb:00:d4:5e:37:c2:f7:aa:51:7a:70:19:e7:31:
         42:d1:e8:17:1f:79:d7:cc:7d:ca:ed:cf:59:f5:3c:ee:e2:16:
         14:51:10:b2:9c:a7:0e:3c:76:47:4b:d8:2f:10:f3:6f:14:fb:
         25:02:80:9a:b4:67:15:8b:0c:b0:02:49:ca:ad:83:51:eb:db:
         b0:62:61:43:2b:50:4b:0f:6d:64:a3:47:69:52:1e:6c:78:b5:
         7c:d4:d3:9b:7c:55:40:24:35:41:1e:83:21:33:61:81:e6:81:
         91:98:5e:e8:ed:e3:e2:8b:cd:6c:97:08:a8:e3:b9:a2:9b:d4:
         75:d4:35:ae:7f:de:04:de:10:24:53:8e:67:e0:84:46:d7:b6:
         a2:5f:d9:c2:c5:21:00:1d:2b:a7:fa:ac:19:3e:14:07:a0:be:
         7c:9e:31:b1:27:e0:b8:38:08:f8:a1:36:77:f3:df:46:7b:bd:
         02:df:4c:4e:dc:a5:8d:d3:6a:8e:06:d9:47:3e:08:ec:56:b4:
         e2:6f:a0:e0:b4:c7:d8:6b:52:3c:cb:02:5c:72:7e:0b:5d:96:
         27:9e:a6:c4
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZfpeZRdCALEzTk/jppFrkLjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYmJiYmFhM2VlMjRjN2FkOWIyYzYwNDMyZTE0ZWRhMzg0
OWI1ZTIwHhcNMjUwNzA4MDk1OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmQ0OGIzMjhkZjgxNjE2ODA5ZTk0YzI0NDZlM2UyNjFjZGFhMDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5xBI6ZU+oUxp/9ijAlxouhTzzMG8
dQjW/No878FlGtCeHZFkpY4rmubNR88aFR7FpOhcGfHGwrfscyi5fxz07zkSaKzc
jZ3SA1R3Cy5BIZD6bBLNtvBAv+ZA8sc00/uzkAoNZBF7W2PFZ+k3rE6QKMFYeWbc
m6IC1l5K2ANAbkyE2pJ23IhKR+RGLHVTy0cuStISmrN6J/9pmY17CvTESU6BZEFq
co3UTfH/kqiE3adLIAp3JWSdnf6mgd9QntqcLRsNbuXAWP1KRrfI00cuyKLUoTmT
S9pjdk0ckZ17S4OwmdJPMGpPIgO+QGCRTzFfoZt7ekXGZ4F9t4cpX34v5wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNvUizKN+BYWgJ6UwkRuPiYc2qBFMB8GA1UdIwQY
MBaAFFO7u6o+4kx62bLGBDLhTto4SbXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTd1N3FqN2lUSHJac3NZRU11Rk8yamhKdGVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8zMzk0YzAtNDU4Ny00NDRlLTlhMjUt
MDBlY2YwYzRkMGVmLzEvMjlTTE1vMzRGaGFBbnBUQ1JHNC1KaHphb0VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8zMzk0YzAtNDU4Ny00NDRlLTlhMjUtMDBlY2YwYzRkMGVm
LzEvVTd1N3FqN2lUSHJac3NZRU11Rk8yamhKdGVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQBuVygAwQC
udPcMAwDBAPUT8gDBALUT9AwDQYJKoZIhvcNAQELBQADggEBADzi+fr2sSZEM1+F
ED3kZ/KMBVJ8wWLEflfMLJKO60SnEjJh0xIFSCPrANReN8L3qlF6cBnnMULR6Bcf
edfMfcrtz1n1PO7iFhRRELKcpw48dkdL2C8Q828U+yUCgJq0ZxWLDLACScqtg1Hr
27BiYUMrUEsPbWSjR2lSHmx4tXzU05t8VUAkNUEegyEzYYHmgZGYXujt4+KLzWyX
CKjjuaKb1HXUNa5/3gTeECRTjmfghEbXtqJf2cLFIQAdK6f6rBk+FAegvnyeMbEn
4Lg4CPihNnfz30Z7vQLfTE7cpY3Tao4G2Uc+COxWtOJvoOC0x9hrUjzLAlxyfgtd
lieepsQ=
-----END CERTIFICATE-----
Generated at Sat Jul 26 09:50:22 2025 by rpki-client