Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/s8Nv2shiay0ajNuDErtrpeqAX7A.roa
File:                     s8Nv2shiay0ajNuDErtrpeqAX7A.roa (raw, json)
Hash identifier:          4Yn2a4P977R6B0svZ8JXcviKY1eUPuqoIGptDpenqVY=
Subject key identifier:   B3:C3:6F:DA:C8:62:6B:2D:1A:8C:DB:83:12:BB:6B:A5:EA:80:5F:B0
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       01981E203E1CEB034C34B2D30E6FD77D9E56
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/s8Nv2shiay0ajNuDErtrpeqAX7A.roa
Signing time:             Fri 18 Jul 2025 15:21:26 +0000
ROA not before:           Fri 18 Jul 2025 15:21:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209181
IP address blocks:        5.252.117.0/24 maxlen: 24
                          193.34.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1e:20:3e:1c:eb:03:4c:34:b2:d3:0e:6f:d7:7d:9e:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 18 15:21:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3c36fdac8626b2d1a8cdb8312bb6ba5ea805fb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:41:33:de:05:64:ba:e8:9c:8d:47:07:86:e5:
                    36:0b:96:db:97:ba:4a:cc:b0:0a:77:d1:72:30:bc:
                    4b:4b:c0:9c:ac:d3:40:cf:7a:a5:8a:12:32:e2:b7:
                    9c:11:89:a0:ca:27:ff:5a:48:cf:a8:22:1f:bf:24:
                    01:45:f1:3a:b5:b1:31:95:63:8a:8e:8c:e4:d2:1e:
                    77:82:f6:3d:ae:52:32:ce:d0:0d:b0:d8:4b:1a:fe:
                    4b:27:57:6c:62:05:71:6c:b3:34:3f:b0:2b:cf:bc:
                    21:8b:a3:f5:17:9c:21:65:9e:e1:5b:cf:bd:b2:aa:
                    f0:ed:28:85:62:65:07:4a:47:9c:6b:fb:3c:31:0e:
                    de:6b:90:e6:7b:95:6e:b1:3f:7d:71:d8:b7:18:74:
                    fb:17:eb:c6:da:cf:90:44:c5:da:c3:a5:2a:4f:01:
                    e4:83:6a:cd:36:81:e6:76:fc:58:ae:2c:df:f8:5c:
                    02:47:4f:67:b5:8e:e5:1a:69:80:ca:a2:f1:f0:5c:
                    8c:14:f5:80:fd:b6:90:3d:bd:22:7b:88:ce:24:5f:
                    7a:30:62:a3:b0:12:6a:71:a2:8d:83:32:b7:6b:07:
                    a8:50:d7:16:43:9f:58:aa:de:32:85:8b:b4:bf:d6:
                    7b:5c:92:ac:18:72:81:02:75:f5:4f:d9:90:60:5f:
                    13:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:C3:6F:DA:C8:62:6B:2D:1A:8C:DB:83:12:BB:6B:A5:EA:80:5F:B0
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/s8Nv2shiay0ajNuDErtrpeqAX7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.117.0/24
                  193.34.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:4a:a4:e8:b7:3f:91:bf:0f:89:39:a3:02:09:3e:35:20:65:
         76:83:ac:08:35:f2:16:3a:70:71:2b:69:8d:b0:81:c9:55:72:
         b7:ab:51:a7:7c:b5:a6:16:7e:a9:2d:af:bf:b0:9b:eb:7d:6c:
         7c:69:36:b6:ec:0c:b4:a5:dd:54:5c:09:7b:b4:fc:80:e9:35:
         5d:30:e5:57:d7:82:1f:09:85:f4:2b:f9:da:4d:ee:92:e4:75:
         5a:d3:1f:9e:f8:2b:2e:dc:5a:a1:51:ec:64:82:6f:f7:18:3a:
         87:44:d8:88:3b:51:68:53:e4:f4:79:a3:5e:01:a5:cc:8b:b7:
         51:26:c2:b4:c1:f3:cc:37:75:29:5c:72:98:59:03:36:43:9c:
         cc:85:c1:57:d1:29:25:19:29:9c:a2:54:bf:63:d0:09:39:c5:
         04:ea:c5:bf:b9:cd:3f:9e:1b:ca:8e:d6:66:48:ef:c7:57:7e:
         81:f5:28:09:02:52:44:2e:58:a2:0e:0f:f7:c3:c5:e7:03:9a:
         b2:9a:82:1d:90:d5:70:6d:24:43:e5:44:cb:f7:4f:37:ed:97:
         52:7c:42:41:6e:7b:a6:91:a8:ed:3c:17:3f:5d:a2:77:84:a8:
         c0:91:02:1a:15:70:35:ea:db:d0:be:0d:dc:02:bc:b6:31:37:
         09:11:93:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgeID4c6wNMNLLTDm/XfZ5WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE4MTUyMTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2MzNmZkYWM4NjI2YjJkMWE4Y2RiODMxMmJiNmJhNWVhODA1ZmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0Ez3gVkuuicjUcHhuU2C5bbl7pK
zLAKd9FyMLxLS8CcrNNAz3qlihIy4recEYmgyif/WkjPqCIfvyQBRfE6tbExlWOK
jozk0h53gvY9rlIyztANsNhLGv5LJ1dsYgVxbLM0P7Arz7whi6P1F5whZZ7hW8+9
sqrw7SiFYmUHSkeca/s8MQ7ea5Dme5VusT99cdi3GHT7F+vG2s+QRMXaw6UqTwHk
g2rNNoHmdvxYrizf+FwCR09ntY7lGmmAyqLx8FyMFPWA/baQPb0ie4jOJF96MGKj
sBJqcaKNgzK3aweoUNcWQ59Yqt4yhYu0v9Z7XJKsGHKBAnX1T9mQYF8ThQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLPDb9rIYmstGozbgxK7a6XqgF+wMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvczhOdjJzaGlheTBhak51REVydHJwZXFBWDdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABfx1AwQA
wSLoMA0GCSqGSIb3DQEBCwUAA4IBAQBCSqTotz+Rvw+JOaMCCT41IGV2g6wINfIW
OnBxK2mNsIHJVXK3q1GnfLWmFn6pLa+/sJvrfWx8aTa27Ay0pd1UXAl7tPyA6TVd
MOVX14IfCYX0K/naTe6S5HVa0x+e+Csu3FqhUexkgm/3GDqHRNiIO1FoU+T0eaNe
AaXMi7dRJsK0wfPMN3UpXHKYWQM2Q5zMhcFX0SklGSmcolS/Y9AJOcUE6sW/uc0/
nhvKjtZmSO/HV36B9SgJAlJELliiDg/3w8XnA5qymoIdkNVwbSRD5UTL90837ZdS
fEJBbnumkajtPBc/XaJ3hKjAkQIaFXA16tvQvg3cAry2MTcJEZN6
-----END CERTIFICATE-----
Generated at Sun Jul 20 22:28:09 2025 by rpki-client