Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/mfr4z2k9K3BC4fSqhbUb79zfV0w.roa
File:                     mfr4z2k9K3BC4fSqhbUb79zfV0w.roa (raw, json)
Hash identifier:          fGz/wU4ptwwjfEulptTYTQDN19LZ9Ru07ebI6zVJTAs=
Subject key identifier:   99:FA:F8:CF:69:3D:2B:70:42:E1:F4:AA:85:B5:1B:EF:DC:DF:57:4C
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0197E92F2A6C3998B3218AF7C389C1490AC1
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/mfr4z2k9K3BC4fSqhbUb79zfV0w.roa
Signing time:             Tue 08 Jul 2025 08:37:51 +0000
ROA not before:           Tue 08 Jul 2025 08:37:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214706
IP address blocks:        45.43.162.0/24 maxlen: 24
                          104.167.0.0/24 maxlen: 24
                          104.239.82.0/24 maxlen: 24
                          104.239.98.0/24 maxlen: 24
                          204.52.107.0/24 maxlen: 24
                          216.173.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:2f:2a:6c:39:98:b3:21:8a:f7:c3:89:c1:49:0a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jul  8 08:37:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99faf8cf693d2b7042e1f4aa85b51befdcdf574c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:92:ed:e1:08:2d:41:92:12:16:5a:6c:39:d7:
                    2d:cb:71:54:20:e2:7e:a7:ae:b4:c9:10:37:6a:43:
                    7c:21:03:b3:63:11:00:1b:cc:62:61:9f:81:05:e0:
                    23:61:94:03:bb:6d:40:d4:f6:d9:83:e7:04:0f:f8:
                    90:f3:04:98:4d:02:02:1c:05:cd:bc:4c:5e:f1:42:
                    b2:95:9e:4c:51:5d:88:dc:8c:8b:b6:52:a7:be:35:
                    4e:1d:65:d7:05:de:cb:4c:9f:14:1f:4e:bc:87:fd:
                    38:33:2b:cb:03:34:a3:c0:b6:6d:c9:c2:08:89:50:
                    26:70:5e:b2:97:7e:c9:86:5e:2b:95:7c:8b:65:8b:
                    cc:b3:d0:95:21:0b:cc:ee:b8:1d:9c:e9:96:3f:6f:
                    84:c8:a6:2d:d2:ba:80:96:15:2e:0c:05:b3:cf:d9:
                    d3:ce:a3:00:65:6b:fa:67:d2:9a:94:99:35:8b:99:
                    b8:e5:80:dc:1f:46:ef:7f:93:c6:00:2a:3e:28:c7:
                    b2:66:85:39:02:32:76:ef:65:65:64:ae:c2:1a:68:
                    2f:46:bc:4d:d1:c1:cf:8e:4d:06:6d:35:b8:05:b2:
                    84:e3:f4:69:d7:28:9e:d2:30:b5:78:8b:56:47:2a:
                    27:1b:4d:04:e2:f2:fc:9e:32:b0:b9:b2:ac:8f:83:
                    b5:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:FA:F8:CF:69:3D:2B:70:42:E1:F4:AA:85:B5:1B:EF:DC:DF:57:4C
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/mfr4z2k9K3BC4fSqhbUb79zfV0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.162.0/24
                  104.167.0.0/24
                  104.239.82.0/24
                  104.239.98.0/24
                  204.52.107.0/24
                  216.173.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:30:5e:1a:6e:7c:bc:29:d2:c6:3e:42:51:f6:8e:3d:9e:c3:
         42:32:9a:d5:2f:73:58:4e:2c:6c:b0:7d:82:b8:37:36:b4:e9:
         e7:5a:ae:ff:52:a3:48:a5:f2:1c:43:ec:cf:e7:76:4c:bd:f7:
         6e:f5:35:25:e1:24:56:f9:63:7a:a5:6f:01:ef:40:99:22:95:
         41:65:9d:25:5a:61:2b:7b:39:32:52:83:2b:43:70:0b:98:50:
         9b:5d:55:4d:5e:9f:fb:91:bb:f5:73:12:4b:3d:fd:df:85:99:
         8c:6e:26:ee:fc:07:9f:d7:ef:e6:43:7a:87:9d:54:2c:f0:79:
         0b:0a:0c:91:10:41:c5:6b:33:c7:40:4a:bb:e3:38:20:d5:b4:
         3f:0d:bf:f2:06:5f:4f:7d:1b:66:28:b5:ed:40:33:d1:80:03:
         0d:00:76:22:c4:f8:d0:fc:da:93:b9:65:05:27:56:a6:2d:66:
         b6:b1:5a:2b:81:39:f5:f7:06:f0:df:e4:00:c9:b0:b6:da:8c:
         77:12:ff:3d:43:b8:11:a0:d4:cd:71:bd:bc:12:b1:a5:70:f7:
         0d:78:3f:21:0e:4c:41:3b:e0:8b:01:de:dd:18:66:53:05:7b:
         0e:9e:56:05:14:b9:61:32:76:89:dc:f1:b2:79:86:6c:90:87:
         8a:e9:2b:bf
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZfpLypsOZizIYr3w4nBSQrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwNzA4MDgzNzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWZhZjhjZjY5M2QyYjcwNDJlMWY0YWE4NWI1MWJlZmRjZGY1NzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpLt4QgtQZISFlpsOdcty3FUIOJ+
p660yRA3akN8IQOzYxEAG8xiYZ+BBeAjYZQDu21A1PbZg+cED/iQ8wSYTQICHAXN
vExe8UKylZ5MUV2I3IyLtlKnvjVOHWXXBd7LTJ8UH068h/04MyvLAzSjwLZtycII
iVAmcF6yl37Jhl4rlXyLZYvMs9CVIQvM7rgdnOmWP2+EyKYt0rqAlhUuDAWzz9nT
zqMAZWv6Z9KalJk1i5m45YDcH0bvf5PGACo+KMeyZoU5AjJ272VlZK7CGmgvRrxN
0cHPjk0GbTW4BbKE4/Rp1yie0jC1eItWRyonG00E4vL8njKwubKsj4O1GQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJn6+M9pPStwQuH0qoW1G+/c31dMMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvbWZyNHoyazlLM0JDNGZTcWhiVWI3OXpmVjB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALSuiAwQA
aKcAAwQAaO9SAwQAaO9iAwQAzDRrAwQA2K1fMA0GCSqGSIb3DQEBCwUAA4IBAQBK
MF4abny8KdLGPkJR9o49nsNCMprVL3NYTixssH2CuDc2tOnnWq7/UqNIpfIcQ+zP
53ZMvfdu9TUl4SRW+WN6pW8B70CZIpVBZZ0lWmErezkyUoMrQ3ALmFCbXVVNXp/7
kbv1cxJLPf3fhZmMbibu/Aef1+/mQ3qHnVQs8HkLCgyREEHFazPHQEq74zgg1bQ/
Db/yBl9PfRtmKLXtQDPRgAMNAHYixPjQ/NqTuWUFJ1amLWa2sVorgTn19wbw3+QA
ybC22ox3Ev89Q7gRoNTNcb28ErGlcPcNeD8hDkxBO+CLAd7dGGZTBXsOnlYFFLlh
MnaJ3PGyeYZskIeK6Su/
-----END CERTIFICATE-----
Generated at Sat Jul 26 08:19:42 2025 by rpki-client