Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/gu6tT7UFC6FmYiSvKO6wxYLbsHc.roa
File:                     gu6tT7UFC6FmYiSvKO6wxYLbsHc.roa (raw, json)
Hash identifier:          33W9F+bpX2oF1GIOeMA/5dpyW1er0qfORrvZ4OzY3Zc=
Subject key identifier:   82:EE:AD:4F:B5:05:0B:A1:66:62:24:AF:28:EE:B0:C5:82:DB:B0:77
Certificate issuer:       /CN=c98b825f36e9cc330315c940de800cbabce3397b
Certificate serial:       0197CF233D9327292113BB7265673BDA3493
Authority key identifier: C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/gu6tT7UFC6FmYiSvKO6wxYLbsHc.roa
Signing time:             Thu 03 Jul 2025 07:14:42 +0000
ROA not before:           Thu 03 Jul 2025 07:14:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51720
IP address blocks:        31.3.144.0/22 maxlen: 22
                          37.228.120.0/24 maxlen: 24
                          37.228.122.0/23 maxlen: 23
                          37.228.124.0/24 maxlen: 24
                          80.70.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cf:23:3d:93:27:29:21:13:bb:72:65:67:3b:da:34:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98b825f36e9cc330315c940de800cbabce3397b
        Validity
            Not Before: Jul  3 07:14:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82eead4fb5050ba1666224af28eeb0c582dbb077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8b:df:0b:85:a7:d5:7a:8a:87:ee:61:66:79:
                    6f:52:7c:be:b6:a3:93:cd:20:0f:e0:01:b6:f4:a0:
                    91:bd:f3:da:0a:d4:b1:59:4c:d0:91:65:f5:fb:e4:
                    cf:bf:ee:55:53:cf:74:fa:de:3f:7b:4f:5b:69:cb:
                    ac:b1:cf:13:cd:32:9e:42:32:61:61:a0:b3:ea:a9:
                    81:32:eb:6b:70:16:5e:d1:45:d7:d0:28:fe:bc:73:
                    79:30:77:48:f0:d2:dc:ed:df:fe:1b:e7:54:4b:ed:
                    42:1c:cc:ce:95:cd:50:93:05:38:65:dc:63:5d:d2:
                    13:d9:5a:44:73:67:fa:7c:74:5d:ce:e5:60:3e:e6:
                    73:f3:9a:da:c7:2b:ca:ae:06:c6:e4:de:cb:cb:23:
                    f8:47:17:5f:e8:45:1b:3a:58:be:de:4a:7f:66:c6:
                    a7:54:37:ea:22:91:ab:69:c4:75:35:a8:e6:4d:93:
                    df:0a:52:a0:68:38:06:df:a8:34:58:94:5a:76:bb:
                    78:1e:20:7d:d0:89:e6:f3:d5:80:fa:b4:24:5a:bc:
                    35:c7:11:a3:ec:8f:68:f8:87:c4:1d:50:43:d8:71:
                    f8:67:ac:ec:62:ed:ff:fd:9a:dd:f0:41:62:bc:af:
                    29:e9:9a:e1:9f:b9:7f:21:27:86:1a:8c:4f:2a:a5:
                    ae:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:EE:AD:4F:B5:05:0B:A1:66:62:24:AF:28:EE:B0:C5:82:DB:B0:77
            X509v3 Authority Key Identifier:
                keyid:C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/gu6tT7UFC6FmYiSvKO6wxYLbsHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.144.0/22
                  37.228.120.0/24
                  37.228.122.0-37.228.124.255
                  80.70.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:cc:78:07:1d:17:a3:18:25:ec:c7:a5:28:42:9e:a3:dd:35:
         e9:70:d4:38:91:ee:6c:c0:63:63:06:60:f7:02:fd:d8:09:ef:
         77:f9:07:0f:80:80:02:76:cf:48:e7:1f:2b:e9:8b:9f:e2:6a:
         4d:95:00:a5:24:68:c2:88:30:f1:a5:fe:6b:b7:0e:4c:0f:5b:
         82:54:82:50:7c:01:f8:4f:94:00:40:cf:17:f3:19:68:d1:56:
         b6:7c:b3:7d:2b:c6:76:e5:95:06:f4:e8:3d:89:a5:f0:d4:e3:
         5a:fd:24:35:f6:21:93:cc:6c:21:03:7c:cf:18:a5:fd:46:0e:
         84:02:1e:7d:d1:53:71:59:f7:9e:e2:e6:e1:48:25:12:e4:18:
         8b:e2:cb:a4:4c:b7:51:72:7a:34:6f:9f:f7:30:7e:b7:63:ce:
         26:a4:4f:bf:e6:16:ec:12:26:7a:a0:91:fa:7c:7f:8c:d1:54:
         1b:b0:7d:dd:a7:73:17:f5:60:96:d3:b4:33:aa:99:d2:2b:38:
         08:59:13:74:4e:09:40:b6:8f:35:bc:b6:a0:15:a5:b9:55:31:
         51:f7:a9:39:f8:62:a2:ce:aa:98:89:e3:41:81:38:00:b4:ed:
         e7:a1:43:f3:a3:1c:32:af:ce:74:18:e9:0d:b5:27:5b:3e:2d:
         35:81:58:8d
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZfPIz2TJykhE7tyZWc72jSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGI4MjVmMzZlOWNjMzMwMzE1Yzk0MGRlODAwY2JhYmNl
MzM5N2IwHhcNMjUwNzAzMDcxNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmVlYWQ0ZmI1MDUwYmExNjY2MjI0YWYyOGVlYjBjNTgyZGJiMDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYvfC4Wn1XqKh+5hZnlvUny+tqOT
zSAP4AG29KCRvfPaCtSxWUzQkWX1++TPv+5VU890+t4/e09bacussc8TzTKeQjJh
YaCz6qmBMutrcBZe0UXX0Cj+vHN5MHdI8NLc7d/+G+dUS+1CHMzOlc1QkwU4Zdxj
XdIT2VpEc2f6fHRdzuVgPuZz85raxyvKrgbG5N7LyyP4Rxdf6EUbOli+3kp/Zsan
VDfqIpGracR1NajmTZPfClKgaDgG36g0WJRadrt4HiB90Inm89WA+rQkWrw1xxGj
7I9o+IfEHVBD2HH4Z6zsYu3//Zrd8EFivK8p6Zrhn7l/ISeGGoxPKqWu8wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFILurU+1BQuhZmIkryjusMWC27B3MB8GA1UdIwQY
MBaAFMmLgl826cwzAxXJQN6ADLq84zl7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUt
Yjg5YTUxMWMzYmJkLzEvZ3U2dFQ3VUZDNkZtWWlTdktPNnd4WUxic0hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUtYjg5YTUxMWMzYmJk
LzEveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCHwOQAwQA
JeR4MAwDBAEl5HoDBAAl5HwDBABQRqYwDQYJKoZIhvcNAQELBQADggEBAAbMeAcd
F6MYJezHpShCnqPdNelw1DiR7mzAY2MGYPcC/dgJ73f5Bw+AgAJ2z0jnHyvpi5/i
ak2VAKUkaMKIMPGl/mu3DkwPW4JUglB8AfhPlABAzxfzGWjRVrZ8s30rxnbllQb0
6D2JpfDU41r9JDX2IZPMbCEDfM8Ypf1GDoQCHn3RU3FZ957i5uFIJRLkGIviy6RM
t1FyejRvn/cwfrdjziakT7/mFuwSJnqgkfp8f4zRVBuwfd2ncxf1YJbTtDOqmdIr
OAhZE3ROCUC2jzW8tqAVpblVMVH3qTn4YqLOqpiJ40GBOAC07eehQ/OjHDKvznQY
6Q21J1s+LTWBWI0=
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:48:56 2025 by rpki-client