Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/GFTyNhBJZ95PpStMq23eBt_Rykk.roa
File:                     GFTyNhBJZ95PpStMq23eBt_Rykk.roa (raw, json)
Hash identifier:          GgXz6hm456uhJV6ax72eRgHGapOet5+ZUkaa/HWebk8=
Subject key identifier:   18:54:F2:36:10:49:67:DE:4F:A5:2B:4C:AB:6D:DE:06:DF:D1:CA:49
Certificate issuer:       /CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
Certificate serial:       019834CD981DE11FBDAB8CC78F0B873DE7E5
Authority key identifier: 99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/GFTyNhBJZ95PpStMq23eBt_Rykk.roa
Signing time:             Wed 23 Jul 2025 01:02:25 +0000
ROA not before:           Wed 23 Jul 2025 01:02:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202623
IP address blocks:        141.101.64.0/24 maxlen: 24
                          141.101.91.0/24 maxlen: 24
                          2a06:98c0:1400::/48 maxlen: 48
                          2a06:98c0:1401::/48 maxlen: 48
                          2a06:98c0:3602::/48 maxlen: 48
                          2a06:98c0:3603::/48 maxlen: 48
                          2a06:98c0:3604::/48 maxlen: 48
                          2a06:98c0:3605::/48 maxlen: 48
                          2a06:98c0:3606::/48 maxlen: 48
                          2a06:98c0:3607::/48 maxlen: 48
                          2a06:98c0:360e::/48 maxlen: 48
                          2a06:98c0:3612::/48 maxlen: 48
                          2a06:98c0:3616::/48 maxlen: 48
                          2a06:98c0:3622::/48 maxlen: 48
                          2a06:98c0:3626::/48 maxlen: 48
                          2a06:98c0:3627::/48 maxlen: 48
                          2a06:98c0:362b::/48 maxlen: 48
                          2a06:98c0:362c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 10:08:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:34:cd:98:1d:e1:1f:bd:ab:8c:c7:8f:0b:87:3d:e7:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
        Validity
            Not Before: Jul 23 01:02:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1854f236104967de4fa52b4cab6dde06dfd1ca49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c0:a6:1b:16:23:b4:46:0c:d2:22:33:fc:8e:
                    32:dc:70:aa:ca:ac:52:8e:f2:c7:33:45:8e:0c:03:
                    63:98:e7:05:c8:21:32:dd:d2:ec:82:6a:4d:7b:70:
                    92:b4:d8:7b:27:ed:40:f6:a6:fc:fd:78:70:6b:4f:
                    94:5d:fb:d8:4e:73:9c:77:69:32:e7:14:eb:ca:2d:
                    6f:0a:c6:f1:91:4c:01:42:20:22:04:47:e9:75:28:
                    72:f3:2b:b9:fe:0c:fb:a9:24:d2:23:da:34:3e:a3:
                    8d:0d:37:af:d6:75:61:98:1e:5c:16:e2:b6:d2:47:
                    f6:96:c9:e9:60:11:b7:e5:52:b1:9f:d5:2b:e5:d6:
                    6a:37:e9:fc:43:2d:a9:9b:d5:64:0d:64:49:8d:96:
                    46:13:d4:18:8c:74:6b:b0:c8:1f:5b:74:1a:f4:c7:
                    7e:09:1d:66:1b:0b:6d:2c:4a:12:bf:8d:ef:fb:76:
                    34:d1:92:40:a1:cd:dc:5e:6c:ad:e4:17:c8:a3:a0:
                    cb:50:ff:e8:7a:da:3a:f8:44:f4:bd:e6:b8:3f:fb:
                    84:4d:ca:84:e7:ed:75:38:70:f8:9e:db:24:2a:07:
                    07:c3:9a:ba:e9:f2:43:cf:1c:8e:2d:6f:a8:96:b4:
                    41:0e:62:e1:f7:dc:79:b8:fc:b5:73:3e:ae:6b:ce:
                    51:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:54:F2:36:10:49:67:DE:4F:A5:2B:4C:AB:6D:DE:06:DF:D1:CA:49
            X509v3 Authority Key Identifier:
                keyid:99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/GFTyNhBJZ95PpStMq23eBt_Rykk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.64.0/24
                  141.101.91.0/24
                IPv6:
                  2a06:98c0:1400::/47
                  2a06:98c0:3602::-2a06:98c0:3607:ffff:ffff:ffff:ffff:ffff
                  2a06:98c0:360e::/48
                  2a06:98c0:3612::/48
                  2a06:98c0:3616::/48
                  2a06:98c0:3622::/48
                  2a06:98c0:3626::/47
                  2a06:98c0:362b::-2a06:98c0:362c:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         45:ef:45:e6:df:35:04:d8:ea:15:a1:1d:f1:7d:af:da:1a:4e:
         e6:eb:e4:95:66:76:14:04:ad:c0:44:82:a3:0c:59:c7:2c:9a:
         8b:75:a8:9b:b7:03:9f:71:9d:32:f0:d4:84:00:e6:8c:67:95:
         23:e1:40:86:7f:61:ff:61:a5:2f:f1:08:a3:63:cf:1b:28:65:
         f8:9c:f2:d6:13:a3:a6:68:9f:44:d8:6d:bf:50:21:2a:b4:68:
         33:83:96:a1:58:16:61:70:d3:60:6a:7d:3d:e2:5b:2a:42:71:
         b6:7b:98:7b:95:0e:5c:8e:6e:b5:30:f0:46:cc:fd:97:ef:de:
         5a:09:14:31:15:78:3c:b0:48:48:40:0c:02:53:68:0c:a3:fa:
         ff:d4:0b:34:d0:6b:2d:4b:ad:e5:7c:76:24:11:0d:b8:ba:43:
         f9:49:2d:8d:38:8a:08:ee:71:91:76:69:cd:64:91:76:fc:f4:
         d9:03:49:67:24:49:29:28:e2:bd:4f:2e:35:1c:3a:25:d4:95:
         8a:9e:07:93:df:d9:5b:2e:76:91:4e:5f:90:ed:3b:7b:9b:a0:
         80:2a:ff:eb:72:99:08:27:38:d3:f4:a1:e3:6f:5e:d2:a7:00:
         7d:d3:14:33:d9:3e:e6:db:4a:fb:f0:55:a4:2a:7f:79:cd:5c:
         a7:5d:15:88
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAZg0zZgd4R+9q4zHjwuHPeflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZDViZmFkNDVkN2M2NWE2ZTM0MzAyODUwOWZkMTg5MmU5
N2I5ZDAwHhcNMjUwNzIzMDEwMjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODU0ZjIzNjEwNDk2N2RlNGZhNTJiNGNhYjZkZGUwNmRmZDFjYTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMCmGxYjtEYM0iIz/I4y3HCqyqxS
jvLHM0WODANjmOcFyCEy3dLsgmpNe3CStNh7J+1A9qb8/Xhwa0+UXfvYTnOcd2ky
5xTryi1vCsbxkUwBQiAiBEfpdShy8yu5/gz7qSTSI9o0PqONDTev1nVhmB5cFuK2
0kf2lsnpYBG35VKxn9Ur5dZqN+n8Qy2pm9VkDWRJjZZGE9QYjHRrsMgfW3Qa9Md+
CR1mGwttLEoSv43v+3Y00ZJAoc3cXmyt5BfIo6DLUP/oeto6+ET0vea4P/uETcqE
5+11OHD4ntskKgcHw5q66fJDzxyOLW+olrRBDmLh99x5uPy1cz6ua85RWQIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFBhU8jYQSWfeT6UrTKtt3gbf0cpJMB8GA1UdIwQY
MBaAFJnVv61F18ZabjQwKFCf0Ykul7nQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQt
NzU1MTgwOWNiNzMxLzEvR0ZUeU5oQkpaOTVQcFN0TXEyM2VCdF9SeWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQtNzU1MTgwOWNiNzMx
LzEvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHowEgQCAAEwDAMEAI1lQAME
AI1lWzBkBAIAAjBeAwcBKgaYwBQAMBIDBwEqBpjANgIDBwMqBpjANgADBwAqBpjA
Ng4DBwAqBpjANhIDBwAqBpjANhYDBwAqBpjANiIDBwEqBpjANiYwEgMHACoGmMA2
KwMHACoGmMA2LDANBgkqhkiG9w0BAQsFAAOCAQEARe9F5t81BNjqFaEd8X2v2hpO
5uvklWZ2FAStwESCowxZxyyai3Wom7cDn3GdMvDUhADmjGeVI+FAhn9h/2GlL/EI
o2PPGyhl+Jzy1hOjpmifRNhtv1AhKrRoM4OWoVgWYXDTYGp9PeJbKkJxtnuYe5UO
XI5utTDwRsz9l+/eWgkUMRV4PLBISEAMAlNoDKP6/9QLNNBrLUut5Xx2JBENuLpD
+UktjTiKCO5xkXZpzWSRdvz02QNJZyRJKSjivU8uNRw6JdSVip4Hk9/ZWy52kU5f
kO07e5uggCr/63KZCCc40/Sh429e0qcAfdMUM9k+5ttK+/BVpCp/ec1cp10ViA==
-----END CERTIFICATE-----
Generated at Wed Jul 23 17:31:18 2025 by rpki-client