Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/14gXO5PLi0LoZ0DYGh9KK795laQ.roa
File:                     14gXO5PLi0LoZ0DYGh9KK795laQ.roa (raw, json)
Hash identifier:          EARGMMjNyaWuZ1stJfG6h12JcDBEupf11Ssao/d8baM=
Subject key identifier:   D7:88:17:3B:93:CB:8B:42:E8:67:40:D8:1A:1F:4A:2B:BF:79:95:A4
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       0197EE838EF7CBEC66620020C86524E7FB1D
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/14gXO5PLi0LoZ0DYGh9KK795laQ.roa
Signing time:             Wed 09 Jul 2025 09:28:08 +0000
ROA not before:           Wed 09 Jul 2025 09:28:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28917
IP address blocks:        46.44.0.0/18 maxlen: 18
                          62.140.224.0/19 maxlen: 19
                          62.140.250.0/24 maxlen: 24
                          62.140.255.0/24 maxlen: 24
                          80.77.160.0/20 maxlen: 24
                          80.77.162.0/23 maxlen: 23
                          80.77.164.0/22 maxlen: 24
                          80.77.169.0/24 maxlen: 24
                          80.77.172.0/22 maxlen: 22
                          93.191.8.0/21 maxlen: 21
                          93.191.11.0/24 maxlen: 24
                          93.191.12.0/23 maxlen: 23
                          185.221.44.0/22 maxlen: 22
                          2a02:2518::/29 maxlen: 29
                          2a02:2518::/32 maxlen: 32
                          2a02:2518:3::/48 maxlen: 48
                          2a02:2518:11::/48 maxlen: 48
                          2a02:251b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 21:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:83:8e:f7:cb:ec:66:62:00:20:c8:65:24:e7:fb:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jul  9 09:28:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d788173b93cb8b42e86740d81a1f4a2bbf7995a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:29:f5:17:3c:2d:a4:e3:84:15:66:73:da:87:
                    02:3b:65:7b:e6:6a:75:49:6e:36:0d:11:ba:3c:d8:
                    31:bd:f3:37:d7:4f:1e:11:0c:07:29:00:0a:23:a3:
                    f5:49:21:1a:96:47:ea:e7:7d:7a:2b:cf:ed:c5:b6:
                    e7:a9:62:99:0b:65:de:a2:f1:02:d1:c1:0e:bb:c4:
                    ca:dd:bf:2c:8a:75:52:65:06:d0:fc:c0:8a:f1:bc:
                    92:31:15:18:2d:6f:0c:1a:65:b3:4f:e7:a7:79:0a:
                    0e:bb:fc:e2:48:95:89:07:ee:96:ee:85:34:5d:37:
                    7f:27:37:ea:91:2c:e5:a4:ae:8b:df:a8:5c:45:ef:
                    86:86:f9:80:35:a4:8e:a4:9f:ce:54:70:d3:c1:bf:
                    00:cd:e4:f2:79:d9:49:ca:0e:e2:09:e0:9f:a9:55:
                    8d:9c:9c:85:0b:64:8f:17:5e:d5:7e:96:a1:49:a0:
                    96:25:93:2e:61:c6:eb:bd:05:2e:fc:27:ea:48:10:
                    84:d7:e4:48:8b:96:ab:f7:71:0f:20:f4:b4:85:d4:
                    bc:3c:53:9b:08:35:d6:8a:f6:5d:aa:67:6e:88:58:
                    bf:87:ea:f4:74:44:a3:bb:e4:1d:e0:6c:86:20:39:
                    d6:78:27:5d:96:78:44:e0:34:5c:11:3a:fa:3f:cc:
                    a0:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:88:17:3B:93:CB:8B:42:E8:67:40:D8:1A:1F:4A:2B:BF:79:95:A4
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/14gXO5PLi0LoZ0DYGh9KK795laQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.44.0.0/18
                  62.140.224.0/19
                  80.77.160.0/20
                  93.191.8.0/21
                  185.221.44.0/22
                IPv6:
                  2a02:2518::/29

    Signature Algorithm: sha256WithRSAEncryption
         b7:f0:cc:a5:78:93:c0:52:93:11:dd:cc:df:1f:2e:6c:3d:07:
         9e:37:ec:d0:33:8f:24:40:ed:10:24:a3:14:d3:5a:8e:1d:2b:
         2b:02:2b:52:03:ab:80:e9:f5:cd:04:72:44:6f:36:1e:e4:70:
         ca:23:e4:3b:3c:88:07:db:83:14:13:d9:20:d7:0c:27:4d:9c:
         f3:78:9e:3d:4d:b5:4c:b2:ff:1c:8b:26:8c:dd:48:bc:29:1c:
         e2:9e:28:2a:b3:92:31:e7:57:6d:57:f9:f7:ad:28:60:c9:b3:
         5b:6d:98:27:54:82:1d:13:f1:e5:22:56:f2:41:ae:9d:24:2e:
         70:86:42:d3:dc:14:c2:13:b2:66:c5:d5:b7:6e:55:f3:a4:9f:
         87:39:7c:ba:2c:f9:5e:79:2e:34:6f:78:55:14:7b:5e:11:20:
         17:4d:3d:b0:6a:0b:39:a7:f9:5d:d6:b9:eb:b4:ab:6c:86:1f:
         d9:27:69:c4:07:2f:ba:19:c0:4d:c5:c0:92:bf:35:0a:bf:36:
         4f:23:3e:bc:90:11:06:35:4c:0b:7c:0a:63:73:40:dc:24:99:
         e2:d1:1e:d7:54:99:03:3b:b7:13:49:4f:24:09:75:c7:d3:37:
         ad:15:e5:c1:a7:0d:e7:9f:52:88:17:95:2f:24:59:83:e0:e7:
         51:ca:c9:55
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZfug473y+xmYgAgyGUk5/sdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOTAwZTQ2NTVhYjM0OWE0NjMyYjE0MDcxOWRjOTcyMzA0
MzE3MjUwHhcNMjUwNzA5MDkyODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzg4MTczYjkzY2I4YjQyZTg2NzQwZDgxYTFmNGEyYmJmNzk5NWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSn1FzwtpOOEFWZz2ocCO2V75mp1
SW42DRG6PNgxvfM3108eEQwHKQAKI6P1SSEalkfq5316K8/txbbnqWKZC2XeovEC
0cEOu8TK3b8sinVSZQbQ/MCK8bySMRUYLW8MGmWzT+eneQoOu/ziSJWJB+6W7oU0
XTd/JzfqkSzlpK6L36hcRe+GhvmANaSOpJ/OVHDTwb8AzeTyedlJyg7iCeCfqVWN
nJyFC2SPF17VfpahSaCWJZMuYcbrvQUu/CfqSBCE1+RIi5ar93EPIPS0hdS8PFOb
CDXWivZdqmduiFi/h+r0dESju+Qd4GyGIDnWeCddlnhE4DRcETr6P8ygnQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFNeIFzuTy4tC6GdA2BofSiu/eZWkMB8GA1UdIwQY
MBaAFKKQDkZVqzSaRjKxQHGdyXIwQxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMt
ZjRjNWZjM2NhMmM0LzEvMTRnWE81UExpMExvWjBEWUdoOUtLNzk1bGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMtZjRjNWZjM2NhMmM0
LzEvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQGLiwAAwQF
PozgAwQEUE2gAwQDXb8IAwQCud0sMA0EAgACMAcDBQMqAiUYMA0GCSqGSIb3DQEB
CwUAA4IBAQC38MyleJPAUpMR3czfHy5sPQeeN+zQM48kQO0QJKMU01qOHSsrAitS
A6uA6fXNBHJEbzYe5HDKI+Q7PIgH24MUE9kg1wwnTZzzeJ49TbVMsv8ciyaM3Ui8
KRzinigqs5Ix51dtV/n3rShgybNbbZgnVIIdE/HlIlbyQa6dJC5whkLT3BTCE7Jm
xdW3blXzpJ+HOXy6LPleeS40b3hVFHteESAXTT2wags5p/ld1rnrtKtshh/ZJ2nE
By+6GcBNxcCSvzUKvzZPIz68kBEGNUwLfApjc0DcJJni0R7XVJkDO7cTSU8kCXXH
0zetFeXBpw3nn1KIF5UvJFmD4OdRyslV
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:03:40 2025 by rpki-client