Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/A9hFHuB1KcT6sufWXb7Ip8uski0.roa
File:                     A9hFHuB1KcT6sufWXb7Ip8uski0.roa (raw, json)
Hash identifier:          il6x3CO5f44reEoXrVw6CoxKeHuPAxsUHCAYCbpYXXA=
Subject key identifier:   03:D8:45:1E:E0:75:29:C4:FA:B2:E7:D6:5D:BE:C8:A7:CB:AC:92:2D
Certificate issuer:       /CN=de2e917315f0a878b21fc139d49a821aaddc3c97
Certificate serial:       0197F8835FD5579269C44827D463668E3D7C
Authority key identifier: DE:2E:91:73:15:F0:A8:78:B2:1F:C1:39:D4:9A:82:1A:AD:DC:3C:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3i6RcxXwqHiyH8E51JqCGq3cPJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/A9hFHuB1KcT6sufWXb7Ip8uski0.roa
Signing time:             Fri 11 Jul 2025 08:04:08 +0000
ROA not before:           Fri 11 Jul 2025 08:04:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39351
IP address blocks:        45.83.220.0/24 maxlen: 24
                          45.83.221.0/24 maxlen: 24
                          45.83.222.0/23 maxlen: 24
                          45.129.56.0/24 maxlen: 24
                          45.129.59.0/24 maxlen: 24
                          141.98.252.0/24 maxlen: 24
                          141.98.254.0/24 maxlen: 24
                          141.98.255.0/24 maxlen: 24
                          185.65.132.0/24 maxlen: 24
                          185.65.133.0/24 maxlen: 24
                          185.65.134.0/24 maxlen: 24
                          185.65.135.0/24 maxlen: 24
                          185.195.232.0/24 maxlen: 24
                          185.195.233.0/24 maxlen: 24
                          185.209.196.0/24 maxlen: 24
                          185.209.197.0/24 maxlen: 24
                          185.209.198.0/24 maxlen: 24
                          185.209.199.0/24 maxlen: 24
                          185.213.152.0/24 maxlen: 24
                          185.213.153.0/24 maxlen: 24
                          185.213.154.0/24 maxlen: 24
                          185.213.155.0/24 maxlen: 24
                          193.32.126.0/24 maxlen: 24
                          193.32.127.0/24 maxlen: 24
                          193.32.248.0/24 maxlen: 24
                          193.32.249.0/24 maxlen: 24
                          193.138.216.0/22 maxlen: 22
                          195.54.182.0/24 maxlen: 24
                          195.54.183.0/24 maxlen: 24
                          2a03:1b20:1::/48 maxlen: 48
                          2a03:1b20:2::/48 maxlen: 48
                          2a03:1b20:3::/48 maxlen: 48
                          2a03:1b20:4::/48 maxlen: 48
                          2a03:1b20:5::/48 maxlen: 48
                          2a03:1b20:6::/48 maxlen: 48
                          2a03:1b20:7::/48 maxlen: 48
                          2a03:1b20:8::/48 maxlen: 48
                          2a03:1b20:9::/48 maxlen: 48
                          2a03:1b20:a::/48 maxlen: 48
                          2a03:1b20:b::/48 maxlen: 48
                          2a03:1b20:901::/48 maxlen: 48
                          2a03:1b20:bef1::/48 maxlen: 48
                          2a03:1b20:bef2::/48 maxlen: 48
                          2a03:1b21:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/3i6RcxXwqHiyH8E51JqCGq3cPJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/3i6RcxXwqHiyH8E51JqCGq3cPJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3i6RcxXwqHiyH8E51JqCGq3cPJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 05:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f8:83:5f:d5:57:92:69:c4:48:27:d4:63:66:8e:3d:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de2e917315f0a878b21fc139d49a821aaddc3c97
        Validity
            Not Before: Jul 11 08:04:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03d8451ee07529c4fab2e7d65dbec8a7cbac922d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8c:95:54:8a:de:18:54:e1:f5:b2:23:d8:5e:
                    07:4a:17:dc:20:8c:40:ff:02:b9:c0:d9:08:4e:a1:
                    c6:55:87:41:8e:ac:7b:0f:f1:af:32:55:52:60:93:
                    d2:2a:8e:bd:4c:36:bc:55:11:66:4c:61:9a:a4:64:
                    6a:b2:db:d4:17:b7:30:43:0f:bf:9b:27:68:45:b6:
                    f8:6a:de:6e:a5:50:98:31:79:a7:37:00:86:2e:81:
                    16:25:a2:9d:3b:9d:06:66:d0:48:4c:57:25:a9:62:
                    13:0a:d8:8e:84:69:0e:e7:af:2a:c9:20:78:7a:d7:
                    47:d3:5f:38:d2:56:1a:59:5f:d2:43:1d:32:f8:f4:
                    f2:df:dd:fd:8b:8b:61:f7:8b:12:e8:fd:c0:89:3d:
                    d4:9f:a1:54:50:c1:0b:18:c3:c0:46:03:2b:00:80:
                    73:cc:fb:de:82:cb:b6:93:d4:33:19:62:7d:0d:63:
                    b0:f4:de:56:49:00:c4:8e:f8:a0:f4:21:11:13:03:
                    81:c1:c9:38:8e:d5:fa:ae:5d:66:b0:fc:71:0c:bf:
                    e3:ee:d4:7f:94:55:1b:af:a2:38:ed:0b:cf:bc:4f:
                    0d:e6:8c:87:f2:b1:2b:89:67:37:3b:dc:cc:71:52:
                    4d:5e:3c:f5:e4:af:5a:4b:a5:cd:74:7b:50:6a:9c:
                    35:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:D8:45:1E:E0:75:29:C4:FA:B2:E7:D6:5D:BE:C8:A7:CB:AC:92:2D
            X509v3 Authority Key Identifier:
                keyid:DE:2E:91:73:15:F0:A8:78:B2:1F:C1:39:D4:9A:82:1A:AD:DC:3C:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3i6RcxXwqHiyH8E51JqCGq3cPJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/A9hFHuB1KcT6sufWXb7Ip8uski0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/3i6RcxXwqHiyH8E51JqCGq3cPJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.220.0/22
                  45.129.56.0/24
                  45.129.59.0/24
                  141.98.252.0/24
                  141.98.254.0/23
                  185.65.132.0/22
                  185.195.232.0/23
                  185.209.196.0/22
                  185.213.152.0/22
                  193.32.126.0/23
                  193.32.248.0/23
                  193.138.216.0/22
                  195.54.182.0/23
                IPv6:
                  2a03:1b20:1::-2a03:1b20:b:ffff:ffff:ffff:ffff:ffff
                  2a03:1b20:901::/48
                  2a03:1b20:bef1::-2a03:1b20:bef2:ffff:ffff:ffff:ffff:ffff
                  2a03:1b21:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         80:44:d8:7f:28:8a:36:1f:4f:cb:99:0a:54:53:1c:f4:ef:67:
         c7:70:82:19:08:ba:3c:a6:ad:13:c1:2b:2a:c3:3c:2c:02:3b:
         dd:3f:bf:7a:49:29:be:09:52:34:e6:ff:6a:00:ee:d9:e2:65:
         2a:c9:a2:8e:e4:1f:7f:b3:22:09:5e:42:dd:09:f4:f3:fa:d6:
         8b:a8:53:5d:70:99:3e:90:4d:ef:34:49:bd:8a:9d:3a:5f:40:
         07:c9:0b:71:75:e5:26:21:68:1c:b0:f9:85:68:95:98:a9:dc:
         25:d7:62:39:84:bf:21:57:d9:99:7f:6f:5a:72:dc:55:29:d7:
         87:06:93:4f:68:e3:b7:df:36:ea:ea:44:b1:5f:7f:58:cd:c1:
         c7:2b:5a:68:e1:01:55:62:6f:6e:c4:e1:bf:92:0e:e7:5d:8a:
         c2:74:95:aa:5f:ee:fa:1a:bc:03:03:17:ce:f9:aa:bc:7e:8f:
         19:22:67:9c:c1:0b:1d:56:53:c6:5e:3a:c1:c1:47:9f:00:c1:
         fa:2b:d3:81:38:cf:53:b6:e6:22:a6:0f:43:cd:d3:6b:d0:04:
         3e:4c:ed:b3:91:b1:88:b9:f2:c9:61:38:6a:bc:ca:a6:b2:dd:
         96:d0:e8:7e:24:32:97:3d:50:07:b9:86:31:83:40:e6:87:32:
         1a:72:e4:92
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAZf4g1/VV5JpxEgn1GNmjj18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMmU5MTczMTVmMGE4NzhiMjFmYzEzOWQ0OWE4MjFhYWRk
YzNjOTcwHhcNMjUwNzExMDgwNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2Q4NDUxZWUwNzUyOWM0ZmFiMmU3ZDY1ZGJlYzhhN2NiYWM5MjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYyVVIreGFTh9bIj2F4HShfcIIxA
/wK5wNkITqHGVYdBjqx7D/GvMlVSYJPSKo69TDa8VRFmTGGapGRqstvUF7cwQw+/
mydoRbb4at5upVCYMXmnNwCGLoEWJaKdO50GZtBITFclqWITCtiOhGkO568qySB4
etdH01840lYaWV/SQx0y+PTy3939i4th94sS6P3AiT3Un6FUUMELGMPARgMrAIBz
zPvegsu2k9QzGWJ9DWOw9N5WSQDEjvig9CEREwOBwck4jtX6rl1msPxxDL/j7tR/
lFUbr6I47QvPvE8N5oyH8rEriWc3O9zMcVJNXjz15K9aS6XNdHtQapw1xwIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFAPYRR7gdSnE+rLn1l2+yKfLrJItMB8GA1UdIwQY
MBaAFN4ukXMV8Kh4sh/BOdSaghqt3DyXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2k2UmN4WHdxSGl5SDhFNTFKcUNHcTNjUEpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yZDViYzgtNWQ5My00YjBhLWE4YjYt
ZjhkNjVjOTgzNzQ0LzEvQTloRkh1QjFLY1Q2c3VmV1hiN0lwOHVza2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yZDViYzgtNWQ5My00YjBhLWE4YjYtZjhkNjVjOTgzNzQ0
LzEvM2k2UmN4WHdxSGl5SDhFNTFKcUNHcTNjUEpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGqBggrBgEFBQcBBwEB/wSBmjCBlzBUBAIAATBOAwQCLVPc
AwQALYE4AwQALYE7AwQAjWL8AwQBjWL+AwQCuUGEAwQBucPoAwQCudHEAwQCudWY
AwQBwSB+AwQBwSD4AwQCwYrYAwQBwza2MD8EAgACMDkwEgMHACoDGyAAAQMHAioD
GyAACAMHACoDGyAJATASAwcAKgMbIL7xAwcAKgMbIL7yAwYAKgMbIQEwDQYJKoZI
hvcNAQELBQADggEBAIBE2H8oijYfT8uZClRTHPTvZ8dwghkIujymrRPBKyrDPCwC
O90/v3pJKb4JUjTm/2oA7tniZSrJoo7kH3+zIgleQt0J9PP61ouoU11wmT6QTe80
Sb2KnTpfQAfJC3F15SYhaByw+YVolZip3CXXYjmEvyFX2Zl/b1py3FUp14cGk09o
47ffNurqRLFff1jNwccrWmjhAVVib27E4b+SDuddisJ0lapf7voavAMDF875qrx+
jxkiZ5zBCx1WU8ZeOsHBR58Awfor04E4z1O25iKmD0PN02vQBD5M7bORsYi58slh
OGq8yqay3ZbQ6H4kMpc9UAe5hjGDQOaHMhpy5JI=
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:55:21 2025 by rpki-client