Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/diFCwaUovsaNblb7FcU1eaLNnEk.roa
File:                     diFCwaUovsaNblb7FcU1eaLNnEk.roa (raw, json)
Hash identifier:          KOzCckAfpWtILk1IygKOd3SNVD4+Zto+vc5dE9aw9p0=
Subject key identifier:   76:21:42:C1:A5:28:BE:C6:8D:6E:56:FB:15:C5:35:79:A2:CD:9C:49
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0197C34B048AB8B05A8BF1BEC4C41C035E09
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/diFCwaUovsaNblb7FcU1eaLNnEk.roa
Signing time:             Tue 01 Jul 2025 00:02:42 +0000
ROA not before:           Tue 01 Jul 2025 00:02:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134176
IP address blocks:        185.190.81.0/24 maxlen: 24
                          194.49.108.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 02:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c3:4b:04:8a:b8:b0:5a:8b:f1:be:c4:c4:1c:03:5e:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jul  1 00:02:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=762142c1a528bec68d6e56fb15c53579a2cd9c49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:07:ad:a8:ba:1c:c5:6e:cb:d7:43:e9:d6:2d:
                    34:48:34:d3:15:3a:fb:d6:58:6e:b8:ef:1c:bf:99:
                    c2:88:0e:dd:1a:16:43:e7:94:6e:53:39:3a:20:14:
                    87:b5:ad:d3:66:1d:80:6b:4d:59:20:db:5e:f7:e1:
                    d8:0a:75:68:b4:95:f5:0d:34:fa:8c:38:0f:af:ae:
                    52:2b:6e:69:25:a9:cc:8f:cf:37:fe:8d:c0:e6:02:
                    3f:f0:dd:84:3a:91:ee:a9:29:92:0c:84:15:6b:7d:
                    3c:02:1a:bd:ac:cb:53:e2:e5:3e:20:18:02:06:2b:
                    e9:88:33:fc:7b:4c:38:7f:69:40:e8:ab:dc:0f:9e:
                    3b:d2:96:81:ee:45:a0:71:a2:e1:35:2c:28:fb:70:
                    41:3e:f0:96:e3:42:df:1b:6f:c6:95:35:fe:55:12:
                    b8:d9:31:d9:16:5e:b6:6c:ec:72:6a:07:8c:28:90:
                    77:05:c9:ee:5a:5d:21:ef:27:cc:85:fb:b6:a3:ed:
                    0f:ca:e5:b8:83:93:17:26:b1:be:d8:6c:3d:ea:a8:
                    89:37:71:23:37:55:b9:57:71:c9:69:2b:52:1e:30:
                    35:67:58:a6:49:f7:c1:f3:77:81:73:43:b3:b9:57:
                    f9:de:5f:fa:4b:3e:4e:87:81:84:32:e5:11:e5:9a:
                    72:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:21:42:C1:A5:28:BE:C6:8D:6E:56:FB:15:C5:35:79:A2:CD:9C:49
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/diFCwaUovsaNblb7FcU1eaLNnEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.81.0/24
                  194.49.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:7b:b2:62:ef:81:fb:f1:b5:b0:5f:88:c5:d9:55:8c:67:0d:
         b7:1d:4e:24:df:f1:09:71:d4:09:96:17:12:3e:17:93:60:2c:
         96:6c:59:28:57:ac:ce:d3:07:df:d6:10:5e:36:38:b5:79:06:
         fc:2e:33:d1:bd:12:b3:79:ff:f7:bc:52:b4:71:92:cf:5d:82:
         6c:aa:de:3b:71:69:47:d7:ec:96:cd:9d:4b:1a:0f:69:ec:39:
         7f:44:00:7d:23:12:b9:33:77:d8:6c:9c:6c:f4:97:54:c6:a2:
         fd:8d:63:5e:83:97:73:23:9e:a3:c0:36:72:b5:2a:ae:05:36:
         1e:5b:16:57:d3:eb:c7:a1:80:53:de:0d:1a:20:55:c7:b3:32:
         96:b0:b9:3d:d3:ef:c3:88:db:74:43:b8:b1:07:a4:36:e1:25:
         1b:1e:2a:ab:f7:3f:d1:cd:62:b3:98:67:c7:fa:1c:7f:de:98:
         9e:bb:af:24:88:39:a3:a7:c4:6b:7b:fe:15:e9:a4:65:1d:49:
         2e:22:30:1d:89:a0:47:74:29:f6:7f:90:a5:66:a3:b8:bf:eb:
         23:59:cd:fa:d6:f0:93:05:ce:aa:29:59:54:63:0e:c8:69:41:
         49:7f:ca:d3:76:86:e4:e3:2a:de:31:e3:8c:c6:c3:cf:a6:8a:
         ff:4e:b8:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfDSwSKuLBai/G+xMQcA14JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwNzAxMDAwMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjIxNDJjMWE1MjhiZWM2OGQ2ZTU2ZmIxNWM1MzU3OWEyY2Q5YzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AetqLocxW7L10Pp1i00SDTTFTr7
1lhuuO8cv5nCiA7dGhZD55RuUzk6IBSHta3TZh2Aa01ZINte9+HYCnVotJX1DTT6
jDgPr65SK25pJanMj883/o3A5gI/8N2EOpHuqSmSDIQVa308Ahq9rMtT4uU+IBgC
BivpiDP8e0w4f2lA6KvcD5470paB7kWgcaLhNSwo+3BBPvCW40LfG2/GlTX+VRK4
2THZFl62bOxyageMKJB3BcnuWl0h7yfMhfu2o+0PyuW4g5MXJrG+2Gw96qiJN3Ej
N1W5V3HJaStSHjA1Z1imSffB83eBc0OzuVf53l/6Sz5Oh4GEMuUR5ZpytQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHYhQsGlKL7GjW5W+xXFNXmizZxJMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvZGlGQ3dhVW92c2FOYmxiN0ZjVTFlYUxObkVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAub5RAwQA
wjFsMA0GCSqGSIb3DQEBCwUAA4IBAQBUe7Ji74H78bWwX4jF2VWMZw23HU4k3/EJ
cdQJlhcSPheTYCyWbFkoV6zO0wff1hBeNji1eQb8LjPRvRKzef/3vFK0cZLPXYJs
qt47cWlH1+yWzZ1LGg9p7Dl/RAB9IxK5M3fYbJxs9JdUxqL9jWNeg5dzI56jwDZy
tSquBTYeWxZX0+vHoYBT3g0aIFXHszKWsLk90+/DiNt0Q7ixB6Q24SUbHiqr9z/R
zWKzmGfH+hx/3pieu68kiDmjp8Rre/4V6aRlHUkuIjAdiaBHdCn2f5ClZqO4v+sj
Wc361vCTBc6qKVlUYw7IaUFJf8rTdobk4yreMeOMxsPPpor/TrgS
-----END CERTIFICATE-----
Generated at Sun Jul 20 11:12:20 2025 by rpki-client