Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/g__joLDCQ_fEwlMYIomwyC5qDKg.roa
File:                     g__joLDCQ_fEwlMYIomwyC5qDKg.roa (raw, json)
Hash identifier:          kOtu+O3k3EpkxI+GsAQdsryHfksOzXQXVJ27//f6//w=
Subject key identifier:   83:FF:E3:A0:B0:C2:43:F7:C4:C2:53:18:22:89:B0:C8:2E:6A:0C:A8
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0197EE6F6BD2D71E5D85AF958A919A2289E6
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/g__joLDCQ_fEwlMYIomwyC5qDKg.roa
Signing time:             Wed 09 Jul 2025 09:06:08 +0000
ROA not before:           Wed 09 Jul 2025 09:06:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        45.136.0.0/24 maxlen: 32
                          45.136.2.0/24 maxlen: 32
                          45.136.3.0/24 maxlen: 32
                          128.0.119.0/24 maxlen: 32
                          185.117.20.0/24 maxlen: 32
                          185.117.23.0/24 maxlen: 32
                          185.120.13.0/24 maxlen: 32
                          185.144.100.0/24 maxlen: 32
                          185.144.102.0/24 maxlen: 32
                          185.211.48.0/24 maxlen: 32
                          185.211.49.0/24 maxlen: 32
                          185.211.50.0/24 maxlen: 32
                          185.227.240.0/24 maxlen: 32
                          185.227.241.0/24 maxlen: 32
                          185.227.242.0/24 maxlen: 32
                          185.227.243.0/24 maxlen: 32
                          193.201.208.0/24 maxlen: 32
                          193.201.209.0/24 maxlen: 32
                          193.201.210.0/24 maxlen: 32
                          193.201.211.0/24 maxlen: 32
                          194.36.100.0/24 maxlen: 32
                          194.36.102.0/24 maxlen: 32
                          194.36.103.0/24 maxlen: 32
                          194.124.64.0/24 maxlen: 32
                          194.124.65.0/24 maxlen: 32
                          194.124.66.0/24 maxlen: 32
                          194.124.67.0/24 maxlen: 32
                          195.85.68.0/24 maxlen: 32
                          195.85.69.0/24 maxlen: 32
                          195.85.70.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:6f:6b:d2:d7:1e:5d:85:af:95:8a:91:9a:22:89:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jul  9 09:06:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83ffe3a0b0c243f7c4c253182289b0c82e6a0ca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:dd:56:01:82:9c:21:c7:72:c7:87:8b:19:8d:
                    12:3d:2f:88:1d:4a:24:3f:d5:79:34:15:5b:e6:ce:
                    43:c5:2a:d5:75:dc:f5:ad:3f:2c:23:38:68:1d:d4:
                    1c:68:e0:6c:8b:a0:45:a1:fa:36:83:14:cb:0f:eb:
                    83:75:ef:e7:d1:ca:c5:d4:73:2a:95:c2:5b:52:4a:
                    ca:3c:6d:f6:49:dc:84:06:5d:88:fa:d4:a7:eb:a4:
                    67:5a:60:51:d5:65:c8:79:f6:72:69:04:16:76:f8:
                    5c:45:e4:16:0f:0c:b6:c4:e6:2a:e0:36:2c:a1:b0:
                    01:81:8d:db:88:8d:fb:b8:db:ca:f0:76:8e:94:b6:
                    a9:bb:df:1c:c5:0a:61:0e:34:ff:62:1a:0d:cd:65:
                    e7:0d:62:10:91:c3:96:3c:98:ed:23:56:31:f7:d1:
                    4e:ad:d5:ce:b4:60:f6:d6:c8:97:77:2d:e7:47:a7:
                    b3:ff:0f:b9:59:49:11:13:23:ee:23:fa:07:4c:a2:
                    d4:b9:fb:f7:f3:ec:f6:c5:2f:0b:b4:b8:44:09:52:
                    e5:3d:40:04:59:00:20:64:bb:84:a4:b0:c3:7e:c9:
                    3a:71:4d:43:28:59:b9:98:bf:6e:92:df:68:16:31:
                    1a:55:2f:82:ad:b2:66:29:3f:e2:bf:3a:cc:f8:11:
                    34:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:FF:E3:A0:B0:C2:43:F7:C4:C2:53:18:22:89:B0:C8:2E:6A:0C:A8
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/g__joLDCQ_fEwlMYIomwyC5qDKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.0.0/24
                  45.136.2.0/23
                  128.0.119.0/24
                  185.117.20.0/24
                  185.117.23.0/24
                  185.120.13.0/24
                  185.144.100.0/24
                  185.144.102.0/24
                  185.211.48.0-185.211.50.255
                  185.227.240.0/22
                  193.201.208.0/22
                  194.36.100.0/24
                  194.36.102.0/23
                  194.124.64.0/22
                  195.85.68.0-195.85.70.255

    Signature Algorithm: sha256WithRSAEncryption
         90:52:d6:b4:ab:47:65:0e:2d:36:24:5b:7d:3c:43:8e:7c:75:
         8c:29:a5:82:6b:9b:31:d1:fd:02:1e:b5:f1:21:6e:50:39:00:
         96:f5:3f:c7:a1:82:eb:7c:6e:ff:a3:90:08:86:4e:0f:46:f6:
         97:18:59:22:69:92:fe:19:50:ad:06:3b:fe:b6:98:5b:3a:7c:
         a9:e7:48:85:f3:cc:88:69:86:6e:d5:7b:95:79:b3:a2:67:e5:
         5f:4e:5c:74:06:e1:ec:42:9a:4d:24:3c:a0:1c:c0:d2:53:29:
         90:a4:13:af:b0:ac:eb:b0:d4:7b:fe:f7:60:42:59:0f:87:f3:
         c0:00:6d:f9:5a:f5:a6:13:02:bf:51:65:fe:86:93:04:08:62:
         18:c4:f9:6e:97:1e:9a:2c:fe:76:e2:86:bb:2a:b4:08:c7:0e:
         3d:ba:c7:7a:50:3b:1b:2f:9a:7e:a2:f1:32:38:86:14:e0:61:
         b7:58:f4:80:d2:62:38:96:de:cc:d1:18:fc:09:c3:45:c7:02:
         04:02:fd:be:a4:9a:44:ea:5a:a7:36:a6:10:54:78:f1:3c:0b:
         36:cf:af:2d:ac:63:58:25:6c:bc:d8:92:14:ea:6b:65:76:b0:
         96:19:d7:55:74:58:a8:74:72:d2:18:59:f4:01:f1:a2:0f:4d:
         15:e4:fc:b0
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAZfub2vS1x5dha+VipGaIonmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwNzA5MDkwNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2ZmZTNhMGIwYzI0M2Y3YzRjMjUzMTgyMjg5YjBjODJlNmEwY2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd1WAYKcIcdyx4eLGY0SPS+IHUok
P9V5NBVb5s5DxSrVddz1rT8sIzhoHdQcaOBsi6BFofo2gxTLD+uDde/n0crF1HMq
lcJbUkrKPG32SdyEBl2I+tSn66RnWmBR1WXIefZyaQQWdvhcReQWDwy2xOYq4DYs
obABgY3biI37uNvK8HaOlLapu98cxQphDjT/YhoNzWXnDWIQkcOWPJjtI1Yx99FO
rdXOtGD21siXdy3nR6ez/w+5WUkREyPuI/oHTKLUufv38+z2xS8LtLhECVLlPUAE
WQAgZLuEpLDDfsk6cU1DKFm5mL9ukt9oFjEaVS+CrbJmKT/ivzrM+BE0pwIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFIP/46CwwkP3xMJTGCKJsMguagyoMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvZ19fam9MRENRX2ZFd2xNWUlvbXd5QzVxREtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwcAQCAAEwagMEAC2IAAME
AS2IAgMEAIAAdwMEALl1FAMEALl1FwMEALl4DQMEALmQZAMEALmQZjAMAwQEudMw
AwQAudMyAwQCuePwAwQCwcnQAwQAwiRkAwQBwiRmAwQCwnxAMAwDBALDVUQDBADD
VUYwDQYJKoZIhvcNAQELBQADggEBAJBS1rSrR2UOLTYkW308Q458dYwppYJrmzHR
/QIetfEhblA5AJb1P8ehgut8bv+jkAiGTg9G9pcYWSJpkv4ZUK0GO/62mFs6fKnn
SIXzzIhphm7Ve5V5s6Jn5V9OXHQG4exCmk0kPKAcwNJTKZCkE6+wrOuw1Hv+92BC
WQ+H88AAbfla9aYTAr9RZf6GkwQIYhjE+W6XHpos/nbihrsqtAjHDj26x3pQOxsv
mn6i8TI4hhTgYbdY9IDSYjiW3szRGPwJw0XHAgQC/b6kmkTqWqc2phBUePE8CzbP
ry2sY1glbLzYkhTqa2V2sJYZ11V0WKh0ctIYWfQB8aIPTRXk/LA=
-----END CERTIFICATE-----
Generated at Sun Jul 20 18:01:27 2025 by rpki-client