Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/O82A9uBdQeVc6xfM9T7PvTllFHQ.roa
File:                     O82A9uBdQeVc6xfM9T7PvTllFHQ.roa (raw, json)
Hash identifier:          g34w1HVAYqCfPcfO9lGKgZDvmQ5288F6TcdguQ6PfgQ=
Subject key identifier:   3B:CD:80:F6:E0:5D:41:E5:5C:EB:17:CC:F5:3E:CF:BD:39:65:14:74
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019F1C72AB969B5D889ED84606036A68D7CB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/O82A9uBdQeVc6xfM9T7PvTllFHQ.roa
Signing time:             Wed 01 Jul 2026 06:51:44 +0000
ROA not before:           Wed 01 Jul 2026 06:51:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        37.139.128.0/24 maxlen: 24
                          45.66.228.0/24 maxlen: 24
                          45.66.231.0/24 maxlen: 24
                          45.89.247.0/24 maxlen: 24
                          45.91.194.0/24 maxlen: 24
                          45.129.85.0/24 maxlen: 24
                          45.141.158.0/24 maxlen: 24
                          81.161.238.0/24 maxlen: 24
                          83.143.113.0/24 maxlen: 24
                          85.217.130.0/23 maxlen: 24
                          87.120.87.0/24 maxlen: 24
                          87.120.126.0/24 maxlen: 24
                          87.120.166.0/24 maxlen: 24
                          87.120.192.0/23 maxlen: 24
                          87.121.62.0/24 maxlen: 24
                          87.121.63.0/24 maxlen: 24
                          87.121.114.0/23 maxlen: 24
                          87.121.114.0/24 maxlen: 24
                          87.121.115.0/24 maxlen: 24
                          87.121.221.0/24 maxlen: 24
                          92.249.50.0/24 maxlen: 24
                          93.123.100.0/23 maxlen: 24
                          93.123.109.0/24 maxlen: 24
                          94.156.188.0/24 maxlen: 32
                          147.78.101.0/24 maxlen: 24
                          185.218.84.0/22 maxlen: 24
                          185.222.160.0/24 maxlen: 24
                          185.246.221.0/24 maxlen: 24
                          185.252.177.0/24 maxlen: 24
                          194.55.186.0/24 maxlen: 24
                          194.169.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Jul 2026 06:51:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:1c:72:ab:96:9b:5d:88:9e:d8:46:06:03:6a:68:d7:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul  1 06:51:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3bcd80f6e05d41e55ceb17ccf53ecfbd39651474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8d:be:2c:52:9f:61:99:4f:2c:0d:50:96:7e:
                    14:5b:98:1a:18:4a:d7:81:47:d4:17:57:9e:1c:ba:
                    cc:af:59:a4:27:85:e3:65:46:1f:a4:4e:ee:67:25:
                    24:de:fb:e6:2f:b3:d8:4e:49:5f:23:dc:94:6a:b5:
                    a6:50:8c:cb:65:71:87:cc:ee:38:dd:b0:bc:21:d1:
                    2e:ba:09:21:f6:57:ef:52:67:bd:48:b6:52:4c:fa:
                    72:59:18:71:5b:6e:fe:6f:b9:e2:33:3a:49:77:b7:
                    6c:df:66:66:9f:9b:ad:ac:b6:d0:d1:2c:70:b5:66:
                    6d:cc:25:cd:02:31:0a:f3:36:6f:25:62:1a:71:59:
                    2e:70:49:a6:11:70:a0:bc:0f:e6:2a:b1:4e:d7:40:
                    05:4e:79:2e:c4:ed:da:ba:54:4f:f1:a1:d7:5c:2e:
                    6c:fe:de:f5:78:41:10:05:4d:1c:3a:bb:17:46:01:
                    21:0d:b4:2f:08:91:c1:07:73:c1:79:83:06:01:43:
                    fb:ec:89:4a:98:f5:e9:8e:67:d7:b4:d3:a1:0e:df:
                    55:a1:9f:6e:a4:c2:6e:12:8a:77:ac:4c:a3:f4:3f:
                    de:83:78:0f:6d:df:2f:0e:a1:3f:9a:40:d0:9f:51:
                    60:c3:c8:02:1f:c3:c8:97:ec:05:3d:c8:a9:66:29:
                    93:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:CD:80:F6:E0:5D:41:E5:5C:EB:17:CC:F5:3E:CF:BD:39:65:14:74
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/O82A9uBdQeVc6xfM9T7PvTllFHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.128.0/24
                  45.66.228.0/24
                  45.66.231.0/24
                  45.89.247.0/24
                  45.91.194.0/24
                  45.129.85.0/24
                  45.141.158.0/24
                  81.161.238.0/24
                  83.143.113.0/24
                  85.217.130.0/23
                  87.120.87.0/24
                  87.120.126.0/24
                  87.120.166.0/24
                  87.120.192.0/23
                  87.121.62.0/23
                  87.121.114.0/23
                  87.121.221.0/24
                  92.249.50.0/24
                  93.123.100.0/23
                  93.123.109.0/24
                  94.156.188.0/24
                  147.78.101.0/24
                  185.218.84.0/22
                  185.222.160.0/24
                  185.246.221.0/24
                  185.252.177.0/24
                  194.55.186.0/24
                  194.169.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:fe:c4:d9:09:f7:59:42:a8:a0:9b:88:54:64:07:51:3f:4d:
         52:22:52:3a:e6:f6:a7:8c:5c:fa:a0:e9:15:cb:bd:d0:49:e2:
         8b:9f:f8:f8:d9:89:71:c2:83:bf:a7:df:19:af:87:ca:a3:c8:
         2e:c5:c3:e7:96:93:af:20:5f:df:8e:36:5d:53:87:9f:a2:7d:
         90:a7:c8:4e:e4:69:f4:9d:10:df:a0:8d:2b:da:32:2f:41:f9:
         2e:d1:58:72:a3:2e:06:3e:05:b2:34:1d:e2:6b:66:e6:98:ad:
         2a:66:fd:cb:49:48:91:bb:cb:c9:2d:22:de:92:06:f1:86:7a:
         1b:c2:83:ad:27:eb:22:df:77:c5:61:bf:da:fe:c0:b4:3a:eb:
         b6:b1:63:c3:de:d8:c0:e6:36:b4:1a:21:69:19:a0:37:de:3e:
         0b:c5:a7:f1:8d:b9:ac:51:70:fd:06:a3:d5:6b:1b:75:df:c5:
         45:79:21:ae:4b:95:4c:bf:b3:74:f1:63:96:cc:11:d1:38:d6:
         d6:d0:99:05:85:54:a3:da:0f:ba:93:21:96:d4:9d:d7:31:6e:
         57:eb:ed:ae:b7:63:cb:2b:70:06:11:ae:70:f2:47:7f:8d:9e:
         47:30:ef:83:cc:42:d4:3f:17:d9:91:a8:b0:5d:e2:86:15:8f:
         65:98:9f:f8
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAZ8ccquWm12InthGBgNqaNfLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNzAxMDY1MTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmNkODBmNmUwNWQ0MWU1NWNlYjE3Y2NmNTNlY2ZiZDM5NjUxNDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApo2+LFKfYZlPLA1Qln4UW5gaGErX
gUfUF1eeHLrMr1mkJ4XjZUYfpE7uZyUk3vvmL7PYTklfI9yUarWmUIzLZXGHzO44
3bC8IdEuugkh9lfvUme9SLZSTPpyWRhxW27+b7niMzpJd7ds32Zmn5utrLbQ0Sxw
tWZtzCXNAjEK8zZvJWIacVkucEmmEXCgvA/mKrFO10AFTnkuxO3aulRP8aHXXC5s
/t71eEEQBU0cOrsXRgEhDbQvCJHBB3PBeYMGAUP77IlKmPXpjmfXtNOhDt9VoZ9u
pMJuEop3rEyj9D/eg3gPbd8vDqE/mkDQn1Fgw8gCH8PIl+wFPcipZimTWQIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFDvNgPbgXUHlXOsXzPU+z705ZRR0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTzgyQTl1QmRRZVZjNnhmTTlUN1B2VGxsRkhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBrwQCAAEwgagDBAAl
i4ADBAAtQuQDBAAtQucDBAAtWfcDBAAtW8IDBAAtgVUDBAAtjZ4DBABRoe4DBABT
j3EDBAFV2YIDBABXeFcDBABXeH4DBABXeKYDBAFXeMADBAFXeT4DBAFXeXIDBABX
ed0DBABc+TIDBAFde2QDBABde20DBABenLwDBACTTmUDBAK52lQDBAC53qADBAC5
9t0DBAC5/LEDBADCN7oDBADCqa8wDQYJKoZIhvcNAQELBQADggEBAFj+xNkJ91lC
qKCbiFRkB1E/TVIiUjrm9qeMXPqg6RXLvdBJ4ouf+PjZiXHCg7+n3xmvh8qjyC7F
w+eWk68gX9+ONl1Th5+ifZCnyE7kafSdEN+gjSvaMi9B+S7RWHKjLgY+BbI0HeJr
ZuaYrSpm/ctJSJG7y8ktIt6SBvGGehvCg60n6yLfd8Vhv9r+wLQ667axY8Pe2MDm
NrQaIWkZoDfePgvFp/GNuaxRcP0Go9VrG3XfxUV5Ia5LlUy/s3TxY5bMEdE41tbQ
mQWFVKPaD7qTIZbUndcxblfr7a63Y8srcAYRrnDyR3+Nnkcw74PMQtQ/F9mRqLBd
4oYVj2WYn/g=
-----END CERTIFICATE-----
Generated at Wed Jul 1 10:51:37 2026 by rpki-client