Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/FEcS4r4exxMjD0nglmKeIAtctK4.roa
File:                     FEcS4r4exxMjD0nglmKeIAtctK4.roa (raw, json)
Hash identifier:          +HFzMpDrNpue0Xiy7JUR7oMq1bW3JIOW3LrAITAVXg0=
Subject key identifier:   14:47:12:E2:BE:1E:C7:13:23:0F:49:E0:96:62:9E:20:0B:5C:B4:AE
Certificate issuer:       /CN=70bf553042f1a43827dc034500bbd1068a7297ca
Certificate serial:       0197C06E97F1AB687CDC391E297CCDA96C9A
Authority key identifier: 70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/FEcS4r4exxMjD0nglmKeIAtctK4.roa
Signing time:             Mon 30 Jun 2025 10:42:42 +0000
ROA not before:           Mon 30 Jun 2025 10:42:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207137
IP address blocks:        185.135.45.0/24 maxlen: 24
                          2a13:240::/48 maxlen: 48
                          2a13:240:1::/48 maxlen: 48
                          2a13:240:2::/48 maxlen: 48
                          2a13:240:3::/48 maxlen: 48
                          2a13:240:4::/48 maxlen: 48
                          2a13:240:5::/48 maxlen: 48
                          2a13:240:6::/48 maxlen: 48
                          2a13:240:7::/48 maxlen: 48
                          2a13:240:8::/48 maxlen: 48
                          2a13:240:9::/48 maxlen: 48
                          2a13:240:a::/48 maxlen: 48
                          2a13:240:b::/48 maxlen: 48
                          2a13:240:c::/48 maxlen: 48
                          2a13:240:d::/48 maxlen: 48
                          2a13:240:4200::/40 maxlen: 40
                          2a13:240:4300::/40 maxlen: 40
                          2a13:240:4400::/40 maxlen: 40
                          2a13:240:4500::/40 maxlen: 40
                          2a13:240:4600::/40 maxlen: 40
                          2a13:240:4700::/40 maxlen: 40
                          2a13:240:4800::/40 maxlen: 40
                          2a13:240:4900::/40 maxlen: 40
                          2a13:240:4a00::/40 maxlen: 40
                          2a13:240:4b00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c0:6e:97:f1:ab:68:7c:dc:39:1e:29:7c:cd:a9:6c:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bf553042f1a43827dc034500bbd1068a7297ca
        Validity
            Not Before: Jun 30 10:42:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=144712e2be1ec713230f49e096629e200b5cb4ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:dd:12:81:e0:52:ef:96:1a:af:79:b1:a4:bc:
                    1a:2e:bf:ce:c8:db:2c:12:2f:fc:c5:12:46:2c:1f:
                    d6:67:75:23:dd:90:2e:3a:d4:63:bd:00:cc:88:40:
                    ee:58:cc:91:df:db:5a:87:f2:d2:78:9c:cf:88:91:
                    94:24:3f:03:d1:8e:40:12:da:05:15:e3:7e:4c:6a:
                    7e:ae:15:38:79:30:d2:c8:3b:7a:3e:7e:1a:dd:4a:
                    4a:eb:67:f0:64:21:6c:25:15:25:48:3b:c2:10:f6:
                    82:9a:fa:bf:2e:06:e2:3e:0a:9d:eb:cc:0a:f5:07:
                    ee:d5:5a:84:a4:8b:9c:6e:2a:0b:38:98:ea:15:f7:
                    70:b6:b2:2d:ea:28:76:66:f0:51:51:56:71:41:26:
                    57:06:bc:a9:dc:0f:a1:7c:37:ac:32:07:66:55:90:
                    2a:92:ac:25:36:e0:f0:0d:bc:ac:92:60:5b:40:29:
                    15:a3:cb:26:92:2e:64:ac:99:21:bd:80:86:2b:d0:
                    80:e0:77:11:ed:6d:f4:54:d9:2a:22:01:f6:35:cf:
                    26:9d:53:0f:9b:a1:29:5d:5a:e9:d4:d3:c0:17:ee:
                    93:fc:15:80:e3:3f:1a:be:50:33:85:93:04:ca:90:
                    50:49:40:85:fd:69:08:78:25:5b:10:ee:99:e1:d5:
                    9c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:47:12:E2:BE:1E:C7:13:23:0F:49:E0:96:62:9E:20:0B:5C:B4:AE
            X509v3 Authority Key Identifier:
                keyid:70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/FEcS4r4exxMjD0nglmKeIAtctK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.45.0/24
                IPv6:
                  2a13:240::-2a13:240:d:ffff:ffff:ffff:ffff:ffff
                  2a13:240:4200::-2a13:240:4bff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1b:58:72:d6:3a:db:fb:65:53:c6:e2:73:f2:df:8e:a6:72:b3:
         02:4f:ff:d7:3f:8a:d3:f6:78:ba:33:14:0b:30:d8:bc:24:ff:
         13:36:56:d6:36:20:c7:cd:d8:d0:83:5f:40:ac:76:7b:d9:42:
         be:a7:3d:85:f3:0e:f6:84:30:60:d0:c4:7d:ab:49:c2:ec:51:
         bd:b7:e2:14:bf:72:6f:c2:55:d0:5c:e8:5f:80:8c:ba:56:e2:
         72:69:6c:e8:6e:e7:b9:61:25:32:cc:9d:f8:a0:e5:89:d2:e6:
         be:19:a6:0c:43:13:01:f0:92:d9:c9:34:c0:b4:82:b5:58:08:
         cb:02:32:39:18:db:7d:44:13:db:ea:3b:82:c0:4b:b0:16:3b:
         12:e5:b6:68:9a:47:5d:1a:e6:2f:24:d6:6b:d6:da:7d:f4:f3:
         5d:5a:fe:76:2d:32:bd:f2:c6:9c:fa:9f:f7:67:50:53:e5:44:
         91:ba:2b:1d:e8:3e:aa:1c:86:eb:d5:91:82:c8:8c:f1:b7:e6:
         64:6e:ad:60:f7:5f:3c:04:96:05:61:ae:20:c3:42:a3:e4:79:
         6a:a9:e7:ea:85:1b:3a:56:6f:23:cb:8f:37:99:ee:48:7f:7f:
         02:4a:e0:8a:02:f6:58:d8:17:14:b8:eb:04:97:79:c4:87:36:
         38:18:4d:20
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZfAbpfxq2h83DkeKXzNqWyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmY1NTMwNDJmMWE0MzgyN2RjMDM0NTAwYmJkMTA2OGE3
Mjk3Y2EwHhcNMjUwNjMwMTA0MjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDQ3MTJlMmJlMWVjNzEzMjMwZjQ5ZTA5NjYyOWUyMDBiNWNiNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArd0SgeBS75Yar3mxpLwaLr/OyNss
Ei/8xRJGLB/WZ3Uj3ZAuOtRjvQDMiEDuWMyR39tah/LSeJzPiJGUJD8D0Y5AEtoF
FeN+TGp+rhU4eTDSyDt6Pn4a3UpK62fwZCFsJRUlSDvCEPaCmvq/LgbiPgqd68wK
9Qfu1VqEpIucbioLOJjqFfdwtrIt6ih2ZvBRUVZxQSZXBryp3A+hfDesMgdmVZAq
kqwlNuDwDbyskmBbQCkVo8smki5krJkhvYCGK9CA4HcR7W30VNkqIgH2Nc8mnVMP
m6EpXVrp1NPAF+6T/BWA4z8avlAzhZMEypBQSUCF/WkIeCVbEO6Z4dWctwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFBRHEuK+HscTIw9J4JZiniALXLSuMB8GA1UdIwQY
MBaAFHC/VTBC8aQ4J9wDRQC70QaKcpfKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYt
NTM1ODQwMWZiNzk2LzEvRkVjUzRyNGV4eE1qRDBuZ2xtS2VJQXRjdEs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYtNTM1ODQwMWZiNzk2
LzEvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAMBAIAATAGAwQAuYctMCoE
AgACMCQwEAMFBioTAkADBwEqEwJAAAwwEAMGASoTAkBCAwYCKhMCQEgwDQYJKoZI
hvcNAQELBQADggEBABtYctY62/tlU8bic/LfjqZyswJP/9c/itP2eLozFAsw2Lwk
/xM2VtY2IMfN2NCDX0CsdnvZQr6nPYXzDvaEMGDQxH2rScLsUb234hS/cm/CVdBc
6F+AjLpW4nJpbOhu57lhJTLMnfig5YnS5r4ZpgxDEwHwktnJNMC0grVYCMsCMjkY
231EE9vqO4LAS7AWOxLltmiaR10a5i8k1mvW2n30811a/nYtMr3yxpz6n/dnUFPl
RJG6Kx3oPqochuvVkYLIjPG35mRurWD3XzwElgVhriDDQqPkeWqp5+qFGzpWbyPL
jzeZ7kh/fwJK4IoC9ljYFxS46wSXecSHNjgYTSA=
-----END CERTIFICATE-----
Generated at Wed Jul 23 04:20:21 2025 by rpki-client