Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/v9qbF4LYUnhnpR0EOPiha8K3YB4.roa
File:                     v9qbF4LYUnhnpR0EOPiha8K3YB4.roa (raw, json)
Hash identifier:          D6yRkwvsYTKHCx+d4L0SAcGasfUnTpr7jrIeGf0l2G0=
Subject key identifier:   BF:DA:9B:17:82:D8:52:78:67:A5:1D:04:38:F8:A1:6B:C2:B7:60:1E
Certificate issuer:       /CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Certificate serial:       0196CD685B4395A809AF2AE59EAF91498803
Authority key identifier: A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/v9qbF4LYUnhnpR0EOPiha8K3YB4.roa
Signing time:             Wed 14 May 2025 06:08:10 +0000
ROA not before:           Wed 14 May 2025 06:08:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51191
IP address blocks:        130.185.104.0/21 maxlen: 21
                          185.24.68.0/22 maxlen: 22
                          185.108.216.0/22 maxlen: 22
                          195.138.240.0/21 maxlen: 21
                          195.138.241.0/24 maxlen: 24
                          195.138.244.0/24 maxlen: 24
                          2a01:4a0:2000::/48 maxlen: 48
                          2a01:4a0:2001::/48 maxlen: 48
                          2a01:4a0:2002::/48 maxlen: 48
                          2a06:4b00::/29 maxlen: 29
                          2a06:4b01:3300::/40 maxlen: 48
                          2a06:4b01:3400::/40 maxlen: 48
                          2a06:4b01:3500::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 19:25:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cd:68:5b:43:95:a8:09:af:2a:e5:9e:af:91:49:88:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
        Validity
            Not Before: May 14 06:08:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bfda9b1782d8527867a51d0438f8a16bc2b7601e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2e:cb:de:75:78:ed:e4:59:82:c8:f5:9e:e5:
                    2c:6e:ab:28:55:38:c0:77:7c:97:10:43:57:6f:b4:
                    42:bf:65:71:5b:b6:8c:82:11:4a:6d:84:eb:b0:d3:
                    cb:ce:9f:bf:0e:7b:b2:2a:c0:e9:9d:29:4a:23:74:
                    17:82:21:04:2c:96:63:49:5d:55:ae:b3:03:8f:c5:
                    ce:e6:a5:51:99:8b:06:54:3f:49:a7:e6:18:40:f4:
                    e1:99:70:75:7e:6f:61:77:a9:7c:9c:51:e1:c4:28:
                    65:b0:6c:50:3e:18:de:90:d7:a1:e6:5b:9e:10:4b:
                    83:2a:d9:1d:c2:3d:8f:de:d4:63:a7:04:b0:94:d2:
                    a4:f0:90:64:6a:cf:cf:9b:5b:cd:d2:7b:ed:87:7c:
                    b6:ee:ee:55:e0:f8:1a:71:20:93:f4:eb:e1:0d:ff:
                    ae:fa:6b:80:4f:e5:b4:a8:6f:30:ec:2d:79:41:8e:
                    f4:4f:60:dc:15:21:35:2e:9a:a3:66:6f:d6:1e:41:
                    41:a2:f4:76:64:65:73:20:2b:03:b8:95:7a:2b:33:
                    25:54:cf:f3:e8:51:7b:ff:b6:d9:23:b2:1e:ae:c6:
                    2a:b6:33:0e:60:1f:a0:ed:7e:35:47:a3:76:37:bb:
                    56:6a:d2:6b:50:61:5a:c9:9c:95:8a:dc:5b:a6:8a:
                    71:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:DA:9B:17:82:D8:52:78:67:A5:1D:04:38:F8:A1:6B:C2:B7:60:1E
            X509v3 Authority Key Identifier:
                keyid:A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/v9qbF4LYUnhnpR0EOPiha8K3YB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.104.0/21
                  185.24.68.0/22
                  185.108.216.0/22
                  195.138.240.0/21
                IPv6:
                  2a01:4a0:2000::-2a01:4a0:2002:ffff:ffff:ffff:ffff:ffff
                  2a06:4b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:3d:59:4c:18:c3:1c:55:35:af:84:ad:2c:f2:f5:9c:f4:0d:
         be:7d:64:03:1a:28:38:92:34:16:02:6c:82:84:a6:88:34:05:
         1a:92:83:04:a7:6a:e3:9e:ef:80:d2:c2:1d:94:21:fa:6d:6f:
         f2:c0:3a:e9:0c:19:6e:41:74:bd:75:9e:c7:0d:f3:47:62:14:
         ce:10:2b:25:69:72:71:95:f3:c4:7e:37:74:2a:bb:e7:05:36:
         b1:c2:c9:d9:a5:6a:58:c3:4d:79:4d:7f:f2:ba:ea:c3:ae:f8:
         02:d8:8a:b9:1b:cf:53:de:f9:9a:ef:b0:39:ea:bd:fb:ae:cf:
         fa:e5:de:c8:40:78:2d:d4:66:f5:d8:2e:d0:97:bd:73:95:7b:
         cb:cf:f1:fc:05:34:d9:e4:da:4d:59:51:ab:45:8e:78:da:43:
         d0:14:d0:57:e2:8a:67:a2:bd:40:f2:1a:f9:b8:1f:ec:a1:8f:
         3b:ca:a4:f8:64:5d:b4:e6:ba:ba:a7:3f:22:36:0b:f5:fb:49:
         6f:a2:5f:d1:c9:ed:4b:61:17:d0:13:37:8c:08:2d:71:55:c5:
         11:21:d2:2a:23:12:73:cd:14:99:77:84:ac:5c:f1:f1:20:23:
         28:6b:fd:4e:ad:d7:22:2b:22:ea:ad:5f:af:d7:cc:a5:bd:85:
         24:b5:65:f3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZbNaFtDlagJryrlnq+RSYgDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Yjc1YjY0ZDVkYTE3ZDcwYmJhYmQ4MTFhMzlhNjAyZGRh
Zjk2M2EwHhcNMjUwNTE0MDYwODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmRhOWIxNzgyZDg1Mjc4NjdhNTFkMDQzOGY4YTE2YmMyYjc2MDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtS7L3nV47eRZgsj1nuUsbqsoVTjA
d3yXEENXb7RCv2VxW7aMghFKbYTrsNPLzp+/DnuyKsDpnSlKI3QXgiEELJZjSV1V
rrMDj8XO5qVRmYsGVD9Jp+YYQPThmXB1fm9hd6l8nFHhxChlsGxQPhjekNeh5lue
EEuDKtkdwj2P3tRjpwSwlNKk8JBkas/Pm1vN0nvth3y27u5V4PgacSCT9OvhDf+u
+muAT+W0qG8w7C15QY70T2DcFSE1LpqjZm/WHkFBovR2ZGVzICsDuJV6KzMlVM/z
6FF7/7bZI7IersYqtjMOYB+g7X41R6N2N7tWatJrUGFayZyVitxbpopxqwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFL/amxeC2FJ4Z6UdBDj4oWvCt2AeMB8GA1UdIwQY
MBaAFKm3W2TV2hfXC7q9gRo5pgLdr5Y6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUt
OWIxMTgwNGVjZDM5LzEvdjlxYkY0TFlVbmhucFIwRU9QaWhhOEszWUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUtOWIxMTgwNGVjZDM5
LzEvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAeBAIAATAYAwQDgrloAwQC
uRhEAwQCuWzYAwQDw4rwMCAEAgACMBowEQMGBSoBBKAgAwcAKgEEoCACAwUDKgZL
ADANBgkqhkiG9w0BAQsFAAOCAQEATz1ZTBjDHFU1r4StLPL1nPQNvn1kAxooOJI0
FgJsgoSmiDQFGpKDBKdq457vgNLCHZQh+m1v8sA66QwZbkF0vXWexw3zR2IUzhAr
JWlycZXzxH43dCq75wU2scLJ2aVqWMNNeU1/8rrqw674AtiKuRvPU975mu+wOeq9
+67P+uXeyEB4LdRm9dgu0Je9c5V7y8/x/AU02eTaTVlRq0WOeNpD0BTQV+KKZ6K9
QPIa+bgf7KGPO8qk+GRdtOa6uqc/IjYL9ftJb6Jf0cntS2EX0BM3jAgtcVXFESHS
KiMSc80UmXeErFzx8SAjKGv9Tq3XIisi6q1fr9fMpb2FJLVl8w==
-----END CERTIFICATE-----
Generated at Tue Jun 10 02:03:46 2025 by rpki-client