Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/2K6387yyM5gxakFjGUcn1KUMQ58.roa
File:                     2K6387yyM5gxakFjGUcn1KUMQ58.roa (raw, json)
Hash identifier:          KwEJI06hkpRX+nj9eXMKKI3vC9xa4ElKQ9FhYTbVyds=
Subject key identifier:   D8:AE:B7:F3:BC:B2:33:98:31:6A:41:63:19:47:27:D4:A5:0C:43:9F
Certificate issuer:       /CN=aa5b471d0ba089d9e9f46c291319674fac8128d0
Certificate serial:       019725A6C1BB29E39D3BAD1368155DBF6ADC
Authority key identifier: AA:5B:47:1D:0B:A0:89:D9:E9:F4:6C:29:13:19:67:4F:AC:81:28:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/2K6387yyM5gxakFjGUcn1KUMQ58.roa
Signing time:             Sat 31 May 2025 09:22:55 +0000
ROA not before:           Sat 31 May 2025 09:22:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207922
IP address blocks:        185.83.126.0/23 maxlen: 23
                          195.26.8.0/24 maxlen: 24
                          195.28.6.0/23 maxlen: 23
                          195.28.7.0/24 maxlen: 24
                          2a05:9b40::/29 maxlen: 29
                          2a0f:4a40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 12:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:25:a6:c1:bb:29:e3:9d:3b:ad:13:68:15:5d:bf:6a:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa5b471d0ba089d9e9f46c291319674fac8128d0
        Validity
            Not Before: May 31 09:22:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8aeb7f3bcb23398316a4163194727d4a50c439f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6d:39:c2:33:c0:68:a0:4d:51:c9:3b:22:34:
                    d7:6b:fb:b2:5d:4c:43:c9:96:ab:bc:13:ae:80:24:
                    d1:df:15:5f:8a:6e:e1:eb:21:ee:c8:00:ed:15:d3:
                    4a:b5:89:19:f9:11:58:e8:76:12:0d:d8:92:41:b5:
                    d0:4f:43:5b:a6:63:46:77:99:81:74:6b:3f:e1:f8:
                    04:66:9e:7c:f0:e0:d0:89:48:b7:d9:70:59:55:5a:
                    b6:85:8f:90:cc:35:31:1b:52:94:b6:53:97:d2:ba:
                    6c:45:b0:ae:96:3a:a7:49:dc:15:6a:73:a9:4b:04:
                    f1:70:56:2d:b3:54:39:be:d3:f9:7b:cd:70:18:28:
                    5b:9e:02:57:11:62:32:4d:e7:f9:5a:69:cb:91:a1:
                    55:60:ad:86:1a:5d:67:fa:0b:f7:54:92:33:4f:98:
                    89:fc:22:af:82:7d:7e:3f:e7:29:c9:36:72:53:b8:
                    8c:7c:ca:56:6f:9a:45:65:b3:27:21:d1:14:28:74:
                    ed:06:a1:d1:94:77:e1:9e:80:55:3c:5d:b2:e1:f7:
                    5b:ef:57:31:83:09:81:ea:03:67:6a:90:1a:b5:46:
                    dd:40:a2:2d:5e:a7:fa:ab:6d:19:dc:ce:a1:45:ba:
                    4a:83:70:a8:ae:e0:64:2c:55:7e:3e:2d:e9:ae:30:
                    95:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:AE:B7:F3:BC:B2:33:98:31:6A:41:63:19:47:27:D4:A5:0C:43:9F
            X509v3 Authority Key Identifier:
                keyid:AA:5B:47:1D:0B:A0:89:D9:E9:F4:6C:29:13:19:67:4F:AC:81:28:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/2K6387yyM5gxakFjGUcn1KUMQ58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.126.0/23
                  195.26.8.0/24
                  195.28.6.0/23
                IPv6:
                  2a05:9b40::/29
                  2a0f:4a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:12:74:8e:c4:ff:f3:d7:39:b8:d4:15:bf:72:cb:3e:c7:1b:
         ff:2b:be:07:e2:8c:be:d8:f2:bb:8b:f5:f6:00:4d:6f:cd:98:
         fb:de:8d:f6:a5:36:32:f0:62:30:c4:c4:29:0e:89:1c:ed:ed:
         09:4d:d9:40:fc:0a:0d:c0:9c:e5:be:78:ca:66:0f:0e:ce:b8:
         29:5a:09:e3:50:f7:3d:da:32:0d:e5:ab:4e:6f:24:69:32:44:
         da:09:d3:55:a4:0f:84:04:fc:52:7c:a9:91:58:98:08:a7:2e:
         f7:b0:50:82:46:7d:6b:f1:1b:59:f1:1b:dd:8d:16:c2:c0:b8:
         62:a3:02:c6:91:ce:17:4e:bf:e4:63:e1:4f:ca:46:6a:bb:29:
         08:16:60:ee:ff:2f:94:26:38:23:91:24:d5:0a:89:4c:8c:8d:
         0d:5f:aa:f0:eb:bd:a0:03:37:8e:82:fd:7a:bf:f6:eb:a3:63:
         a4:7b:17:8b:6d:cf:b7:c9:c2:67:53:6c:10:3d:5d:9f:2e:b2:
         ca:04:3d:54:ef:cf:3f:9e:ae:10:dc:50:b2:77:e7:11:eb:e5:
         84:22:51:70:89:21:b8:a4:4c:56:8f:36:70:05:3d:46:67:1e:
         69:89:87:0c:55:ed:91:d1:bb:e5:8c:3b:9a:49:9c:8d:33:4b:
         a4:ad:92:df
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZclpsG7KeOdO60TaBVdv2rcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNWI0NzFkMGJhMDg5ZDllOWY0NmMyOTEzMTk2NzRmYWM4
MTI4ZDAwHhcNMjUwNTMxMDkyMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGFlYjdmM2JjYjIzMzk4MzE2YTQxNjMxOTQ3MjdkNGE1MGM0MzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjW05wjPAaKBNUck7IjTXa/uyXUxD
yZarvBOugCTR3xVfim7h6yHuyADtFdNKtYkZ+RFY6HYSDdiSQbXQT0NbpmNGd5mB
dGs/4fgEZp588ODQiUi32XBZVVq2hY+QzDUxG1KUtlOX0rpsRbCuljqnSdwVanOp
SwTxcFYts1Q5vtP5e81wGChbngJXEWIyTef5WmnLkaFVYK2GGl1n+gv3VJIzT5iJ
/CKvgn1+P+cpyTZyU7iMfMpWb5pFZbMnIdEUKHTtBqHRlHfhnoBVPF2y4fdb71cx
gwmB6gNnapAatUbdQKItXqf6q20Z3M6hRbpKg3CoruBkLFV+Pi3prjCVywIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFNiut/O8sjOYMWpBYxlHJ9SlDEOfMB8GA1UdIwQY
MBaAFKpbRx0LoInZ6fRsKRMZZ0+sgSjQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWx0SEhRdWdpZG5wOUd3cEV4bG5UNnlCS05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS80YmUwMjctODhlOS00N2UzLWJiODgt
NmYyZTI1MjliZTgyLzEvMks2Mzg3eXlNNWd4YWtGakdVY24xS1VNUTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS80YmUwMjctODhlOS00N2UzLWJiODgtNmYyZTI1MjliZTgy
LzEvcWx0SEhRdWdpZG5wOUd3cEV4bG5UNnlCS05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQBuVN+AwQA
wxoIAwQBwxwGMBQEAgACMA4DBQMqBZtAAwUDKg9KQDANBgkqhkiG9w0BAQsFAAOC
AQEAHxJ0jsT/89c5uNQVv3LLPscb/yu+B+KMvtjyu4v19gBNb82Y+96N9qU2MvBi
MMTEKQ6JHO3tCU3ZQPwKDcCc5b54ymYPDs64KVoJ41D3PdoyDeWrTm8kaTJE2gnT
VaQPhAT8UnypkViYCKcu97BQgkZ9a/EbWfEb3Y0WwsC4YqMCxpHOF06/5GPhT8pG
arspCBZg7v8vlCY4I5Ek1QqJTIyNDV+q8Ou9oAM3joL9er/266NjpHsXi23Pt8nC
Z1NsED1dny6yygQ9VO/PP56uENxQsnfnEevlhCJRcIkhuKRMVo82cAU9RmceaYmH
DFXtkdG75Yw7mkmcjTNLpK2S3w==
-----END CERTIFICATE-----
Generated at Tue Jun 10 19:30:38 2025 by rpki-client