Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/o7sJipsVX7hwoODnd8cWMgZkYJw.roa
File:                     o7sJipsVX7hwoODnd8cWMgZkYJw.roa (raw, json)
Hash identifier:          tDJ76gPp8Zg8iAxovslvfSb506anjKYvrDEi9vUJLuA=
Subject key identifier:   A3:BB:09:8A:9B:15:5F:B8:70:A0:E0:E7:77:C7:16:32:06:64:60:9C
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       01972FE74E792DC13BA9377369F4FE9C5EED
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/o7sJipsVX7hwoODnd8cWMgZkYJw.roa
Signing time:             Mon 02 Jun 2025 09:09:37 +0000
ROA not before:           Mon 02 Jun 2025 09:09:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        92.71.2.0/23 maxlen: 24
                          92.71.4.0/23 maxlen: 24
                          92.71.26.0/23 maxlen: 24
                          92.71.28.0/22 maxlen: 24
                          92.71.48.0/21 maxlen: 24
                          92.71.56.0/22 maxlen: 24
                          92.71.62.0/23 maxlen: 24
                          135.196.4.0/24 maxlen: 24
                          135.196.24.0/23 maxlen: 24
                          135.196.28.0/23 maxlen: 24
                          135.196.88.0/23 maxlen: 24
                          135.196.102.0/23 maxlen: 24
                          135.196.132.0/23 maxlen: 24
                          135.196.156.0/23 maxlen: 24
                          135.196.164.0/23 maxlen: 24
                          135.196.172.0/23 maxlen: 24
                          135.196.176.0/23 maxlen: 24
                          213.201.154.0/23 maxlen: 24
                          213.201.166.0/23 maxlen: 24
                          213.201.174.0/23 maxlen: 24
                          213.201.182.0/23 maxlen: 24
                          213.201.186.0/23 maxlen: 24
                          213.201.190.0/23 maxlen: 24
                          213.201.194.0/23 maxlen: 24
                          213.201.196.0/23 maxlen: 24
                          213.201.208.0/23 maxlen: 24
                          213.201.214.0/23 maxlen: 24
                          213.201.218.0/23 maxlen: 24
                          213.201.222.0/23 maxlen: 24
                          213.201.226.0/23 maxlen: 24
                          213.201.228.0/23 maxlen: 24
                          213.201.234.0/23 maxlen: 24
                          213.201.238.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 14:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2f:e7:4e:79:2d:c1:3b:a9:37:73:69:f4:fe:9c:5e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun  2 09:09:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3bb098a9b155fb870a0e0e777c716320664609c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:52:dd:fa:be:eb:0c:9d:83:1d:db:75:94:11:
                    8a:ee:87:eb:5b:c1:1a:ec:01:04:8c:2f:19:b1:9a:
                    59:06:26:0b:e6:0d:99:d5:a9:54:40:03:80:80:6f:
                    2d:44:30:17:c9:76:c2:9d:fc:01:7a:47:6e:ae:35:
                    b1:90:cc:fa:fa:25:d4:23:fc:84:41:1b:b8:d7:78:
                    38:a2:27:e9:1c:6d:ac:d3:26:46:73:21:61:c2:85:
                    30:02:9f:33:7e:43:cf:02:df:c0:17:fc:05:cb:69:
                    70:7d:43:54:35:ef:30:19:36:0a:14:39:b0:79:b5:
                    ba:55:a8:fc:82:d3:a4:ff:f5:2e:76:a9:8f:e2:2b:
                    79:15:2d:29:36:de:e6:d5:da:4e:fb:88:c1:48:a0:
                    c9:c0:be:e6:78:ca:d9:ab:6e:36:ed:59:a7:6d:45:
                    e1:d6:79:0c:4b:99:f6:06:c1:77:0e:5d:7b:a3:18:
                    1d:c9:3a:54:3f:c9:27:51:c2:41:15:fb:08:4e:85:
                    a9:1e:fc:27:d0:6f:38:68:5f:df:ed:c2:b9:1d:18:
                    55:9e:d0:2b:c7:fa:61:e3:1e:7d:7a:70:0d:8a:1a:
                    73:90:9d:86:77:1a:85:7f:35:89:d5:0a:1a:19:9e:
                    a8:b4:45:e2:71:32:3e:31:b0:9e:27:73:e0:dd:d4:
                    76:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:BB:09:8A:9B:15:5F:B8:70:A0:E0:E7:77:C7:16:32:06:64:60:9C
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/o7sJipsVX7hwoODnd8cWMgZkYJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.71.2.0-92.71.5.255
                  92.71.26.0-92.71.31.255
                  92.71.48.0-92.71.59.255
                  92.71.62.0/23
                  135.196.4.0/24
                  135.196.24.0/23
                  135.196.28.0/23
                  135.196.88.0/23
                  135.196.102.0/23
                  135.196.132.0/23
                  135.196.156.0/23
                  135.196.164.0/23
                  135.196.172.0/23
                  135.196.176.0/23
                  213.201.154.0/23
                  213.201.166.0/23
                  213.201.174.0/23
                  213.201.182.0/23
                  213.201.186.0/23
                  213.201.190.0/23
                  213.201.194.0-213.201.197.255
                  213.201.208.0/23
                  213.201.214.0/23
                  213.201.218.0/23
                  213.201.222.0/23
                  213.201.226.0-213.201.229.255
                  213.201.234.0/23
                  213.201.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:0c:02:0c:9e:ab:0b:de:d0:fd:53:55:71:c0:d0:86:be:23:
         08:5f:da:53:a8:2c:9c:12:53:d1:f1:22:6c:37:37:e5:e2:bb:
         fa:94:32:ed:87:a1:4e:c8:13:aa:98:aa:cf:c7:4c:bf:13:e2:
         5c:0f:f3:80:fe:36:3e:88:1b:7f:54:69:8a:93:da:5e:cb:c2:
         0b:db:e5:37:2b:2e:69:e6:74:cf:39:2a:6d:40:4f:7b:bf:d6:
         c3:14:64:8d:65:71:76:09:26:7b:eb:a1:b3:7d:b6:9e:b3:24:
         ee:48:1a:73:e0:c2:ec:eb:64:90:f1:a3:7f:fc:62:85:37:51:
         74:93:5a:16:32:42:8c:e0:3d:e6:63:28:e0:53:4f:64:50:9a:
         73:f9:a6:f9:50:49:3d:0b:88:2e:76:57:42:23:e6:78:77:fd:
         45:85:a4:6b:92:7d:7f:9e:51:1f:a3:7d:b5:f7:74:b8:fc:37:
         75:94:bd:a3:98:e6:a4:65:7f:b4:46:42:6c:fa:07:da:ac:d7:
         c0:ee:dd:a4:5d:c4:f7:44:cb:b7:d3:61:62:29:ee:49:24:89:
         06:d7:fa:3c:f2:c0:7a:a4:6f:3a:e4:3b:90:16:8f:7b:26:55:
         06:f0:13:29:6c:16:28:cf:ac:fd:61:8d:fa:ac:39:da:8d:13:
         b6:f2:be:04
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgISAZcv5055LcE7qTdzafT+nF7tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwNjAyMDkwOTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2JiMDk4YTliMTU1ZmI4NzBhMGUwZTc3N2M3MTYzMjA2NjQ2MDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1Ld+r7rDJ2DHdt1lBGK7ofrW8Ea
7AEEjC8ZsZpZBiYL5g2Z1alUQAOAgG8tRDAXyXbCnfwBekdurjWxkMz6+iXUI/yE
QRu413g4oifpHG2s0yZGcyFhwoUwAp8zfkPPAt/AF/wFy2lwfUNUNe8wGTYKFDmw
ebW6Vaj8gtOk//UudqmP4it5FS0pNt7m1dpO+4jBSKDJwL7meMrZq2427VmnbUXh
1nkMS5n2BsF3Dl17oxgdyTpUP8knUcJBFfsIToWpHvwn0G84aF/f7cK5HRhVntAr
x/ph4x59enANihpzkJ2GdxqFfzWJ1QoaGZ6otEXicTI+MbCeJ3Pg3dR2qQIDAQAB
o4IC2DCCAtQwHQYDVR0OBBYEFKO7CYqbFV+4cKDg53fHFjIGZGCcMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvbzdzSmlwc1ZYN2h3b09EbmQ4Y1dNZ1prWUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHtBggrBgEFBQcBBwEB/wSB3TCB2jCB1wQCAAEwgdAwDAME
AVxHAgMEAVxHBDAMAwQBXEcaAwQFXEcAMAwDBARcRzADBAJcRzgDBAFcRz4DBACH
xAQDBAGHxBgDBAGHxBwDBAGHxFgDBAGHxGYDBAGHxIQDBAGHxJwDBAGHxKQDBAGH
xKwDBAGHxLADBAHVyZoDBAHVyaYDBAHVya4DBAHVybYDBAHVyboDBAHVyb4wDAME
AdXJwgMEAdXJxAMEAdXJ0AMEAdXJ1gMEAdXJ2gMEAdXJ3jAMAwQB1cniAwQB1cnk
AwQB1cnqAwQB1cnuMA0GCSqGSIb3DQEBCwUAA4IBAQCFDAIMnqsL3tD9U1VxwNCG
viMIX9pTqCycElPR8SJsNzfl4rv6lDLth6FOyBOqmKrPx0y/E+JcD/OA/jY+iBt/
VGmKk9pey8IL2+U3Ky5p5nTPOSptQE97v9bDFGSNZXF2CSZ766GzfbaesyTuSBpz
4MLs62SQ8aN//GKFN1F0k1oWMkKM4D3mYyjgU09kUJpz+ab5UEk9C4gudldCI+Z4
d/1FhaRrkn1/nlEfo32193S4/Dd1lL2jmOakZX+0RkJs+gfarNfA7t2kXcT3RMu3
02FiKe5JJIkG1/o88sB6pG865DuQFo97JlUG8BMpbBYoz6z9YY36rDnajRO28r4E
-----END CERTIFICATE-----
Generated at Tue Jun 10 17:32:10 2025 by rpki-client