Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/d9E6C3QPOt9u78MI9SfBmesK5F0.roa
File:                     d9E6C3QPOt9u78MI9SfBmesK5F0.roa (raw, json)
Hash identifier:          h3w+IvIr5e7qvP+/FTOi1Iivorry4KUdkg2Suq8DTl0=
Subject key identifier:   77:D1:3A:0B:74:0F:3A:DF:6E:EF:C3:08:F5:27:C1:99:EB:0A:E4:5D
Certificate issuer:       /CN=ac7670698cfaef2647fbc9a06f7380856e2b3027
Certificate serial:       0196E90265919B824AABC41616B420C92B83
Authority key identifier: AC:76:70:69:8C:FA:EF:26:47:FB:C9:A0:6F:73:80:85:6E:2B:30:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHZwaYz67yZH-8mgb3OAhW4rMCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/d9E6C3QPOt9u78MI9SfBmesK5F0.roa
Signing time:             Mon 19 May 2025 14:46:10 +0000
ROA not before:           Mon 19 May 2025 14:46:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62105
IP address blocks:        137.59.8.0/22 maxlen: 22
                          185.225.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/rHZwaYz67yZH-8mgb3OAhW4rMCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/rHZwaYz67yZH-8mgb3OAhW4rMCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rHZwaYz67yZH-8mgb3OAhW4rMCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 08:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e9:02:65:91:9b:82:4a:ab:c4:16:16:b4:20:c9:2b:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7670698cfaef2647fbc9a06f7380856e2b3027
        Validity
            Not Before: May 19 14:46:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77d13a0b740f3adf6eefc308f527c199eb0ae45d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2e:e4:07:22:c6:d5:91:75:9a:61:8c:25:07:
                    bd:32:ad:ee:8d:64:9a:03:94:4e:04:fe:9d:2b:4e:
                    03:2e:f8:9f:c7:54:93:75:91:83:d8:26:6a:cf:e4:
                    c3:1a:3e:eb:df:88:63:60:4e:57:72:db:8a:e2:e8:
                    b0:c3:77:ae:28:31:08:cc:81:33:db:dd:00:b2:c6:
                    9b:a8:76:5b:25:ba:bd:f2:d3:51:f7:1e:2e:d8:7b:
                    ba:5d:f8:5c:87:11:41:32:aa:bc:d9:e8:48:93:c4:
                    aa:e1:4e:40:00:0f:a7:05:86:5e:86:6d:d2:7e:1b:
                    2a:1c:1c:c7:ca:97:3f:3c:e8:06:85:3f:49:91:20:
                    30:6b:77:09:2b:1d:95:2d:84:45:ec:14:84:83:0c:
                    b6:0c:35:36:1e:b5:99:eb:b8:bb:56:54:da:de:af:
                    11:12:c5:70:69:90:19:d3:7b:78:2c:60:93:2e:be:
                    29:03:5d:f8:b2:99:49:e6:a5:45:98:9d:f2:00:1c:
                    37:47:41:19:82:f2:07:17:d3:36:cf:ca:77:fa:4e:
                    b6:5f:00:5d:6b:55:42:5b:fa:54:74:95:d3:ac:7d:
                    63:a7:1f:59:41:69:0a:2d:16:08:05:97:bb:5a:6e:
                    fc:27:b1:e1:b3:20:53:cd:3c:74:87:0b:ae:8c:3c:
                    77:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:D1:3A:0B:74:0F:3A:DF:6E:EF:C3:08:F5:27:C1:99:EB:0A:E4:5D
            X509v3 Authority Key Identifier:
                keyid:AC:76:70:69:8C:FA:EF:26:47:FB:C9:A0:6F:73:80:85:6E:2B:30:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHZwaYz67yZH-8mgb3OAhW4rMCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/d9E6C3QPOt9u78MI9SfBmesK5F0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/68f651-f3a6-4252-9faf-9e044092b826/1/rHZwaYz67yZH-8mgb3OAhW4rMCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.59.8.0/22
                  185.225.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cd:14:f8:79:65:a2:b4:16:22:9b:46:eb:4a:d1:a0:dd:fe:91:
         64:6d:e3:7c:e2:6e:2c:0a:19:48:6a:d4:34:5d:a3:72:56:85:
         5d:55:65:4b:3b:76:89:77:34:02:b6:7e:3f:7a:b3:9c:52:15:
         a0:a9:75:a6:f4:d1:94:40:1c:62:f1:76:bd:fc:5f:b6:2f:17:
         10:83:35:2c:d8:6f:1f:60:72:22:41:62:25:8b:a1:41:9c:f0:
         56:89:67:12:be:75:36:d2:d6:ca:f4:f5:34:9f:82:53:16:12:
         fc:c1:b8:7e:1c:09:31:54:95:93:db:76:a2:55:53:2a:48:f0:
         be:02:ef:26:c5:4b:80:10:96:22:cf:91:7d:60:87:63:85:86:
         fc:24:e2:55:3b:e7:41:37:ac:c6:ab:2e:e3:22:94:95:66:a9:
         96:fe:fd:75:62:32:0d:c4:b5:f0:82:10:ae:5a:d5:60:b0:9b:
         04:fa:9b:42:c6:8b:d9:f1:60:48:11:eb:84:49:c4:90:30:3e:
         79:f7:67:be:7c:ea:f4:5e:2f:0f:aa:f5:97:a3:9a:81:9b:a5:
         5d:96:aa:64:d0:09:5c:b3:97:fd:3b:b5:c5:77:93:43:0d:6a:
         2c:44:44:cb:ce:a7:68:0d:8f:bb:9d:92:3b:89:d3:77:0e:f3:
         42:74:6d:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbpAmWRm4JKq8QWFrQgySuDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjNzY3MDY5OGNmYWVmMjY0N2ZiYzlhMDZmNzM4MDg1NmUy
YjMwMjcwHhcNMjUwNTE5MTQ0NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2QxM2EwYjc0MGYzYWRmNmVlZmMzMDhmNTI3YzE5OWViMGFlNDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS7kByLG1ZF1mmGMJQe9Mq3ujWSa
A5ROBP6dK04DLvifx1STdZGD2CZqz+TDGj7r34hjYE5XctuK4uiww3euKDEIzIEz
290AssabqHZbJbq98tNR9x4u2Hu6XfhchxFBMqq82ehIk8Sq4U5AAA+nBYZehm3S
fhsqHBzHypc/POgGhT9JkSAwa3cJKx2VLYRF7BSEgwy2DDU2HrWZ67i7VlTa3q8R
EsVwaZAZ03t4LGCTLr4pA134splJ5qVFmJ3yABw3R0EZgvIHF9M2z8p3+k62XwBd
a1VCW/pUdJXTrH1jpx9ZQWkKLRYIBZe7Wm78J7HhsyBTzTx0hwuujDx3fQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHfROgt0Dzrfbu/DCPUnwZnrCuRdMB8GA1UdIwQY
MBaAFKx2cGmM+u8mR/vJoG9zgIVuKzAnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckhad2FZejY3eVpILThtZ2IzT0FoVzRyTUNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC82OGY2NTEtZjNhNi00MjUyLTlmYWYt
OWUwNDQwOTJiODI2LzEvZDlFNkMzUVBPdDl1NzhNSTlTZkJtZXNLNUYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC82OGY2NTEtZjNhNi00MjUyLTlmYWYtOWUwNDQwOTJiODI2
LzEvckhad2FZejY3eVpILThtZ2IzT0FoVzRyTUNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCiTsIAwQC
ueEkMA0GCSqGSIb3DQEBCwUAA4IBAQDNFPh5ZaK0FiKbRutK0aDd/pFkbeN84m4s
ChlIatQ0XaNyVoVdVWVLO3aJdzQCtn4/erOcUhWgqXWm9NGUQBxi8Xa9/F+2LxcQ
gzUs2G8fYHIiQWIli6FBnPBWiWcSvnU20tbK9PU0n4JTFhL8wbh+HAkxVJWT23ai
VVMqSPC+Au8mxUuAEJYiz5F9YIdjhYb8JOJVO+dBN6zGqy7jIpSVZqmW/v11YjIN
xLXwghCuWtVgsJsE+ptCxovZ8WBIEeuEScSQMD5592e+fOr0Xi8PqvWXo5qBm6Vd
lqpk0Alcs5f9O7XFd5NDDWosRETLzqdoDY+7nZI7idN3DvNCdG3G
-----END CERTIFICATE-----
Generated at Tue Jun 10 13:50:53 2025 by rpki-client