Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/StqYfznXE-QPiA-TOmLGA4FrAS8.roa
File:                     StqYfznXE-QPiA-TOmLGA4FrAS8.roa (raw, json)
Hash identifier:          h5TKEuBn2q4c0zbHABA+TvU5nsvIwHYwDNRGaJto+e8=
Subject key identifier:   4A:DA:98:7F:39:D7:13:E4:0F:88:0F:93:3A:62:C6:03:81:6B:01:2F
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       019F037FD23ECD075A0F869C63F6CF6F4537
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/StqYfznXE-QPiA-TOmLGA4FrAS8.roa
Signing time:             Fri 26 Jun 2026 10:35:36 +0000
ROA not before:           Fri 26 Jun 2026 10:35:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12741
IP address blocks:        189.81.28.0/23 maxlen: 23
                          189.81.36.0/23 maxlen: 23
                          189.81.40.0/23 maxlen: 23
                          189.81.44.0/23 maxlen: 23
                          189.81.48.0/23 maxlen: 23
                          189.81.54.0/23 maxlen: 23
                          189.81.58.0/23 maxlen: 23
                          189.81.62.0/23 maxlen: 23
                          189.81.66.0/23 maxlen: 23
                          189.81.74.0/23 maxlen: 23
                          189.81.78.0/23 maxlen: 23
                          189.81.80.0/23 maxlen: 23
                          189.81.242.0/23 maxlen: 23
                          189.81.243.0/24 maxlen: 24
                          189.81.246.0/23 maxlen: 23
                          189.81.250.0/23 maxlen: 23
                          189.81.254.0/23 maxlen: 23
                          205.188.220.0/23 maxlen: 23
                          205.188.222.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Jul 2026 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:03:7f:d2:3e:cd:07:5a:0f:86:9c:63:f6:cf:6f:45:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Jun 26 10:35:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ada987f39d713e40f880f933a62c603816b012f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:11:50:78:f4:72:62:4e:82:8d:d9:73:2c:8e:
                    3f:d2:7c:5f:65:75:1b:5e:12:d9:d1:fc:0c:76:bb:
                    2a:0e:0b:2c:c8:bb:ea:e0:e8:15:8c:4d:a4:d5:a4:
                    15:c3:d7:62:b5:ce:6a:92:d0:16:35:c8:0f:c9:a0:
                    40:9a:8e:9a:3e:78:d3:a7:e1:28:27:49:be:59:c8:
                    0c:db:d4:8c:f9:31:c2:25:32:f6:19:4e:34:c0:f0:
                    4a:ec:28:be:e8:4f:1c:09:01:ed:c3:4a:66:b1:2f:
                    1a:d1:ef:15:ff:b0:30:23:8c:0b:a5:6a:01:ed:0c:
                    0f:a4:6e:45:b2:9c:56:24:f2:62:96:ea:c3:85:73:
                    be:f0:f4:2d:16:1e:23:80:16:77:c6:a3:0a:d3:64:
                    86:c9:ff:6e:4d:d2:77:a2:95:48:b3:52:d0:76:94:
                    40:00:e9:28:c6:6c:09:3a:55:59:3d:73:0a:52:1c:
                    b3:6d:b7:63:ab:ac:7a:4b:ed:85:28:23:76:04:cc:
                    0e:86:a6:ff:b6:1b:19:05:42:42:0a:7e:9f:1f:ea:
                    a6:59:8c:b6:e0:c4:a5:63:17:54:e9:81:10:0c:91:
                    29:16:d1:8c:c0:48:1d:36:e3:31:5b:91:69:6d:7d:
                    e1:31:5f:5e:71:90:f2:9a:ee:b9:75:9b:5f:bf:b6:
                    2f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:DA:98:7F:39:D7:13:E4:0F:88:0F:93:3A:62:C6:03:81:6B:01:2F
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/StqYfznXE-QPiA-TOmLGA4FrAS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.81.28.0/23
                  189.81.36.0/23
                  189.81.40.0/23
                  189.81.44.0/23
                  189.81.48.0/23
                  189.81.54.0/23
                  189.81.58.0/23
                  189.81.62.0/23
                  189.81.66.0/23
                  189.81.74.0/23
                  189.81.78.0-189.81.81.255
                  189.81.242.0/23
                  189.81.246.0/23
                  189.81.250.0/23
                  189.81.254.0/23
                  205.188.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:7f:5e:56:ab:5e:4c:81:7e:0d:09:d7:7a:59:4f:47:dc:65:
         9d:78:01:31:80:6a:77:9e:8f:01:02:69:39:02:8f:c2:84:84:
         06:40:f0:76:f2:6c:88:16:8f:16:63:c1:b3:c0:f1:2a:83:e0:
         34:e9:f6:77:c3:df:22:eb:f2:66:c2:20:8e:3e:18:e0:41:66:
         2f:fc:64:4e:8b:d4:3e:5a:32:a3:5a:24:10:80:27:b2:93:4f:
         32:36:db:74:5a:2c:44:4d:a0:40:6d:58:9d:09:f9:ae:28:b2:
         f9:18:91:39:73:f3:af:2a:18:99:98:0c:ca:2b:a4:2d:b5:a1:
         9d:37:f8:a5:71:00:3b:71:74:57:13:e7:45:40:f3:8a:dd:4c:
         7a:01:c5:68:5a:2d:a7:2d:9b:82:90:88:7e:6b:04:7f:41:09:
         6c:fa:86:79:86:34:bb:6f:53:be:3f:3f:e4:b1:19:88:eb:9a:
         fb:cf:25:a1:60:16:7c:77:68:b2:12:7a:7d:ad:e0:3b:67:a3:
         97:00:1c:cd:6c:3a:5e:33:bf:7a:d3:05:7d:d3:47:ae:88:ff:
         e6:f6:bc:59:8d:db:b1:2f:6c:d5:af:1e:e5:ee:be:af:92:c7:
         f4:e7:72:24:48:f6:ef:39:77:ad:88:65:c2:e4:cd:5e:31:92:
         5b:96:88:a0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAZ8Df9I+zQdaD4acY/bPb0U3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjYwNjI2MTAzNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWRhOTg3ZjM5ZDcxM2U0MGY4ODBmOTMzYTYyYzYwMzgxNmIwMTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRFQePRyYk6CjdlzLI4/0nxfZXUb
XhLZ0fwMdrsqDgssyLvq4OgVjE2k1aQVw9ditc5qktAWNcgPyaBAmo6aPnjTp+Eo
J0m+WcgM29SM+THCJTL2GU40wPBK7Ci+6E8cCQHtw0pmsS8a0e8V/7AwI4wLpWoB
7QwPpG5FspxWJPJilurDhXO+8PQtFh4jgBZ3xqMK02SGyf9uTdJ3opVIs1LQdpRA
AOkoxmwJOlVZPXMKUhyzbbdjq6x6S+2FKCN2BMwOhqb/thsZBUJCCn6fH+qmWYy2
4MSlYxdU6YEQDJEpFtGMwEgdNuMxW5FpbX3hMV9ecZDymu65dZtfv7Yv8wIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFEramH851xPkD4gPkzpixgOBawEvMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvU3RxWWZ6blhFLVFQaUEtVE9tTEdBNEZyQVM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAb1RHAME
Ab1RJAMEAb1RKAMEAb1RLAMEAb1RMAMEAb1RNgMEAb1ROgMEAb1RPgMEAb1RQgME
Ab1RSjAMAwQBvVFOAwQBvVFQAwQBvVHyAwQBvVH2AwQBvVH6AwQBvVH+AwQCzbzc
MA0GCSqGSIb3DQEBCwUAA4IBAQAAf15Wq15MgX4NCdd6WU9H3GWdeAExgGp3no8B
Amk5Ao/ChIQGQPB28myIFo8WY8GzwPEqg+A06fZ3w98i6/JmwiCOPhjgQWYv/GRO
i9Q+WjKjWiQQgCeyk08yNtt0WixETaBAbVidCfmuKLL5GJE5c/OvKhiZmAzKK6Qt
taGdN/ilcQA7cXRXE+dFQPOK3Ux6AcVoWi2nLZuCkIh+awR/QQls+oZ5hjS7b1O+
Pz/ksRmI65r7zyWhYBZ8d2iyEnp9reA7Z6OXABzNbDpeM7960wV900euiP/m9rxZ
jduxL2zVrx7l7r6vksf053IkSPbvOXetiGXC5M1eMZJbloig
-----END CERTIFICATE-----
Generated at Sun Jul 5 06:20:17 2026 by rpki-client