Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/vAi4XnPWVuNggeUtAfCEZXDontk.roa
File:                     vAi4XnPWVuNggeUtAfCEZXDontk.roa (raw, json)
Hash identifier:          RYl6h4oTJftpVOEqSn4HEPzTH4/b0niM4jxD4+euYtU=
Subject key identifier:   BC:08:B8:5E:73:D6:56:E3:60:81:E5:2D:01:F0:84:65:70:E8:9E:D9
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       019F18F6EE9025EB8CC92E04F30A95F9CE54
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/vAi4XnPWVuNggeUtAfCEZXDontk.roa
Signing time:             Tue 30 Jun 2026 14:37:43 +0000
ROA not before:           Tue 30 Jun 2026 14:37:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48449
IP address blocks:        46.20.97.0/24 maxlen: 24
                          46.20.105.0/24 maxlen: 24
                          185.160.193.0/24 maxlen: 24
                          185.160.194.0/24 maxlen: 24
                          185.160.195.0/24 maxlen: 24
                          185.169.221.0/24 maxlen: 24
                          185.169.222.0/24 maxlen: 24
                          185.169.223.0/24 maxlen: 24
                          2a14:80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:18:f6:ee:90:25:eb:8c:c9:2e:04:f3:0a:95:f9:ce:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Jun 30 14:37:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc08b85e73d656e36081e52d01f0846570e89ed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:22:b9:1d:cc:5f:41:47:a2:58:66:53:20:ad:
                    ca:e5:a1:9d:e1:71:f3:f2:1b:72:c7:2a:70:56:96:
                    5a:fa:da:26:27:cd:8a:4a:10:30:c3:f8:6a:98:db:
                    21:02:23:7f:3d:e9:ac:28:33:eb:82:a9:a7:59:3d:
                    3c:06:c9:87:e8:2e:94:b6:13:9b:08:2a:f5:7f:16:
                    d7:c8:5e:44:87:63:d8:1d:eb:fc:3b:b2:e5:25:24:
                    3d:1c:01:93:9a:38:8b:83:c2:20:e1:91:8b:58:46:
                    e9:48:67:6e:07:78:53:61:96:5d:6b:3d:a8:39:da:
                    9d:a3:39:2c:a1:b5:9f:a7:87:2d:05:0f:20:65:06:
                    52:43:0f:35:b8:59:a9:27:87:3a:01:36:2f:47:7d:
                    9e:f3:b1:c0:a8:9d:5e:4a:20:8b:f0:96:a1:b8:0c:
                    a3:1b:b1:16:c8:9f:92:2b:d0:10:7e:2a:88:ad:95:
                    d6:c7:46:ab:6d:58:ea:02:59:a0:d6:8f:ae:6c:8d:
                    98:df:e7:5a:be:c1:ca:2d:46:5a:a4:49:dd:12:0a:
                    c6:f5:70:ee:24:c5:10:11:7a:18:14:ba:f5:0c:2a:
                    ab:3e:3b:df:5c:a8:36:74:b1:ce:7a:e5:7b:ac:55:
                    a9:05:7a:4e:f4:a6:41:33:71:46:5d:82:39:47:51:
                    1d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:08:B8:5E:73:D6:56:E3:60:81:E5:2D:01:F0:84:65:70:E8:9E:D9
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/vAi4XnPWVuNggeUtAfCEZXDontk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.97.0/24
                  46.20.105.0/24
                  185.160.193.0-185.160.195.255
                  185.169.221.0-185.169.223.255
                IPv6:
                  2a14:80::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:c0:45:26:f8:78:ff:1c:7a:f2:c8:c5:79:f9:7d:0c:e0:ac:
         96:70:61:26:43:51:2d:06:17:0b:dd:c5:ff:22:47:78:ac:6c:
         e2:83:2d:be:9d:74:66:63:be:fd:20:d4:6f:19:d2:00:57:b5:
         7f:93:16:3f:c1:60:6a:49:be:9f:9e:68:d4:04:aa:2c:d1:0a:
         00:55:04:f7:41:a3:53:dc:37:45:9f:60:ec:82:de:62:b7:d4:
         eb:96:34:a9:c6:a6:c2:b1:39:bb:63:dd:6a:b2:07:e3:92:d3:
         c8:96:f4:ca:bc:31:d6:25:3d:ec:6f:0d:61:9a:bd:79:94:09:
         e6:13:18:77:ff:5f:95:94:f4:7b:74:56:f5:9c:f1:53:1c:55:
         41:fd:a7:90:48:75:98:fa:96:53:c7:d6:1d:4b:ad:c3:18:cd:
         12:67:a5:c7:c1:eb:62:1c:80:61:57:5e:43:ef:2b:3a:8e:19:
         bf:c1:66:f9:db:0e:1e:3f:20:3d:c1:9c:57:03:2e:f1:13:55:
         66:24:0c:f8:0e:14:a7:6c:e9:5b:a6:f4:42:3f:f4:08:4e:31:
         a6:5f:3e:74:c6:93:ce:bb:8b:8f:44:cb:16:8c:3e:c9:04:4f:
         51:33:ae:4d:bb:be:81:e7:ee:06:cd:b5:9f:3f:c7:ad:30:b4:
         8d:c4:55:ef
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZ8Y9u6QJeuMyS4E8wqV+c5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjYwNjMwMTQzNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzA4Yjg1ZTczZDY1NmUzNjA4MWU1MmQwMWYwODQ2NTcwZTg5ZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCK5HcxfQUeiWGZTIK3K5aGd4XHz
8htyxypwVpZa+tomJ82KShAww/hqmNshAiN/PemsKDPrgqmnWT08BsmH6C6UthOb
CCr1fxbXyF5Eh2PYHev8O7LlJSQ9HAGTmjiLg8Ig4ZGLWEbpSGduB3hTYZZdaz2o
OdqdozksobWfp4ctBQ8gZQZSQw81uFmpJ4c6ATYvR32e87HAqJ1eSiCL8JahuAyj
G7EWyJ+SK9AQfiqIrZXWx0arbVjqAlmg1o+ubI2Y3+davsHKLUZapEndEgrG9XDu
JMUQEXoYFLr1DCqrPjvfXKg2dLHOeuV7rFWpBXpO9KZBM3FGXYI5R1EdDQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFLwIuF5z1lbjYIHlLQHwhGVw6J7ZMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvdkFpNFhuUFdWdU5nZ2VVdEFmQ0VaWERvbnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAuBAIAATAoAwQALhRhAwQA
LhRpMAwDBAC5oMEDBAK5oMAwDAMEALmp3QMEBbmpwDAPBAIAAjAJAwcAKhQAgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBBwEUm+Hj/HHryyMV5+X0M4KyWcGEmQ1EtBhcL
3cX/Ikd4rGzigy2+nXRmY779INRvGdIAV7V/kxY/wWBqSb6fnmjUBKos0QoAVQT3
QaNT3DdFn2Dsgt5it9TrljSpxqbCsTm7Y91qsgfjktPIlvTKvDHWJT3sbw1hmr15
lAnmExh3/1+VlPR7dFb1nPFTHFVB/aeQSHWY+pZTx9YdS63DGM0SZ6XHwetiHIBh
V15D7ys6jhm/wWb52w4ePyA9wZxXAy7xE1VmJAz4DhSnbOlbpvRCP/QITjGmXz50
xpPOu4uPRMsWjD7JBE9RM65Nu76B5+4GzbWfP8etMLSNxFXv
-----END CERTIFICATE-----
Generated at Fri Jul 3 16:52:33 2026 by rpki-client