Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/xYOsm8BUsmYBwfKFXCGnakfV_m8.roa
File:                     xYOsm8BUsmYBwfKFXCGnakfV_m8.roa (raw, json)
Hash identifier:          061quaNl9U6/3ODiu8AkctDs7yOiVTs6PkYfEN9U9Cs=
Subject key identifier:   C5:83:AC:9B:C0:54:B2:66:01:C1:F2:85:5C:21:A7:6A:47:D5:FE:6F
Certificate issuer:       /CN=c90b394ac63337607fa1bb0eaba11453a831f398
Certificate serial:       01972FCD05D674BA0903BC5B550A0083E24C
Authority key identifier: C9:0B:39:4A:C6:33:37:60:7F:A1:BB:0E:AB:A1:14:53:A8:31:F3:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yQs5SsYzN2B_obsOq6EUU6gx85g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/xYOsm8BUsmYBwfKFXCGnakfV_m8.roa
Signing time:             Mon 02 Jun 2025 08:40:54 +0000
ROA not before:           Mon 02 Jun 2025 08:40:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50223
IP address blocks:        46.251.192.0/19 maxlen: 19
                          46.251.192.0/22 maxlen: 22
                          46.251.192.0/24 maxlen: 24
                          46.251.193.0/24 maxlen: 24
                          46.251.194.0/24 maxlen: 24
                          46.251.195.0/24 maxlen: 24
                          46.251.196.0/22 maxlen: 22
                          46.251.196.0/24 maxlen: 24
                          46.251.197.0/24 maxlen: 24
                          46.251.198.0/24 maxlen: 24
                          46.251.199.0/24 maxlen: 24
                          46.251.200.0/22 maxlen: 22
                          46.251.200.0/24 maxlen: 24
                          46.251.201.0/24 maxlen: 24
                          46.251.202.0/24 maxlen: 24
                          46.251.203.0/24 maxlen: 24
                          46.251.204.0/22 maxlen: 22
                          46.251.204.0/24 maxlen: 24
                          46.251.205.0/24 maxlen: 24
                          46.251.206.0/24 maxlen: 24
                          46.251.207.0/24 maxlen: 24
                          46.251.208.0/22 maxlen: 22
                          46.251.208.0/24 maxlen: 24
                          46.251.209.0/24 maxlen: 24
                          46.251.210.0/24 maxlen: 24
                          46.251.211.0/24 maxlen: 24
                          46.251.212.0/22 maxlen: 22
                          46.251.212.0/24 maxlen: 24
                          46.251.213.0/24 maxlen: 24
                          46.251.214.0/24 maxlen: 24
                          46.251.215.0/24 maxlen: 24
                          46.251.216.0/22 maxlen: 22
                          46.251.216.0/24 maxlen: 24
                          46.251.217.0/24 maxlen: 24
                          46.251.218.0/24 maxlen: 24
                          46.251.220.0/22 maxlen: 22
                          46.251.221.0/24 maxlen: 24
                          109.71.224.0/21 maxlen: 21
                          109.71.224.0/24 maxlen: 24
                          109.71.226.0/24 maxlen: 24
                          109.71.228.0/24 maxlen: 24
                          109.71.229.0/24 maxlen: 24
                          109.71.230.0/24 maxlen: 24
                          109.71.231.0/24 maxlen: 24
                          185.48.136.0/22 maxlen: 22
                          185.48.136.0/24 maxlen: 24
                          185.48.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/yQs5SsYzN2B_obsOq6EUU6gx85g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/yQs5SsYzN2B_obsOq6EUU6gx85g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yQs5SsYzN2B_obsOq6EUU6gx85g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 19:25:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2f:cd:05:d6:74:ba:09:03:bc:5b:55:0a:00:83:e2:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c90b394ac63337607fa1bb0eaba11453a831f398
        Validity
            Not Before: Jun  2 08:40:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c583ac9bc054b26601c1f2855c21a76a47d5fe6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ef:9f:28:62:21:83:6b:93:8e:1d:0c:7b:e5:
                    7e:ab:bb:b2:76:31:9a:70:0c:e4:b3:e3:05:f8:cb:
                    32:2e:34:42:82:3f:8f:1b:7d:3e:d3:4c:04:4e:a4:
                    d4:df:1d:98:a8:d4:28:4b:04:9b:7d:80:33:aa:59:
                    96:7c:15:4a:7d:da:15:f3:9d:cb:ff:5c:82:de:a5:
                    3e:d0:ae:21:62:d9:4b:15:5b:66:d5:c0:a9:ee:03:
                    9d:db:ea:e6:aa:27:1f:6c:44:24:02:14:67:de:3d:
                    ff:5c:a1:23:9f:6b:5d:85:d6:97:96:a1:d5:82:13:
                    22:31:40:ff:df:36:84:21:09:66:10:70:89:d7:a9:
                    64:af:92:6c:4e:77:46:85:68:22:5d:e0:17:80:1f:
                    1b:c8:32:60:39:61:8c:cd:31:cb:66:1f:da:aa:59:
                    41:72:ce:fc:5e:81:ed:5a:9f:29:d5:2a:73:9a:34:
                    9b:e7:59:84:86:7f:e6:74:e9:cd:9b:7e:59:15:6e:
                    40:89:f3:eb:a3:f0:ee:ff:39:3d:0a:63:fb:eb:ad:
                    2f:fa:1a:94:5b:35:48:88:10:34:d5:1f:f1:08:37:
                    03:64:f3:25:bd:21:28:67:3c:2c:7d:8e:66:35:9f:
                    74:13:c6:fe:2d:22:1b:0a:9a:3b:d7:5a:8a:01:ba:
                    db:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:83:AC:9B:C0:54:B2:66:01:C1:F2:85:5C:21:A7:6A:47:D5:FE:6F
            X509v3 Authority Key Identifier:
                keyid:C9:0B:39:4A:C6:33:37:60:7F:A1:BB:0E:AB:A1:14:53:A8:31:F3:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yQs5SsYzN2B_obsOq6EUU6gx85g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/xYOsm8BUsmYBwfKFXCGnakfV_m8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/7d784b-6639-4bc0-9ab9-1a200e41b006/1/yQs5SsYzN2B_obsOq6EUU6gx85g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.251.192.0/19
                  109.71.224.0/21
                  185.48.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:2e:7a:26:c2:3f:aa:ee:f4:4b:c2:77:df:2d:1a:f8:e8:3e:
         dd:eb:63:f7:3f:d9:e2:d6:be:77:80:46:13:85:b6:05:9a:0a:
         f9:cb:67:db:d3:fe:84:77:90:e5:cb:89:31:de:b0:ae:9f:07:
         63:9e:96:13:a8:ec:72:bc:83:0d:38:cf:5b:ce:07:3e:6b:35:
         c3:52:20:85:29:10:0a:99:80:3b:e5:20:93:fb:2b:07:14:6c:
         3e:3e:3f:31:98:ad:53:7e:c1:ae:8a:bb:65:28:ef:7b:e7:7d:
         fa:77:91:22:68:b7:4a:77:dc:b5:97:3b:08:43:5e:f5:9f:70:
         90:7a:da:8f:6a:ac:19:c7:d4:b0:5e:05:5b:84:81:91:7e:ac:
         f4:ec:22:39:7d:bf:57:69:11:5b:53:84:08:b3:64:e4:88:75:
         c1:af:53:1c:e4:89:a0:75:d9:7f:78:f7:e8:3a:f5:14:f5:13:
         8b:1e:e6:5c:a0:09:8f:9d:34:9c:f2:4e:ec:e0:f5:4c:7f:4f:
         8d:b8:88:09:6b:f2:cd:40:ee:56:a1:69:18:28:ef:d0:ac:7a:
         69:ea:49:02:e8:16:f7:68:61:b5:08:a4:03:e3:fe:18:4a:0f:
         47:58:f2:9e:d5:e4:c9:05:ae:b4:14:8e:f3:6b:b6:f1:6b:88:
         0b:60:7b:bc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZcvzQXWdLoJA7xbVQoAg+JMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MGIzOTRhYzYzMzM3NjA3ZmExYmIwZWFiYTExNDUzYTgz
MWYzOTgwHhcNMjUwNjAyMDg0MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTgzYWM5YmMwNTRiMjY2MDFjMWYyODU1YzIxYTc2YTQ3ZDVmZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs++fKGIhg2uTjh0Me+V+q7uydjGa
cAzks+MF+MsyLjRCgj+PG30+00wETqTU3x2YqNQoSwSbfYAzqlmWfBVKfdoV853L
/1yC3qU+0K4hYtlLFVtm1cCp7gOd2+rmqicfbEQkAhRn3j3/XKEjn2tdhdaXlqHV
ghMiMUD/3zaEIQlmEHCJ16lkr5JsTndGhWgiXeAXgB8byDJgOWGMzTHLZh/aqllB
cs78XoHtWp8p1SpzmjSb51mEhn/mdOnNm35ZFW5AifPro/Du/zk9CmP7660v+hqU
WzVIiBA01R/xCDcDZPMlvSEoZzwsfY5mNZ90E8b+LSIbCpo711qKAbrbsQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMWDrJvAVLJmAcHyhVwhp2pH1f5vMB8GA1UdIwQY
MBaAFMkLOUrGMzdgf6G7DquhFFOoMfOYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVFzNVNzWXpOMkJfb2JzT3E2RVVVNmd4ODVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni83ZDc4NGItNjYzOS00YmMwLTlhYjkt
MWEyMDBlNDFiMDA2LzEveFlPc204QlVzbVlCd2ZLRlhDR25ha2ZWX204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni83ZDc4NGItNjYzOS00YmMwLTlhYjktMWEyMDBlNDFiMDA2
LzEveVFzNVNzWXpOMkJfb2JzT3E2RVVVNmd4ODVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFLvvAAwQD
bUfgAwQCuTCIMA0GCSqGSIb3DQEBCwUAA4IBAQAdLnomwj+q7vRLwnffLRr46D7d
62P3P9ni1r53gEYThbYFmgr5y2fb0/6Ed5Dly4kx3rCunwdjnpYTqOxyvIMNOM9b
zgc+azXDUiCFKRAKmYA75SCT+ysHFGw+Pj8xmK1TfsGuirtlKO975336d5EiaLdK
d9y1lzsIQ171n3CQetqPaqwZx9SwXgVbhIGRfqz07CI5fb9XaRFbU4QIs2TkiHXB
r1Mc5Imgddl/ePfoOvUU9ROLHuZcoAmPnTSc8k7s4PVMf0+NuIgJa/LNQO5WoWkY
KO/QrHpp6kkC6Bb3aGG1CKQD4/4YSg9HWPKe1eTJBa60FI7za7bxa4gLYHu8
-----END CERTIFICATE-----
Generated at Tue Jun 10 05:58:01 2025 by rpki-client