Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/HQ5pk500M9r_ovoVxF0QEcohnog.roa
File:                     HQ5pk500M9r_ovoVxF0QEcohnog.roa (raw, json)
Hash identifier:          ww8oMO4jWUVQ6/eBdnQNu3m8JDu+2hsoI9UHwgt7uPk=
Subject key identifier:   1D:0E:69:93:9D:34:33:DA:FF:A2:FA:15:C4:5D:10:11:CA:21:9E:88
Certificate issuer:       /CN=c1098a1905bbd3381533828f6b7fd227170431ef
Certificate serial:       01973560AE0DD5DF628685962D63E179CD5D
Authority key identifier: C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/HQ5pk500M9r_ovoVxF0QEcohnog.roa
Signing time:             Tue 03 Jun 2025 10:40:17 +0000
ROA not before:           Tue 03 Jun 2025 10:40:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212330
IP address blocks:        109.230.121.0/24 maxlen: 24
                          109.230.122.0/24 maxlen: 24
                          109.230.124.0/24 maxlen: 24
                          109.230.125.0/24 maxlen: 24
                          122.102.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 19:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:60:ae:0d:d5:df:62:86:85:96:2d:63:e1:79:cd:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1098a1905bbd3381533828f6b7fd227170431ef
        Validity
            Not Before: Jun  3 10:40:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d0e69939d3433daffa2fa15c45d1011ca219e88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f5:c7:0b:d9:09:3b:5e:32:f1:a7:dc:82:50:
                    99:6c:c0:c0:30:3e:d8:d0:b2:07:d6:da:c1:a1:8d:
                    f5:7c:3a:8c:5d:8f:70:45:2b:0f:41:37:59:ae:01:
                    1d:31:f5:02:1e:d1:f3:87:9a:d2:6f:aa:f6:fc:41:
                    14:80:e0:70:4d:75:75:34:21:c9:ca:7e:44:83:7f:
                    62:e9:49:52:08:ee:d3:fc:e6:0a:6f:10:84:1a:cc:
                    3d:72:43:68:93:9d:c6:68:e4:00:ea:71:09:fd:da:
                    c7:2a:ff:c2:98:91:b6:85:3f:19:f5:8c:b0:08:b5:
                    99:63:f8:01:11:11:af:1e:a9:42:be:cf:8d:83:3a:
                    11:35:39:4d:4d:f4:60:d5:5c:97:62:52:dc:6c:f0:
                    72:35:c7:ac:c7:c7:81:5c:26:24:3f:29:22:e8:93:
                    bb:73:cc:63:4c:f2:1a:d8:10:ed:55:c9:28:39:59:
                    41:d5:13:90:67:05:c1:6b:f9:d4:b4:87:8d:7b:db:
                    39:8e:cd:23:fe:7a:4c:2a:86:1b:93:70:dd:f6:58:
                    a0:73:6c:56:5d:24:65:8f:cd:6a:4f:5e:23:33:3a:
                    d2:cf:1d:f3:60:7f:0b:31:dc:86:17:98:8a:40:d5:
                    68:b6:2b:0a:de:da:ba:24:24:d8:36:2d:78:65:24:
                    04:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:0E:69:93:9D:34:33:DA:FF:A2:FA:15:C4:5D:10:11:CA:21:9E:88
            X509v3 Authority Key Identifier:
                keyid:C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/HQ5pk500M9r_ovoVxF0QEcohnog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.230.121.0-109.230.122.255
                  109.230.124.0/23
                  122.102.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:c8:7e:d9:f8:70:a4:57:6c:49:fc:8d:ee:e5:a2:61:1d:7a:
         f8:1c:03:0c:1f:4f:89:75:3a:94:27:db:db:5d:8a:39:b3:c1:
         81:53:d9:80:ad:52:cd:66:60:c3:94:c9:25:98:41:13:17:f6:
         2b:ae:40:a7:c9:e5:fc:61:0f:a8:56:46:04:03:76:14:81:8d:
         ca:35:04:1d:88:b5:bf:44:6a:85:15:16:c4:b7:1c:0a:40:6c:
         17:87:d3:d1:59:88:4f:47:b2:cd:c2:fc:52:51:5f:e1:fd:34:
         9a:30:45:00:0d:64:53:ea:f9:c6:df:54:26:08:d7:ef:b1:f1:
         f4:97:0c:fa:e7:14:b7:8d:ba:27:0b:f2:83:3d:15:8a:ac:7d:
         ab:35:57:2e:ac:be:b5:46:ef:a8:03:57:e1:1a:8c:58:05:31:
         37:cf:12:c9:fe:96:71:ca:b7:d6:4a:48:d4:7e:df:7b:f7:f7:
         7e:e0:8e:d7:02:09:4d:76:f7:36:6b:6c:26:4f:99:53:48:ad:
         ca:f8:f9:31:86:0c:2d:b1:5b:cc:46:65:96:2e:42:55:6b:df:
         ae:a5:11:63:f7:e8:97:d9:8e:90:78:50:b2:b1:74:4c:4b:c8:
         4a:c3:c0:77:7a:c3:37:d3:87:62:ed:d8:3f:ea:14:72:12:fd:
         86:55:d9:0a
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZc1YK4N1d9ihoWWLWPhec1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDk4YTE5MDViYmQzMzgxNTMzODI4ZjZiN2ZkMjI3MTcw
NDMxZWYwHhcNMjUwNjAzMTA0MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDBlNjk5MzlkMzQzM2RhZmZhMmZhMTVjNDVkMTAxMWNhMjE5ZTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/XHC9kJO14y8afcglCZbMDAMD7Y
0LIH1trBoY31fDqMXY9wRSsPQTdZrgEdMfUCHtHzh5rSb6r2/EEUgOBwTXV1NCHJ
yn5Eg39i6UlSCO7T/OYKbxCEGsw9ckNok53GaOQA6nEJ/drHKv/CmJG2hT8Z9Yyw
CLWZY/gBERGvHqlCvs+NgzoRNTlNTfRg1VyXYlLcbPByNcesx8eBXCYkPyki6JO7
c8xjTPIa2BDtVckoOVlB1ROQZwXBa/nUtIeNe9s5js0j/npMKoYbk3Dd9ligc2xW
XSRlj81qT14jMzrSzx3zYH8LMdyGF5iKQNVotisK3tq6JCTYNi14ZSQESwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFB0OaZOdNDPa/6L6FcRdEBHKIZ6IMB8GA1UdIwQY
MBaAFMEJihkFu9M4FTOCj2t/0icXBDHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUt
YjJhNzEzZDJlYWIyLzEvSFE1cGs1MDBNOXJfb3ZvVnhGMFFFY29obm9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUtYjJhNzEzZDJlYWIy
LzEvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBABt5nkD
BABt5noDBAFt5nwDBAB6ZnQwDQYJKoZIhvcNAQELBQADggEBAJ/Iftn4cKRXbEn8
je7lomEdevgcAwwfT4l1OpQn29tdijmzwYFT2YCtUs1mYMOUySWYQRMX9iuuQKfJ
5fxhD6hWRgQDdhSBjco1BB2Itb9EaoUVFsS3HApAbBeH09FZiE9Hss3C/FJRX+H9
NJowRQANZFPq+cbfVCYI1++x8fSXDPrnFLeNuicL8oM9FYqsfas1Vy6svrVG76gD
V+EajFgFMTfPEsn+lnHKt9ZKSNR+33v3937gjtcCCU129zZrbCZPmVNIrcr4+TGG
DC2xW8xGZZYuQlVr366lEWP36JfZjpB4ULKxdExLyErDwHd6wzfTh2Lt2D/qFHIS
/YZV2Qo=
-----END CERTIFICATE-----
Generated at Tue Jun 10 02:13:09 2025 by rpki-client