Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/866599-3fa0-4230-ba9a-19c4ff1877bb/1/0YS8AQvr8ByNBG7KTwD6sIOGH8A.roa
File:                     0YS8AQvr8ByNBG7KTwD6sIOGH8A.roa (raw, json)
Hash identifier:          k8sO4Fn23jLZke1eiUIEXbtdN/A5BluF8j3tNYbaMCM=
Subject key identifier:   D1:84:BC:01:0B:EB:F0:1C:8D:04:6E:CA:4F:00:FA:B0:83:86:1F:C0
Certificate issuer:       /CN=8e3875a80ad233e9c28715988371f77eec3f620c
Certificate serial:       0196C9AF4A99CE51E10F99D5AE0D386CEA5C
Authority key identifier: 8E:38:75:A8:0A:D2:33:E9:C2:87:15:98:83:71:F7:7E:EC:3F:62:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jjh1qArSM-nChxWYg3H3fuw_Ygw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/866599-3fa0-4230-ba9a-19c4ff1877bb/1/0YS8AQvr8ByNBG7KTwD6sIOGH8A.roa
Signing time:             Tue 13 May 2025 12:47:10 +0000
ROA not before:           Tue 13 May 2025 12:47:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39120
IP address blocks:        5.56.8.0/22 maxlen: 22
                          5.56.12.0/22 maxlen: 22
                          5.83.120.0/22 maxlen: 22
                          5.83.124.0/22 maxlen: 22
                          31.7.144.0/20 maxlen: 20
                          45.80.172.0/23 maxlen: 23
                          45.90.232.0/22 maxlen: 22
                          78.138.32.0/22 maxlen: 24
                          78.138.32.0/24 maxlen: 24
                          78.138.33.0/24 maxlen: 24
                          78.138.35.0/24 maxlen: 24
                          83.229.8.0/22 maxlen: 22
                          89.21.192.0/23 maxlen: 23
                          89.21.194.0/23 maxlen: 23
                          89.21.196.0/23 maxlen: 23
                          89.21.198.0/23 maxlen: 23
                          89.21.200.0/21 maxlen: 21
                          89.21.208.0/20 maxlen: 20
                          91.214.72.0/22 maxlen: 22
                          93.88.96.0/20 maxlen: 20
                          94.101.48.0/22 maxlen: 22
                          94.101.52.0/22 maxlen: 22
                          94.101.56.0/22 maxlen: 22
                          94.101.60.0/22 maxlen: 22
                          185.9.208.0/22 maxlen: 22
                          185.29.248.0/22 maxlen: 22
                          185.104.124.0/22 maxlen: 22
                          185.105.92.0/22 maxlen: 22
                          185.105.104.0/22 maxlen: 22
                          185.105.128.0/22 maxlen: 22
                          185.105.212.0/22 maxlen: 22
                          185.195.8.0/22 maxlen: 22
                          185.217.228.0/22 maxlen: 22
                          195.60.190.0/23 maxlen: 23
                          213.167.232.0/21 maxlen: 21
                          217.28.68.0/22 maxlen: 22
                          2a01:9a80::/32 maxlen: 32
                          2a01:9a81::/32 maxlen: 32
                          2a01:9a82::/32 maxlen: 32
                          2a01:9a83::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/866599-3fa0-4230-ba9a-19c4ff1877bb/1/jjh1qArSM-nChxWYg3H3fuw_Ygw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/866599-3fa0-4230-ba9a-19c4ff1877bb/1/jjh1qArSM-nChxWYg3H3fuw_Ygw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jjh1qArSM-nChxWYg3H3fuw_Ygw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 14:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:af:4a:99:ce:51:e1:0f:99:d5:ae:0d:38:6c:ea:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e3875a80ad233e9c28715988371f77eec3f620c
        Validity
            Not Before: May 13 12:47:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d184bc010bebf01c8d046eca4f00fab083861fc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:89:6c:b6:79:62:38:5b:e3:38:b6:80:53:ee:
                    50:fa:13:2f:4c:0a:f5:83:c3:5c:4a:95:80:aa:90:
                    9a:d2:23:04:30:1e:06:41:71:f4:43:72:2a:69:41:
                    33:dc:98:40:05:f8:21:9a:76:e9:84:8f:d7:72:31:
                    68:3e:2a:b9:e0:01:25:da:e0:46:59:92:f4:6d:12:
                    b9:1e:ea:01:5e:e7:e6:f1:87:bd:1a:c5:2b:aa:c2:
                    de:ee:a2:e1:1f:a8:6c:db:4c:b4:d1:6e:24:84:01:
                    68:4f:e9:3e:72:8e:33:4b:7d:9f:bc:57:48:e0:a2:
                    e8:52:bd:d9:60:63:85:57:8b:da:e2:29:7b:7e:dd:
                    c3:27:54:f9:32:3c:c7:54:dc:4d:68:05:9a:d7:1f:
                    e5:b0:a7:3c:83:61:34:2f:23:b4:4f:69:c3:d4:49:
                    02:bd:0a:bd:b0:7a:af:e4:ee:db:f9:6c:6d:66:eb:
                    8b:55:56:05:ea:10:0f:a9:50:a0:32:b1:ad:e1:71:
                    52:48:a7:35:1d:51:dd:2e:de:aa:47:99:8e:17:3a:
                    55:09:3c:11:6e:f6:17:20:58:08:30:3b:f3:84:87:
                    f3:b0:35:a2:ab:e3:91:97:31:75:4f:3e:d2:c1:ce:
                    9e:da:22:07:65:f6:63:18:34:77:00:59:86:9c:ec:
                    01:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:84:BC:01:0B:EB:F0:1C:8D:04:6E:CA:4F:00:FA:B0:83:86:1F:C0
            X509v3 Authority Key Identifier:
                keyid:8E:38:75:A8:0A:D2:33:E9:C2:87:15:98:83:71:F7:7E:EC:3F:62:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jjh1qArSM-nChxWYg3H3fuw_Ygw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/866599-3fa0-4230-ba9a-19c4ff1877bb/1/0YS8AQvr8ByNBG7KTwD6sIOGH8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/866599-3fa0-4230-ba9a-19c4ff1877bb/1/jjh1qArSM-nChxWYg3H3fuw_Ygw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.8.0/21
                  5.83.120.0/21
                  31.7.144.0/20
                  45.80.172.0/23
                  45.90.232.0/22
                  78.138.32.0/22
                  83.229.8.0/22
                  89.21.192.0/19
                  91.214.72.0/22
                  93.88.96.0/20
                  94.101.48.0/20
                  185.9.208.0/22
                  185.29.248.0/22
                  185.104.124.0/22
                  185.105.92.0/22
                  185.105.104.0/22
                  185.105.128.0/22
                  185.105.212.0/22
                  185.195.8.0/22
                  185.217.228.0/22
                  195.60.190.0/23
                  213.167.232.0/21
                  217.28.68.0/22
                IPv6:
                  2a01:9a80::/30

    Signature Algorithm: sha256WithRSAEncryption
         19:1f:0a:5b:34:e0:8b:f7:3d:8a:0a:d8:5c:52:79:a0:b0:9a:
         68:6f:f0:bd:be:d2:35:86:67:92:e8:fa:c3:21:82:38:2e:a1:
         dd:9b:b8:60:5b:23:69:6c:f3:99:9c:30:b6:d0:b3:a6:bd:35:
         13:56:76:ab:b8:d7:99:41:a7:2f:2e:a6:fc:39:e6:82:c4:08:
         5b:c8:45:9e:99:fb:ee:18:73:15:89:eb:01:26:0d:ec:e2:ed:
         85:be:08:c6:32:39:1a:57:32:ea:1b:f7:5e:db:3b:c6:e2:91:
         2b:e2:a7:66:6d:7f:73:2b:0c:42:11:12:47:96:9f:81:14:52:
         f7:f5:14:e7:bd:95:eb:3f:36:c1:8e:0c:02:38:4a:a0:58:8e:
         f2:f2:2a:b9:0d:81:e3:86:3d:40:97:d4:0a:41:fa:4d:80:26:
         80:eb:d4:30:64:ab:76:02:ae:68:cb:f4:18:a0:d0:59:b7:d4:
         35:0e:8b:c0:84:89:71:a3:d6:ee:b6:fc:20:c2:ee:7a:75:c8:
         35:b9:64:78:14:69:34:74:15:7a:fe:97:b4:23:72:29:b4:9c:
         1b:47:e1:c5:5b:f7:10:6e:44:48:fa:3b:d8:d5:18:49:f7:60:
         98:f3:bc:c9:92:44:b0:c5:98:e2:ec:56:cb:c3:2a:9a:6a:fb:
         03:68:e2:e0
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAZbJr0qZzlHhD5nVrg04bOpcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMzg3NWE4MGFkMjMzZTljMjg3MTU5ODgzNzFmNzdlZWMz
ZjYyMGMwHhcNMjUwNTEzMTI0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTg0YmMwMTBiZWJmMDFjOGQwNDZlY2E0ZjAwZmFiMDgzODYxZmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YlstnliOFvjOLaAU+5Q+hMvTAr1
g8NcSpWAqpCa0iMEMB4GQXH0Q3IqaUEz3JhABfghmnbphI/XcjFoPiq54AEl2uBG
WZL0bRK5HuoBXufm8Ye9GsUrqsLe7qLhH6hs20y00W4khAFoT+k+co4zS32fvFdI
4KLoUr3ZYGOFV4va4il7ft3DJ1T5MjzHVNxNaAWa1x/lsKc8g2E0LyO0T2nD1EkC
vQq9sHqv5O7b+WxtZuuLVVYF6hAPqVCgMrGt4XFSSKc1HVHdLt6qR5mOFzpVCTwR
bvYXIFgIMDvzhIfzsDWiq+ORlzF1Tz7Swc6e2iIHZfZjGDR3AFmGnOwBRwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFNGEvAEL6/AcjQRuyk8A+rCDhh/AMB8GA1UdIwQY
MBaAFI44dagK0jPpwocVmINx937sP2IMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvampoMXFBclNNLW5DaHhXWWczSDNmdXdfWWd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84NjY1OTktM2ZhMC00MjMwLWJhOWEt
MTljNGZmMTg3N2JiLzEvMFlTOEFRdnI4QnlOQkc3S1R3RDZzSU9HSDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84NjY1OTktM2ZhMC00MjMwLWJhOWEtMTljNGZmMTg3N2Ji
LzEvampoMXFBclNNLW5DaHhXWWczSDNmdXdfWWd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG2BggrBgEFBQcBBwEB/wSBpjCBozCBkQQCAAEwgYoDBAMF
OAgDBAMFU3gDBAQfB5ADBAEtUKwDBAItWugDBAJOiiADBAJT5QgDBAVZFcADBAJb
1kgDBARdWGADBAReZTADBAK5CdADBAK5HfgDBAK5aHwDBAK5aVwDBAK5aWgDBAK5
aYADBAK5adQDBAK5wwgDBAK52eQDBAHDPL4DBAPVp+gDBALZHEQwDQQCAAIwBwMF
AioBmoAwDQYJKoZIhvcNAQELBQADggEBABkfCls04Iv3PYoK2FxSeaCwmmhv8L2+
0jWGZ5Lo+sMhgjguod2buGBbI2ls85mcMLbQs6a9NRNWdqu415lBpy8upvw55oLE
CFvIRZ6Z++4YcxWJ6wEmDezi7YW+CMYyORpXMuob917bO8bikSvip2Ztf3MrDEIR
EkeWn4EUUvf1FOe9les/NsGODAI4SqBYjvLyKrkNgeOGPUCX1ApB+k2AJoDr1DBk
q3YCrmjL9Big0Fm31DUOi8CEiXGj1u62/CDC7np1yDW5ZHgUaTR0FXr+l7Qjcim0
nBtH4cVb9xBuREj6O9jVGEn3YJjzvMmSRLDFmOLsVsvDKppq+wNo4uA=
-----END CERTIFICATE-----
Generated at Tue Jun 10 22:33:04 2025 by rpki-client