Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/VNOgNSigRRAb70bKyLVuHiqWqcg.roa
File:                     VNOgNSigRRAb70bKyLVuHiqWqcg.roa (raw, json)
Hash identifier:          0V+O6nfILt11f/kT8RnWqxjr5DCANmAANaaUT4hQ8EI=
Subject key identifier:   54:D3:A0:35:28:A0:45:10:1B:EF:46:CA:C8:B5:6E:1E:2A:96:A9:C8
Certificate issuer:       /CN=2347aaab2206c08128f543730064a145a3effa14
Certificate serial:       0196CEF2F29BE51296E0793511396F5BB584
Authority key identifier: 23:47:AA:AB:22:06:C0:81:28:F5:43:73:00:64:A1:45:A3:EF:FA:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0eqqyIGwIEo9UNzAGShRaPv-hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/VNOgNSigRRAb70bKyLVuHiqWqcg.roa
Signing time:             Wed 14 May 2025 13:19:10 +0000
ROA not before:           Wed 14 May 2025 13:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8434
IP address blocks:        46.194.0.0/15 maxlen: 15
                          62.13.0.0/17 maxlen: 17
                          62.65.64.0/18 maxlen: 18
                          62.119.0.0/16 maxlen: 16
                          62.127.0.0/16 maxlen: 16
                          78.82.0.0/16 maxlen: 16
                          79.102.0.0/16 maxlen: 16
                          80.68.96.0/20 maxlen: 20
                          81.26.224.0/19 maxlen: 19
                          82.182.0.0/15 maxlen: 15
                          83.226.0.0/15 maxlen: 15
                          84.216.0.0/14 maxlen: 14
                          85.224.0.0/13 maxlen: 13
                          92.32.0.0/14 maxlen: 14
                          94.234.0.0/16 maxlen: 16
                          178.28.0.0/14 maxlen: 14
                          195.43.192.0/18 maxlen: 18
                          195.54.96.0/19 maxlen: 19
                          195.58.96.0/19 maxlen: 19
                          195.66.32.0/19 maxlen: 19
                          212.73.0.0/19 maxlen: 19
                          212.73.160.0/19 maxlen: 19
                          212.75.64.0/19 maxlen: 19
                          212.105.0.0/17 maxlen: 17
                          213.112.0.0/14 maxlen: 14
                          213.150.128.0/19 maxlen: 19
                          213.163.128.0/19 maxlen: 19
                          213.204.128.0/18 maxlen: 18
                          213.214.192.0/18 maxlen: 18
                          213.238.192.0/18 maxlen: 18
                          213.242.128.0/18 maxlen: 18
                          217.174.64.0/19 maxlen: 19
                          2a02:1400::/26 maxlen: 26
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/I0eqqyIGwIEo9UNzAGShRaPv-hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/I0eqqyIGwIEo9UNzAGShRaPv-hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0eqqyIGwIEo9UNzAGShRaPv-hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:f2:f2:9b:e5:12:96:e0:79:35:11:39:6f:5b:b5:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2347aaab2206c08128f543730064a145a3effa14
        Validity
            Not Before: May 14 13:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54d3a03528a045101bef46cac8b56e1e2a96a9c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:59:f2:e7:64:81:7f:fd:a9:38:51:6b:26:93:
                    08:99:c0:cf:c3:d6:a1:ba:57:53:76:58:38:46:6c:
                    3c:51:9d:2d:1a:bd:97:54:c8:0e:17:ee:4e:c1:c9:
                    8c:3d:23:39:1b:33:0c:6f:ac:d8:b7:83:d7:9b:76:
                    20:a1:14:0f:78:e0:02:ae:bd:5b:7a:c2:1f:8b:77:
                    aa:d8:2e:3a:db:2c:49:6a:21:92:54:d4:d9:8a:4b:
                    dc:56:7a:61:30:1a:ec:21:a3:26:dd:b0:bb:68:6a:
                    48:1b:5e:05:83:0c:73:f0:c4:6e:53:14:9d:64:34:
                    91:df:d1:da:04:9c:45:b6:6c:e2:53:a4:d1:89:3e:
                    56:7a:e8:62:44:1a:ef:4b:c6:c0:e9:e3:93:7f:a1:
                    b5:fc:a7:05:cf:9f:82:5d:04:e5:c5:09:1e:9c:ea:
                    be:83:11:74:b1:6e:8b:0e:79:36:9d:89:f9:70:8d:
                    62:25:e7:38:31:d7:2e:de:96:57:5c:ac:3c:b5:01:
                    31:13:8e:02:3d:9a:12:94:ee:7b:2f:df:3a:2d:03:
                    33:7b:35:92:af:e2:eb:4c:1c:ce:ae:99:b8:3a:dc:
                    1f:48:0f:55:e6:73:44:98:6e:ba:21:ca:3f:d3:e2:
                    fc:a1:d9:78:79:a5:5f:2d:21:cf:8e:8e:42:f2:4a:
                    7b:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:D3:A0:35:28:A0:45:10:1B:EF:46:CA:C8:B5:6E:1E:2A:96:A9:C8
            X509v3 Authority Key Identifier:
                keyid:23:47:AA:AB:22:06:C0:81:28:F5:43:73:00:64:A1:45:A3:EF:FA:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0eqqyIGwIEo9UNzAGShRaPv-hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/VNOgNSigRRAb70bKyLVuHiqWqcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/I0eqqyIGwIEo9UNzAGShRaPv-hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.194.0.0/15
                  62.13.0.0/17
                  62.65.64.0/18
                  62.119.0.0/16
                  62.127.0.0/16
                  78.82.0.0/16
                  79.102.0.0/16
                  80.68.96.0/20
                  81.26.224.0/19
                  82.182.0.0/15
                  83.226.0.0/15
                  84.216.0.0/14
                  85.224.0.0/13
                  92.32.0.0/14
                  94.234.0.0/16
                  178.28.0.0/14
                  195.43.192.0/18
                  195.54.96.0/19
                  195.58.96.0/19
                  195.66.32.0/19
                  212.73.0.0/19
                  212.73.160.0/19
                  212.75.64.0/19
                  212.105.0.0/17
                  213.112.0.0/14
                  213.150.128.0/19
                  213.163.128.0/19
                  213.204.128.0/18
                  213.214.192.0/18
                  213.238.192.0/18
                  213.242.128.0/18
                  217.174.64.0/19
                IPv6:
                  2a02:1400::/26

    Signature Algorithm: sha256WithRSAEncryption
         3e:be:ed:38:5b:cf:e9:b7:78:59:b4:a1:ea:7a:a2:90:79:f8:
         61:0f:db:41:63:f7:0e:f5:b3:c1:5e:58:58:74:0d:fa:ca:4e:
         5e:59:e2:94:e1:46:3e:97:6e:d7:dc:62:f8:fe:f1:56:d7:78:
         7f:65:0e:15:f0:73:de:e6:ca:ab:49:3f:fd:e9:6d:d4:0f:40:
         42:02:48:05:13:7f:1b:19:b4:e9:12:4d:50:23:a0:52:49:02:
         1b:8b:07:d6:5c:13:03:2c:09:7b:32:d7:11:65:39:c0:f0:03:
         40:2a:68:72:9f:5d:f9:ef:e2:66:b4:a9:74:bf:fe:9d:63:05:
         c4:98:bc:53:3c:68:bd:62:fe:e6:ad:6b:7a:76:b9:b4:19:7f:
         30:83:1e:ca:b5:36:cb:c0:4a:8b:c5:e4:fb:e0:49:c4:e8:57:
         3e:f9:90:85:fe:ba:07:fb:c0:f0:3c:74:00:d5:85:6c:2d:2c:
         ab:7e:4b:63:8d:17:04:29:52:5d:a6:97:ff:79:ba:d4:58:c3:
         99:56:b3:c5:09:4d:4f:99:5a:06:d7:2c:cc:d7:0e:7d:65:3d:
         42:67:a3:3e:47:64:71:d5:05:84:a1:bc:b5:27:71:e4:07:61:
         d2:60:80:77:94:8d:0a:34:a9:1b:0f:52:09:c7:ed:e1:6b:df:
         6a:42:87:e2
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAZbO8vKb5RKW4Hk1ETlvW7WEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNDdhYWFiMjIwNmMwODEyOGY1NDM3MzAwNjRhMTQ1YTNl
ZmZhMTQwHhcNMjUwNTE0MTMxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGQzYTAzNTI4YTA0NTEwMWJlZjQ2Y2FjOGI1NmUxZTJhOTZhOWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVny52SBf/2pOFFrJpMImcDPw9ah
uldTdlg4Rmw8UZ0tGr2XVMgOF+5OwcmMPSM5GzMMb6zYt4PXm3YgoRQPeOACrr1b
esIfi3eq2C462yxJaiGSVNTZikvcVnphMBrsIaMm3bC7aGpIG14Fgwxz8MRuUxSd
ZDSR39HaBJxFtmziU6TRiT5WeuhiRBrvS8bA6eOTf6G1/KcFz5+CXQTlxQkenOq+
gxF0sW6LDnk2nYn5cI1iJec4Mdcu3pZXXKw8tQExE44CPZoSlO57L986LQMzezWS
r+LrTBzOrpm4OtwfSA9V5nNEmG66Ico/0+L8odl4eaVfLSHPjo5C8kp7bwIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFFTToDUooEUQG+9Gysi1bh4qlqnIMB8GA1UdIwQY
MBaAFCNHqqsiBsCBKPVDcwBkoUWj7/oUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTBlcXF5SUd3SUVvOVVOekFHU2hSYVB2LWhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9lZjlmMGQtZDg0MC00MzcxLWFkYzQt
NzU4NDA2NjFlYWY1LzEvVk5PZ05TaWdSUkFiNzBiS3lMVnVIaXFXcWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9lZjlmMGQtZDg0MC00MzcxLWFkYzQtNzU4NDA2NjFlYWY1
LzEvSTBlcXF5SUd3SUVvOVVOekFHU2hSYVB2LWhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHfBggrBgEFBQcBBwEB/wSBzzCBzDCBugQCAAEwgbMDAwEu
wgMEBz4NAAMEBj5BQAMDAD53AwMAPn8DAwBOUgMDAE9mAwQEUERgAwQFURrgAwMB
UrYDAwFT4gMDAlTYAwMDVeADAwJcIAMDAF7qAwMCshwDBAbDK8ADBAXDNmADBAXD
OmADBAXDQiADBAXUSQADBAXUSaADBAXUS0ADBAfUaQADAwLVcAMEBdWWgAMEBdWj
gAMEBtXMgAMEBtXWwAMEBtXuwAMEBtXygAMEBdmuQDANBAIAAjAHAwUGKgIUADAN
BgkqhkiG9w0BAQsFAAOCAQEAPr7tOFvP6bd4WbSh6nqikHn4YQ/bQWP3DvWzwV5Y
WHQN+spOXlnilOFGPpdu19xi+P7xVtd4f2UOFfBz3ubKq0k//elt1A9AQgJIBRN/
Gxm06RJNUCOgUkkCG4sH1lwTAywJezLXEWU5wPADQCpocp9d+e/iZrSpdL/+nWMF
xJi8UzxovWL+5q1rena5tBl/MIMeyrU2y8BKi8Xk++BJxOhXPvmQhf66B/vA8Dx0
ANWFbC0sq35LY40XBClSXaaX/3m61FjDmVazxQlNT5laBtcszNcOfWU9QmejPkdk
cdUFhKG8tSdx5Adh0mCAd5SNCjSpGw9SCcft4WvfakKH4g==
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:40:45 2025 by rpki-client