Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/1-mmnoNOS11tga2Q29yD5BQAuFLE.roa
File:                     1-mmnoNOS11tga2Q29yD5BQAuFLE.roa (raw, json)
Hash identifier:          GOq5nJwjD0VCVYVCda8zJe1uGhLFpPTQrRyVuZj7aM8=
Subject key identifier:   FA:69:A7:A0:D3:92:D7:5B:60:6B:64:36:F7:20:F9:05:00:2E:14:B1
Certificate issuer:       /CN=749d8a4328930b938fa86018b1e447ee4d8da8f9
Certificate serial:       019EFFDF79C5A4F1EC3E58C1AAAA57E4AAF1
Authority key identifier: 74:9D:8A:43:28:93:0B:93:8F:A8:60:18:B1:E4:47:EE:4D:8D:A8:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJ2KQyiTC5OPqGAYseRH7k2NqPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/1-mmnoNOS11tga2Q29yD5BQAuFLE.roa
Signing time:             Thu 25 Jun 2026 17:41:36 +0000
ROA not before:           Thu 25 Jun 2026 17:41:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50837
IP address blocks:        87.120.132.0/24 maxlen: 24
                          91.92.176.0/23 maxlen: 23
                          91.92.176.0/24 maxlen: 24
                          91.92.177.0/24 maxlen: 24
                          94.156.66.0/24 maxlen: 24
                          94.156.227.0/24 maxlen: 24
                          185.230.208.0/22 maxlen: 22
                          185.230.208.0/23 maxlen: 23
                          185.230.210.0/23 maxlen: 23
                          212.87.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/dJ2KQyiTC5OPqGAYseRH7k2NqPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/dJ2KQyiTC5OPqGAYseRH7k2NqPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJ2KQyiTC5OPqGAYseRH7k2NqPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Jul 2026 08:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ff:df:79:c5:a4:f1:ec:3e:58:c1:aa:aa:57:e4:aa:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749d8a4328930b938fa86018b1e447ee4d8da8f9
        Validity
            Not Before: Jun 25 17:41:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa69a7a0d392d75b606b6436f720f905002e14b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a1:8d:33:50:3d:2a:f8:c3:0d:7b:aa:a0:b3:
                    34:eb:f8:27:33:f2:ca:e4:67:65:1f:74:cc:c0:7d:
                    39:57:74:d0:7b:d7:33:c1:e1:ea:75:ad:ca:f8:d2:
                    ae:d9:c1:ab:6c:24:26:be:4d:c5:ee:f6:c1:bb:14:
                    a9:60:17:1b:8b:ea:6d:3f:6c:68:bb:07:27:fc:6e:
                    2a:aa:32:06:1b:49:45:eb:1a:fe:13:88:a0:a3:6c:
                    43:27:02:6b:f7:02:1f:a8:3b:19:ab:eb:9c:ec:46:
                    71:14:c8:76:4a:1f:a6:83:59:da:76:cf:e8:1f:da:
                    6a:ad:da:99:5d:c9:1d:4a:cf:c2:89:b7:af:1d:43:
                    c3:a0:dd:9a:a8:83:02:65:ad:64:c3:eb:8e:48:01:
                    99:fd:4d:3a:7a:2c:be:70:f7:14:a6:70:09:5d:89:
                    cc:7f:95:4d:fe:fb:cc:84:b8:b3:9f:c6:69:f2:74:
                    17:95:c9:a7:46:4a:cf:7d:5b:51:f4:61:f9:1f:d1:
                    0e:0b:2e:51:b3:92:66:a2:b4:ff:fb:a6:40:0f:79:
                    5c:e4:3a:f4:8d:45:87:8e:09:f1:26:4a:04:a2:ba:
                    e3:ed:e9:52:49:c5:43:57:58:a7:22:61:21:9b:c6:
                    e6:cf:f4:90:60:a2:4d:a2:70:dd:02:88:41:16:d0:
                    50:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:69:A7:A0:D3:92:D7:5B:60:6B:64:36:F7:20:F9:05:00:2E:14:B1
            X509v3 Authority Key Identifier:
                keyid:74:9D:8A:43:28:93:0B:93:8F:A8:60:18:B1:E4:47:EE:4D:8D:A8:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJ2KQyiTC5OPqGAYseRH7k2NqPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/1-mmnoNOS11tga2Q29yD5BQAuFLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3fa217-85f5-4f19-b91e-0889e3ecd1f6/1/dJ2KQyiTC5OPqGAYseRH7k2NqPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.132.0/24
                  91.92.176.0/23
                  94.156.66.0/24
                  94.156.227.0/24
                  185.230.208.0/22
                  212.87.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:f1:59:e3:d3:39:f6:bb:f2:21:21:62:37:78:08:b6:f2:a1:
         0e:e8:af:e7:a2:0e:f6:9f:cb:2e:82:f3:36:4c:03:19:2b:52:
         6a:5f:15:59:5e:6f:d5:d7:2f:b6:7d:bd:79:0b:34:c2:eb:97:
         fb:e9:dd:ae:e0:78:d9:05:ea:d0:28:1f:ed:d3:ab:b6:50:22:
         a3:cb:1a:3b:65:27:ca:6a:48:a5:d5:16:83:96:d8:8c:73:48:
         37:16:9a:4d:c7:e2:70:15:aa:28:51:4c:13:04:f5:63:0b:7c:
         de:fd:85:13:8e:45:7b:75:1b:c5:6e:b9:86:3a:05:c2:dc:b9:
         6f:d7:ed:c4:6f:cf:a9:8d:75:18:10:98:52:7a:c4:f3:96:f1:
         f7:82:d5:21:35:49:07:58:31:2c:f0:42:df:1b:0c:69:7c:5b:
         6f:e8:95:b6:38:e3:36:3f:5d:a7:94:51:8b:da:f1:a1:22:12:
         33:8c:2f:f7:4a:27:96:2d:80:54:39:2c:3e:e2:ef:41:37:41:
         3b:f3:3f:73:94:85:64:fa:17:77:44:93:38:33:82:9f:b4:3c:
         27:bf:52:08:e8:61:1a:81:5a:ee:ee:95:1d:7f:e3:b8:62:48:
         85:81:9e:26:7f:bf:9d:db:ab:f6:24:bc:33:df:03:41:d5:0a:
         76:8f:dc:6e
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZ7/33nFpPHsPljBqqpX5KrxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OWQ4YTQzMjg5MzBiOTM4ZmE4NjAxOGIxZTQ0N2VlNGQ4
ZGE4ZjkwHhcNMjYwNjI1MTc0MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTY5YTdhMGQzOTJkNzViNjA2YjY0MzZmNzIwZjkwNTAwMmUxNGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aGNM1A9KvjDDXuqoLM06/gnM/LK
5GdlH3TMwH05V3TQe9czweHqda3K+NKu2cGrbCQmvk3F7vbBuxSpYBcbi+ptP2xo
uwcn/G4qqjIGG0lF6xr+E4igo2xDJwJr9wIfqDsZq+uc7EZxFMh2Sh+mg1nads/o
H9pqrdqZXckdSs/CibevHUPDoN2aqIMCZa1kw+uOSAGZ/U06eiy+cPcUpnAJXYnM
f5VN/vvMhLizn8Zp8nQXlcmnRkrPfVtR9GH5H9EOCy5Rs5JmorT/+6ZAD3lc5Dr0
jUWHjgnxJkoEorrj7elSScVDV1inImEhm8bmz/SQYKJNonDdAohBFtBQBwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFPppp6DTktdbYGtkNvcg+QUALhSxMB8GA1UdIwQY
MBaAFHSdikMokwuTj6hgGLHkR+5Njaj5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEoyS1F5aVRDNU9QcUdBWXNlUkg3azJOcVBrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zZmEyMTctODVmNS00ZjE5LWI5MWUt
MDg4OWUzZWNkMWY2LzEvMS1tbW5vTk9TMTF0Z2EyUTI5eUQ1QlFBdUZMRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTcvM2ZhMjE3LTg1ZjUtNGYxOS1iOTFlLTA4ODllM2VjZDFm
Ni8xL2RKMktReWlUQzVPUHFHQVlzZVJIN2syTnFQay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA9BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEwJAMEAFd4hAME
AVtcsAMEAF6cQgMEAF6c4wMEArnm0AMEANRXzjANBgkqhkiG9w0BAQsFAAOCAQEA
kvFZ49M59rvyISFiN3gItvKhDuiv56IO9p/LLoLzNkwDGStSal8VWV5v1dcvtn29
eQs0wuuX++ndruB42QXq0Cgf7dOrtlAio8saO2UnympIpdUWg5bYjHNINxaaTcfi
cBWqKFFMEwT1Ywt83v2FE45Fe3UbxW65hjoFwty5b9ftxG/PqY11GBCYUnrE85bx
94LVITVJB1gxLPBC3xsMaXxbb+iVtjjjNj9dp5RRi9rxoSISM4wv90onli2AVDks
PuLvQTdBO/M/c5SFZPoXd0STODOCn7Q8J79SCOhhGoFa7u6VHX/juGJIhYGeJn+/
ndur9iS8M98DQdUKdo/cbg==
-----END CERTIFICATE-----
Generated at Wed Jul 1 11:54:37 2026 by rpki-client