Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/1FJeVgZId139knZgMTYZmAnwLDs.roa
File:                     1FJeVgZId139knZgMTYZmAnwLDs.roa (raw, json)
Hash identifier:          VPpFwlCkzXISful3TlM5ZgodfCcJYCCPoZqn50dkuRo=
Subject key identifier:   D4:52:5E:56:06:48:77:5D:FD:92:76:60:31:36:19:98:09:F0:2C:3B
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       0197365D5D7C5220A3629B68A4E3AD2D93EA
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/1FJeVgZId139knZgMTYZmAnwLDs.roa
Signing time:             Tue 03 Jun 2025 15:16:17 +0000
ROA not before:           Tue 03 Jun 2025 15:16:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199404
IP address blocks:        69.57.172.0/24 maxlen: 24
                          103.118.16.0/24 maxlen: 24
                          103.118.17.0/24 maxlen: 24
                          190.92.174.0/24 maxlen: 24
                          190.92.175.0/24 maxlen: 24
                          195.250.20.0/24 maxlen: 24
                          195.250.21.0/24 maxlen: 24
                          195.250.22.0/24 maxlen: 24
                          195.250.30.0/24 maxlen: 24
                          195.250.31.0/24 maxlen: 24
                          198.38.81.0/24 maxlen: 24
                          198.38.83.0/24 maxlen: 24
                          198.38.84.0/24 maxlen: 24
                          198.38.85.0/24 maxlen: 24
                          198.38.86.0/24 maxlen: 24
                          198.38.87.0/24 maxlen: 24
                          198.38.88.0/24 maxlen: 24
                          198.38.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 20:45:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:5d:5d:7c:52:20:a3:62:9b:68:a4:e3:ad:2d:93:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Jun  3 15:16:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4525e560648775dfd9276603136199809f02c3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:62:c3:49:d6:67:a2:fc:9d:8c:00:b0:65:62:
                    b5:8c:cb:5f:24:1c:55:78:ec:ea:e6:71:9f:20:5f:
                    5c:e2:ff:66:a4:6e:a7:bf:0c:50:d0:61:83:77:4f:
                    7e:b5:5a:96:75:a2:c4:0f:d9:06:06:18:13:e4:ca:
                    60:30:59:ba:c5:89:a2:a2:70:cc:91:b7:54:6d:c7:
                    f4:2f:25:76:96:77:52:0d:94:6e:87:9c:dd:14:61:
                    9c:f7:8d:45:85:a3:8e:e2:f3:5b:80:6c:a1:2d:db:
                    25:db:11:c4:38:eb:ef:93:3f:4c:d5:9d:5d:be:b7:
                    4e:88:19:65:a2:ee:7e:bb:4b:28:e7:95:c9:89:16:
                    ed:33:10:5e:8c:f0:a5:2c:e7:e3:83:d8:31:fa:55:
                    1f:c4:b8:e3:ed:21:75:85:d5:f2:02:dd:8a:f5:b8:
                    0c:3f:e2:a5:bc:71:99:41:e3:98:ca:6e:37:73:4a:
                    83:22:28:36:a9:58:ef:02:24:ae:32:85:5c:d3:49:
                    3a:c0:d7:33:34:aa:15:bb:e7:74:c3:a1:b9:dd:6a:
                    11:bd:45:68:80:8e:d1:f1:e7:8f:37:7a:08:62:ef:
                    bf:b9:a4:e9:03:52:35:2a:5d:1c:70:93:87:1a:f7:
                    46:9b:4b:1e:ee:82:0d:8e:da:7f:7a:65:b7:30:c9:
                    60:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:52:5E:56:06:48:77:5D:FD:92:76:60:31:36:19:98:09:F0:2C:3B
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/1FJeVgZId139knZgMTYZmAnwLDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.57.172.0/24
                  103.118.16.0/23
                  190.92.174.0/23
                  195.250.20.0-195.250.22.255
                  195.250.30.0/23
                  198.38.81.0/24
                  198.38.83.0-198.38.89.255

    Signature Algorithm: sha256WithRSAEncryption
         37:e0:29:45:e1:cd:b6:47:15:29:4e:97:cf:bc:c9:ab:b7:05:
         fe:ab:e1:76:12:66:56:8b:3c:f5:12:fe:5a:81:d3:a7:64:b9:
         dc:74:92:ea:29:b0:11:c0:a3:61:3b:0c:b2:b4:23:11:db:bf:
         6a:70:cd:84:47:2f:4f:49:a7:68:c8:ae:54:cf:df:29:86:95:
         a7:8f:e1:16:ac:e6:5e:7f:3f:a2:e8:5f:d5:62:c0:70:cd:eb:
         78:aa:a2:91:4b:a3:ae:d1:66:6a:3a:79:17:84:84:68:7b:66:
         c9:c9:5c:ac:eb:be:94:e0:de:d8:1d:ea:86:53:14:94:3c:0a:
         57:22:09:c5:6c:49:86:b2:62:34:be:a1:c4:38:19:be:35:d3:
         b7:1b:c3:4b:dc:33:7e:6f:81:91:43:8c:49:35:40:2b:3d:5a:
         25:a7:70:b9:c8:07:dd:8f:25:87:1a:e4:ad:e4:ed:63:9d:1a:
         a9:17:cd:30:18:b9:7b:c6:63:fa:fe:58:b5:ef:73:f7:60:99:
         1c:ca:41:5b:06:26:e3:4a:26:b0:4e:86:e9:97:66:b2:53:7c:
         55:13:ff:8c:99:47:36:32:2a:af:8f:c8:61:6d:78:98:65:7d:
         a7:55:51:55:1e:79:b5:01:46:4b:7c:50:fd:ce:eb:49:06:71:
         dd:3e:2d:9b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZc2XV18UiCjYptopOOtLZPqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjUwNjAzMTUxNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDUyNWU1NjA2NDg3NzVkZmQ5Mjc2NjAzMTM2MTk5ODA5ZjAyYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0GLDSdZnovydjACwZWK1jMtfJBxV
eOzq5nGfIF9c4v9mpG6nvwxQ0GGDd09+tVqWdaLED9kGBhgT5MpgMFm6xYmionDM
kbdUbcf0LyV2lndSDZRuh5zdFGGc941FhaOO4vNbgGyhLdsl2xHEOOvvkz9M1Z1d
vrdOiBllou5+u0so55XJiRbtMxBejPClLOfjg9gx+lUfxLjj7SF1hdXyAt2K9bgM
P+KlvHGZQeOYym43c0qDIig2qVjvAiSuMoVc00k6wNczNKoVu+d0w6G53WoRvUVo
gI7R8eePN3oIYu+/uaTpA1I1Kl0ccJOHGvdGm0se7oINjtp/emW3MMlgWwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFNRSXlYGSHdd/ZJ2YDE2GZgJ8Cw7MB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvMUZKZVZnWklkMTM5a25aZ01UWVptQW53TERzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQARTmsAwQB
Z3YQAwQBvlyuMAwDBALD+hQDBADD+hYDBAHD+h4DBADGJlEwDAMEAMYmUwMEAcYm
WDANBgkqhkiG9w0BAQsFAAOCAQEAN+ApReHNtkcVKU6Xz7zJq7cF/qvhdhJmVos8
9RL+WoHTp2S53HSS6imwEcCjYTsMsrQjEdu/anDNhEcvT0mnaMiuVM/fKYaVp4/h
FqzmXn8/ouhf1WLAcM3reKqikUujrtFmajp5F4SEaHtmyclcrOu+lODe2B3qhlMU
lDwKVyIJxWxJhrJiNL6hxDgZvjXTtxvDS9wzfm+BkUOMSTVAKz1aJadwucgH3Y8l
hxrkreTtY50aqRfNMBi5e8Zj+v5Yte9z92CZHMpBWwYm40omsE6G6ZdmslN8VRP/
jJlHNjIqr4/IYW14mGV9p1VRVR55tQFGS3xQ/c7rSQZx3T4tmw==
-----END CERTIFICATE-----
Generated at Wed Jun 11 07:31:08 2025 by rpki-client