Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/RXbwxnxv5i77bPKXOPNg3gLHQ2Q.roa
File:                     RXbwxnxv5i77bPKXOPNg3gLHQ2Q.roa (raw, json)
Hash identifier:          Hb7ewCgNUReilTcVx5Y6r0li4yOFHBvAH9Jj35wZEN0=
Subject key identifier:   45:76:F0:C6:7C:6F:E6:2E:FB:6C:F2:97:38:F3:60:DE:02:C7:43:64
Certificate issuer:       /CN=a86580e18ad6ff8dc942be883c16de8b731f9605
Certificate serial:       0196C8B903C778E578E7E4A8775DBEFF2824
Authority key identifier: A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/RXbwxnxv5i77bPKXOPNg3gLHQ2Q.roa
Signing time:             Tue 13 May 2025 08:18:10 +0000
ROA not before:           Tue 13 May 2025 08:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        31.207.8.0/21 maxlen: 24
                          31.207.16.0/20 maxlen: 24
                          37.251.176.0/20 maxlen: 24
                          37.251.200.0/21 maxlen: 24
                          37.251.240.0/21 maxlen: 24
                          45.11.164.0/22 maxlen: 24
                          46.102.148.0/22 maxlen: 24
                          46.231.104.0/21 maxlen: 24
                          62.122.40.0/21 maxlen: 24
                          82.148.192.0/19 maxlen: 24
                          84.53.64.0/18 maxlen: 24
                          89.20.160.0/19 maxlen: 24
                          90.145.0.0/16 maxlen: 24
                          90.145.59.0/24 maxlen: 24
                          91.194.8.0/23 maxlen: 24
                          93.95.248.0/21 maxlen: 24
                          94.24.64.0/21 maxlen: 24
                          109.94.144.0/20 maxlen: 24
                          141.136.16.0/20 maxlen: 24
                          144.178.64.0/19 maxlen: 24
                          144.178.96.0/21 maxlen: 24
                          144.178.108.0/22 maxlen: 24
                          144.178.112.0/22 maxlen: 24
                          144.178.120.0/21 maxlen: 24
                          144.178.192.0/19 maxlen: 24
                          144.178.224.0/20 maxlen: 24
                          144.178.240.0/21 maxlen: 24
                          144.178.248.0/22 maxlen: 24
                          151.236.144.0/20 maxlen: 24
                          151.248.48.0/21 maxlen: 24
                          161.51.64.0/19 maxlen: 24
                          185.41.144.0/22 maxlen: 24
                          185.184.204.0/22 maxlen: 24
                          188.214.40.0/21 maxlen: 24
                          2a01:5620::/29 maxlen: 48
                          2a01:9bc0::/29 maxlen: 48
                          2a02:120::/29 maxlen: 48
                          2a02:fe8::/32 maxlen: 48
                          2a02:fe9::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c8:b9:03:c7:78:e5:78:e7:e4:a8:77:5d:be:ff:28:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a86580e18ad6ff8dc942be883c16de8b731f9605
        Validity
            Not Before: May 13 08:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4576f0c67c6fe62efb6cf29738f360de02c74364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8c:dd:0c:73:41:97:e0:e1:08:4f:2f:67:93:
                    c4:9a:d9:49:a2:b2:2c:a0:49:0c:b0:f9:05:b4:71:
                    c6:99:69:02:59:78:09:0f:cf:60:6b:b1:43:12:1a:
                    f4:90:3a:d0:26:7a:4c:05:0b:8c:77:b3:b8:69:22:
                    2a:51:e0:f3:ae:54:97:6e:0d:a6:9b:b4:cb:ed:a4:
                    2b:49:b3:6d:23:18:9f:5f:97:96:50:cd:de:ea:5f:
                    7e:41:d6:ff:53:5d:7d:6b:4c:85:20:16:eb:66:c5:
                    47:d0:3c:99:2d:2e:7a:fb:2b:14:1d:37:6f:01:9f:
                    9d:7e:a5:b3:a2:6d:8a:73:a1:03:e3:38:f6:5d:f3:
                    51:67:a8:dc:25:7d:a2:fa:6a:7a:36:c9:2c:bd:b8:
                    4f:8f:74:c6:b5:b0:8e:5b:c3:79:f4:d5:bd:69:5c:
                    c0:b0:8d:ff:86:36:67:82:b9:86:46:2d:72:f5:73:
                    f5:d9:d9:30:36:db:62:7a:15:f0:54:9a:37:7f:12:
                    fd:37:85:a2:f6:a4:50:f1:c1:8b:37:93:16:77:86:
                    ff:7b:db:b0:19:25:ee:10:8e:7a:f8:6c:11:26:dd:
                    47:be:47:f4:07:6a:de:18:60:16:29:bc:9e:49:a7:
                    6a:6b:e7:2e:f4:d1:a9:8b:d5:42:fb:e1:63:e9:fa:
                    68:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:76:F0:C6:7C:6F:E6:2E:FB:6C:F2:97:38:F3:60:DE:02:C7:43:64
            X509v3 Authority Key Identifier:
                keyid:A8:65:80:E1:8A:D6:FF:8D:C9:42:BE:88:3C:16:DE:8B:73:1F:96:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGWA4YrW_43JQr6IPBbei3MflgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/RXbwxnxv5i77bPKXOPNg3gLHQ2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e29dce-a174-4b77-89aa-236e92fc6a59/1/qGWA4YrW_43JQr6IPBbei3MflgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.207.8.0-31.207.31.255
                  37.251.176.0/20
                  37.251.200.0/21
                  37.251.240.0/21
                  45.11.164.0/22
                  46.102.148.0/22
                  46.231.104.0/21
                  62.122.40.0/21
                  82.148.192.0/19
                  84.53.64.0/18
                  89.20.160.0/19
                  90.145.0.0/16
                  91.194.8.0/23
                  93.95.248.0/21
                  94.24.64.0/21
                  109.94.144.0/20
                  141.136.16.0/20
                  144.178.64.0-144.178.103.255
                  144.178.108.0-144.178.115.255
                  144.178.120.0/21
                  144.178.192.0-144.178.251.255
                  151.236.144.0/20
                  151.248.48.0/21
                  161.51.64.0/19
                  185.41.144.0/22
                  185.184.204.0/22
                  188.214.40.0/21
                IPv6:
                  2a01:5620::/29
                  2a01:9bc0::/29
                  2a02:120::/29
                  2a02:fe8::/31

    Signature Algorithm: sha256WithRSAEncryption
         47:5f:b2:76:79:3e:10:c3:e2:7b:d5:53:aa:1a:a7:1b:16:db:
         ab:29:01:02:57:ab:00:07:3a:e5:4b:b1:b2:fc:79:f3:37:4b:
         fe:c7:3e:bb:58:4f:64:f1:d1:5b:ff:18:15:9f:a7:0a:64:84:
         3a:24:90:1d:d5:fe:ff:d0:29:34:27:15:7b:be:e2:9d:09:57:
         ae:ef:8d:84:54:47:b2:bb:8a:22:a4:1a:71:a8:54:ad:67:2a:
         a1:ca:5e:2a:c1:8d:47:c4:6b:b7:0e:c2:74:b4:28:b1:16:4c:
         4e:4d:3d:23:79:02:75:33:9b:a4:aa:ed:24:59:97:1b:f6:37:
         9f:ee:a2:b3:38:cf:30:b1:a5:0d:c9:32:c8:e8:ba:f7:fc:9e:
         61:bd:8f:3b:73:c1:44:04:89:de:ce:e9:8f:44:5d:60:b4:2d:
         6b:ba:57:9e:53:69:b2:0b:29:40:9c:86:42:b9:e2:cf:bf:f8:
         68:9d:ee:12:2b:00:66:73:11:21:a4:31:28:13:07:45:eb:4f:
         2d:37:c8:84:2f:a8:bc:e1:dc:b3:30:2e:00:7a:97:02:f9:f5:
         97:88:41:d2:4c:1c:d1:74:a6:4b:38:aa:dd:ac:55:37:c4:1d:
         36:5c:1c:18:eb:ea:b3:58:dd:ad:d7:21:bf:7d:09:29:be:bd:
         b1:0b:85:cb
-----BEGIN CERTIFICATE-----
MIIF4jCCBMqgAwIBAgISAZbIuQPHeOV45+Sod12+/ygkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjU4MGUxOGFkNmZmOGRjOTQyYmU4ODNjMTZkZThiNzMx
Zjk2MDUwHhcNMjUwNTEzMDgxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTc2ZjBjNjdjNmZlNjJlZmI2Y2YyOTczOGYzNjBkZTAyYzc0MzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYzdDHNBl+DhCE8vZ5PEmtlJorIs
oEkMsPkFtHHGmWkCWXgJD89ga7FDEhr0kDrQJnpMBQuMd7O4aSIqUeDzrlSXbg2m
m7TL7aQrSbNtIxifX5eWUM3e6l9+Qdb/U119a0yFIBbrZsVH0DyZLS56+ysUHTdv
AZ+dfqWzom2Kc6ED4zj2XfNRZ6jcJX2i+mp6NsksvbhPj3TGtbCOW8N59NW9aVzA
sI3/hjZngrmGRi1y9XP12dkwNttiehXwVJo3fxL9N4Wi9qRQ8cGLN5MWd4b/e9uw
GSXuEI56+GwRJt1Hvkf0B2reGGAWKbyeSadqa+cu9NGpi9VC++Fj6fpoIQIDAQAB
o4IC7jCCAuowHQYDVR0OBBYEFEV28MZ8b+Yu+2zylzjzYN4Cx0NkMB8GA1UdIwQY
MBaAFKhlgOGK1v+NyUK+iDwW3otzH5YFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEt
MjM2ZTkyZmM2YTU5LzEvUlhid3hueHY1aTc3YlBLWE9QTmczZ0xIUTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lMjlkY2UtYTE3NC00Yjc3LTg5YWEtMjM2ZTkyZmM2YTU5
LzEvcUdXQTRZcldfNDNKUXI2SVBCYmVpM01mbGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAgYIKwYBBQUHAQcBAf8EgfIwge8wgcgEAgABMIHBMAwD
BAMfzwgDBAUfzwADBAQl+7ADBAMl+8gDBAMl+/ADBAItC6QDBAIuZpQDBAMu52gD
BAM+eigDBAVSlMADBAZUNUADBAVZFKADAwBakQMEAVvCCAMEA11f+AMEA14YQAME
BG1ekAMEBI2IEDAMAwQGkLJAAwQDkLJgMAwDBAKQsmwDBAKQsnADBAOQsngwDAME
BpCywAMEApCy+AMEBJfskAMEA5f4MAMEBaEzQAMEArkpkAMEArm4zAMEA7zWKDAi
BAIAAjAcAwUDKgFWIAMFAyoBm8ADBQMqAgEgAwUBKgIP6DANBgkqhkiG9w0BAQsF
AAOCAQEAR1+ydnk+EMPie9VTqhqnGxbbqykBAlerAAc65Uuxsvx58zdL/sc+u1hP
ZPHRW/8YFZ+nCmSEOiSQHdX+/9ApNCcVe77inQlXru+NhFRHsruKIqQacahUrWcq
ocpeKsGNR8Rrtw7CdLQosRZMTk09I3kCdTObpKrtJFmXG/Y3n+6iszjPMLGlDcky
yOi69/yeYb2PO3PBRASJ3s7pj0RdYLQta7pXnlNpsgspQJyGQrniz7/4aJ3uEisA
ZnMRIaQxKBMHRetPLTfIhC+ovOHcszAuAHqXAvn1l4hB0kwc0XSmSziq3axVN8Qd
NlwcGOvqs1jdrdchv30JKb69sQuFyw==
-----END CERTIFICATE-----
Generated at Tue Jun 10 16:09:06 2025 by rpki-client