Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/g-54cvk5hO2Au4tfyjhzhnHoH90.roa
File:                     g-54cvk5hO2Au4tfyjhzhnHoH90.roa (raw, json)
Hash identifier:          Q49mbpUpWnr28zAxYWF00PO3wsoqtVE5pDkqJmiOpho=
Subject key identifier:   83:EE:78:72:F9:39:84:ED:80:BB:8B:5F:CA:38:73:86:71:E8:1F:DD
Certificate issuer:       /CN=593897174f967490dbf6189d479df2c9371bf404
Certificate serial:       019731477C3936EC189611FE1D587C1966B2
Authority key identifier: 59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/g-54cvk5hO2Au4tfyjhzhnHoH90.roa
Signing time:             Mon 02 Jun 2025 15:34:17 +0000
ROA not before:           Mon 02 Jun 2025 15:34:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8495
IP address blocks:        185.67.36.0/23 maxlen: 23
                          185.67.36.0/24 maxlen: 24
                          185.67.37.0/24 maxlen: 24
                          2a05:bc0:1000::/47 maxlen: 47
                          2a05:bc0:1000::/48 maxlen: 48
                          2a05:bc0:1001::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 20:45:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:31:47:7c:39:36:ec:18:96:11:fe:1d:58:7c:19:66:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=593897174f967490dbf6189d479df2c9371bf404
        Validity
            Not Before: Jun  2 15:34:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83ee7872f93984ed80bb8b5fca38738671e81fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:57:08:63:f0:ee:3d:0b:94:85:90:9e:9a:f7:
                    bd:c8:d3:c1:19:45:2e:29:46:38:6e:9c:ec:50:b5:
                    c1:48:34:e3:68:01:cd:40:00:16:b7:66:20:6b:c1:
                    38:b0:4c:62:05:32:3a:98:67:7c:bf:ab:cb:95:67:
                    30:77:97:f7:fb:4e:bf:f9:69:fa:34:4f:47:ac:c7:
                    78:8e:6e:1e:2f:10:fc:9a:cc:65:e2:07:c2:4d:c2:
                    9c:49:b9:84:d8:c7:dc:bd:dd:af:0d:09:01:92:77:
                    e7:fe:7b:84:44:f1:c3:a1:c0:e0:9f:42:97:e1:a8:
                    04:9e:83:f3:f1:45:4d:ea:52:d7:4b:0e:33:d9:95:
                    63:e2:a4:1e:79:b9:92:b2:e2:ff:96:27:0b:33:d1:
                    e0:0d:5a:13:e8:f6:98:8e:ff:9f:6d:5d:5b:67:4a:
                    8f:18:a2:63:39:28:60:85:f1:33:6f:1a:56:80:f3:
                    f6:7e:09:2b:99:8d:b6:dc:2e:83:61:88:65:1f:4e:
                    b7:2f:0f:18:c0:65:d9:25:a9:12:d3:05:80:bd:c7:
                    6a:cd:27:f6:a5:9d:b1:bc:34:da:4f:02:31:b5:ff:
                    8d:1f:4c:9c:e8:c6:80:97:18:84:55:84:cd:17:2f:
                    f7:94:92:82:80:60:2c:87:b3:ec:f8:41:82:52:2e:
                    b1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:EE:78:72:F9:39:84:ED:80:BB:8B:5F:CA:38:73:86:71:E8:1F:DD
            X509v3 Authority Key Identifier:
                keyid:59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/g-54cvk5hO2Au4tfyjhzhnHoH90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.36.0/23
                IPv6:
                  2a05:bc0:1000::/47

    Signature Algorithm: sha256WithRSAEncryption
         4e:cb:44:8b:ad:06:64:8a:44:7f:83:3c:4d:be:14:01:f0:e7:
         ba:32:d3:d5:f1:77:72:22:90:47:b6:8c:6c:92:f9:b2:de:99:
         14:f1:41:74:60:2b:05:16:f7:b6:3b:1b:e2:b8:be:4a:6a:0c:
         64:81:4e:23:a8:e6:cc:c3:71:69:be:b7:5c:f5:91:1e:52:4b:
         aa:c7:af:f2:61:d3:e0:7c:7a:c4:16:3e:78:c0:f3:8a:61:13:
         a8:eb:16:f9:87:22:d4:24:f2:88:7e:59:e2:52:02:dd:7a:7e:
         6e:cd:ec:3e:23:ce:72:76:62:1e:c9:5b:a5:97:5c:8c:e0:cf:
         09:c3:2e:a9:b5:75:33:27:9e:cc:37:04:63:94:2e:b4:7d:0b:
         be:ee:8a:30:8d:23:5f:04:ed:e1:74:9b:d9:fe:61:09:dc:7d:
         51:6c:c1:00:cc:46:21:70:7f:04:62:cf:fc:27:49:a2:12:a2:
         df:a0:10:f2:4b:ea:9a:34:57:6f:3f:f5:ee:5e:1e:2c:5e:23:
         a8:07:86:6a:b9:19:20:7d:f2:f3:f2:44:04:e2:08:ef:82:4b:
         87:a9:b2:89:d2:e8:c7:99:ed:5b:92:f5:22:c5:39:2b:2f:4e:
         e7:8d:5d:8d:46:17:53:71:3c:9f:ce:35:2b:2d:ce:c4:07:a0:
         28:e8:87:67
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZcxR3w5NuwYlhH+HVh8GWayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5Mzg5NzE3NGY5Njc0OTBkYmY2MTg5ZDQ3OWRmMmM5Mzcx
YmY0MDQwHhcNMjUwNjAyMTUzNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2VlNzg3MmY5Mzk4NGVkODBiYjhiNWZjYTM4NzM4NjcxZTgxZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVcIY/DuPQuUhZCemve9yNPBGUUu
KUY4bpzsULXBSDTjaAHNQAAWt2Yga8E4sExiBTI6mGd8v6vLlWcwd5f3+06/+Wn6
NE9HrMd4jm4eLxD8msxl4gfCTcKcSbmE2Mfcvd2vDQkBknfn/nuERPHDocDgn0KX
4agEnoPz8UVN6lLXSw4z2ZVj4qQeebmSsuL/licLM9HgDVoT6PaYjv+fbV1bZ0qP
GKJjOShghfEzbxpWgPP2fgkrmY223C6DYYhlH063Lw8YwGXZJakS0wWAvcdqzSf2
pZ2xvDTaTwIxtf+NH0yc6MaAlxiEVYTNFy/3lJKCgGAsh7Ps+EGCUi6xaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIPueHL5OYTtgLuLX8o4c4Zx6B/dMB8GA1UdIwQY
MBaAFFk4lxdPlnSQ2/YYnUed8sk3G/QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1RpWEYwLVdkSkRiOWhpZFI1M3l5VGNiOUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kY2Y5NzYtMDA3ZC00NTQyLWIwZTIt
NWY4ZmM3MDc4MzZhLzEvZy01NGN2azVoTzJBdTR0ZnlqaHpobkhvSDkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kY2Y5NzYtMDA3ZC00NTQyLWIwZTItNWY4ZmM3MDc4MzZh
LzEvV1RpWEYwLVdkSkRiOWhpZFI1M3l5VGNiOUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuUMkMA8E
AgACMAkDBwEqBQvAEAAwDQYJKoZIhvcNAQELBQADggEBAE7LRIutBmSKRH+DPE2+
FAHw57oy09Xxd3IikEe2jGyS+bLemRTxQXRgKwUW97Y7G+K4vkpqDGSBTiOo5szD
cWm+t1z1kR5SS6rHr/Jh0+B8esQWPnjA84phE6jrFvmHItQk8oh+WeJSAt16fm7N
7D4jznJ2Yh7JW6WXXIzgzwnDLqm1dTMnnsw3BGOULrR9C77uijCNI18E7eF0m9n+
YQncfVFswQDMRiFwfwRiz/wnSaISot+gEPJL6po0V28/9e5eHixeI6gHhmq5GSB9
8vPyRATiCO+CS4epsonS6MeZ7VuS9SLFOSsvTueNXY1GF1NxPJ/ONSstzsQHoCjo
h2c=
-----END CERTIFICATE-----
Generated at Wed Jun 11 03:37:11 2025 by rpki-client