Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/BpSPq7XfPfzRsknKhPXQhOzp2EE.roa
File:                     BpSPq7XfPfzRsknKhPXQhOzp2EE.roa (raw, json)
Hash identifier:          h2/Pws1JkvszHvwCU+CrKw9Tx8/syCQT7vQlEmitd5Q=
Subject key identifier:   06:94:8F:AB:B5:DF:3D:FC:D1:B2:49:CA:84:F5:D0:84:EC:E9:D8:41
Certificate issuer:       /CN=a608db43964b6986ec740f0b5e33f627589ac560
Certificate serial:       0197172734EC979C2CC87519332540487503
Authority key identifier: A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/BpSPq7XfPfzRsknKhPXQhOzp2EE.roa
Signing time:             Wed 28 May 2025 13:48:54 +0000
ROA not before:           Wed 28 May 2025 13:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60042
IP address blocks:        79.133.178.0/24 maxlen: 24
                          176.118.208.0/22 maxlen: 22
                          176.118.209.0/24 maxlen: 24
                          176.118.213.0/24 maxlen: 24
                          176.118.214.0/23 maxlen: 23
                          176.118.216.0/22 maxlen: 22
                          176.118.220.0/22 maxlen: 22
                          176.118.222.0/24 maxlen: 24
                          185.42.228.0/22 maxlen: 22
                          185.42.228.0/23 maxlen: 23
                          185.42.229.0/24 maxlen: 24
                          185.42.230.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 20:45:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:17:27:34:ec:97:9c:2c:c8:75:19:33:25:40:48:75:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a608db43964b6986ec740f0b5e33f627589ac560
        Validity
            Not Before: May 28 13:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06948fabb5df3dfcd1b249ca84f5d084ece9d841
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:20:02:56:53:bf:b3:57:91:69:13:4a:37:b0:
                    c6:32:6a:18:71:fd:1f:19:a6:4b:ce:96:5e:f9:25:
                    f8:1f:57:a4:83:94:4a:73:ab:d3:95:70:40:b5:56:
                    df:92:fd:d6:16:0c:14:0d:7e:64:28:c7:d8:0f:4b:
                    29:5f:4c:9b:80:24:35:94:c5:65:98:0e:d7:5c:aa:
                    93:e7:3f:e6:1a:8a:88:6d:78:fc:84:e2:56:15:ae:
                    40:67:d1:7c:c5:9b:26:9a:54:8f:c7:ed:39:7a:10:
                    32:d3:1d:1f:3b:ae:59:a5:ce:3f:2a:93:12:2e:21:
                    6c:58:8d:ab:ef:9f:a4:99:af:cf:ba:81:af:e7:7f:
                    68:3b:c2:d2:34:e5:84:9c:12:64:54:03:a3:01:32:
                    fc:bf:dd:01:9f:20:b2:99:5b:9d:2c:18:4d:07:77:
                    78:99:70:62:a5:85:a8:06:e0:d8:d9:ee:12:58:fb:
                    56:f7:a3:cf:c6:d6:e5:81:25:e9:d2:63:ad:2f:1f:
                    6b:40:5b:31:45:6b:41:13:b4:20:53:01:22:03:78:
                    cc:80:fc:2f:49:64:b3:9c:98:45:77:74:97:b1:a0:
                    2c:5d:47:a5:92:e3:94:67:4e:50:f3:c5:1b:11:bc:
                    84:88:d2:eb:28:1d:ae:84:69:b0:d7:e3:d6:95:92:
                    99:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:94:8F:AB:B5:DF:3D:FC:D1:B2:49:CA:84:F5:D0:84:EC:E9:D8:41
            X509v3 Authority Key Identifier:
                keyid:A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/BpSPq7XfPfzRsknKhPXQhOzp2EE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.178.0/24
                  176.118.208.0/22
                  176.118.213.0-176.118.223.255
                  185.42.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:46:7a:48:49:45:88:03:5d:5f:83:88:a7:6a:3d:f2:ae:30:
         bf:2a:b3:9c:b5:52:d3:89:c6:f6:61:2b:cd:19:9d:4a:65:2b:
         6f:cc:b2:09:d4:35:7c:83:da:ca:12:20:10:88:10:f2:f6:45:
         3d:e9:a2:dc:1b:e3:04:2b:ad:5c:34:d1:27:11:37:55:c0:a3:
         4d:41:5d:ea:24:cf:33:3b:61:de:7a:f0:77:73:b9:d9:81:1a:
         14:4b:96:da:c0:c1:d2:3d:0e:e7:07:c3:76:7c:c9:79:23:9a:
         ff:85:61:52:01:be:52:21:8a:8a:6f:5c:0f:f4:5b:87:ea:bf:
         8c:aa:04:0e:b4:f8:6b:06:f6:8f:1f:3b:f8:37:f2:61:e6:39:
         88:d5:28:50:6c:d6:47:5c:56:d6:f7:cd:79:44:ee:94:b9:5f:
         90:ea:ef:e7:0d:28:cd:ba:37:61:70:3d:5c:d3:63:05:89:51:
         62:95:6c:53:6d:a8:7e:44:15:16:2c:43:64:bf:a3:57:56:d0:
         57:d9:cd:56:e3:e9:2f:36:f9:9f:67:1a:97:24:d6:ec:e3:88:
         02:ea:18:91:9a:3e:1e:f2:65:fc:37:ef:5c:82:e0:84:21:2f:
         97:f7:4c:73:90:57:89:81:dc:d6:58:73:b2:c5:9a:95:0e:96:
         95:24:8e:5e
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZcXJzTsl5wsyHUZMyVASHUDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MDhkYjQzOTY0YjY5ODZlYzc0MGYwYjVlMzNmNjI3NTg5
YWM1NjAwHhcNMjUwNTI4MTM0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjk0OGZhYmI1ZGYzZGZjZDFiMjQ5Y2E4NGY1ZDA4NGVjZTlkODQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCACVlO/s1eRaRNKN7DGMmoYcf0f
GaZLzpZe+SX4H1ekg5RKc6vTlXBAtVbfkv3WFgwUDX5kKMfYD0spX0ybgCQ1lMVl
mA7XXKqT5z/mGoqIbXj8hOJWFa5AZ9F8xZsmmlSPx+05ehAy0x0fO65Zpc4/KpMS
LiFsWI2r75+kma/PuoGv539oO8LSNOWEnBJkVAOjATL8v90BnyCymVudLBhNB3d4
mXBipYWoBuDY2e4SWPtW96PPxtblgSXp0mOtLx9rQFsxRWtBE7QgUwEiA3jMgPwv
SWSznJhFd3SXsaAsXUelkuOUZ05Q88UbEbyEiNLrKB2uhGmw1+PWlZKZhwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAaUj6u13z380bJJyoT10ITs6dhBMB8GA1UdIwQY
MBaAFKYI20OWS2mG7HQPC14z9idYmsVgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQt
ZDY0NjgzY2VlMTZmLzEvQnBTUHE3WGZQZnpSc2tuS2hQWFFoT3pwMkVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQtZDY0NjgzY2VlMTZm
LzEvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAT4WyAwQC
sHbQMAwDBACwdtUDBAWwdsADBAK5KuQwDQYJKoZIhvcNAQELBQADggEBAJtGekhJ
RYgDXV+DiKdqPfKuML8qs5y1UtOJxvZhK80ZnUplK2/MsgnUNXyD2soSIBCIEPL2
RT3potwb4wQrrVw00ScRN1XAo01BXeokzzM7Yd568HdzudmBGhRLltrAwdI9DucH
w3Z8yXkjmv+FYVIBvlIhiopvXA/0W4fqv4yqBA60+GsG9o8fO/g38mHmOYjVKFBs
1kdcVtb3zXlE7pS5X5Dq7+cNKM26N2FwPVzTYwWJUWKVbFNtqH5EFRYsQ2S/o1dW
0FfZzVbj6S82+Z9nGpck1uzjiALqGJGaPh7yZfw371yC4IQhL5f3THOQV4mB3NZY
c7LFmpUOlpUkjl4=
-----END CERTIFICATE-----
Generated at Wed Jun 11 07:29:38 2025 by rpki-client