Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/25BBiDR8yUw_giFf8TVIFyZVcZE.roa
File:                     25BBiDR8yUw_giFf8TVIFyZVcZE.roa (raw, json)
Hash identifier:          PFZc2HRYy/c/JYp6Cc+Y2LgsM9oiJMXKoNebC6wZE1g=
Subject key identifier:   DB:90:41:88:34:7C:C9:4C:3F:82:21:5F:F1:35:48:17:26:55:71:91
Certificate issuer:       /CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
Certificate serial:       019F2368795967872E30A9920648F28A3815
Authority key identifier: C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/25BBiDR8yUw_giFf8TVIFyZVcZE.roa
Signing time:             Thu 02 Jul 2026 15:17:57 +0000
ROA not before:           Thu 02 Jul 2026 15:17:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137235
IP address blocks:        213.220.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Jul 2026 15:19:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:79:59:67:87:2e:30:a9:92:06:48:f2:8a:38:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
        Validity
            Not Before: Jul  2 15:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db904188347cc94c3f82215ff135481726557191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:8d:c9:d5:2c:c7:6f:08:e9:d9:aa:0d:4d:75:
                    64:3c:6f:c9:fa:6f:2d:d5:a2:a2:a8:ce:e6:db:b4:
                    b2:f0:f9:36:5c:68:84:b5:79:fd:6b:35:d1:fc:5f:
                    84:c4:3c:74:1c:9d:18:c9:ed:46:f8:40:ee:fe:50:
                    66:6e:7c:61:f9:52:9f:ec:a3:c2:31:b9:39:38:5b:
                    87:a8:1c:6b:f7:10:c4:ce:c3:e3:25:81:05:c9:79:
                    b0:8a:55:0f:99:a1:fd:7e:42:25:af:56:0b:b6:3a:
                    5e:b9:1f:c4:15:50:06:02:f0:0f:29:f8:42:ee:df:
                    28:f8:91:76:16:78:f2:37:93:39:1b:88:3f:b3:fb:
                    ae:05:48:c9:0b:f2:de:6c:e0:6d:e0:c9:aa:80:8f:
                    82:f7:4e:e0:ba:73:61:b1:ab:30:e1:45:fe:73:ed:
                    c4:cf:c7:7d:dd:8d:54:e1:82:e7:3a:7b:1d:1f:af:
                    d3:14:8c:7f:63:a2:39:d4:6d:ef:fc:9c:92:71:ff:
                    b5:4d:15:2a:4d:37:1a:7f:01:ca:a9:01:8d:00:32:
                    d9:a2:98:8c:37:ed:e0:84:12:3b:83:c9:17:9b:dd:
                    25:7a:9c:28:e7:38:13:3f:4b:31:a1:e7:c6:68:80:
                    d7:3d:99:0b:51:73:f8:6b:1e:20:df:2e:81:ab:40:
                    91:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:90:41:88:34:7C:C9:4C:3F:82:21:5F:F1:35:48:17:26:55:71:91
            X509v3 Authority Key Identifier:
                keyid:C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/25BBiDR8yUw_giFf8TVIFyZVcZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:c1:00:7d:d3:05:87:7c:8c:c7:db:44:65:08:05:6d:68:a9:
         c0:d0:d6:78:49:0a:d0:7c:6e:90:94:83:4c:48:9c:b6:c9:9c:
         ee:df:b9:51:29:75:42:b5:c8:e8:53:10:1c:de:b8:9b:3e:39:
         b0:7b:ae:79:c9:d3:4d:54:4d:2d:ba:fb:5f:f7:18:7b:51:ec:
         2c:00:27:1b:df:69:e9:1a:d2:a7:ae:88:dd:cb:db:83:ee:a4:
         1f:36:26:19:eb:86:55:5a:00:07:38:2d:8b:b3:52:5e:e0:aa:
         c6:e0:08:01:90:c4:0b:c0:52:cd:b4:27:c4:05:c0:5e:a6:b5:
         47:25:8a:b6:2f:7e:36:53:5d:ee:82:e1:b2:b0:96:ac:d1:20:
         97:32:15:f4:4b:71:54:b9:7f:63:13:84:5b:87:2e:70:82:a0:
         60:bd:e2:35:aa:93:32:55:35:1b:d6:6a:fe:18:c9:b0:7b:57:
         10:c5:76:68:e3:f5:a3:35:cb:f5:a2:7b:23:aa:30:7c:47:e6:
         a2:e5:5d:f5:db:8c:22:d1:6b:a6:0b:0a:8b:0a:55:8d:fe:2c:
         95:2a:52:ac:90:4c:91:3e:e4:3d:b5:93:67:30:b2:f7:2a:4a:
         d3:4f:70:e6:22:67:99:d0:a3:b0:bd:bc:c2:a0:44:2b:38:09:
         79:e2:17:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaHlZZ4cuMKmSBkjyijgVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNjBkNDZkMWQ4MDQ2YjRkNzRlNGQ4MTU4MThjOGUzNjU5
ZWRiZTkwHhcNMjYwNzAyMTUxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjkwNDE4ODM0N2NjOTRjM2Y4MjIxNWZmMTM1NDgxNzI2NTU3MTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA943J1SzHbwjp2aoNTXVkPG/J+m8t
1aKiqM7m27Sy8Pk2XGiEtXn9azXR/F+ExDx0HJ0Yye1G+EDu/lBmbnxh+VKf7KPC
Mbk5OFuHqBxr9xDEzsPjJYEFyXmwilUPmaH9fkIlr1YLtjpeuR/EFVAGAvAPKfhC
7t8o+JF2FnjyN5M5G4g/s/uuBUjJC/LebOBt4MmqgI+C907gunNhsasw4UX+c+3E
z8d93Y1U4YLnOnsdH6/TFIx/Y6I51G3v/JyScf+1TRUqTTcafwHKqQGNADLZopiM
N+3ghBI7g8kXm90lepwo5zgTP0sxoefGaIDXPZkLUXP4ax4g3y6Bq0CRlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNuQQYg0fMlMP4IhX/E1SBcmVXGRMB8GA1UdIwQY
MBaAFMBg1G0dgEa0105NgVgYyONlntvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvMjVCQmlEUjh5VXdfZ2lGZjhUVklGeVpWY1pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dwqMA0G
CSqGSIb3DQEBCwUAA4IBAQCCwQB90wWHfIzH20RlCAVtaKnA0NZ4SQrQfG6QlINM
SJy2yZzu37lRKXVCtcjoUxAc3ribPjmwe655ydNNVE0tuvtf9xh7UewsACcb32np
GtKnrojdy9uD7qQfNiYZ64ZVWgAHOC2Ls1Je4KrG4AgBkMQLwFLNtCfEBcBeprVH
JYq2L342U13uguGysJas0SCXMhX0S3FUuX9jE4Rbhy5wgqBgveI1qpMyVTUb1mr+
GMmwe1cQxXZo4/WjNcv1onsjqjB8R+ai5V3124wi0WumCwqLClWN/iyVKlKskEyR
PuQ9tZNnMLL3KkrTT3DmImeZ0KOwvbzCoEQrOAl54hf6
-----END CERTIFICATE-----
Generated at Thu Jul 2 23:47:53 2026 by rpki-client