Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/IdxZ7ii2BtH-aHbClfeNmCS_iVo.roa
File:                     IdxZ7ii2BtH-aHbClfeNmCS_iVo.roa (raw, json)
Hash identifier:          f/5uTyMaYzEzYCrjU7gNcgtd3V1ld08XX3gn3rUAydA=
Subject key identifier:   21:DC:59:EE:28:B6:06:D1:FE:68:76:C2:95:F7:8D:98:24:BF:89:5A
Certificate issuer:       /CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
Certificate serial:       019F236871F2F3EEB4BDEFEAABD9600B2C8D
Authority key identifier: C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/IdxZ7ii2BtH-aHbClfeNmCS_iVo.roa
Signing time:             Thu 02 Jul 2026 15:17:55 +0000
ROA not before:           Thu 02 Jul 2026 15:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.240.0/24 maxlen: 24
                          45.155.241.0/24 maxlen: 24
                          45.155.242.0/24 maxlen: 24
                          194.143.203.0/24 maxlen: 24
                          194.143.205.0/24 maxlen: 24
                          194.143.209.0/24 maxlen: 24
                          194.143.217.0/24 maxlen: 24
                          194.143.218.0/24 maxlen: 24
                          194.143.221.0/24 maxlen: 24
                          194.143.222.0/24 maxlen: 24
                          194.143.223.0/24 maxlen: 24
                          195.114.192.0/24 maxlen: 24
                          195.114.195.0/24 maxlen: 24
                          195.114.196.0/24 maxlen: 24
                          195.114.197.0/24 maxlen: 24
                          195.114.198.0/24 maxlen: 24
                          195.114.200.0/24 maxlen: 24
                          195.114.202.0/24 maxlen: 24
                          195.114.203.0/24 maxlen: 24
                          195.114.205.0/24 maxlen: 24
                          213.220.0.0/24 maxlen: 24
                          213.220.2.0/24 maxlen: 24
                          213.220.4.0/24 maxlen: 24
                          213.220.6.0/24 maxlen: 24
                          213.220.11.0/24 maxlen: 24
                          213.220.13.0/24 maxlen: 24
                          213.220.14.0/24 maxlen: 24
                          213.220.18.0/24 maxlen: 24
                          213.220.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Jul 2026 15:19:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:71:f2:f3:ee:b4:bd:ef:ea:ab:d9:60:0b:2c:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
        Validity
            Not Before: Jul  2 15:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21dc59ee28b606d1fe6876c295f78d9824bf895a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9c:3d:87:81:89:24:7b:b5:65:de:9d:87:b0:
                    e0:82:33:87:f7:b5:be:25:51:dc:36:d2:1b:26:3b:
                    02:69:ec:02:b0:a0:76:20:5d:35:14:0b:29:b4:c5:
                    ce:40:e1:72:fd:48:ee:76:df:36:3f:6d:b8:4a:b6:
                    f0:d9:f3:fc:7b:bf:48:e6:75:16:9e:2c:9d:b4:97:
                    58:1c:71:e7:4f:8e:24:2d:21:f4:df:00:06:b5:6c:
                    00:e9:5d:41:ad:e3:ed:84:bb:40:aa:bd:56:08:91:
                    75:13:e8:34:99:18:56:0f:37:e4:55:71:e9:26:47:
                    94:5c:2c:2c:b8:91:11:3b:99:11:a6:9f:21:a2:c3:
                    f5:ca:4e:44:7e:4a:94:82:5c:dc:72:cc:6e:78:0e:
                    09:f9:61:1f:7b:96:6d:8a:50:6b:50:24:da:55:3e:
                    31:f9:eb:96:0e:b4:9a:e9:94:ce:56:fe:a1:78:89:
                    0a:f5:26:d1:29:24:05:bc:c9:ce:cf:bf:7a:65:85:
                    d0:66:ba:d3:e6:e2:29:cd:92:68:42:b7:ad:db:f1:
                    bc:5f:9c:21:ad:66:da:4f:d7:cf:e9:84:25:55:18:
                    18:e9:5a:57:da:cb:85:cb:ad:22:dc:19:30:bb:33:
                    84:65:a7:b8:bf:bb:49:64:0b:6a:53:53:dd:6e:a8:
                    b8:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:DC:59:EE:28:B6:06:D1:FE:68:76:C2:95:F7:8D:98:24:BF:89:5A
            X509v3 Authority Key Identifier:
                keyid:C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/IdxZ7ii2BtH-aHbClfeNmCS_iVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.240.0-45.155.242.255
                  194.143.203.0/24
                  194.143.205.0/24
                  194.143.209.0/24
                  194.143.217.0-194.143.218.255
                  194.143.221.0-194.143.223.255
                  195.114.192.0/24
                  195.114.195.0-195.114.198.255
                  195.114.200.0/24
                  195.114.202.0/23
                  195.114.205.0/24
                  213.220.0.0/24
                  213.220.2.0/24
                  213.220.4.0/24
                  213.220.6.0/24
                  213.220.11.0/24
                  213.220.13.0-213.220.14.255
                  213.220.18.0/24
                  213.220.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:29:06:6f:71:0a:4f:46:d1:82:64:3d:09:fe:67:7a:51:a2:
         0f:9e:f2:fa:75:f6:29:cc:da:3f:04:9b:69:ec:cb:8e:e4:e4:
         ec:5d:44:6d:41:cb:da:85:cc:87:92:0e:cf:86:0c:ef:24:d1:
         8c:e4:bb:a5:9c:81:f1:ac:f5:d9:03:fb:b4:b7:da:74:a1:8a:
         7b:66:7a:67:f7:66:2b:01:fc:10:f7:0d:f3:78:a3:d0:be:68:
         be:3f:f3:57:a6:d9:f5:98:f7:6a:29:c9:29:f2:8a:ef:2e:21:
         5f:7c:d5:4d:11:22:a5:2f:28:9f:84:6a:bc:33:b4:5a:64:d9:
         f5:34:60:6d:a8:5c:ba:22:9c:dd:eb:ae:b0:4d:36:93:66:55:
         2e:47:8c:75:8e:b1:a1:45:5e:41:fc:fe:81:4c:28:ee:38:aa:
         21:9f:73:c2:80:80:68:be:aa:e6:93:2c:33:cc:25:05:97:5d:
         9d:b1:c2:4a:2e:77:26:b7:87:ef:fa:31:9b:e7:05:b4:36:a5:
         cf:3c:21:1d:7c:c5:14:83:e0:d6:83:a1:0f:82:ca:ea:b2:6d:
         de:e0:27:fd:b1:d5:67:a4:8a:08:44:1a:b1:54:b6:da:41:9f:
         e4:64:f9:9b:09:9f:99:2e:c4:d0:2c:d8:36:7d:cd:51:96:cb:
         a2:1e:8d:7c
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAZ8jaHHy8+60ve/qq9lgCyyNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNjBkNDZkMWQ4MDQ2YjRkNzRlNGQ4MTU4MThjOGUzNjU5
ZWRiZTkwHhcNMjYwNzAyMTUxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWRjNTllZTI4YjYwNmQxZmU2ODc2YzI5NWY3OGQ5ODI0YmY4OTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZw9h4GJJHu1Zd6dh7DggjOH97W+
JVHcNtIbJjsCaewCsKB2IF01FAsptMXOQOFy/Ujudt82P224Srbw2fP8e79I5nUW
niydtJdYHHHnT44kLSH03wAGtWwA6V1BrePthLtAqr1WCJF1E+g0mRhWDzfkVXHp
JkeUXCwsuJERO5kRpp8hosP1yk5EfkqUglzccsxueA4J+WEfe5ZtilBrUCTaVT4x
+euWDrSa6ZTOVv6heIkK9SbRKSQFvMnOz796ZYXQZrrT5uIpzZJoQret2/G8X5wh
rWbaT9fP6YQlVRgY6VpX2suFy60i3BkwuzOEZae4v7tJZAtqU1Pdbqi4NwIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFCHcWe4otgbR/mh2wpX3jZgkv4laMB8GA1UdIwQY
MBaAFMBg1G0dgEa0105NgVgYyONlntvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvSWR4WjdpaTJCdEgtYUhiQ2xmZU5tQ1NfaVZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG3BggrBgEFBQcBBwEB/wSBpzCBpDCBoQQCAAEwgZowDAME
BC2b8AMEAC2b8gMEAMKPywMEAMKPzQMEAMKP0TAMAwQAwo/ZAwQAwo/aMAwDBADC
j90DBAXCj8ADBADDcsAwDAMEAMNywwMEAMNyxgMEAMNyyAMEAcNyygMEAMNyzQME
ANXcAAMEANXcAgMEANXcBAMEANXcBgMEANXcCzAMAwQA1dwNAwQA1dwOAwQA1dwS
AwQA1dwyMA0GCSqGSIb3DQEBCwUAA4IBAQABKQZvcQpPRtGCZD0J/md6UaIPnvL6
dfYpzNo/BJtp7MuO5OTsXURtQcvahcyHkg7PhgzvJNGM5LulnIHxrPXZA/u0t9p0
oYp7Znpn92YrAfwQ9w3zeKPQvmi+P/NXptn1mPdqKckp8orvLiFffNVNESKlLyif
hGq8M7RaZNn1NGBtqFy6Ipzd666wTTaTZlUuR4x1jrGhRV5B/P6BTCjuOKohn3PC
gIBovqrmkywzzCUFl12dscJKLncmt4fv+jGb5wW0NqXPPCEdfMUUg+DWg6EPgsrq
sm3e4Cf9sdVnpIoIRBqxVLbaQZ/kZPmbCZ+ZLsTQLNg2fc1RlsuiHo18
-----END CERTIFICATE-----
Generated at Thu Jul 2 23:45:23 2026 by rpki-client