Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ZJU7Yn4OgFwV3EgkepnbW9hDIvE.roa
File:                     ZJU7Yn4OgFwV3EgkepnbW9hDIvE.roa (raw, json)
Hash identifier:          Ft3uRd5+wQwQpXyYcn2mZoa56Wj4aO+sy2PGLzCpZ5w=
Subject key identifier:   64:95:3B:62:7E:0E:80:5C:15:DC:48:24:7A:99:DB:5B:D8:43:22:F1
Certificate issuer:       /CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
Certificate serial:       019F236877674439A37A61556DF4DC190B6B
Authority key identifier: C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ZJU7Yn4OgFwV3EgkepnbW9hDIvE.roa
Signing time:             Thu 02 Jul 2026 15:17:56 +0000
ROA not before:           Thu 02 Jul 2026 15:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41397
IP address blocks:        194.143.195.0/24 maxlen: 24
                          194.143.196.0/24 maxlen: 24
                          194.143.214.0/24 maxlen: 24
                          194.143.215.0/24 maxlen: 24
                          213.220.24.0/21 maxlen: 24
                          213.220.32.0/22 maxlen: 22
                          213.220.36.0/23 maxlen: 23
                          213.220.38.0/24 maxlen: 24
                          213.220.55.0/24 maxlen: 24
                          213.220.56.0/23 maxlen: 23
                          213.220.59.0/24 maxlen: 24
                          213.220.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Jul 2026 15:19:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:77:67:44:39:a3:7a:61:55:6d:f4:dc:19:0b:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
        Validity
            Not Before: Jul  2 15:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64953b627e0e805c15dc48247a99db5bd84322f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:47:92:27:26:d1:7d:9c:02:a7:73:1c:fd:3d:
                    8c:77:56:03:ce:cf:24:f6:2a:0b:78:e2:17:41:01:
                    f9:89:f4:aa:2e:d5:51:92:a8:a8:61:55:46:b7:c5:
                    45:58:6d:89:db:41:28:f5:7e:50:e4:87:2c:19:2e:
                    63:e1:52:e6:97:79:17:d8:a4:66:6e:fb:30:d9:31:
                    a3:61:8c:63:fa:ae:37:4d:ee:59:47:81:40:16:7e:
                    23:ba:b8:7e:77:10:5b:7d:b7:a5:4c:2d:6f:bd:2c:
                    82:35:e1:83:ee:c3:d9:f0:4f:b8:68:20:fc:49:75:
                    11:b8:12:8f:67:82:41:fe:a6:40:52:42:e9:a3:8a:
                    00:ca:31:7a:96:50:b9:2c:29:da:40:53:b7:b1:86:
                    97:aa:da:d1:78:9a:70:4c:4c:d1:0e:4c:52:7c:5b:
                    10:24:4a:87:55:12:58:f9:d5:ca:57:d4:61:84:07:
                    83:b1:42:1d:0a:64:a3:4e:c5:69:1c:7d:e2:85:5b:
                    b7:0f:3f:b0:54:4a:95:de:a8:0f:ff:83:0f:59:3e:
                    f5:87:89:1b:9b:9c:0a:5f:9b:c9:6b:b7:ab:ed:9a:
                    f5:1a:df:86:83:5c:6a:d2:5d:32:be:22:fa:b8:7c:
                    58:51:2a:c4:81:a9:d3:43:d5:06:eb:23:fe:8d:24:
                    ba:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:95:3B:62:7E:0E:80:5C:15:DC:48:24:7A:99:DB:5B:D8:43:22:F1
            X509v3 Authority Key Identifier:
                keyid:C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ZJU7Yn4OgFwV3EgkepnbW9hDIvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.195.0-194.143.196.255
                  194.143.214.0/23
                  213.220.24.0-213.220.38.255
                  213.220.55.0-213.220.57.255
                  213.220.59.0-213.220.61.255

    Signature Algorithm: sha256WithRSAEncryption
         be:22:d6:77:5b:87:f0:6a:65:30:aa:85:b8:09:40:95:a2:49:
         65:77:54:8a:83:6f:cc:60:13:90:6e:17:80:19:d7:b1:18:8f:
         5d:d4:d8:64:b6:4e:cf:b8:97:d8:f0:c7:87:82:89:2a:66:f8:
         0f:e9:c7:8c:a8:f3:47:9d:39:b0:c4:99:e1:07:33:33:9f:62:
         b8:51:59:aa:02:e1:33:95:d5:a5:69:d4:31:6f:ef:d3:2c:53:
         d8:ef:34:52:37:9c:bb:36:5a:eb:53:14:aa:9d:ee:0a:67:44:
         e7:10:16:65:38:ae:b8:5e:11:5f:73:e4:9f:b9:b7:3e:33:17:
         52:6e:61:31:d4:14:2b:cf:14:0a:8c:58:3b:80:8d:fa:b1:09:
         8f:2b:b0:87:2b:e0:f7:08:b7:36:d5:1d:80:d0:9b:b1:77:47:
         36:29:d0:0e:58:9e:e9:7d:f0:87:ee:ad:ec:5d:cf:f7:d5:2d:
         73:46:2b:0f:03:e9:1b:38:77:a4:15:3c:8d:d4:00:7f:19:17:
         5a:1a:46:5b:75:1f:3c:3e:46:cb:cd:98:79:c8:b2:77:1e:be:
         d2:cc:2b:68:c1:8e:9b:9b:2e:0b:d2:15:b0:e3:d6:bd:75:c2:
         48:fa:50:4d:41:63:b7:7e:b0:33:5c:3b:4b:df:dc:b1:d1:15:
         df:c2:ce:da
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZ8jaHdnRDmjemFVbfTcGQtrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNjBkNDZkMWQ4MDQ2YjRkNzRlNGQ4MTU4MThjOGUzNjU5
ZWRiZTkwHhcNMjYwNzAyMTUxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDk1M2I2MjdlMGU4MDVjMTVkYzQ4MjQ3YTk5ZGI1YmQ4NDMyMmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUeSJybRfZwCp3Mc/T2Md1YDzs8k
9ioLeOIXQQH5ifSqLtVRkqioYVVGt8VFWG2J20Eo9X5Q5IcsGS5j4VLml3kX2KRm
bvsw2TGjYYxj+q43Te5ZR4FAFn4jurh+dxBbfbelTC1vvSyCNeGD7sPZ8E+4aCD8
SXURuBKPZ4JB/qZAUkLpo4oAyjF6llC5LCnaQFO3sYaXqtrReJpwTEzRDkxSfFsQ
JEqHVRJY+dXKV9RhhAeDsUIdCmSjTsVpHH3ihVu3Dz+wVEqV3qgP/4MPWT71h4kb
m5wKX5vJa7er7Zr1Gt+Gg1xq0l0yviL6uHxYUSrEganTQ9UG6yP+jSS6WQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFGSVO2J+DoBcFdxIJHqZ21vYQyLxMB8GA1UdIwQY
MBaAFMBg1G0dgEa0105NgVgYyONlntvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvWkpVN1luNE9nRndWM0Vna2VwbmJXOWhESXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+MAwDBADCj8MD
BADCj8QDBAHCj9YwDAMEA9XcGAMEANXcJjAMAwQA1dw3AwQB1dw4MAwDBADV3DsD
BAHV3DwwDQYJKoZIhvcNAQELBQADggEBAL4i1ndbh/BqZTCqhbgJQJWiSWV3VIqD
b8xgE5BuF4AZ17EYj13U2GS2Ts+4l9jwx4eCiSpm+A/px4yo80edObDEmeEHMzOf
YrhRWaoC4TOV1aVp1DFv79MsU9jvNFI3nLs2WutTFKqd7gpnROcQFmU4rrheEV9z
5J+5tz4zF1JuYTHUFCvPFAqMWDuAjfqxCY8rsIcr4PcItzbVHYDQm7F3RzYp0A5Y
nul98Ifurexdz/fVLXNGKw8D6Rs4d6QVPI3UAH8ZF1oaRlt1Hzw+RsvNmHnIsnce
vtLMK2jBjpubLgvSFbDj1r11wkj6UE1BY7d+sDNcO0vf3LHRFd/Czto=
-----END CERTIFICATE-----
Generated at Thu Jul 2 23:47:53 2026 by rpki-client