Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/v0pTyq5NhBmrkfLDSEkrI_6ukxU.roa
File:                     v0pTyq5NhBmrkfLDSEkrI_6ukxU.roa (raw, json)
Hash identifier:          gC2xNi7O3BlngfgJOgySQ6+ynKh+OD3XYOoBjDPagfM=
Subject key identifier:   BF:4A:53:CA:AE:4D:84:19:AB:91:F2:C3:48:49:2B:23:FE:AE:93:15
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0196D49890F550C2FC55255883228E332607
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/v0pTyq5NhBmrkfLDSEkrI_6ukxU.roa
Signing time:             Thu 15 May 2025 15:38:10 +0000
ROA not before:           Thu 15 May 2025 15:38:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21769
IP address blocks:        45.127.248.0/22 maxlen: 22
                          103.71.61.0/24 maxlen: 24
                          185.195.212.0/22 maxlen: 22
                          185.195.220.0/22 maxlen: 22
                          185.196.188.0/22 maxlen: 22
                          185.199.116.0/22 maxlen: 22
                          194.93.4.0/22 maxlen: 22
                          2a09:1e80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 05:10:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d4:98:90:f5:50:c2:fc:55:25:58:83:22:8e:33:26:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: May 15 15:38:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf4a53caae4d8419ab91f2c348492b23feae9315
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:50:58:19:fe:10:23:36:c0:00:b6:1b:ce:7d:
                    3e:5c:12:63:51:9d:f2:1c:42:96:45:99:cb:3f:1a:
                    b8:71:76:09:ce:e2:77:4c:67:07:23:83:b4:eb:2e:
                    6c:60:88:18:ff:9e:2c:bf:2d:36:6b:c7:b8:dc:c9:
                    a6:f7:d1:f4:1c:1e:2e:6a:3d:cc:b8:39:62:2e:b5:
                    63:18:9e:ba:8d:10:45:50:bc:57:55:91:09:6f:ba:
                    b9:f8:9f:ad:e2:6f:9c:ab:3a:e1:9c:eb:48:c8:11:
                    08:fb:d5:ee:ef:35:78:5e:f8:f1:3c:40:30:8d:07:
                    a8:fb:8d:d7:43:c7:b2:81:d5:0e:18:73:14:ca:9e:
                    14:79:8f:50:df:e1:cd:eb:de:22:e6:ac:9c:b6:2a:
                    dc:b2:86:8f:8b:a9:a8:7e:4b:ac:4a:ea:40:22:c8:
                    16:2c:54:2c:96:6d:37:83:7c:c0:3a:9f:29:67:b9:
                    bb:f0:e0:e4:ad:c3:0f:31:df:04:61:25:cf:fb:bd:
                    d1:4a:ed:d5:9e:ed:fc:e9:68:60:74:5a:0e:bb:80:
                    ce:30:ba:d2:c9:69:52:ac:ef:c8:51:d1:4e:46:bf:
                    d8:64:a6:df:09:b7:5c:2f:63:6a:01:e4:4a:ae:47:
                    27:ed:e5:7d:98:94:8d:88:28:ce:0b:d4:05:21:4c:
                    a0:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4A:53:CA:AE:4D:84:19:AB:91:F2:C3:48:49:2B:23:FE:AE:93:15
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/v0pTyq5NhBmrkfLDSEkrI_6ukxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.127.248.0/22
                  103.71.61.0/24
                  185.195.212.0/22
                  185.195.220.0/22
                  185.196.188.0/22
                  185.199.116.0/22
                  194.93.4.0/22
                IPv6:
                  2a09:1e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:0d:be:52:34:58:f8:b9:ee:6c:d4:9a:4a:5b:fc:31:e1:3d:
         73:7c:ba:48:1b:e9:b3:ae:3e:a8:68:93:12:1e:db:34:45:7a:
         fe:e3:4f:f6:d9:fa:0e:6b:25:70:2c:da:69:48:80:9f:7f:cb:
         ec:32:e4:f9:e1:a2:31:4e:4e:b2:34:c3:1e:5a:b9:4e:a0:09:
         4a:d9:04:de:e6:15:35:98:b2:d8:56:46:77:e4:b0:43:fe:4c:
         46:0b:a1:7b:c9:c9:0d:dd:95:b8:87:b7:5e:3e:8a:92:c0:5a:
         3f:b4:6a:bb:e5:f5:2d:a4:0c:0a:45:c0:a2:79:5a:b3:2d:0a:
         da:7b:e9:ad:bb:2e:32:53:97:2b:8b:54:47:0d:62:ae:27:e9:
         2c:83:d1:c2:cb:36:53:32:35:76:c8:cf:33:43:60:a7:1f:8f:
         63:26:2f:35:c3:41:31:2c:48:f9:6d:f6:bf:03:3a:71:6a:0b:
         0f:a1:71:9f:72:43:53:c5:27:94:e0:c4:7e:ce:e8:90:59:93:
         6a:b9:3b:d5:9c:72:de:8b:5f:2f:3c:d5:e7:a5:8d:79:88:93:
         7c:5b:05:1c:e0:b1:f8:5d:4a:3a:31:99:af:94:95:60:51:c8:
         00:d5:3f:64:60:aa:86:58:71:79:4f:62:ab:c9:80:bf:b7:91:
         93:61:9c:69
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZbUmJD1UML8VSVYgyKOMyYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNTE1MTUzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjRhNTNjYWFlNGQ4NDE5YWI5MWYyYzM0ODQ5MmIyM2ZlYWU5MzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlBYGf4QIzbAALYbzn0+XBJjUZ3y
HEKWRZnLPxq4cXYJzuJ3TGcHI4O06y5sYIgY/54svy02a8e43Mmm99H0HB4uaj3M
uDliLrVjGJ66jRBFULxXVZEJb7q5+J+t4m+cqzrhnOtIyBEI+9Xu7zV4XvjxPEAw
jQeo+43XQ8eygdUOGHMUyp4UeY9Q3+HN694i5qyctircsoaPi6mofkusSupAIsgW
LFQslm03g3zAOp8pZ7m78ODkrcMPMd8EYSXP+73RSu3Vnu386WhgdFoOu4DOMLrS
yWlSrO/IUdFORr/YZKbfCbdcL2NqAeRKrkcn7eV9mJSNiCjOC9QFIUygLQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFL9KU8quTYQZq5Hyw0hJKyP+rpMVMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvdjBwVHlxNU5oQm1ya2ZMRFNFa3JJXzZ1a3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCLX/4AwQA
Z0c9AwQCucPUAwQCucPcAwQCucS8AwQCucd0AwQCwl0EMA0EAgACMAcDBQMqCR6A
MA0GCSqGSIb3DQEBCwUAA4IBAQCSDb5SNFj4ue5s1JpKW/wx4T1zfLpIG+mzrj6o
aJMSHts0RXr+40/22foOayVwLNppSICff8vsMuT54aIxTk6yNMMeWrlOoAlK2QTe
5hU1mLLYVkZ35LBD/kxGC6F7yckN3ZW4h7dePoqSwFo/tGq75fUtpAwKRcCieVqz
LQrae+mtuy4yU5cri1RHDWKuJ+ksg9HCyzZTMjV2yM8zQ2CnH49jJi81w0ExLEj5
bfa/AzpxagsPoXGfckNTxSeU4MR+zuiQWZNquTvVnHLei18vPNXnpY15iJN8WwUc
4LH4XUo6MZmvlJVgUcgA1T9kYKqGWHF5T2KryYC/t5GTYZxp
-----END CERTIFICATE-----
Generated at Mon Jun 9 15:14:59 2025 by rpki-client