Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/kG1kgN5nlYEy7ZpCjdikaIa9hV8.roa
File:                     kG1kgN5nlYEy7ZpCjdikaIa9hV8.roa (raw, json)
Hash identifier:          /f6LxWrzAnFYTxviTKRbY2oY2ySMF7I5ROIB6zkf0g0=
Subject key identifier:   90:6D:64:80:DE:67:95:81:32:ED:9A:42:8D:D8:A4:68:86:BD:85:5F
Certificate issuer:       /CN=15733ff82be00b41a990ded6b72b04cb7bf580d7
Certificate serial:       0199E99E70E53631A061287941BAD513CA7D
Authority key identifier: 15:73:3F:F8:2B:E0:0B:41:A9:90:DE:D6:B7:2B:04:CB:7B:F5:80:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FXM_-CvgC0GpkN7WtysEy3v1gNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/kG1kgN5nlYEy7ZpCjdikaIa9hV8.roa
Signing time:             Wed 15 Oct 2025 20:44:58 +0000
ROA not before:           Wed 15 Oct 2025 20:44:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29246
IP address blocks:        185.89.168.0/22 maxlen: 22
                          195.68.250.0/23 maxlen: 23
                          2a00:18a8::/29 maxlen: 29
                          2a00:18a8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/FXM_-CvgC0GpkN7WtysEy3v1gNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/FXM_-CvgC0GpkN7WtysEy3v1gNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FXM_-CvgC0GpkN7WtysEy3v1gNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e9:9e:70:e5:36:31:a0:61:28:79:41:ba:d5:13:ca:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15733ff82be00b41a990ded6b72b04cb7bf580d7
        Validity
            Not Before: Oct 15 20:44:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=906d6480de67958132ed9a428dd8a46886bd855f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:fe:12:d1:99:f2:f8:50:78:9e:05:16:72:88:
                    20:2d:cf:ac:a5:c6:da:db:a0:9e:e1:0d:60:6b:c6:
                    b4:df:2b:0b:49:b7:5a:67:3b:68:83:e1:88:2f:01:
                    ba:4c:5b:84:00:41:38:f4:73:ca:9e:f5:8d:40:c0:
                    70:ba:7d:d5:ed:31:3c:bc:8a:0d:9b:be:70:f4:b2:
                    38:32:20:1c:ae:ba:a4:5d:e4:79:2e:15:32:7d:0a:
                    b3:fb:f1:92:fe:6f:c6:7c:26:86:34:3b:59:20:d3:
                    cc:07:ce:b6:47:b3:bd:d5:c5:8e:c5:2f:5e:f2:3e:
                    c5:82:87:5b:b9:e4:69:75:89:a5:e6:fb:63:b8:9c:
                    e7:e1:82:31:31:73:33:10:44:57:0a:7b:64:6b:52:
                    b0:fc:83:65:04:6f:b3:e2:66:5b:5b:2b:a0:fc:c1:
                    9d:34:72:ab:67:e4:dc:f7:f6:3c:28:19:b1:24:45:
                    f4:3c:7c:52:69:53:70:cd:1c:6f:4b:8f:da:7d:d9:
                    d5:59:0a:be:42:82:b8:bc:76:4d:bb:2c:97:bb:7e:
                    6b:07:9e:0e:ba:6f:a9:7d:4b:30:f7:29:6f:35:85:
                    d9:57:c0:76:b8:85:0d:35:87:6f:3a:2d:dc:2f:a5:
                    1a:15:ee:16:67:14:9a:82:a7:de:74:47:b3:ad:70:
                    0d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:6D:64:80:DE:67:95:81:32:ED:9A:42:8D:D8:A4:68:86:BD:85:5F
            X509v3 Authority Key Identifier:
                keyid:15:73:3F:F8:2B:E0:0B:41:A9:90:DE:D6:B7:2B:04:CB:7B:F5:80:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FXM_-CvgC0GpkN7WtysEy3v1gNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/kG1kgN5nlYEy7ZpCjdikaIa9hV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/eb5dce-d286-4825-a41c-b2bd66889c29/1/FXM_-CvgC0GpkN7WtysEy3v1gNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.168.0/22
                  195.68.250.0/23
                IPv6:
                  2a00:18a8::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:40:11:c2:ed:6b:39:72:05:b3:3f:3c:80:17:8f:ce:db:1c:
         fc:50:7a:ad:2c:d4:c9:06:ca:b5:d8:84:79:6a:d3:b0:9c:e6:
         27:24:49:50:2c:2b:c5:df:6f:22:d3:42:5e:53:f2:40:61:d8:
         b1:88:3e:7b:2b:03:ba:bf:7b:79:d0:1b:73:b1:1f:d8:7b:65:
         c3:8a:2b:56:b1:14:a4:02:d5:dd:b6:20:e4:ae:be:d7:aa:65:
         9c:33:07:ca:ab:48:df:12:e3:84:4b:40:d9:11:f9:31:38:fd:
         ca:03:de:e7:4b:d9:29:d1:35:36:f3:08:69:ab:55:39:b9:b4:
         d9:f5:8a:b2:9d:51:b7:9b:0e:d4:64:14:05:b6:8e:f3:a1:05:
         f0:cd:31:de:0d:24:49:37:f5:dd:fe:67:5b:c5:f2:bb:f3:e5:
         5a:1c:73:74:a7:14:0c:93:b0:71:8d:55:10:14:5d:e9:94:57:
         c5:eb:6c:bb:7f:bd:8f:7c:73:f0:e0:56:29:80:59:ef:35:64:
         5f:37:29:11:f3:6e:0e:d3:05:23:40:f0:db:4d:2c:1d:c7:7a:
         45:f5:de:41:99:b5:89:a4:61:94:45:48:f1:e5:7e:b4:d7:ae:
         a0:68:b9:14:a3:bb:49:02:f7:b9:f4:72:4a:4a:65:90:e3:ea:
         d2:9b:0c:14
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZnpnnDlNjGgYSh5QbrVE8p9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1NzMzZmY4MmJlMDBiNDFhOTkwZGVkNmI3MmIwNGNiN2Jm
NTgwZDcwHhcNMjUxMDE1MjA0NDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDZkNjQ4MGRlNjc5NTgxMzJlZDlhNDI4ZGQ4YTQ2ODg2YmQ4NTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/4S0Zny+FB4ngUWcoggLc+spcba
26Ce4Q1ga8a03ysLSbdaZztog+GILwG6TFuEAEE49HPKnvWNQMBwun3V7TE8vIoN
m75w9LI4MiAcrrqkXeR5LhUyfQqz+/GS/m/GfCaGNDtZINPMB862R7O91cWOxS9e
8j7FgodbueRpdYml5vtjuJzn4YIxMXMzEERXCntka1Kw/INlBG+z4mZbWyug/MGd
NHKrZ+Tc9/Y8KBmxJEX0PHxSaVNwzRxvS4/afdnVWQq+QoK4vHZNuyyXu35rB54O
um+pfUsw9ylvNYXZV8B2uIUNNYdvOi3cL6UaFe4WZxSagqfedEezrXANGQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJBtZIDeZ5WBMu2aQo3YpGiGvYVfMB8GA1UdIwQY
MBaAFBVzP/gr4AtBqZDe1rcrBMt79YDXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlhNXy1DdmdDMEdwa043V3R5c0V5M3YxZ05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lYjVkY2UtZDI4Ni00ODI1LWE0MWMt
YjJiZDY2ODg5YzI5LzEva0cxa2dONW5sWUV5N1pwQ2pkaWthSWE5aFY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lYjVkY2UtZDI4Ni00ODI1LWE0MWMtYjJiZDY2ODg5YzI5
LzEvRlhNXy1DdmdDMEdwa043V3R5c0V5M3YxZ05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuVmoAwQB
w0T6MA0EAgACMAcDBQMqABioMA0GCSqGSIb3DQEBCwUAA4IBAQA/QBHC7Ws5cgWz
PzyAF4/O2xz8UHqtLNTJBsq12IR5atOwnOYnJElQLCvF328i00JeU/JAYdixiD57
KwO6v3t50BtzsR/Ye2XDiitWsRSkAtXdtiDkrr7XqmWcMwfKq0jfEuOES0DZEfkx
OP3KA97nS9kp0TU28whpq1U5ubTZ9YqynVG3mw7UZBQFto7zoQXwzTHeDSRJN/Xd
/mdbxfK78+VaHHN0pxQMk7BxjVUQFF3plFfF62y7f72PfHPw4FYpgFnvNWRfNykR
824O0wUjQPDbTSwdx3pF9d5BmbWJpGGURUjx5X60166gaLkUo7tJAve59HJKSmWQ
4+rSmwwU
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:48 2025 by rpki-client