Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QvPDGMgI0Q9Jfu1BvfVhjNYuj2A.roa
File:                     QvPDGMgI0Q9Jfu1BvfVhjNYuj2A.roa (raw, json)
Hash identifier:          rGvzq4pRCasmYqOMPBVB8pHTJGEPkJfzWp8JpL51tb0=
Subject key identifier:   42:F3:C3:18:C8:08:D1:0F:49:7E:ED:41:BD:F5:61:8C:D6:2E:8F:60
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0199814D7E9723D9D0FF43879DB66F61377D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QvPDGMgI0Q9Jfu1BvfVhjNYuj2A.roa
Signing time:             Thu 25 Sep 2025 14:36:03 +0000
ROA not before:           Thu 25 Sep 2025 14:36:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209693
IP address blocks:        45.88.88.0/24 maxlen: 24
                          83.219.97.0/24 maxlen: 24
                          87.121.86.0/24 maxlen: 24
                          87.121.221.0/24 maxlen: 24
                          176.125.254.0/24 maxlen: 24
                          185.252.177.0/24 maxlen: 24
                          194.48.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:81:4d:7e:97:23:d9:d0:ff:43:87:9d:b6:6f:61:37:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 25 14:36:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42f3c318c808d10f497eed41bdf5618cd62e8f60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:07:e9:45:f6:f5:5b:06:e5:b5:b9:ad:63:02:
                    c9:f5:35:02:e7:09:27:2e:60:44:0b:50:d4:53:b9:
                    68:f3:ec:0d:0b:f8:5b:1c:43:15:dc:9e:f2:39:96:
                    05:5b:d3:d3:d7:f6:55:70:3f:a8:2b:f9:c4:31:ac:
                    c9:ff:ab:d7:72:38:60:69:97:24:7e:8d:2e:31:70:
                    3b:d2:ac:f6:1e:39:0a:24:2c:6e:fc:be:f5:ed:8f:
                    b7:12:3c:ff:8d:49:3f:73:88:97:61:f5:35:69:23:
                    1f:12:7e:ce:8e:d2:04:f6:b3:13:3c:0a:cd:49:7c:
                    00:80:d9:51:e2:05:1d:6a:ce:65:16:eb:17:c9:54:
                    fe:c2:16:83:a4:d1:9f:84:18:ad:3b:f7:a5:e7:bb:
                    b3:70:9b:e6:b4:42:e7:2b:c6:42:4b:10:8c:72:32:
                    c2:50:79:21:19:96:bb:fb:07:5b:d7:90:61:86:26:
                    47:23:51:90:5a:8e:20:db:82:b3:50:7b:37:76:ba:
                    6f:e0:d1:6b:b9:9f:6f:fc:14:ca:ff:4b:80:ab:a8:
                    70:64:25:7a:ec:3b:53:d9:e5:5a:c9:13:60:1b:41:
                    35:a2:3a:59:ef:85:30:4e:bc:1a:9f:b5:04:c6:08:
                    23:b0:28:db:08:91:1f:fa:ab:6f:eb:b9:95:60:6c:
                    8a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:F3:C3:18:C8:08:D1:0F:49:7E:ED:41:BD:F5:61:8C:D6:2E:8F:60
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QvPDGMgI0Q9Jfu1BvfVhjNYuj2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.88.0/24
                  83.219.97.0/24
                  87.121.86.0/24
                  87.121.221.0/24
                  176.125.254.0/24
                  185.252.177.0/24
                  194.48.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:da:92:a2:ea:21:c8:4a:06:7d:09:39:88:28:95:54:da:bc:
         c2:f4:04:3e:b9:e1:d6:3a:c4:26:d4:19:b7:4f:02:3a:ff:4b:
         a5:d8:95:01:2b:84:4b:76:f3:e5:4b:37:2d:d1:3e:31:1b:d3:
         b0:69:25:40:ed:d4:53:5e:a1:54:0c:c5:69:dc:2f:71:4c:2e:
         5a:e6:9d:02:42:45:d5:c4:c2:9f:11:a6:88:bf:70:27:61:73:
         b7:6d:0c:06:17:c1:d6:c5:f2:08:8d:2c:48:61:c1:13:ac:6f:
         dc:28:2a:5c:3e:1f:b0:c3:3f:73:32:c8:4c:1c:ed:2d:a1:a6:
         7a:18:66:7f:59:7e:36:64:96:9c:91:60:07:4b:c3:2f:a3:f6:
         11:08:fe:db:80:df:34:3d:aa:8f:f2:9f:63:32:af:c0:5d:4c:
         f7:65:02:cb:87:8b:3a:e7:5c:19:21:86:92:ba:23:1d:57:40:
         63:2e:a6:24:91:5a:e4:26:90:1d:b5:14:54:62:8c:ed:9a:1e:
         34:ba:e4:c9:5f:77:75:6f:6a:2f:15:b2:ac:46:08:23:e4:29:
         89:30:61:73:1c:83:e8:e6:33:9d:7d:9e:74:e2:63:74:19:26:
         93:ed:ea:ce:a7:c8:88:09:0d:98:2c:be:57:59:7d:68:dc:89:
         b9:6a:05:7b
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZmBTX6XI9nQ/0OHnbZvYTd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwOTI1MTQzNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmYzYzMxOGM4MDhkMTBmNDk3ZWVkNDFiZGY1NjE4Y2Q2MmU4ZjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQfpRfb1WwbltbmtYwLJ9TUC5wkn
LmBEC1DUU7lo8+wNC/hbHEMV3J7yOZYFW9PT1/ZVcD+oK/nEMazJ/6vXcjhgaZck
fo0uMXA70qz2HjkKJCxu/L717Y+3Ejz/jUk/c4iXYfU1aSMfEn7OjtIE9rMTPArN
SXwAgNlR4gUdas5lFusXyVT+whaDpNGfhBitO/el57uzcJvmtELnK8ZCSxCMcjLC
UHkhGZa7+wdb15BhhiZHI1GQWo4g24KzUHs3drpv4NFruZ9v/BTK/0uAq6hwZCV6
7DtT2eVayRNgG0E1ojpZ74UwTrwan7UExggjsCjbCJEf+qtv67mVYGyK6QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFELzwxjICNEPSX7tQb31YYzWLo9gMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUXZQREdNZ0kwUTlKZnUxQnZmVmhqTll1ajJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALVhYAwQA
U9thAwQAV3lWAwQAV3ndAwQAsH3+AwQAufyxAwQAwjD6MA0GCSqGSIb3DQEBCwUA
A4IBAQBe2pKi6iHISgZ9CTmIKJVU2rzC9AQ+ueHWOsQm1Bm3TwI6/0ul2JUBK4RL
dvPlSzct0T4xG9OwaSVA7dRTXqFUDMVp3C9xTC5a5p0CQkXVxMKfEaaIv3AnYXO3
bQwGF8HWxfIIjSxIYcETrG/cKCpcPh+wwz9zMshMHO0toaZ6GGZ/WX42ZJackWAH
S8Mvo/YRCP7bgN80PaqP8p9jMq/AXUz3ZQLLh4s651wZIYaSuiMdV0BjLqYkkVrk
JpAdtRRUYoztmh40uuTJX3d1b2ovFbKsRggj5CmJMGFzHIPo5jOdfZ504mN0GSaT
7erOp8iICQ2YLL5XWX1o3Im5agV7
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:10 2025 by rpki-client