Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/0v_TkldAbkuv0zKxbXR9JHq6Abo.roa
File:                     0v_TkldAbkuv0zKxbXR9JHq6Abo.roa (raw, json)
Hash identifier:          aY5wvOpBLBGUOgBjS/rDWwirGcgJ19o1tgnJbvlpVEc=
Subject key identifier:   D2:FF:D3:92:57:40:6E:4B:AF:D3:32:B1:6D:74:7D:24:7A:BA:01:BA
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       0199CAA3D43039E7E00F4A4D522AE0705E7E
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/0v_TkldAbkuv0zKxbXR9JHq6Abo.roa
Signing time:             Thu 09 Oct 2025 20:22:38 +0000
ROA not before:           Thu 09 Oct 2025 20:22:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        81.31.234.0/23 maxlen: 24
                          81.31.242.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ca:a3:d4:30:39:e7:e0:0f:4a:4d:52:2a:e0:70:5e:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Oct  9 20:22:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2ffd39257406e4bafd332b16d747d247aba01ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d8:ac:39:6a:14:7a:6a:07:d9:a7:8b:98:b1:
                    6c:58:00:88:78:8a:99:fc:6d:4c:61:c8:35:33:41:
                    28:29:98:f8:35:d1:85:93:ba:01:96:b1:38:82:53:
                    a3:f9:c1:89:e8:00:c2:0d:ef:5b:98:ef:35:ef:06:
                    3c:2f:63:49:a6:88:ea:70:ad:44:c5:88:3f:f7:6f:
                    3f:48:45:f4:f0:dd:aa:82:6c:28:69:26:e1:54:11:
                    fd:4b:e9:f1:ce:58:9a:69:37:73:44:96:b3:71:da:
                    07:8b:80:ae:28:7d:df:aa:fb:13:2a:c5:92:d2:24:
                    5b:4b:ae:8c:d7:d6:57:c6:05:c2:b5:4b:35:53:c1:
                    30:67:a1:60:8c:73:b0:e7:e9:2d:92:76:cf:1c:b4:
                    b7:46:f3:d6:fd:c5:3d:4b:02:3c:0d:1c:51:16:ac:
                    db:48:b7:70:e4:c3:47:15:99:72:16:53:2e:59:c4:
                    c8:df:73:4a:9c:63:97:ae:ac:2b:56:5b:65:22:2e:
                    39:10:22:32:bb:fc:03:b0:6c:25:7a:5d:b3:83:7f:
                    f0:4e:69:2e:52:9d:36:b7:91:81:55:c1:e6:47:97:
                    ea:20:81:57:43:b9:0b:d4:45:09:aa:4d:db:6f:c3:
                    cb:ff:35:f5:86:71:25:73:d4:64:0c:48:79:0e:4b:
                    dd:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:FF:D3:92:57:40:6E:4B:AF:D3:32:B1:6D:74:7D:24:7A:BA:01:BA
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/0v_TkldAbkuv0zKxbXR9JHq6Abo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.234.0/23
                  81.31.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:b4:59:06:58:14:ff:92:ee:63:aa:c4:2c:08:61:c1:a0:0e:
         4c:c8:c9:94:eb:ad:17:b8:2c:f9:93:9e:90:fd:4d:01:92:98:
         56:65:e4:0b:e9:79:3f:38:80:d3:73:9e:1f:1a:83:58:d8:17:
         05:f0:dc:73:5e:4f:f9:f9:18:a8:7d:d0:d7:f8:52:72:59:65:
         3b:29:19:ea:8e:85:98:6d:78:fe:85:ee:f2:14:b1:4a:01:bd:
         1c:a0:99:be:8c:dc:93:89:6f:c2:e4:45:5d:d9:56:f0:f8:79:
         ee:02:5a:be:04:1e:6c:47:86:13:b9:71:74:78:39:dc:9d:6e:
         f8:bf:0b:6a:36:04:0a:e9:20:e7:1d:c2:8b:84:dc:ca:22:ad:
         de:7a:bc:16:56:e4:c1:ba:52:e5:4d:57:ef:5e:90:f9:bd:6a:
         e6:a2:f3:8b:62:b2:eb:65:b4:39:49:13:e7:89:d4:02:2d:a4:
         64:c7:4e:b7:0c:6b:b1:ba:b9:76:d5:23:17:83:58:38:d7:3e:
         93:7e:ac:a1:9c:da:7f:06:bc:6c:7b:95:2a:b1:3c:b7:f7:e9:
         0d:78:23:f5:45:88:47:4f:86:84:86:7d:99:ff:d2:2f:49:31:
         b0:92:ef:62:dc:f9:7a:62:ba:70:1c:e5:d5:a1:47:d9:db:ba:
         99:c4:b2:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnKo9QwOefgD0pNUirgcF5+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjUxMDA5MjAyMjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmZmZDM5MjU3NDA2ZTRiYWZkMzMyYjE2ZDc0N2QyNDdhYmEwMWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNisOWoUemoH2aeLmLFsWACIeIqZ
/G1MYcg1M0EoKZj4NdGFk7oBlrE4glOj+cGJ6ADCDe9bmO817wY8L2NJpojqcK1E
xYg/928/SEX08N2qgmwoaSbhVBH9S+nxzliaaTdzRJazcdoHi4CuKH3fqvsTKsWS
0iRbS66M19ZXxgXCtUs1U8EwZ6FgjHOw5+ktknbPHLS3RvPW/cU9SwI8DRxRFqzb
SLdw5MNHFZlyFlMuWcTI33NKnGOXrqwrVltlIi45ECIyu/wDsGwlel2zg3/wTmku
Up02t5GBVcHmR5fqIIFXQ7kL1EUJqk3bb8PL/zX1hnElc9RkDEh5Dkvd+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNL/05JXQG5Lr9MysW10fSR6ugG6MB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvMHZfVGtsZEFia3V2MHpLeGJYUjlKSHE2QWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUR/qAwQB
UR/yMA0GCSqGSIb3DQEBCwUAA4IBAQBUtFkGWBT/ku5jqsQsCGHBoA5MyMmU660X
uCz5k56Q/U0BkphWZeQL6Xk/OIDTc54fGoNY2BcF8NxzXk/5+RiofdDX+FJyWWU7
KRnqjoWYbXj+he7yFLFKAb0coJm+jNyTiW/C5EVd2Vbw+HnuAlq+BB5sR4YTuXF0
eDncnW74vwtqNgQK6SDnHcKLhNzKIq3eerwWVuTBulLlTVfvXpD5vWrmovOLYrLr
ZbQ5SRPnidQCLaRkx063DGuxurl21SMXg1g41z6TfqyhnNp/Brxse5UqsTy39+kN
eCP1RYhHT4aEhn2Z/9IvSTGwku9i3Pl6YrpwHOXVoUfZ27qZxLJn
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:46 2025 by rpki-client