Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d7a3ba-07e5-41d6-8c39-56a55c42de88/1/x8LYnH5C-2yoYzHnpykE4OWasxo.roa
File:                     x8LYnH5C-2yoYzHnpykE4OWasxo.roa (raw, json)
Hash identifier:          NSrIlOVo8G3//8ZqRuyTqHM3vssNSeuuZzf6AApNyCM=
Subject key identifier:   C7:C2:D8:9C:7E:42:FB:6C:A8:63:31:E7:A7:29:04:E0:E5:9A:B3:1A
Certificate issuer:       /CN=fabb49e688335ab1593f9d10e006ef5e9bc8bd56
Certificate serial:       0199C35F790F5A0FC1149B1D1ED162511517
Authority key identifier: FA:BB:49:E6:88:33:5A:B1:59:3F:9D:10:E0:06:EF:5E:9B:C8:BD:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-rtJ5ogzWrFZP50Q4AbvXpvIvVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/d7a3ba-07e5-41d6-8c39-56a55c42de88/1/x8LYnH5C-2yoYzHnpykE4OWasxo.roa
Signing time:             Wed 08 Oct 2025 10:30:38 +0000
ROA not before:           Wed 08 Oct 2025 10:30:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57494
IP address blocks:        91.199.149.0/24 maxlen: 24
                          185.133.43.0/24 maxlen: 24
                          185.135.80.0/22 maxlen: 22
                          185.175.157.0/24 maxlen: 24
                          185.177.216.0/24 maxlen: 24
                          185.177.217.0/24 maxlen: 24
                          185.177.218.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/d7a3ba-07e5-41d6-8c39-56a55c42de88/1/1-rtJ5ogzWrFZP50Q4AbvXpvIvVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/d7a3ba-07e5-41d6-8c39-56a55c42de88/1/1-rtJ5ogzWrFZP50Q4AbvXpvIvVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-rtJ5ogzWrFZP50Q4AbvXpvIvVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c3:5f:79:0f:5a:0f:c1:14:9b:1d:1e:d1:62:51:15:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fabb49e688335ab1593f9d10e006ef5e9bc8bd56
        Validity
            Not Before: Oct  8 10:30:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7c2d89c7e42fb6ca86331e7a72904e0e59ab31a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:4c:e2:c6:c6:03:72:ed:27:44:18:ad:1b:9b:
                    a4:1f:4b:a3:03:19:d1:d7:72:29:4d:96:c8:ab:d0:
                    7a:1f:55:9a:a3:fa:19:0c:c4:1d:50:6b:28:55:09:
                    76:a2:ee:f3:6a:89:ba:58:37:3f:65:21:10:06:11:
                    69:d9:8b:cd:e0:a6:85:59:e9:c5:3a:5d:be:de:11:
                    7f:e6:94:66:04:5d:20:db:52:ab:92:07:23:ff:b2:
                    ae:f3:11:d2:d8:95:ce:2e:7d:39:d3:41:ed:bc:51:
                    29:f6:55:44:8d:7e:f2:fa:51:a8:04:a6:d2:9d:9c:
                    31:28:db:45:ab:82:8f:0c:9e:bb:23:3e:f4:93:80:
                    82:04:80:a7:73:22:55:87:c9:c3:b5:b2:b9:ec:1d:
                    dc:b9:05:b2:8a:e3:97:66:95:33:0d:c1:af:eb:18:
                    08:d6:90:64:e1:58:74:64:69:0a:31:e0:14:7f:2d:
                    25:d9:fd:f9:4a:4a:7b:39:59:21:de:df:87:20:fb:
                    12:4e:ed:d0:17:66:a0:a4:dd:6f:96:2c:04:0c:e5:
                    5f:d5:fe:73:f7:25:32:52:e2:e0:0d:7c:65:52:d2:
                    84:e3:26:27:24:c3:52:b6:81:e0:16:21:05:b6:4f:
                    1b:6f:e4:90:2a:f4:5e:65:81:f6:5a:1d:ad:35:70:
                    43:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:C2:D8:9C:7E:42:FB:6C:A8:63:31:E7:A7:29:04:E0:E5:9A:B3:1A
            X509v3 Authority Key Identifier:
                keyid:FA:BB:49:E6:88:33:5A:B1:59:3F:9D:10:E0:06:EF:5E:9B:C8:BD:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-rtJ5ogzWrFZP50Q4AbvXpvIvVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d7a3ba-07e5-41d6-8c39-56a55c42de88/1/x8LYnH5C-2yoYzHnpykE4OWasxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d7a3ba-07e5-41d6-8c39-56a55c42de88/1/1-rtJ5ogzWrFZP50Q4AbvXpvIvVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.149.0/24
                  185.133.43.0/24
                  185.135.80.0/22
                  185.175.157.0/24
                  185.177.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:0f:8f:bb:ed:49:8f:50:cd:e7:7f:b7:58:b6:b0:47:2e:a3:
         58:1f:6b:39:1f:c4:ea:bb:87:6d:f5:94:77:4b:14:39:a8:a6:
         3c:78:7a:1d:9c:d3:03:0f:89:bd:ab:1b:c6:e2:2d:3c:56:01:
         9f:9a:0a:1f:55:54:a6:59:30:ff:70:2d:03:36:7d:8f:1c:52:
         13:85:5e:05:20:ec:1a:43:43:ff:94:26:33:c3:98:d0:79:e8:
         bb:33:c4:8e:4f:6b:42:83:26:2e:4d:d1:f1:21:45:a7:fc:0a:
         48:1c:f2:89:fa:1b:b1:67:3e:a1:75:04:3e:c6:e2:14:db:22:
         bf:18:2d:de:b8:1d:fa:3f:5c:9b:72:0d:bc:3d:90:c0:b6:8a:
         21:ff:e8:73:36:ba:d8:9c:57:3f:ad:c4:43:20:0a:b8:99:9b:
         ab:02:1e:cb:b9:59:b0:9f:90:21:02:36:97:19:48:5c:ea:9e:
         61:6b:d8:83:76:1c:d1:82:61:2a:60:93:ef:cc:fe:69:83:fe:
         49:28:d8:34:66:14:34:10:a9:14:d7:82:6b:57:45:5c:ef:7f:
         97:32:55:9a:20:34:fb:5b:fc:a3:e8:87:e7:20:0b:90:f7:68:
         93:2e:52:b9:b5:83:6e:2c:f7:fb:cd:4c:e7:8a:8d:ef:48:d4:
         77:d0:58:71
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZnDX3kPWg/BFJsdHtFiURUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhYmI0OWU2ODgzMzVhYjE1OTNmOWQxMGUwMDZlZjVlOWJj
OGJkNTYwHhcNMjUxMDA4MTAzMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2MyZDg5YzdlNDJmYjZjYTg2MzMxZTdhNzI5MDRlMGU1OWFiMzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA40zixsYDcu0nRBitG5ukH0ujAxnR
13IpTZbIq9B6H1Wao/oZDMQdUGsoVQl2ou7zaom6WDc/ZSEQBhFp2YvN4KaFWenF
Ol2+3hF/5pRmBF0g21Krkgcj/7Ku8xHS2JXOLn0500HtvFEp9lVEjX7y+lGoBKbS
nZwxKNtFq4KPDJ67Iz70k4CCBICncyJVh8nDtbK57B3cuQWyiuOXZpUzDcGv6xgI
1pBk4Vh0ZGkKMeAUfy0l2f35Skp7OVkh3t+HIPsSTu3QF2agpN1vliwEDOVf1f5z
9yUyUuLgDXxlUtKE4yYnJMNStoHgFiEFtk8bb+SQKvReZYH2Wh2tNXBD4QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFMfC2Jx+QvtsqGMx56cpBODlmrMaMB8GA1UdIwQY
MBaAFPq7SeaIM1qxWT+dEOAG716byL1WMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ydEo1b2d6V3JGWlA1MFE0QWJ2WHB2SXZWWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGYvZDdhM2JhLTA3ZTUtNDFkNi04YzM5
LTU2YTU1YzQyZGU4OC8xL3g4TFluSDVDLTJ5b1l6SG5weWtFNE9XYXN4by5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGYvZDdhM2JhLTA3ZTUtNDFkNi04YzM5LTU2YTU1YzQyZGU4
OC8xLzEtcnRKNW9neldyRlpQNTBRNEFidlhwdkl2VlkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBABbx5UD
BAC5hSsDBAK5h1ADBAC5r50DBAK5sdgwDQYJKoZIhvcNAQELBQADggEBAEgPj7vt
SY9Qzed/t1i2sEcuo1gfazkfxOq7h231lHdLFDmopjx4eh2c0wMPib2rG8biLTxW
AZ+aCh9VVKZZMP9wLQM2fY8cUhOFXgUg7BpDQ/+UJjPDmNB56LszxI5Pa0KDJi5N
0fEhRaf8Ckgc8on6G7FnPqF1BD7G4hTbIr8YLd64Hfo/XJtyDbw9kMC2iiH/6HM2
uticVz+txEMgCriZm6sCHsu5WbCfkCECNpcZSFzqnmFr2IN2HNGCYSpgk+/M/mmD
/kko2DRmFDQQqRTXgmtXRVzvf5cyVZogNPtb/KPoh+cgC5D3aJMuUrm1g24s9/vN
TOeKje9I1HfQWHE=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:50:42 2025 by rpki-client