Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/bM6mSCryzLcqvPFxYUCmttMEnFY.roa
File:                     bM6mSCryzLcqvPFxYUCmttMEnFY.roa (raw, json)
Hash identifier:          b8FjItegYCst2YsPStwGEOU1VLujWdlHGpQF7tCH2s4=
Subject key identifier:   6C:CE:A6:48:2A:F2:CC:B7:2A:BC:F1:71:61:40:A6:B6:D3:04:9C:56
Certificate issuer:       /CN=411a2a9405bda1671c10776f4426273c904e4ad0
Certificate serial:       0197A1944D69547B130321AFB82E23683403
Authority key identifier: 41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/bM6mSCryzLcqvPFxYUCmttMEnFY.roa
Signing time:             Tue 24 Jun 2025 10:55:40 +0000
ROA not before:           Tue 24 Jun 2025 10:55:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209097
IP address blocks:        45.11.252.0/24 maxlen: 24
                          45.11.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a1:94:4d:69:54:7b:13:03:21:af:b8:2e:23:68:34:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411a2a9405bda1671c10776f4426273c904e4ad0
        Validity
            Not Before: Jun 24 10:55:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ccea6482af2ccb72abcf1716140a6b6d3049c56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:93:f0:5e:6a:02:44:f0:7b:7f:a0:be:fe:b8:
                    0c:4c:54:4a:bd:64:6e:b5:e4:9a:f6:84:bb:fe:2c:
                    5c:33:4c:c3:9a:7b:c4:c3:60:42:00:95:0b:0c:60:
                    85:ad:29:bb:7a:1a:4d:a8:ca:19:d8:e6:58:4e:5a:
                    20:a0:42:15:28:e6:59:ea:16:67:dc:78:eb:c1:3c:
                    a5:ac:a3:3a:63:5b:9a:4f:7d:0d:26:08:38:ad:27:
                    de:0d:78:6a:80:bb:6b:65:9f:ef:98:40:11:1e:09:
                    99:5e:f4:f5:56:8c:8e:40:3f:cd:25:55:38:51:3b:
                    c3:d8:f0:94:a0:18:d8:a5:14:b8:4c:31:32:c3:2d:
                    e9:3d:17:2b:bc:bc:49:79:fc:da:38:db:87:0c:87:
                    99:4d:78:36:41:f2:f9:67:a3:9a:91:af:21:ae:17:
                    87:24:fa:48:df:27:d9:ac:b4:c3:d7:86:a6:fb:dd:
                    46:68:38:f1:77:a6:33:03:ef:aa:93:6c:07:bf:8e:
                    45:17:4c:0e:5c:2e:ed:9e:a1:57:b7:ae:ab:08:a7:
                    e0:d7:59:88:f8:73:13:61:b7:55:96:fb:e2:b3:5a:
                    5d:fb:4a:eb:ce:ad:87:62:8b:67:c1:07:e4:3f:4b:
                    bd:f0:64:6a:8f:25:8c:25:52:85:d3:bb:0d:92:77:
                    7c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:CE:A6:48:2A:F2:CC:B7:2A:BC:F1:71:61:40:A6:B6:D3:04:9C:56
            X509v3 Authority Key Identifier:
                keyid:41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/bM6mSCryzLcqvPFxYUCmttMEnFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:90:a1:9b:ad:53:3f:d2:ef:d4:a7:39:e4:df:bc:a5:36:9a:
         7a:43:f4:df:f7:d3:cf:fc:71:44:85:4f:64:b7:fc:b1:59:28:
         23:93:d4:93:07:47:50:1a:24:67:f4:d3:b5:70:57:4f:b5:20:
         fb:f0:66:2a:26:2b:31:9c:3e:d3:c1:c5:08:23:56:06:8c:e0:
         99:99:27:a1:e5:b0:76:ef:8f:19:3e:c0:b7:55:2f:9e:cf:8b:
         7b:65:dc:8a:b7:2c:fc:c9:7e:c9:42:fc:6f:0d:b6:f2:22:ff:
         37:20:a1:25:15:de:61:92:34:d8:81:64:5a:49:a8:b1:ce:3d:
         a5:4c:2e:d9:ed:d7:1e:7d:a8:5c:da:2e:a9:77:62:fd:1e:0c:
         6e:3a:18:f2:11:14:e3:ce:a1:22:1b:fe:82:f4:f9:02:f2:c6:
         5e:4e:3c:21:e9:56:c5:5d:47:30:8c:c2:e5:d4:86:56:6d:a3:
         02:f2:71:2d:fd:15:3f:35:16:1e:ad:f7:e0:55:d9:72:b8:d5:
         12:6f:3c:c4:3b:d5:a9:64:2b:62:a0:f4:73:2f:98:34:2a:d3:
         ae:dd:52:13:d8:9e:e6:db:0d:4c:45:6b:d2:e5:36:c5:60:a3:
         51:f0:0e:17:32:ef:bd:d5:93:2f:18:b3:94:83:ed:65:1a:b8:
         80:a7:45:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZehlE1pVHsTAyGvuC4jaDQDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWEyYTk0MDViZGExNjcxYzEwNzc2ZjQ0MjYyNzNjOTA0
ZTRhZDAwHhcNMjUwNjI0MTA1NTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2NlYTY0ODJhZjJjY2I3MmFiY2YxNzE2MTQwYTZiNmQzMDQ5YzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05PwXmoCRPB7f6C+/rgMTFRKvWRu
teSa9oS7/ixcM0zDmnvEw2BCAJULDGCFrSm7ehpNqMoZ2OZYTlogoEIVKOZZ6hZn
3HjrwTylrKM6Y1uaT30NJgg4rSfeDXhqgLtrZZ/vmEARHgmZXvT1VoyOQD/NJVU4
UTvD2PCUoBjYpRS4TDEywy3pPRcrvLxJefzaONuHDIeZTXg2QfL5Z6Oaka8hrheH
JPpI3yfZrLTD14am+91GaDjxd6YzA++qk2wHv45FF0wOXC7tnqFXt66rCKfg11mI
+HMTYbdVlvvis1pd+0rrzq2HYotnwQfkP0u98GRqjyWMJVKF07sNknd8VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzOpkgq8sy3KrzxcWFAprbTBJxWMB8GA1UdIwQY
MBaAFEEaKpQFvaFnHBB3b0QmJzyQTkrQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQt
OGM1MmU2NjZhOGEyLzEvYk02bVNDcnl6TGNxdlBGeFlVQ210dE1FbkZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQtOGM1MmU2NjZhOGEy
LzEvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQv8MA0G
CSqGSIb3DQEBCwUAA4IBAQCFkKGbrVM/0u/Upznk37ylNpp6Q/Tf99PP/HFEhU9k
t/yxWSgjk9STB0dQGiRn9NO1cFdPtSD78GYqJisxnD7TwcUII1YGjOCZmSeh5bB2
748ZPsC3VS+ez4t7ZdyKtyz8yX7JQvxvDbbyIv83IKElFd5hkjTYgWRaSaixzj2l
TC7Z7dcefahc2i6pd2L9HgxuOhjyERTjzqEiG/6C9PkC8sZeTjwh6VbFXUcwjMLl
1IZWbaMC8nEt/RU/NRYerffgVdlyuNUSbzzEO9WpZCtioPRzL5g0KtOu3VIT2J7m
2w1MRWvS5TbFYKNR8A4XMu+91ZMvGLOUg+1lGriAp0Xl
-----END CERTIFICATE-----
Generated at Tue Jul 1 17:57:37 2025 by rpki-client