Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/r3KGCxCjv96IO7-73DJmbR2vbyc.roa
File:                     r3KGCxCjv96IO7-73DJmbR2vbyc.roa (raw, json)
Hash identifier:          Luwss69T/0U8tEoPzqcLlCHMuF2RU6WIe+S3JTcP9Ko=
Subject key identifier:   AF:72:86:0B:10:A3:BF:DE:88:3B:BF:BB:DC:32:66:6D:1D:AF:6F:27
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0199F05A6214D16F45B86C15DFE520EF3A13
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/r3KGCxCjv96IO7-73DJmbR2vbyc.roa
Signing time:             Fri 17 Oct 2025 04:07:59 +0000
ROA not before:           Fri 17 Oct 2025 04:07:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        5.231.70.0/24 maxlen: 24
                          5.231.234.0/24 maxlen: 24
                          77.90.22.0/24 maxlen: 24
                          77.90.41.0/24 maxlen: 24
                          77.90.52.0/24 maxlen: 24
                          85.93.1.0/24 maxlen: 24
                          89.144.17.0/24 maxlen: 24
                          89.144.18.0/24 maxlen: 24
                          89.144.25.0/24 maxlen: 24
                          89.144.44.0/24 maxlen: 24
                          89.144.46.0/24 maxlen: 24
                          94.249.168.0/24 maxlen: 24
                          94.249.169.0/24 maxlen: 24
                          94.249.170.0/24 maxlen: 24
                          94.249.183.0/24 maxlen: 24
                          178.18.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f0:5a:62:14:d1:6f:45:b8:6c:15:df:e5:20:ef:3a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Oct 17 04:07:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af72860b10a3bfde883bbfbbdc32666d1daf6f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c2:a4:be:38:cc:35:82:84:15:7a:fb:7c:0b:
                    f3:70:d6:7c:ac:7f:50:ed:0f:cf:9b:4c:a8:9c:8f:
                    f2:b1:ea:12:2d:a5:c2:3d:0f:24:84:98:b9:f4:45:
                    60:64:7b:2d:71:05:49:01:7f:c9:b3:c1:e1:5a:1e:
                    4e:89:6c:1f:a4:af:52:ae:a3:1c:20:32:68:f9:e3:
                    31:3e:6b:6c:20:3a:ec:9a:68:55:85:9e:80:b7:43:
                    df:e9:24:13:b7:bd:d3:ab:d0:1f:4a:ac:e5:70:fe:
                    0b:73:cc:90:47:9e:68:bd:ce:ea:65:e4:02:8f:04:
                    b8:50:55:1b:e0:34:71:73:bb:b0:f1:73:af:c2:e8:
                    3e:c0:0a:77:b0:59:88:d1:41:27:64:e1:c8:d2:28:
                    03:01:b3:e2:dd:59:83:67:8b:df:e8:a5:93:82:b1:
                    af:b5:ad:52:20:fc:23:07:a6:14:ca:af:13:1d:84:
                    6a:ee:5f:c7:45:6d:a2:4c:ff:0e:df:84:3b:8d:01:
                    54:f7:ce:de:30:6f:7f:cf:9b:ef:d2:3c:fe:e3:5f:
                    d3:1a:ee:b8:8b:90:92:d6:51:82:bc:e3:eb:c4:dc:
                    46:d0:36:0a:db:ed:3e:5a:66:38:00:4e:74:57:c6:
                    fb:69:fc:b3:25:8b:1b:68:b5:8d:c6:12:44:da:fb:
                    bb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:72:86:0B:10:A3:BF:DE:88:3B:BF:BB:DC:32:66:6D:1D:AF:6F:27
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/r3KGCxCjv96IO7-73DJmbR2vbyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.70.0/24
                  5.231.234.0/24
                  77.90.22.0/24
                  77.90.41.0/24
                  77.90.52.0/24
                  85.93.1.0/24
                  89.144.17.0-89.144.18.255
                  89.144.25.0/24
                  89.144.44.0/24
                  89.144.46.0/24
                  94.249.168.0-94.249.170.255
                  94.249.183.0/24
                  178.18.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:d4:2b:2c:e4:e2:4b:6e:f2:f8:64:50:50:9b:b8:5c:3a:14:
         dc:86:a1:57:51:8d:dd:a4:cf:92:a9:6f:ae:f4:be:0c:b4:a9:
         17:f9:9b:5d:cc:ff:50:51:66:bc:d3:c4:fb:dc:be:97:dd:b4:
         24:a7:42:03:37:1a:ed:f9:3e:26:32:32:f8:79:cd:79:2d:09:
         7c:f8:dd:32:3a:e9:47:e4:f9:a1:81:17:d9:0d:6a:e8:e8:59:
         ca:64:3c:3a:09:5a:6b:58:2f:4c:63:46:5f:53:b8:63:4d:88:
         ef:fc:23:92:f1:43:99:ce:5e:0c:0c:a7:df:ca:c8:5a:90:3f:
         e2:6a:88:6b:97:f6:0c:b5:cf:16:99:e7:99:04:da:ff:93:e7:
         00:40:bb:f0:aa:53:8d:75:8d:90:4d:94:40:8b:97:c6:6e:13:
         06:cc:e8:54:f2:ab:f2:89:e6:d7:02:a2:78:77:b9:5c:c2:1d:
         5d:6d:c0:a3:b8:22:aa:7b:e1:4e:d8:b0:9a:08:f8:09:ce:1f:
         1b:0c:df:7d:17:ec:7b:8d:2b:36:88:31:f0:58:ba:1d:0d:c8:
         29:dd:a0:96:74:03:46:a4:6e:44:84:c7:5e:d0:fa:a8:e9:00:
         1e:5b:13:2a:a7:68:a7:17:0c:9b:1d:37:6e:e4:6b:c4:82:f5:
         08:d7:92:c5
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAZnwWmIU0W9FuGwV3+Ug7zoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMDE3MDQwNzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjcyODYwYjEwYTNiZmRlODgzYmJmYmJkYzMyNjY2ZDFkYWY2ZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMKkvjjMNYKEFXr7fAvzcNZ8rH9Q
7Q/Pm0yonI/yseoSLaXCPQ8khJi59EVgZHstcQVJAX/Js8HhWh5OiWwfpK9SrqMc
IDJo+eMxPmtsIDrsmmhVhZ6At0Pf6SQTt73Tq9AfSqzlcP4Lc8yQR55ovc7qZeQC
jwS4UFUb4DRxc7uw8XOvwug+wAp3sFmI0UEnZOHI0igDAbPi3VmDZ4vf6KWTgrGv
ta1SIPwjB6YUyq8THYRq7l/HRW2iTP8O34Q7jQFU987eMG9/z5vv0jz+41/TGu64
i5CS1lGCvOPrxNxG0DYK2+0+WmY4AE50V8b7afyzJYsbaLWNxhJE2vu7rQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFK9yhgsQo7/eiDu/u9wyZm0dr28nMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvcjNLR0N4Q2p2OTZJTzctNzNESm1iUjJ2YnljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQABedGAwQA
BefqAwQATVoWAwQATVopAwQATVo0AwQAVV0BMAwDBABZkBEDBABZkBIDBABZkBkD
BABZkCwDBABZkC4wDAMEA175qAMEAF75qgMEAF75twMEALISkzANBgkqhkiG9w0B
AQsFAAOCAQEAY9QrLOTiS27y+GRQUJu4XDoU3IahV1GN3aTPkqlvrvS+DLSpF/mb
Xcz/UFFmvNPE+9y+l920JKdCAzca7fk+JjIy+HnNeS0JfPjdMjrpR+T5oYEX2Q1q
6OhZymQ8Oglaa1gvTGNGX1O4Y02I7/wjkvFDmc5eDAyn38rIWpA/4mqIa5f2DLXP
FpnnmQTa/5PnAEC78KpTjXWNkE2UQIuXxm4TBszoVPKr8onm1wKieHe5XMIdXW3A
o7giqnvhTtiwmgj4Cc4fGwzffRfse40rNogx8Fi6HQ3IKd2glnQDRqRuRITHXtD6
qOkAHlsTKqdopxcMmx03buRrxIL1CNeSxQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:28:57 2025 by rpki-client