Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/I4lk-K4vzADVCX6yUHNgiwhmEpI.roa
File:                     I4lk-K4vzADVCX6yUHNgiwhmEpI.roa (raw, json)
Hash identifier:          GGA95oFZZ8h6ELEvN/tBAFl4TyZuEFRFl/1TZUQ+VFk=
Subject key identifier:   23:89:64:F8:AE:2F:CC:00:D5:09:7E:B2:50:73:60:8B:08:66:12:92
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       0199E2E05B5CAEB58ECB1806EF250726E2F4
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/I4lk-K4vzADVCX6yUHNgiwhmEpI.roa
Signing time:             Tue 14 Oct 2025 13:19:38 +0000
ROA not before:           Tue 14 Oct 2025 13:19:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55201
IP address blocks:        2a06:b441::/32 maxlen: 40
                          2a0e:7780::/32 maxlen: 40
                          2a0f:e000::/32 maxlen: 40
                          2a11:3b40::/32 maxlen: 40
                          2a11:dcc0::/32 maxlen: 40
                          2a12:440::/32 maxlen: 40
                          2a12:6640::/32 maxlen: 40
                          2a13:ba00::/32 maxlen: 40
                          2a13:dac0::/32 maxlen: 40
                          2a14:c0::/32 maxlen: 40
                          2a14:1c0::/32 maxlen: 40
                          2a14:800::/32 maxlen: 40
                          2a14:7e00::/32 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e2:e0:5b:5c:ae:b5:8e:cb:18:06:ef:25:07:26:e2:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Oct 14 13:19:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=238964f8ae2fcc00d5097eb25073608b08661292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:39:db:b0:04:1d:d9:fa:af:61:f5:24:ef:fe:
                    5c:7f:c9:bb:23:15:19:4a:38:58:a3:3f:7f:09:eb:
                    54:35:19:3f:02:84:21:dc:2e:87:5d:fe:18:c2:34:
                    77:00:64:cd:6e:cd:09:76:f6:60:aa:e8:2d:42:50:
                    d0:e1:ea:30:83:c8:e8:88:94:10:38:85:b8:db:55:
                    45:95:30:8f:90:ad:13:81:38:a3:da:38:b9:4e:ae:
                    9a:95:b4:93:7b:96:ee:ef:3f:50:db:03:bb:60:6d:
                    72:15:30:af:b8:1b:7e:85:d3:c4:a4:38:77:e1:d6:
                    1f:70:27:14:a0:2b:25:30:40:2d:7d:2d:3b:d3:f8:
                    78:a5:a6:2a:0a:6a:d9:50:f1:99:ba:b8:2a:0c:c2:
                    69:3d:62:c0:76:0f:f4:d1:32:81:5e:40:b4:d3:a6:
                    af:18:3a:ca:f3:5e:b2:be:43:55:33:85:0f:b0:cc:
                    a2:7f:b4:6f:18:02:15:dd:73:b6:73:16:73:7e:7b:
                    22:1d:12:0a:be:b4:c3:e2:48:39:ac:62:fa:0a:40:
                    26:61:7c:af:f2:b7:1e:de:54:fb:bc:7a:29:bf:4b:
                    b4:9b:ba:6d:c4:f9:72:dd:f0:da:6e:6f:cf:b6:f2:
                    ed:f0:a0:e4:0b:e8:cd:11:d7:13:19:06:86:c8:1d:
                    0a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:89:64:F8:AE:2F:CC:00:D5:09:7E:B2:50:73:60:8B:08:66:12:92
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/I4lk-K4vzADVCX6yUHNgiwhmEpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:b441::/32
                  2a0e:7780::/32
                  2a0f:e000::/32
                  2a11:3b40::/32
                  2a11:dcc0::/32
                  2a12:440::/32
                  2a12:6640::/32
                  2a13:ba00::/32
                  2a13:dac0::/32
                  2a14:c0::/32
                  2a14:1c0::/32
                  2a14:800::/32
                  2a14:7e00::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:98:26:19:03:ca:7e:88:96:13:47:b3:4e:47:66:3d:b8:2c:
         ab:95:eb:cd:52:b9:30:8c:7c:24:b0:28:4a:61:fc:6f:91:88:
         d5:9c:46:57:0d:d3:32:66:1f:66:40:ef:81:5b:b8:7f:2b:58:
         b6:d2:8c:12:0e:13:47:6f:d4:7c:b2:95:15:88:6b:25:39:ed:
         f3:91:64:2e:94:26:1d:d7:d8:7f:46:32:66:94:03:ba:56:28:
         a5:37:5c:d9:cc:c5:5f:98:55:08:1b:20:3a:67:a5:e4:b1:16:
         23:df:5c:4e:ec:9f:6b:f3:92:5b:92:de:ab:9e:e9:b6:56:c2:
         6e:9d:ee:94:68:f7:0b:3d:cb:23:94:2a:74:80:7b:1f:0a:83:
         60:cf:68:86:3e:2c:66:38:c3:f6:6f:4a:a7:a9:ae:0e:aa:6f:
         cd:04:15:e6:8e:6a:fb:86:b1:1d:f9:3b:b6:28:87:32:7e:48:
         53:ce:24:aa:1a:7c:39:54:11:4c:6d:cd:29:13:14:ad:60:cc:
         64:fc:2b:c2:46:fb:ac:08:fe:be:a5:35:16:8f:6e:28:df:dd:
         38:e2:0d:15:32:b5:64:04:25:8a:91:5d:4f:5b:f6:e1:83:ed:
         52:df:e3:39:cc:07:37:a0:b0:23:7e:71:f3:fb:82:02:d7:a0:
         fb:c6:87:27
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAZni4FtcrrWOyxgG7yUHJuL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjUxMDE0MTMxOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzg5NjRmOGFlMmZjYzAwZDUwOTdlYjI1MDczNjA4YjA4NjYxMjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjznbsAQd2fqvYfUk7/5cf8m7IxUZ
SjhYoz9/CetUNRk/AoQh3C6HXf4YwjR3AGTNbs0JdvZgqugtQlDQ4eowg8joiJQQ
OIW421VFlTCPkK0TgTij2ji5Tq6albSTe5bu7z9Q2wO7YG1yFTCvuBt+hdPEpDh3
4dYfcCcUoCslMEAtfS070/h4paYqCmrZUPGZurgqDMJpPWLAdg/00TKBXkC006av
GDrK816yvkNVM4UPsMyif7RvGAIV3XO2cxZzfnsiHRIKvrTD4kg5rGL6CkAmYXyv
8rce3lT7vHopv0u0m7ptxPly3fDabm/PtvLt8KDkC+jNEdcTGQaGyB0KswIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFCOJZPiuL8wA1Ql+slBzYIsIZhKSMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvSTRsay1LNHZ6QURWQ1g2eVVITmdpd2htRXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBhBAIAAjBbAwUAKga0QQMF
ACoOd4ADBQAqD+AAAwUAKhE7QAMFACoR3MADBQAqEgRAAwUAKhJmQAMFACoTugAD
BQAqE9rAAwUAKhQAwAMFACoUAcADBQAqFAgAAwUAKhR+ADANBgkqhkiG9w0BAQsF
AAOCAQEAW5gmGQPKfoiWE0ezTkdmPbgsq5XrzVK5MIx8JLAoSmH8b5GI1ZxGVw3T
MmYfZkDvgVu4fytYttKMEg4TR2/UfLKVFYhrJTnt85FkLpQmHdfYf0YyZpQDulYo
pTdc2czFX5hVCBsgOmel5LEWI99cTuyfa/OSW5Leq57ptlbCbp3ulGj3Cz3LI5Qq
dIB7HwqDYM9ohj4sZjjD9m9Kp6muDqpvzQQV5o5q+4axHfk7tiiHMn5IU84kqhp8
OVQRTG3NKRMUrWDMZPwrwkb7rAj+vqU1Fo9uKN/dOOINFTK1ZAQlipFdT1v24YPt
Ut/jOcwHN6CwI35x8/uCAteg+8aHJw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:01 2025 by rpki-client