Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/VpUO8FztHwErwqX-N9UX_EYZh7A.roa
File:                     VpUO8FztHwErwqX-N9UX_EYZh7A.roa (raw, json)
Hash identifier:          KoW1E0hQQXw+2PHPNCjmoEVjfKo8T8cI7h2RXMqdk48=
Subject key identifier:   56:95:0E:F0:5C:ED:1F:01:2B:C2:A5:FE:37:D5:17:FC:46:19:87:B0
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       0199ED0431F743CE73359A420E99EAEEFF8B
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/VpUO8FztHwErwqX-N9UX_EYZh7A.roa
Signing time:             Thu 16 Oct 2025 12:34:59 +0000
ROA not before:           Thu 16 Oct 2025 12:34:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        5.226.0.0/21 maxlen: 24
                          31.7.248.0/21 maxlen: 24
                          31.172.160.0/22 maxlen: 24
                          31.172.232.0/21 maxlen: 24
                          37.26.184.0/21 maxlen: 24
                          37.61.240.0/21 maxlen: 24
                          37.110.192.0/21 maxlen: 24
                          37.156.226.0/24 maxlen: 24
                          46.22.192.0/20 maxlen: 24
                          46.102.116.0/24 maxlen: 24
                          46.231.216.0/21 maxlen: 24
                          46.247.128.0/22 maxlen: 24
                          46.255.200.0/21 maxlen: 24
                          77.72.88.0/21 maxlen: 24
                          77.246.80.0/20 maxlen: 24
                          78.153.224.0/19 maxlen: 24
                          82.96.128.0/18 maxlen: 24
                          82.163.36.0/22 maxlen: 24
                          82.196.24.0/21 maxlen: 24
                          85.31.192.0/19 maxlen: 24
                          87.121.136.0/21 maxlen: 24
                          88.212.144.0/21 maxlen: 24
                          89.37.106.0/24 maxlen: 24
                          89.44.77.0/24 maxlen: 24
                          89.44.210.0/24 maxlen: 24
                          91.224.162.0/23 maxlen: 24
                          91.226.193.0/24 maxlen: 24
                          91.250.244.0/24 maxlen: 24
                          94.100.160.0/20 maxlen: 24
                          95.143.64.0/20 maxlen: 24
                          149.232.160.0/20 maxlen: 24
                          176.241.120.0/21 maxlen: 24
                          185.4.60.0/23 maxlen: 24
                          185.4.62.0/24 maxlen: 24
                          185.15.140.0/22 maxlen: 24
                          185.53.80.0/22 maxlen: 24
                          185.61.184.0/21 maxlen: 24
                          185.62.184.0/22 maxlen: 24
                          185.65.79.0/24 maxlen: 24
                          185.78.156.0/22 maxlen: 24
                          185.91.224.0/22 maxlen: 24
                          185.92.36.0/22 maxlen: 24
                          185.114.100.0/22 maxlen: 24
                          185.116.63.0/24 maxlen: 24
                          185.209.52.0/22 maxlen: 24
                          193.39.119.0/24 maxlen: 24
                          193.151.84.0/22 maxlen: 24
                          193.151.84.0/24 maxlen: 24
                          193.151.87.0/24 maxlen: 24
                          193.189.124.0/23 maxlen: 24
                          194.42.100.0/23 maxlen: 24
                          194.116.142.0/23 maxlen: 24
                          195.43.64.0/23 maxlen: 24
                          195.128.147.0/24 maxlen: 24
                          195.189.186.0/23 maxlen: 24
                          195.234.35.0/24 maxlen: 24
                          212.18.240.0/21 maxlen: 24
                          212.85.229.0/24 maxlen: 24
                          212.85.230.0/23 maxlen: 24
                          2a00:68c0::/32 maxlen: 48
                          2a00:78c0::/29 maxlen: 48
                          2a01:240::/32 maxlen: 48
                          2a01:290::/32 maxlen: 48
                          2a02:398::/32 maxlen: 48
                          2a03:bdc0::/32 maxlen: 48
                          2a04:cc00::/29 maxlen: 48
                          2a0b:41c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ed:04:31:f7:43:ce:73:35:9a:42:0e:99:ea:ee:ff:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Oct 16 12:34:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56950ef05ced1f012bc2a5fe37d517fc461987b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0d:5d:5b:3d:5c:5f:6c:89:51:75:55:fa:10:
                    cf:38:a0:6d:0f:e0:f6:ec:3d:5d:51:d6:54:b9:93:
                    bd:3a:8c:97:28:54:a1:ec:8f:25:fc:f6:d7:e4:bf:
                    4f:36:2a:92:81:d1:92:b7:2d:a2:5b:ec:89:b0:39:
                    2f:c1:2c:13:32:b8:70:b9:8b:86:da:6c:e3:9e:a3:
                    07:ab:25:28:b7:e0:25:29:9b:46:52:10:93:a9:38:
                    ff:46:fd:4f:f3:33:9c:b6:37:29:79:89:63:98:b4:
                    19:af:54:06:01:bd:89:9d:2a:57:a5:a8:b8:ca:ae:
                    ba:97:03:84:2e:5a:f8:61:0b:47:a2:4a:43:b1:f8:
                    eb:0b:05:89:7c:f5:a1:d5:21:54:3f:e7:bc:2a:c9:
                    28:a8:2d:ed:5e:0d:bd:37:ce:9d:0f:c7:2f:55:dd:
                    a6:ba:b2:69:c3:dd:79:a3:f7:2f:ac:03:f5:f9:3b:
                    27:ca:01:18:98:9b:01:5c:52:ec:9d:cf:c2:41:ec:
                    b7:c4:aa:a1:b3:bc:ff:8c:7e:ad:46:1d:02:b9:26:
                    cb:b9:49:54:1b:78:d6:1d:16:d5:20:84:f4:68:5f:
                    20:cd:e3:1b:26:79:33:cd:66:b8:fa:3c:7c:fb:7a:
                    98:9f:9d:6b:06:06:2c:98:37:4e:96:77:02:65:24:
                    96:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:95:0E:F0:5C:ED:1F:01:2B:C2:A5:FE:37:D5:17:FC:46:19:87:B0
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/VpUO8FztHwErwqX-N9UX_EYZh7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.0.0/21
                  31.7.248.0/21
                  31.172.160.0/22
                  31.172.232.0/21
                  37.26.184.0/21
                  37.61.240.0/21
                  37.110.192.0/21
                  37.156.226.0/24
                  46.22.192.0/20
                  46.102.116.0/24
                  46.231.216.0/21
                  46.247.128.0/22
                  46.255.200.0/21
                  77.72.88.0/21
                  77.246.80.0/20
                  78.153.224.0/19
                  82.96.128.0/18
                  82.163.36.0/22
                  82.196.24.0/21
                  85.31.192.0/19
                  87.121.136.0/21
                  88.212.144.0/21
                  89.37.106.0/24
                  89.44.77.0/24
                  89.44.210.0/24
                  91.224.162.0/23
                  91.226.193.0/24
                  91.250.244.0/24
                  94.100.160.0/20
                  95.143.64.0/20
                  149.232.160.0/20
                  176.241.120.0/21
                  185.4.60.0-185.4.62.255
                  185.15.140.0/22
                  185.53.80.0/22
                  185.61.184.0/21
                  185.62.184.0/22
                  185.65.79.0/24
                  185.78.156.0/22
                  185.91.224.0/22
                  185.92.36.0/22
                  185.114.100.0/22
                  185.116.63.0/24
                  185.209.52.0/22
                  193.39.119.0/24
                  193.151.84.0/22
                  193.189.124.0/23
                  194.42.100.0/23
                  194.116.142.0/23
                  195.43.64.0/23
                  195.128.147.0/24
                  195.189.186.0/23
                  195.234.35.0/24
                  212.18.240.0/21
                  212.85.229.0-212.85.231.255
                IPv6:
                  2a00:68c0::/32
                  2a00:78c0::/29
                  2a01:240::/32
                  2a01:290::/32
                  2a02:398::/32
                  2a03:bdc0::/32
                  2a04:cc00::/29
                  2a0b:41c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:0c:78:68:a8:78:da:cd:ca:cc:3b:9c:af:a0:97:1d:10:c0:
         c3:2d:2f:19:db:6d:91:90:c2:8c:08:8c:b7:c6:b6:c6:d1:b5:
         a7:fd:0a:3b:a9:57:4c:a4:92:4a:3d:16:97:c9:2e:66:de:2d:
         f1:b6:34:e1:6b:84:44:56:14:18:96:64:7d:f0:d4:2b:8d:c2:
         34:ff:25:1e:0e:6d:c5:30:5d:2c:40:69:e4:f0:9c:d9:8f:05:
         c0:b9:c0:7d:85:c3:18:56:05:4d:98:2d:0d:b8:13:58:ab:d2:
         97:3f:95:b7:32:c7:51:01:11:f0:4e:18:ab:12:50:c5:10:5a:
         8f:91:76:52:e9:43:80:f9:62:49:3c:41:e5:09:bd:1c:18:aa:
         ef:cb:e2:b0:ca:4d:f5:d1:d9:3e:3e:71:97:ae:19:8d:9a:89:
         fe:87:7b:d3:d6:ca:5f:74:18:95:9f:13:03:47:62:95:2d:41:
         26:5d:b4:d3:46:d4:df:3d:90:95:de:6c:32:85:71:e2:6b:2e:
         62:ba:77:14:1f:a5:1a:2c:d0:86:b6:dc:6a:aa:80:df:67:c3:
         fd:18:68:e5:2c:f4:28:dd:6e:5f:9d:41:24:e1:d4:2c:0b:b9:
         34:c7:3d:63:50:c8:2a:c2:da:43:27:d0:59:6c:0b:c5:e1:09:
         93:bd:57:9e
-----BEGIN CERTIFICATE-----
MIIGmzCCBYOgAwIBAgISAZntBDH3Q85zNZpCDpnq7v+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjUxMDE2MTIzNDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Njk1MGVmMDVjZWQxZjAxMmJjMmE1ZmUzN2Q1MTdmYzQ2MTk4N2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjw1dWz1cX2yJUXVV+hDPOKBtD+D2
7D1dUdZUuZO9OoyXKFSh7I8l/PbX5L9PNiqSgdGSty2iW+yJsDkvwSwTMrhwuYuG
2mzjnqMHqyUot+AlKZtGUhCTqTj/Rv1P8zOctjcpeYljmLQZr1QGAb2JnSpXpai4
yq66lwOELlr4YQtHokpDsfjrCwWJfPWh1SFUP+e8KskoqC3tXg29N86dD8cvVd2m
urJpw915o/cvrAP1+TsnygEYmJsBXFLsnc/CQey3xKqhs7z/jH6tRh0CuSbLuUlU
G3jWHRbVIIT0aF8gzeMbJnkzzWa4+jx8+3qYn51rBgYsmDdOlncCZSSWAQIDAQAB
o4IDpzCCA6MwHQYDVR0OBBYEFFaVDvBc7R8BK8Kl/jfVF/xGGYewMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEvVnBVTzhGenRId0Vyd3FYLU45VVhfRVlaaDdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEtZGQxMTVmOWUzMzAx
LzEvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBuwYIKwYBBQUHAQcBAf8EggGqMIIBpjCCAWIEAgABMIIB
WgMEAwXiAAMEAx8H+AMEAh+soAMEAx+s6AMEAyUauAMEAyU98AMEAyVuwAMEACWc
4gMEBC4WwAMEAC5mdAMEAy7n2AMEAi73gAMEAy7/yAMEA01IWAMEBE32UAMEBU6Z
4AMEBlJggAMEAlKjJAMEA1LEGAMEBVUfwAMEA1d5iAMEA1jUkAMEAFklagMEAFks
TQMEAFks0gMEAVvgogMEAFviwQMEAFv69AMEBF5koAMEBF+PQAMEBJXooAMEA7Dx
eDAMAwQCuQQ8AwQAuQQ+AwQCuQ+MAwQCuTVQAwQDuT24AwQCuT64AwQAuUFPAwQC
uU6cAwQCuVvgAwQCuVwkAwQCuXJkAwQAuXQ/AwQCudE0AwQAwSd3AwQCwZdUAwQB
wb18AwQBwipkAwQBwnSOAwQBwytAAwQAw4CTAwQBw726AwQAw+ojAwQD1BLwMAwD
BADUVeUDBAPUVeAwPgQCAAIwOAMFACoAaMADBQMqAHjAAwUAKgECQAMFACoBApAD
BQAqAgOYAwUAKgO9wAMFAyoEzAADBQMqC0HAMA0GCSqGSIb3DQEBCwUAA4IBAQAA
DHhoqHjazcrMO5yvoJcdEMDDLS8Z222RkMKMCIy3xrbG0bWn/Qo7qVdMpJJKPRaX
yS5m3i3xtjTha4REVhQYlmR98NQrjcI0/yUeDm3FMF0sQGnk8JzZjwXAucB9hcMY
VgVNmC0NuBNYq9KXP5W3MsdRARHwThirElDFEFqPkXZS6UOA+WJJPEHlCb0cGKrv
y+Kwyk310dk+PnGXrhmNmon+h3vT1spfdBiVnxMDR2KVLUEmXbTTRtTfPZCV3mwy
hXHiay5iuncUH6UaLNCGttxqqoDfZ8P9GGjlLPQo3W5fnUEk4dQsC7k0xz1jUMgq
wtpDJ9BZbAvF4QmTvVee
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:46 2025 by rpki-client