Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/YsIgrSJUYriYGQHuohCcIVhX9do.roa
File:                     YsIgrSJUYriYGQHuohCcIVhX9do.roa (raw, json)
Hash identifier:          SJhg/pqUQs56qO7PFd9gOS+lz9SdTB/peMTP9Y4EoQc=
Subject key identifier:   62:C2:20:AD:22:54:62:B8:98:19:01:EE:A2:10:9C:21:58:57:F5:DA
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       0197C18056BD4765CC874B9101420DC2E289
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/YsIgrSJUYriYGQHuohCcIVhX9do.roa
Signing time:             Mon 30 Jun 2025 15:41:42 +0000
ROA not before:           Mon 30 Jun 2025 15:41:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        5.39.176.0/21 maxlen: 24
                          5.159.208.0/21 maxlen: 24
                          5.181.72.0/22 maxlen: 24
                          31.192.96.0/21 maxlen: 24
                          45.8.100.0/22 maxlen: 24
                          45.132.108.0/22 maxlen: 24
                          45.137.44.0/22 maxlen: 24
                          80.74.240.0/21 maxlen: 24
                          80.74.248.0/21 maxlen: 24
                          80.87.16.0/20 maxlen: 24
                          83.150.252.0/22 maxlen: 24
                          85.95.96.0/19 maxlen: 24
                          87.236.128.0/21 maxlen: 24
                          88.151.152.0/21 maxlen: 24
                          89.38.120.0/21 maxlen: 24
                          91.143.64.0/20 maxlen: 24
                          92.42.120.0/21 maxlen: 24
                          93.115.176.0/20 maxlen: 24
                          94.142.168.0/21 maxlen: 24
                          95.129.64.0/21 maxlen: 24
                          176.58.0.0/21 maxlen: 24
                          185.52.144.0/22 maxlen: 24
                          185.79.184.0/22 maxlen: 24
                          185.90.0.0/22 maxlen: 24
                          185.94.204.0/22 maxlen: 24
                          185.99.76.0/22 maxlen: 24
                          185.145.88.0/22 maxlen: 24
                          185.178.216.0/22 maxlen: 24
                          185.182.0.0/21 maxlen: 24
                          185.182.200.0/23 maxlen: 24
                          185.204.212.0/22 maxlen: 24
                          185.229.4.0/22 maxlen: 24
                          185.246.132.0/22 maxlen: 24
                          185.247.200.0/22 maxlen: 24
                          185.248.252.0/24 maxlen: 24
                          185.248.253.0/24 maxlen: 24
                          185.248.254.0/24 maxlen: 24
                          185.248.255.0/24 maxlen: 24
                          188.94.16.0/21 maxlen: 24
                          193.24.3.0/24 maxlen: 24
                          193.24.6.0/24 maxlen: 24
                          193.24.13.0/24 maxlen: 24
                          193.24.31.0/24 maxlen: 24
                          195.26.32.0/19 maxlen: 24
                          195.88.8.0/23 maxlen: 24
                          212.11.68.0/22 maxlen: 24
                          212.11.72.0/22 maxlen: 24
                          217.145.128.0/20 maxlen: 24
                          2a00:f1c0::/32 maxlen: 32
                          2a0d:7680::/29 maxlen: 29
                          2a0e:a1c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 21:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c1:80:56:bd:47:65:cc:87:4b:91:01:42:0d:c2:e2:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: Jun 30 15:41:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62c220ad225462b8981901eea2109c215857f5da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:85:8d:4b:d6:41:e4:26:7f:1d:d3:3e:d9:41:
                    c2:4f:a5:6a:01:b0:23:6c:43:dc:89:87:6c:34:b6:
                    9b:0a:02:eb:ed:5d:c6:57:08:36:fc:fb:90:6a:db:
                    59:e0:4a:f9:08:5f:33:87:b8:f4:75:af:51:77:69:
                    c6:54:8e:06:6a:c3:34:10:53:43:ee:70:38:bb:1d:
                    99:5e:7e:56:4c:ec:e7:23:92:74:11:99:3a:a5:b9:
                    9b:c4:52:f2:c7:a9:af:b3:8c:00:c1:1e:ad:30:6a:
                    31:cb:1d:11:b6:a7:97:89:ba:6f:a7:41:ee:bd:7c:
                    5c:b8:6d:16:af:d3:34:91:7c:10:1d:ba:72:47:2f:
                    92:eb:52:08:d4:4f:6b:7b:57:73:66:da:cf:78:aa:
                    c7:1d:17:25:a9:f9:15:c6:5c:06:f6:5e:9b:e9:e4:
                    ad:cd:79:94:fc:0a:4f:4c:8f:19:ca:27:59:81:94:
                    20:c0:bc:8f:b0:d6:3a:f3:b1:a5:64:63:c2:15:f9:
                    13:e9:7a:dc:86:19:07:5b:b3:29:c9:e9:a5:15:a1:
                    12:19:47:8c:f4:fb:07:36:07:00:75:1b:4f:ea:a8:
                    46:da:fb:07:80:a0:ee:ff:5e:32:a3:dd:ac:6a:6c:
                    81:dc:76:f8:64:0f:db:90:6e:06:8a:1b:c0:33:7b:
                    79:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:C2:20:AD:22:54:62:B8:98:19:01:EE:A2:10:9C:21:58:57:F5:DA
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/YsIgrSJUYriYGQHuohCcIVhX9do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.176.0/21
                  5.159.208.0/21
                  5.181.72.0/22
                  31.192.96.0/21
                  45.8.100.0/22
                  45.132.108.0/22
                  45.137.44.0/22
                  80.74.240.0/20
                  80.87.16.0/20
                  83.150.252.0/22
                  85.95.96.0/19
                  87.236.128.0/21
                  88.151.152.0/21
                  89.38.120.0/21
                  91.143.64.0/20
                  92.42.120.0/21
                  93.115.176.0/20
                  94.142.168.0/21
                  95.129.64.0/21
                  176.58.0.0/21
                  185.52.144.0/22
                  185.79.184.0/22
                  185.90.0.0/22
                  185.94.204.0/22
                  185.99.76.0/22
                  185.145.88.0/22
                  185.178.216.0/22
                  185.182.0.0/21
                  185.182.200.0/23
                  185.204.212.0/22
                  185.229.4.0/22
                  185.246.132.0/22
                  185.247.200.0/22
                  185.248.252.0/22
                  188.94.16.0/21
                  193.24.3.0/24
                  193.24.6.0/24
                  193.24.13.0/24
                  193.24.31.0/24
                  195.26.32.0/19
                  195.88.8.0/23
                  212.11.68.0-212.11.75.255
                  217.145.128.0/20
                IPv6:
                  2a00:f1c0::/32
                  2a0d:7680::/29
                  2a0e:a1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:c2:7b:ef:3d:a4:eb:33:85:d4:7d:09:c3:34:31:48:2f:5f:
         f0:0b:50:f1:4f:1e:05:1b:54:dc:79:31:67:f2:b5:23:dc:3c:
         22:93:51:48:44:e1:a8:4f:8d:5a:83:e5:25:14:d4:85:de:4d:
         c2:aa:99:85:dd:6c:fd:d4:54:94:10:b0:6f:10:98:e0:04:0d:
         28:47:8c:2b:b3:77:d5:a6:bd:a9:a7:67:63:cf:37:90:18:3d:
         fd:fa:5d:4d:af:8b:d9:90:7d:ae:d2:5b:ce:f1:15:f8:00:ef:
         42:c8:4f:90:18:95:5c:4d:e7:9a:49:39:a7:77:8c:a1:db:51:
         98:39:56:87:fb:69:77:c6:0b:96:1e:14:b4:32:10:2e:80:63:
         d8:91:c1:09:3d:66:f0:5c:02:ac:77:48:7e:e3:f1:b2:ae:43:
         03:bc:54:dd:6a:91:e8:70:6b:ae:d6:13:17:b6:f3:d4:48:3a:
         d7:1d:62:67:66:fc:69:bd:75:f6:4d:27:a7:02:46:db:94:65:
         0e:af:e7:28:23:e3:1f:8a:b8:ca:31:19:4f:e7:80:d2:77:e0:
         98:07:cf:38:3e:a5:0a:35:87:72:06:8b:88:4f:88:d0:b4:ab:
         34:49:34:23:86:0b:54:a8:7c:e7:30:91:c7:ff:e6:7f:85:f7:
         4f:30:29:41
-----BEGIN CERTIFICATE-----
MIIGKDCCBRCgAwIBAgISAZfBgFa9R2XMh0uRAUINwuKJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwNjMwMTU0MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmMyMjBhZDIyNTQ2MmI4OTgxOTAxZWVhMjEwOWMyMTU4NTdmNWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoWNS9ZB5CZ/HdM+2UHCT6VqAbAj
bEPciYdsNLabCgLr7V3GVwg2/PuQattZ4Er5CF8zh7j0da9Rd2nGVI4GasM0EFND
7nA4ux2ZXn5WTOznI5J0EZk6pbmbxFLyx6mvs4wAwR6tMGoxyx0RtqeXibpvp0Hu
vXxcuG0Wr9M0kXwQHbpyRy+S61II1E9re1dzZtrPeKrHHRclqfkVxlwG9l6b6eSt
zXmU/ApPTI8ZyidZgZQgwLyPsNY687GlZGPCFfkT6XrchhkHW7MpyemlFaESGUeM
9PsHNgcAdRtP6qhG2vsHgKDu/14yo92samyB3Hb4ZA/bkG4GihvAM3t5BQIDAQAB
o4IDNDCCAzAwHQYDVR0OBBYEFGLCIK0iVGK4mBkB7qIQnCFYV/XaMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvWXNJZ3JTSlVZcmlZR1FIdW9oQ2NJVmhYOWRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBSAYIKwYBBQUHAQcBAf8EggE3MIIBMzCCARIEAgABMIIB
CgMEAwUnsAMEAwWf0AMEAgW1SAMEAx/AYAMEAi0IZAMEAi2EbAMEAi2JLAMEBFBK
8AMEBFBXEAMEAlOW/AMEBVVfYAMEA1fsgAMEA1iXmAMEA1kmeAMEBFuPQAMEA1wq
eAMEBF1zsAMEA16OqAMEA1+BQAMEA7A6AAMEArk0kAMEArlPuAMEArlaAAMEArle
zAMEArljTAMEArmRWAMEArmy2AMEA7m2AAMEAbm2yAMEArnM1AMEArnlBAMEArn2
hAMEArn3yAMEArn4/AMEA7xeEAMEAMEYAwMEAMEYBgMEAMEYDQMEAMEYHwMEBcMa
IAMEAcNYCDAMAwQC1AtEAwQC1AtIAwQE2ZGAMBsEAgACMBUDBQAqAPHAAwUDKg12
gAMFAyoOocAwDQYJKoZIhvcNAQELBQADggEBAA7Ce+89pOszhdR9CcM0MUgvX/AL
UPFPHgUbVNx5MWfytSPcPCKTUUhE4ahPjVqD5SUU1IXeTcKqmYXdbP3UVJQQsG8Q
mOAEDShHjCuzd9WmvamnZ2PPN5AYPf36XU2vi9mQfa7SW87xFfgA70LIT5AYlVxN
55pJOad3jKHbUZg5Vof7aXfGC5YeFLQyEC6AY9iRwQk9ZvBcAqx3SH7j8bKuQwO8
VN1qkehwa67WExe289RIOtcdYmdm/Gm9dfZNJ6cCRtuUZQ6v5ygj4x+KuMoxGU/n
gNJ34JgHzzg+pQo1h3IGi4hPiNC0qzRJNCOGC1SofOcwkcf/5n+F908wKUE=
-----END CERTIFICATE-----
Generated at Thu Jul 3 07:02:28 2025 by rpki-client