Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/0mSInaOcQzcUaKnk3U9INfBb53Q.roa
File:                     0mSInaOcQzcUaKnk3U9INfBb53Q.roa (raw, json)
Hash identifier:          qM+YFRRYDhlfBg0HbT486tTWhmPISPFkNx0SGBRbZjE=
Subject key identifier:   D2:64:88:9D:A3:9C:43:37:14:68:A9:E4:DD:4F:48:35:F0:5B:E7:74
Certificate issuer:       /CN=e3f19cc5e38d8f9c1d6547177665f89211dec899
Certificate serial:       01990F9184F90025DDED4651F2F14515C0F2
Authority key identifier: E3:F1:9C:C5:E3:8D:8F:9C:1D:65:47:17:76:65:F8:92:11:DE:C8:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4_GcxeONj5wdZUcXdmX4khHeyJk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/0mSInaOcQzcUaKnk3U9INfBb53Q.roa
Signing time:             Wed 03 Sep 2025 12:33:38 +0000
ROA not before:           Wed 03 Sep 2025 12:33:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61146
IP address blocks:        31.216.136.0/21 maxlen: 21
                          62.108.216.0/21 maxlen: 21
                          185.176.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/4_GcxeONj5wdZUcXdmX4khHeyJk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/4_GcxeONj5wdZUcXdmX4khHeyJk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4_GcxeONj5wdZUcXdmX4khHeyJk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:91:84:f9:00:25:dd:ed:46:51:f2:f1:45:15:c0:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3f19cc5e38d8f9c1d6547177665f89211dec899
        Validity
            Not Before: Sep  3 12:33:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d264889da39c43371468a9e4dd4f4835f05be774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e8:ad:ed:f5:df:72:fe:e1:15:1d:9f:58:06:
                    34:17:fe:6d:42:14:df:51:ec:41:0f:88:27:ae:c0:
                    dc:6a:3e:37:e7:b2:29:80:5c:0f:d9:78:62:82:78:
                    47:85:2b:2a:f6:08:78:8d:98:6a:27:d0:e8:1b:b3:
                    5b:a4:a6:18:08:e1:23:00:e2:9b:f4:9e:3f:83:94:
                    02:ca:f4:3f:b7:28:e5:0b:97:43:6d:de:8f:df:2a:
                    ae:79:9c:08:e7:a3:6a:1c:9a:ba:94:be:3f:82:fd:
                    f2:e6:d3:1f:65:9f:97:88:b1:1c:c3:80:3a:be:bc:
                    fa:ec:8f:ac:89:e2:de:ce:2d:17:7a:fc:90:19:00:
                    c4:77:f3:47:20:67:6c:aa:b1:5e:b7:04:88:ec:4a:
                    25:88:b3:0e:72:9d:6d:f2:c5:dc:e8:74:d8:19:d8:
                    fa:1f:7f:c0:86:27:45:7c:03:96:5f:c5:9d:21:39:
                    59:8e:4f:98:20:be:11:2d:0f:e6:07:c0:82:c1:32:
                    9b:04:f2:db:0d:c7:fc:84:ab:8d:0d:bb:48:93:a3:
                    08:13:85:49:31:d5:91:b5:c1:a7:cf:a6:0d:57:d3:
                    ca:e6:36:85:b6:ac:87:c7:4a:26:88:38:82:bd:ec:
                    52:73:c8:23:7a:d5:fd:ab:d2:94:6c:71:3a:7e:18:
                    80:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:64:88:9D:A3:9C:43:37:14:68:A9:E4:DD:4F:48:35:F0:5B:E7:74
            X509v3 Authority Key Identifier:
                keyid:E3:F1:9C:C5:E3:8D:8F:9C:1D:65:47:17:76:65:F8:92:11:DE:C8:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4_GcxeONj5wdZUcXdmX4khHeyJk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/0mSInaOcQzcUaKnk3U9INfBb53Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/4_GcxeONj5wdZUcXdmX4khHeyJk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.216.136.0/21
                  62.108.216.0/21
                  185.176.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:20:37:87:cd:4b:c9:c7:cb:9b:b5:7d:59:49:bf:e7:6e:47:
         ed:5b:e7:56:cf:9c:b9:f9:a3:6d:36:38:28:0b:02:8b:dd:f6:
         f2:04:ae:09:dc:ae:94:2c:61:14:82:04:51:a5:c5:48:e5:fa:
         2f:09:67:36:b5:07:35:69:29:de:bc:90:12:0c:f3:73:1d:ea:
         33:b1:1c:16:f4:61:9e:6c:79:8d:bc:ee:12:64:b3:f6:51:d0:
         c2:a6:4d:71:a4:9a:18:19:92:cb:92:43:8c:6d:91:4b:ab:aa:
         37:f8:da:fe:89:fb:85:5c:6c:4a:7e:5b:bb:fb:af:ef:e5:62:
         82:4b:aa:bc:37:a4:be:fd:3f:19:dc:5c:dc:cd:3a:2f:f0:fa:
         a0:e2:c9:c3:9a:b1:a3:d6:b7:31:fd:f4:f6:2f:a3:80:a5:8b:
         96:ed:4f:b5:04:90:8d:a7:cc:f4:31:90:cc:5b:e2:61:f8:19:
         11:7c:77:41:99:a1:ee:ad:d0:26:98:9f:c8:0b:00:36:b5:ab:
         7d:56:5e:9c:40:3a:62:a9:ba:2b:8f:bc:2e:a8:aa:64:3f:7c:
         01:28:f4:62:c1:3b:2d:9c:92:bb:72:55:1f:b0:07:df:14:de:
         b5:7e:5c:83:46:01:2b:36:6c:34:aa:1d:ff:2a:8a:0c:9e:57:
         7b:81:e0:f4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkPkYT5ACXd7UZR8vFFFcDyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZjE5Y2M1ZTM4ZDhmOWMxZDY1NDcxNzc2NjVmODkyMTFk
ZWM4OTkwHhcNMjUwOTAzMTIzMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjY0ODg5ZGEzOWM0MzM3MTQ2OGE5ZTRkZDRmNDgzNWYwNWJlNzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOit7fXfcv7hFR2fWAY0F/5tQhTf
UexBD4gnrsDcaj4357IpgFwP2XhignhHhSsq9gh4jZhqJ9DoG7NbpKYYCOEjAOKb
9J4/g5QCyvQ/tyjlC5dDbd6P3yqueZwI56NqHJq6lL4/gv3y5tMfZZ+XiLEcw4A6
vrz67I+sieLezi0XevyQGQDEd/NHIGdsqrFetwSI7EoliLMOcp1t8sXc6HTYGdj6
H3/AhidFfAOWX8WdITlZjk+YIL4RLQ/mB8CCwTKbBPLbDcf8hKuNDbtIk6MIE4VJ
MdWRtcGnz6YNV9PK5jaFtqyHx0omiDiCvexSc8gjetX9q9KUbHE6fhiAbQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNJkiJ2jnEM3FGip5N1PSDXwW+d0MB8GA1UdIwQY
MBaAFOPxnMXjjY+cHWVHF3Zl+JIR3siZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNF9HY3hlT05qNXdkWlVjWGRtWDRraEhleUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8xYTg1YTgtZTRmOC00OThiLWE1YWUt
YTRiZTE3MmM3NmJhLzEvMG1TSW5hT2NRemNVYUtuazNVOUlOZkJiNTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8xYTg1YTgtZTRmOC00OThiLWE1YWUtYTRiZTE3MmM3NmJh
LzEvNF9HY3hlT05qNXdkWlVjWGRtWDRraEhleUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDH9iIAwQD
PmzYAwQCubC4MA0GCSqGSIb3DQEBCwUAA4IBAQBMIDeHzUvJx8ubtX1ZSb/nbkft
W+dWz5y5+aNtNjgoCwKL3fbyBK4J3K6ULGEUggRRpcVI5fovCWc2tQc1aSnevJAS
DPNzHeozsRwW9GGebHmNvO4SZLP2UdDCpk1xpJoYGZLLkkOMbZFLq6o3+Nr+ifuF
XGxKflu7+6/v5WKCS6q8N6S+/T8Z3FzczTov8Pqg4snDmrGj1rcx/fT2L6OApYuW
7U+1BJCNp8z0MZDMW+Jh+BkRfHdBmaHurdAmmJ/ICwA2tat9Vl6cQDpiqborj7wu
qKpkP3wBKPRiwTstnJK7clUfsAffFN61flyDRgErNmw0qh3/KooMnld7geD0
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:51:21 2025 by rpki-client