Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/e_wdYfIb7oSAQK9heEYm9UgMV4w.roa
File:                     e_wdYfIb7oSAQK9heEYm9UgMV4w.roa (raw, json)
Hash identifier:          xQ92IsW1DWebefzeoP8h0CsDyl59Z9v3IisSXRJtiAs=
Subject key identifier:   7B:FC:1D:61:F2:1B:EE:84:80:40:AF:61:78:46:26:F5:48:0C:57:8C
Certificate issuer:       /CN=48abf29fdef8570502f4b51be5ffc05c4d9b3465
Certificate serial:       0199D31BCB3D67114B3967ABB03AFD6FAC8E
Authority key identifier: 48:AB:F2:9F:DE:F8:57:05:02:F4:B5:1B:E5:FF:C0:5C:4D:9B:34:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/e_wdYfIb7oSAQK9heEYm9UgMV4w.roa
Signing time:             Sat 11 Oct 2025 11:50:38 +0000
ROA not before:           Sat 11 Oct 2025 11:50:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215655
IP address blocks:        45.86.5.0/24 maxlen: 24
                          95.130.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 08:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d3:1b:cb:3d:67:11:4b:39:67:ab:b0:3a:fd:6f:ac:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48abf29fdef8570502f4b51be5ffc05c4d9b3465
        Validity
            Not Before: Oct 11 11:50:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bfc1d61f21bee848040af61784626f5480c578c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:63:3d:01:be:94:91:85:98:ec:67:9d:14:a4:
                    8f:5a:d9:e6:53:0f:08:58:de:c5:64:23:d6:21:51:
                    1d:5d:86:64:29:99:c0:9a:f9:9b:37:0e:40:ff:83:
                    a0:2e:50:fa:a4:f3:87:b9:96:85:68:c0:88:fc:ed:
                    11:08:70:7e:74:b5:ab:4e:6a:50:f2:d0:93:a7:83:
                    ff:00:38:08:0b:6a:27:e0:e8:e0:99:a9:ef:f9:38:
                    d1:91:f3:18:7b:c9:c4:5d:0e:5a:5c:18:ab:75:8e:
                    0a:10:ec:d6:0f:42:62:66:09:4e:bc:bf:a9:cc:cd:
                    bc:c5:67:16:83:e3:fd:1c:f3:d3:dc:08:eb:62:f4:
                    f6:0d:d9:89:99:ab:fd:c9:c8:86:bd:cb:c5:a3:03:
                    14:87:b7:52:22:76:03:59:0d:d0:62:b8:d0:ef:c3:
                    37:82:85:af:c0:76:21:9d:c4:f9:01:0d:8f:5c:d8:
                    a0:a1:77:ca:c8:10:0d:53:1b:d7:d5:57:e5:fe:37:
                    75:79:c8:81:9d:cf:1f:c9:72:38:4c:42:1c:e4:b4:
                    f7:df:8c:7c:1e:be:54:de:3a:04:57:36:09:a2:5d:
                    f2:d0:7a:2f:31:67:1a:dc:e7:7b:36:62:5f:0f:13:
                    92:48:30:ef:06:d8:d0:9a:2a:d8:06:09:40:b3:d0:
                    40:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:FC:1D:61:F2:1B:EE:84:80:40:AF:61:78:46:26:F5:48:0C:57:8C
            X509v3 Authority Key Identifier:
                keyid:48:AB:F2:9F:DE:F8:57:05:02:F4:B5:1B:E5:FF:C0:5C:4D:9B:34:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/e_wdYfIb7oSAQK9heEYm9UgMV4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.5.0/24
                  95.130.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:90:a1:4c:74:b9:18:dd:9c:ae:2c:26:e0:e8:98:94:b1:58:
         eb:f6:ee:51:ba:b1:7e:4e:e4:4e:7a:85:86:0d:aa:bd:4f:fc:
         11:b2:c2:85:bc:e1:14:fc:76:02:5f:9d:c1:5f:0d:9a:b0:5e:
         7f:98:76:59:d0:03:d7:7f:20:34:b5:f3:1b:c5:d0:c6:cb:20:
         15:a0:ff:3f:0a:f6:c4:a7:15:7a:62:cf:65:5c:8c:e9:a0:23:
         47:86:4a:a1:8b:b9:9a:a9:e3:c3:40:72:82:66:36:e3:8a:9e:
         0b:bb:3b:28:20:ef:09:4a:0f:e3:9b:d1:68:1c:ee:ff:69:5d:
         cd:d6:98:a8:74:60:d7:33:93:4a:8a:d1:88:81:eb:39:95:6e:
         9c:9c:b5:36:b4:58:08:04:54:40:b2:3f:c6:7f:17:7a:c0:66:
         9f:1c:9b:d1:dc:0a:c5:ae:b5:19:0f:48:21:c9:56:59:6f:42:
         90:36:47:f4:56:c7:b6:03:f9:a8:e2:37:dd:a3:cf:14:65:fb:
         de:99:1a:37:87:ae:21:2f:fa:31:ee:e6:7f:9f:d9:3b:16:bb:
         62:f6:da:0a:ea:2f:c5:e5:da:cb:3f:85:ba:e9:ea:c9:4a:a4:
         e1:d2:ee:8a:d3:c7:8a:16:b5:21:b9:70:93:e5:5f:46:c8:0f:
         74:2b:72:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnTG8s9ZxFLOWersDr9b6yOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YWJmMjlmZGVmODU3MDUwMmY0YjUxYmU1ZmZjMDVjNGQ5
YjM0NjUwHhcNMjUxMDExMTE1MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmZjMWQ2MWYyMWJlZTg0ODA0MGFmNjE3ODQ2MjZmNTQ4MGM1NzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmM9Ab6UkYWY7GedFKSPWtnmUw8I
WN7FZCPWIVEdXYZkKZnAmvmbNw5A/4OgLlD6pPOHuZaFaMCI/O0RCHB+dLWrTmpQ
8tCTp4P/ADgIC2on4Ojgmanv+TjRkfMYe8nEXQ5aXBirdY4KEOzWD0JiZglOvL+p
zM28xWcWg+P9HPPT3AjrYvT2DdmJmav9yciGvcvFowMUh7dSInYDWQ3QYrjQ78M3
goWvwHYhncT5AQ2PXNigoXfKyBANUxvX1Vfl/jd1eciBnc8fyXI4TEIc5LT334x8
Hr5U3joEVzYJol3y0HovMWca3Od7NmJfDxOSSDDvBtjQmirYBglAs9BA7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHv8HWHyG+6EgECvYXhGJvVIDFeMMB8GA1UdIwQY
MBaAFEir8p/e+FcFAvS1G+X/wFxNmzRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0t2eW45NzRWd1VDOUxVYjVmX0FYRTJiTkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hZjQxY2ItZmY5MS00NTljLTlhNjQt
YWJhMTEzZjNlM2FlLzEvZV93ZFlmSWI3b1NBUUs5aGVFWW05VWdNVjR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hZjQxY2ItZmY5MS00NTljLTlhNjQtYWJhMTEzZjNlM2Fl
LzEvU0t2eW45NzRWd1VDOUxVYjVmX0FYRTJiTkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVYFAwQA
X4LhMA0GCSqGSIb3DQEBCwUAA4IBAQCIkKFMdLkY3ZyuLCbg6JiUsVjr9u5RurF+
TuROeoWGDaq9T/wRssKFvOEU/HYCX53BXw2asF5/mHZZ0APXfyA0tfMbxdDGyyAV
oP8/CvbEpxV6Ys9lXIzpoCNHhkqhi7maqePDQHKCZjbjip4LuzsoIO8JSg/jm9Fo
HO7/aV3N1piodGDXM5NKitGIges5lW6cnLU2tFgIBFRAsj/Gfxd6wGafHJvR3ArF
rrUZD0ghyVZZb0KQNkf0Vse2A/mo4jfdo88UZfvemRo3h64hL/ox7uZ/n9k7Frti
9toK6i/F5drLP4W66erJSqTh0u6K08eKFrUhuXCT5V9GyA90K3I4
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:04 2025 by rpki-client