Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/I1g6JGBc_MuJczCMQ8_G_2Vo12E.roa
File:                     I1g6JGBc_MuJczCMQ8_G_2Vo12E.roa (raw, json)
Hash identifier:          yhGATvC9gpwxKIKN67R79qmS2M3ypkmjHOCyPAuC254=
Subject key identifier:   23:58:3A:24:60:5C:FC:CB:89:73:30:8C:43:CF:C6:FF:65:68:D7:61
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       0199A3C9EA5546ADD06EFBF61C762E32E256
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/I1g6JGBc_MuJczCMQ8_G_2Vo12E.roa
Signing time:             Thu 02 Oct 2025 07:19:02 +0000
ROA not before:           Thu 02 Oct 2025 07:19:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215590
IP address blocks:        212.113.107.0/24 maxlen: 24
                          212.113.109.0/24 maxlen: 24
                          212.113.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a3:c9:ea:55:46:ad:d0:6e:fb:f6:1c:76:2e:32:e2:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Oct  2 07:19:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23583a24605cfccb8973308c43cfc6ff6568d761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:46:2b:ad:49:a7:83:fb:54:fe:07:0e:01:38:
                    d5:ba:99:22:06:0b:a3:38:40:96:d3:dc:21:9d:c3:
                    b7:b0:99:c2:3d:64:5c:9a:71:96:0e:08:22:e0:42:
                    8a:3f:61:cc:92:8a:2f:96:e0:4d:a5:5c:a6:c5:5d:
                    96:45:fe:4e:a8:a2:71:ce:2f:ce:f2:58:c8:34:f5:
                    7d:df:a9:1b:80:f6:86:8d:6e:f2:df:04:f6:5e:7b:
                    1c:3d:41:6f:52:49:69:36:85:52:f2:ea:6b:8e:cf:
                    9a:b3:d3:31:66:ee:ae:d2:8d:3d:91:76:de:c8:2c:
                    8a:f2:59:d2:1d:49:86:5d:ba:3a:df:1e:6f:d7:85:
                    a1:c1:1a:39:0c:9a:20:c8:7e:20:46:a7:b6:d2:f8:
                    f5:57:3d:25:98:f7:75:57:c3:59:80:81:34:0b:d2:
                    d6:d5:f6:e0:8a:29:f7:21:d1:fb:ba:0b:82:02:ae:
                    37:f5:b5:05:0f:1e:70:96:a5:3c:a8:67:15:85:00:
                    fd:d8:af:2c:6b:38:63:a3:74:6c:56:f2:e3:94:dc:
                    d9:8b:0b:ca:6c:d5:a5:3c:c7:33:81:db:12:48:1e:
                    2a:5a:a3:6f:0d:90:47:5c:b6:04:bb:3e:13:97:07:
                    80:dc:1b:f6:ea:04:f9:3f:2c:39:f3:3e:c2:92:0c:
                    93:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:58:3A:24:60:5C:FC:CB:89:73:30:8C:43:CF:C6:FF:65:68:D7:61
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/I1g6JGBc_MuJczCMQ8_G_2Vo12E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.107.0/24
                  212.113.109.0/24
                  212.113.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:41:48:b3:12:5d:1d:67:e8:23:cf:22:32:eb:ac:da:92:ae:
         0e:1b:e7:be:34:66:0f:0b:90:d8:7f:42:31:46:a4:10:fc:c7:
         c7:0a:eb:ab:a6:09:b2:e7:00:e6:62:12:fc:4f:b1:ae:58:55:
         f7:01:0b:a6:67:6f:51:04:7c:66:04:15:1e:17:1b:0b:78:ff:
         51:7a:de:18:22:45:a1:85:2a:d9:b0:da:eb:49:46:3d:ef:87:
         be:67:26:08:bf:67:07:22:62:09:cd:19:ed:fd:fa:f3:4e:2f:
         99:17:ee:99:08:ee:83:8d:f0:dc:88:6d:6c:cd:6d:3b:67:dd:
         8a:d4:7a:75:76:6a:80:81:a6:89:1c:4f:02:be:cd:ca:a2:01:
         d3:f0:f8:3e:62:db:6a:6b:53:eb:52:a3:a7:fd:d8:55:be:bd:
         86:c6:a9:61:33:6b:04:fc:b4:71:a2:12:3c:ec:96:33:6b:3c:
         26:36:ce:61:68:57:95:1b:38:9f:6f:ec:43:6c:70:e9:15:29:
         75:29:4a:4c:de:9b:d7:da:90:59:c0:c3:45:0b:d4:b0:15:65:
         e7:3d:b7:06:bd:8f:e7:42:0b:04:e0:19:ae:47:a0:65:fd:13:
         32:70:50:17:80:38:a1:6e:4d:92:6a:43:c2:b3:19:41:d3:13:
         98:07:6b:c4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmjyepVRq3Qbvv2HHYuMuJWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjUxMDAyMDcxOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzU4M2EyNDYwNWNmY2NiODk3MzMwOGM0M2NmYzZmZjY1NjhkNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUYrrUmng/tU/gcOATjVupkiBguj
OECW09whncO3sJnCPWRcmnGWDggi4EKKP2HMkoovluBNpVymxV2WRf5OqKJxzi/O
8ljINPV936kbgPaGjW7y3wT2XnscPUFvUklpNoVS8uprjs+as9MxZu6u0o09kXbe
yCyK8lnSHUmGXbo63x5v14WhwRo5DJogyH4gRqe20vj1Vz0lmPd1V8NZgIE0C9LW
1fbgiin3IdH7uguCAq439bUFDx5wlqU8qGcVhQD92K8sazhjo3RsVvLjlNzZiwvK
bNWlPMczgdsSSB4qWqNvDZBHXLYEuz4TlweA3Bv26gT5Pyw58z7CkgyTGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCNYOiRgXPzLiXMwjEPPxv9laNdhMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvSTFnNkpHQmNfTXVKY3pDTVE4X0dfMlZvMTJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1HFrAwQA
1HFtAwQA1HFwMA0GCSqGSIb3DQEBCwUAA4IBAQBRQUizEl0dZ+gjzyIy66zakq4O
G+e+NGYPC5DYf0IxRqQQ/MfHCuurpgmy5wDmYhL8T7GuWFX3AQumZ29RBHxmBBUe
FxsLeP9Ret4YIkWhhSrZsNrrSUY974e+ZyYIv2cHImIJzRnt/frzTi+ZF+6ZCO6D
jfDciG1szW07Z92K1Hp1dmqAgaaJHE8Cvs3KogHT8Pg+Yttqa1PrUqOn/dhVvr2G
xqlhM2sE/LRxohI87JYzazwmNs5haFeVGzifb+xDbHDpFSl1KUpM3pvX2pBZwMNF
C9SwFWXnPbcGvY/nQgsE4BmuR6Bl/RMycFAXgDihbk2SakPCsxlB0xOYB2vE
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:51 2025 by rpki-client