Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/fptIz4IL7JkeMq0YuiSUASs4KmQ.roa
File:                     fptIz4IL7JkeMq0YuiSUASs4KmQ.roa (raw, json)
Hash identifier:          hLAaKGYDYwamjy4ROYBJH30I1ZUUdF9WsL5PojvabUE=
Subject key identifier:   7E:9B:48:CF:82:0B:EC:99:1E:32:AD:18:BA:24:94:01:2B:38:2A:64
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       0199F6F97508F1304598B7EB6F0FE7B51DC6
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/fptIz4IL7JkeMq0YuiSUASs4KmQ.roa
Signing time:             Sat 18 Oct 2025 10:59:27 +0000
ROA not before:           Sat 18 Oct 2025 10:59:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.199.151.0/24 maxlen: 24
                          185.199.213.0/24 maxlen: 24
                          185.221.25.0/24 maxlen: 24
                          185.221.26.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f6:f9:75:08:f1:30:45:98:b7:eb:6f:0f:e7:b5:1d:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Oct 18 10:59:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e9b48cf820bec991e32ad18ba2494012b382a64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:23:e0:86:ff:ac:cb:64:99:38:77:50:ca:4b:
                    49:5f:ff:98:7f:06:f7:dc:95:e5:78:50:4e:03:9d:
                    24:32:86:d3:e4:26:38:8d:46:13:7b:93:84:0c:2c:
                    a7:be:e7:4f:ac:5a:d6:6b:aa:1d:3d:f1:85:c7:c6:
                    2e:fe:75:17:0f:a5:60:23:4c:93:29:36:15:56:a2:
                    98:12:bb:3b:e2:b1:2a:b1:fe:89:34:0e:1b:d6:17:
                    01:6e:e8:1d:c6:0c:93:30:c5:86:f7:48:3f:93:a1:
                    3f:82:88:3e:1e:33:3d:dd:12:62:c8:f9:13:99:18:
                    2d:56:a3:c6:f4:dd:21:9e:fa:27:14:e8:a4:b3:19:
                    d3:fa:90:3a:2f:2e:bf:6a:41:fe:15:1b:93:d8:3f:
                    c4:db:7e:52:ad:d1:6a:c1:32:9b:65:72:08:25:00:
                    f7:33:5e:6f:50:36:85:54:d8:7a:81:14:92:8e:21:
                    85:e0:82:ab:d8:05:a0:f6:85:e7:a4:0e:f2:70:c3:
                    b7:62:7f:93:96:ac:1b:5f:98:39:54:f0:54:72:5e:
                    5e:bd:47:4b:22:da:0d:42:67:f2:8b:b4:27:d6:d2:
                    bd:b3:fc:dc:28:20:d6:1f:4c:72:84:4f:58:d4:fd:
                    e7:7e:7b:c9:27:cc:5b:35:aa:91:76:be:bd:a5:91:
                    0b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:9B:48:CF:82:0B:EC:99:1E:32:AD:18:BA:24:94:01:2B:38:2A:64
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/fptIz4IL7JkeMq0YuiSUASs4KmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.151.0/24
                  185.199.213.0/24
                  185.221.25.0-185.221.26.255
                  185.250.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:69:c7:db:60:f1:af:4e:9d:33:03:86:19:f8:4e:ae:d0:14:
         3a:cd:ad:2e:1a:0f:e9:aa:c8:2b:98:6c:3a:dd:a4:61:29:c5:
         aa:c2:f1:09:31:17:75:e8:36:85:8b:37:9f:d5:77:45:f0:33:
         61:a2:bc:ef:75:12:4c:3d:e2:a9:75:fe:25:22:54:79:bf:fa:
         ce:3c:80:a3:da:bd:23:8f:cb:0b:80:1f:08:ee:ef:9f:bb:73:
         a2:96:c4:83:5e:cf:cd:6d:4c:2e:ac:ed:fe:95:f3:d9:22:e2:
         4a:76:07:f0:7f:68:d7:15:a0:d2:de:c1:a2:39:6f:a7:53:9c:
         c3:40:bd:87:05:bb:37:f0:19:a7:4c:a9:62:55:6c:86:d3:33:
         45:d4:77:36:ef:c5:88:ea:c5:f3:29:10:26:47:d8:f0:20:46:
         5c:b9:f8:fc:7a:3a:6c:8c:92:5e:6e:a1:f7:05:1b:a0:82:ca:
         f2:7c:41:bb:cf:51:82:b0:ea:0a:3b:e3:1c:b6:87:45:b6:86:
         3d:3c:15:3f:ed:aa:b0:fa:eb:ba:90:8a:31:d5:12:a0:70:f9:
         e0:4b:af:fc:16:03:78:c0:21:3a:bf:70:12:7b:d1:c9:8c:67:
         7f:38:a2:91:80:0f:c0:3f:ce:c6:db:fa:9d:03:00:f5:4a:1a:
         8c:2a:0a:b8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZn2+XUI8TBFmLfrbw/ntR3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUxMDE4MTA1OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTliNDhjZjgyMGJlYzk5MWUzMmFkMThiYTI0OTQwMTJiMzgyYTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyPghv+sy2SZOHdQyktJX/+Yfwb3
3JXleFBOA50kMobT5CY4jUYTe5OEDCynvudPrFrWa6odPfGFx8Yu/nUXD6VgI0yT
KTYVVqKYErs74rEqsf6JNA4b1hcBbugdxgyTMMWG90g/k6E/gog+HjM93RJiyPkT
mRgtVqPG9N0hnvonFOiksxnT+pA6Ly6/akH+FRuT2D/E235SrdFqwTKbZXIIJQD3
M15vUDaFVNh6gRSSjiGF4IKr2AWg9oXnpA7ycMO3Yn+TlqwbX5g5VPBUcl5evUdL
ItoNQmfyi7Qn1tK9s/zcKCDWH0xyhE9Y1P3nfnvJJ8xbNaqRdr69pZELpQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFH6bSM+CC+yZHjKtGLoklAErOCpkMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvZnB0SXo0SUw3SmtlTXEwWXVpU1VBU3M0S21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAuceXAwQA
ucfVMAwDBAC53RkDBAC53RoDBAC5+howDQYJKoZIhvcNAQELBQADggEBAKtpx9tg
8a9OnTMDhhn4Tq7QFDrNrS4aD+mqyCuYbDrdpGEpxarC8QkxF3XoNoWLN5/Vd0Xw
M2GivO91Ekw94ql1/iUiVHm/+s48gKPavSOPywuAHwju75+7c6KWxINez81tTC6s
7f6V89ki4kp2B/B/aNcVoNLewaI5b6dTnMNAvYcFuzfwGadMqWJVbIbTM0XUdzbv
xYjqxfMpECZH2PAgRly5+Px6OmyMkl5uofcFG6CCyvJ8QbvPUYKw6go74xy2h0W2
hj08FT/tqrD667qQijHVEqBw+eBLr/wWA3jAITq/cBJ70cmMZ384opGAD8A/zsbb
+p0DAPVKGowqCrg=
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:44 2025 by rpki-client