Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/ToCmO2uxejju7hWaQpgf8WOfMl0.roa
File:                     ToCmO2uxejju7hWaQpgf8WOfMl0.roa (raw, json)
Hash identifier:          ToZmw4QGeHPusAJiluz9KvdVpulMcwof8zXt9GUC+Og=
Subject key identifier:   4E:80:A6:3B:6B:B1:7A:38:EE:EE:15:9A:42:98:1F:F1:63:9F:32:5D
Certificate issuer:       /CN=d26a4409ea91f506d633871c6c35540d460337d1
Certificate serial:       0199C7E1098BABD755CAB54D51E51574935E
Authority key identifier: D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/ToCmO2uxejju7hWaQpgf8WOfMl0.roa
Signing time:             Thu 09 Oct 2025 07:30:38 +0000
ROA not before:           Thu 09 Oct 2025 07:30:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202766
IP address blocks:        5.61.202.0/24 maxlen: 24
                          5.61.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c7:e1:09:8b:ab:d7:55:ca:b5:4d:51:e5:15:74:93:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d26a4409ea91f506d633871c6c35540d460337d1
        Validity
            Not Before: Oct  9 07:30:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e80a63b6bb17a38eeee159a42981ff1639f325d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ae:0c:4b:7a:2f:13:da:76:2d:c5:8b:d6:f1:
                    69:cf:a5:df:27:b4:51:83:86:66:4e:a4:ac:49:b1:
                    94:0a:32:09:16:33:43:ec:7a:00:ed:4f:b1:78:79:
                    f5:07:4d:42:68:b1:04:9c:cf:1b:29:d0:53:36:e1:
                    ea:e1:86:86:44:2c:64:6d:e5:f0:d0:dc:b6:6c:57:
                    ce:16:5a:80:a4:69:98:88:38:40:14:04:ac:66:18:
                    f7:5c:2f:ec:b3:82:b3:9a:5c:29:bc:4b:94:92:45:
                    90:73:a9:f6:c1:1b:15:22:ab:f4:84:6e:dd:be:a6:
                    a9:56:2c:af:ad:fa:e5:2b:94:f4:e0:51:ad:34:d9:
                    4e:27:a4:ba:d3:ff:b8:6d:8e:7e:e9:bf:ba:ae:99:
                    be:33:98:0b:66:78:1e:23:5a:24:5e:3c:ba:e8:85:
                    2a:35:d0:ab:38:86:9d:e7:29:70:19:4d:76:a3:99:
                    4e:07:08:e0:44:99:27:33:e4:c5:d8:b5:aa:61:00:
                    3c:8a:90:f4:59:41:2f:d5:1b:56:c7:12:9c:db:ed:
                    1f:b5:58:ba:31:46:43:17:3e:d9:a3:10:d4:89:6f:
                    63:ae:4a:c0:85:ad:eb:75:14:5a:24:79:fc:76:11:
                    a5:21:cb:d9:cf:d1:bf:8c:cf:50:ad:60:79:50:50:
                    6b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:80:A6:3B:6B:B1:7A:38:EE:EE:15:9A:42:98:1F:F1:63:9F:32:5D
            X509v3 Authority Key Identifier:
                keyid:D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/ToCmO2uxejju7hWaQpgf8WOfMl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.202.0/24
                  5.61.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:39:b9:c6:25:10:49:13:0d:6a:e2:01:c3:f0:6d:98:c5:a9:
         26:01:06:ce:e2:22:8a:6f:ff:d0:b6:78:0b:b2:7e:0a:0c:62:
         7a:d9:dd:cc:98:55:96:7b:15:85:9b:f0:2e:a1:e8:2d:f0:d5:
         c3:8b:18:0a:f4:9a:90:63:82:8d:68:96:b3:56:47:a2:c9:a8:
         04:76:98:72:23:57:6f:a4:6b:9e:2e:f5:18:5a:96:9a:8f:04:
         03:35:68:87:55:4e:30:87:88:b0:4b:95:84:dd:52:55:61:18:
         e8:cf:1b:5f:30:40:55:10:35:e6:b5:1c:ca:44:0a:82:64:44:
         fa:b2:19:9d:e2:f4:c5:b5:a3:1c:02:5c:91:b1:5f:c7:a3:a8:
         36:b4:4a:6b:79:43:54:4f:f1:15:a0:40:20:3b:ab:97:1d:80:
         51:57:e6:ce:3d:49:15:98:2b:5a:90:b2:b8:89:bd:37:1f:66:
         70:7f:03:10:d3:06:9e:2b:19:c1:50:e9:b6:9c:d3:3c:08:d6:
         32:0f:70:2d:a4:44:5b:66:f3:0a:42:04:9a:e9:4a:3c:17:20:
         50:af:09:89:c0:a9:58:f9:69:41:7c:59:7c:ce:f1:7a:ff:b6:
         42:4a:b4:ba:34:5b:1e:5f:92:2f:b0:ba:c9:aa:ac:be:29:3b:
         25:c0:c8:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnH4QmLq9dVyrVNUeUVdJNeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNmE0NDA5ZWE5MWY1MDZkNjMzODcxYzZjMzU1NDBkNDYw
MzM3ZDEwHhcNMjUxMDA5MDczMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTgwYTYzYjZiYjE3YTM4ZWVlZTE1OWE0Mjk4MWZmMTYzOWYzMjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxK4MS3ovE9p2LcWL1vFpz6XfJ7RR
g4ZmTqSsSbGUCjIJFjND7HoA7U+xeHn1B01CaLEEnM8bKdBTNuHq4YaGRCxkbeXw
0Ny2bFfOFlqApGmYiDhAFASsZhj3XC/ss4KzmlwpvEuUkkWQc6n2wRsVIqv0hG7d
vqapViyvrfrlK5T04FGtNNlOJ6S60/+4bY5+6b+6rpm+M5gLZngeI1okXjy66IUq
NdCrOIad5ylwGU12o5lOBwjgRJknM+TF2LWqYQA8ipD0WUEv1RtWxxKc2+0ftVi6
MUZDFz7ZoxDUiW9jrkrAha3rdRRaJHn8dhGlIcvZz9G/jM9QrWB5UFBrPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE6ApjtrsXo47u4VmkKYH/FjnzJdMB8GA1UdIwQY
MBaAFNJqRAnqkfUG1jOHHGw1VA1GAzfRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYt
Y2ZlZmRmZGZiZTZiLzEvVG9DbU8ydXhlamp1N2hXYVFwZ2Y4V09mTWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYtY2ZlZmRmZGZiZTZi
LzEvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABT3KAwQA
BT3PMA0GCSqGSIb3DQEBCwUAA4IBAQBDObnGJRBJEw1q4gHD8G2YxakmAQbO4iKK
b//QtngLsn4KDGJ62d3MmFWWexWFm/Auoegt8NXDixgK9JqQY4KNaJazVkeiyagE
dphyI1dvpGueLvUYWpaajwQDNWiHVU4wh4iwS5WE3VJVYRjozxtfMEBVEDXmtRzK
RAqCZET6shmd4vTFtaMcAlyRsV/Ho6g2tEpreUNUT/EVoEAgO6uXHYBRV+bOPUkV
mCtakLK4ib03H2ZwfwMQ0waeKxnBUOm2nNM8CNYyD3AtpERbZvMKQgSa6Uo8FyBQ
rwmJwKlY+WlBfFl8zvF6/7ZCSrS6NFseX5IvsLrJqqy+KTslwMjH
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:49 2025 by rpki-client