Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/ffPM5tOijzqMCvBgVLZrulDjr9M.roa
File:                     ffPM5tOijzqMCvBgVLZrulDjr9M.roa (raw, json)
Hash identifier:          mjTFPQvjm3YGXdJ50ci8rDHwA1GVzk1mURHKwSEJb1M=
Subject key identifier:   7D:F3:CC:E6:D3:A2:8F:3A:8C:0A:F0:60:54:B6:6B:BA:50:E3:AF:D3
Certificate issuer:       /CN=d26a4409ea91f506d633871c6c35540d460337d1
Certificate serial:       0199CD0B0F8280533FA838A6F1CD5F10257C
Authority key identifier: D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/ffPM5tOijzqMCvBgVLZrulDjr9M.roa
Signing time:             Fri 10 Oct 2025 07:34:38 +0000
ROA not before:           Fri 10 Oct 2025 07:34:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60203
IP address blocks:        5.45.160.0/21 maxlen: 21
                          5.45.160.0/24 maxlen: 24
                          5.45.165.0/24 maxlen: 24
                          5.45.166.0/24 maxlen: 24
                          5.45.168.0/21 maxlen: 21
                          5.45.168.0/22 maxlen: 22
                          5.45.169.0/24 maxlen: 24
                          5.45.172.0/24 maxlen: 24
                          5.45.174.0/23 maxlen: 23
                          185.43.72.0/24 maxlen: 24
                          185.43.73.0/24 maxlen: 24
                          185.43.74.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:0b:0f:82:80:53:3f:a8:38:a6:f1:cd:5f:10:25:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d26a4409ea91f506d633871c6c35540d460337d1
        Validity
            Not Before: Oct 10 07:34:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7df3cce6d3a28f3a8c0af06054b66bba50e3afd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:de:ba:b7:39:cf:bb:36:1a:53:62:5c:9f:4b:
                    33:d3:f9:cc:4b:59:b6:70:09:30:cc:db:9c:7f:f6:
                    b0:01:ec:1e:00:d6:1a:8d:05:a9:ce:3c:55:bf:ad:
                    69:97:e3:be:1f:a9:d8:70:7b:cd:a9:9c:d0:9b:68:
                    83:ab:a1:f9:34:7a:82:0e:74:d9:a1:3f:3c:a8:cd:
                    60:91:e5:5d:40:94:58:18:bd:ad:92:3e:4c:bc:01:
                    28:35:8b:f8:88:85:df:4c:f5:06:b4:d8:d3:de:80:
                    03:79:0d:9e:42:ed:08:e8:41:08:13:ea:f1:6e:80:
                    2b:4d:b7:f3:23:74:64:5d:b7:62:ee:2b:b4:40:aa:
                    99:5f:eb:c3:af:2c:f4:cc:1e:66:ad:5d:0f:a8:a9:
                    b8:b6:9e:27:71:55:00:07:98:63:8e:b8:8f:3c:fd:
                    b9:06:ed:74:80:2d:a1:c7:d9:7a:d6:81:ea:19:74:
                    59:cf:cb:af:d3:b4:8a:1f:97:2e:f8:0e:0a:6c:78:
                    9e:22:4c:ca:82:ac:42:a5:1c:68:b9:8c:74:24:24:
                    75:2b:f8:4b:12:04:60:26:9f:02:62:6b:1b:af:72:
                    c0:61:26:8e:27:a4:95:a8:db:3f:93:0b:de:5e:a3:
                    3e:a5:aa:c5:2a:b2:c3:2d:fb:48:d9:63:00:38:f8:
                    3d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F3:CC:E6:D3:A2:8F:3A:8C:0A:F0:60:54:B6:6B:BA:50:E3:AF:D3
            X509v3 Authority Key Identifier:
                keyid:D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/ffPM5tOijzqMCvBgVLZrulDjr9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.160.0/20
                  185.43.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:09:f1:71:84:13:fb:e4:2c:6f:86:0d:92:5b:cc:4f:40:0b:
         1c:22:9f:f7:8e:e0:ad:b6:36:30:bd:19:bd:6e:1b:32:34:4d:
         99:fc:01:1f:3f:a1:15:23:a1:cf:e7:46:69:69:c2:19:6a:32:
         52:ec:01:8d:03:cf:ee:07:63:38:fe:03:3d:f6:5d:1a:4a:99:
         bd:4a:46:d3:5f:32:ac:48:75:df:e9:b7:ee:5e:47:98:1c:49:
         8d:55:5d:c0:00:8a:0d:35:41:a8:8b:b2:04:9e:ff:3a:1f:2b:
         94:29:dd:85:e6:46:36:2b:35:60:3b:c7:1b:4a:bf:4f:13:53:
         d8:bd:6c:58:89:32:ad:bf:b0:21:38:c6:32:af:29:53:96:ee:
         45:64:36:e7:0d:3a:9b:25:1c:c6:56:84:31:0b:97:e3:f5:cf:
         10:26:07:40:7a:55:ef:ad:69:73:26:ca:f7:fb:c5:1e:ed:2a:
         92:71:0a:51:53:6b:23:f6:ba:f0:34:04:db:81:30:7c:f5:a7:
         a3:51:63:d6:9c:c9:1a:8f:79:bc:84:0f:17:a3:8d:d7:6f:bc:
         70:e3:f6:da:29:4e:d2:60:90:b2:e8:4a:23:ee:5e:63:d9:8d:
         c8:f3:47:68:6b:fc:5d:d5:73:c6:08:60:12:b9:09:1b:29:02:
         41:1f:2d:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnNCw+CgFM/qDim8c1fECV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNmE0NDA5ZWE5MWY1MDZkNjMzODcxYzZjMzU1NDBkNDYw
MzM3ZDEwHhcNMjUxMDEwMDczNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGYzY2NlNmQzYTI4ZjNhOGMwYWYwNjA1NGI2NmJiYTUwZTNhZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz966tznPuzYaU2Jcn0sz0/nMS1m2
cAkwzNucf/awAeweANYajQWpzjxVv61pl+O+H6nYcHvNqZzQm2iDq6H5NHqCDnTZ
oT88qM1gkeVdQJRYGL2tkj5MvAEoNYv4iIXfTPUGtNjT3oADeQ2eQu0I6EEIE+rx
boArTbfzI3RkXbdi7iu0QKqZX+vDryz0zB5mrV0PqKm4tp4ncVUAB5hjjriPPP25
Bu10gC2hx9l61oHqGXRZz8uv07SKH5cu+A4KbHieIkzKgqxCpRxouYx0JCR1K/hL
EgRgJp8CYmsbr3LAYSaOJ6SVqNs/kwveXqM+parFKrLDLftI2WMAOPg9JQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH3zzObToo86jArwYFS2a7pQ46/TMB8GA1UdIwQY
MBaAFNJqRAnqkfUG1jOHHGw1VA1GAzfRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYt
Y2ZlZmRmZGZiZTZiLzEvZmZQTTV0T2lqenFNQ3ZCZ1ZMWnJ1bERqcjlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYtY2ZlZmRmZGZiZTZi
LzEvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEBS2gAwQC
uStIMA0GCSqGSIb3DQEBCwUAA4IBAQB5CfFxhBP75Cxvhg2SW8xPQAscIp/3juCt
tjYwvRm9bhsyNE2Z/AEfP6EVI6HP50ZpacIZajJS7AGNA8/uB2M4/gM99l0aSpm9
SkbTXzKsSHXf6bfuXkeYHEmNVV3AAIoNNUGoi7IEnv86HyuUKd2F5kY2KzVgO8cb
Sr9PE1PYvWxYiTKtv7AhOMYyrylTlu5FZDbnDTqbJRzGVoQxC5fj9c8QJgdAelXv
rWlzJsr3+8Ue7SqScQpRU2sj9rrwNATbgTB89aejUWPWnMkaj3m8hA8Xo43Xb7xw
4/baKU7SYJCy6Eoj7l5j2Y3I80doa/xd1XPGCGASuQkbKQJBHy0X
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:52 2025 by rpki-client