Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/v6hAmhwF5zdYx8dEgkzg5dcM3po.roa
File:                     v6hAmhwF5zdYx8dEgkzg5dcM3po.roa (raw, json)
Hash identifier:          WVX44j02BF26OexloZBarRA/wYQhTTWNJB3y+NBHmOM=
Subject key identifier:   BF:A8:40:9A:1C:05:E7:37:58:C7:C7:44:82:4C:E0:E5:D7:0C:DE:9A
Certificate issuer:       /CN=d26a4409ea91f506d633871c6c35540d460337d1
Certificate serial:       0199F1A2236E64ADE1A44995B1CA84D58501
Authority key identifier: D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/v6hAmhwF5zdYx8dEgkzg5dcM3po.roa
Signing time:             Fri 17 Oct 2025 10:05:58 +0000
ROA not before:           Fri 17 Oct 2025 10:05:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41368
IP address blocks:        5.61.200.0/21 maxlen: 24
                          5.61.200.0/23 maxlen: 23
                          5.61.202.0/24 maxlen: 24
                          5.61.203.0/24 maxlen: 24
                          5.61.204.0/24 maxlen: 24
                          5.61.205.0/24 maxlen: 24
                          5.61.206.0/24 maxlen: 24
                          5.61.207.0/24 maxlen: 24
                          171.22.8.0/22 maxlen: 24
                          171.22.8.0/24 maxlen: 24
                          171.22.9.0/24 maxlen: 24
                          171.22.10.0/24 maxlen: 24
                          171.22.11.0/24 maxlen: 24
                          185.62.20.0/23 maxlen: 24
                          185.62.20.0/24 maxlen: 24
                          185.62.21.0/24 maxlen: 24
                          185.62.22.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f1:a2:23:6e:64:ad:e1:a4:49:95:b1:ca:84:d5:85:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d26a4409ea91f506d633871c6c35540d460337d1
        Validity
            Not Before: Oct 17 10:05:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bfa8409a1c05e73758c7c744824ce0e5d70cde9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d9:9d:88:14:4d:8c:e0:21:c5:39:f3:b9:7d:
                    35:0f:4b:28:ea:8e:23:b5:2c:48:3f:d7:17:47:50:
                    bb:ee:45:ee:c0:db:3c:3c:ac:f4:57:b3:6b:ef:5e:
                    8a:d2:27:50:e9:8e:76:8e:a2:7e:21:ad:80:fc:97:
                    9b:63:18:5a:00:cf:a2:af:08:0d:6f:21:c1:97:ff:
                    10:89:65:4d:52:f1:e4:ec:1e:e4:16:19:b2:91:01:
                    b2:21:5b:0b:50:0e:e5:20:08:0c:65:07:8e:87:39:
                    68:0a:01:d1:1d:56:58:66:39:d8:c7:b9:7a:12:4b:
                    11:54:ff:a5:0e:a2:66:29:76:cb:83:43:12:01:07:
                    9d:70:6c:25:0f:75:e4:85:87:17:d8:60:0e:56:ac:
                    03:4a:f2:e6:97:a9:ec:ec:5c:24:6e:bd:c1:03:67:
                    33:0c:d7:bf:7d:1a:4a:e8:f9:ef:e8:ff:b7:c0:3b:
                    78:65:db:df:ef:35:76:a5:36:ce:2c:a7:02:81:13:
                    a8:97:ef:92:0e:1e:03:92:84:fb:c4:0f:65:6a:7c:
                    aa:df:c6:97:d4:9e:16:64:86:3b:c8:30:aa:ba:3d:
                    bd:63:53:3c:ff:9e:1d:58:96:45:d8:37:2a:a1:de:
                    55:c8:ff:7a:86:93:e0:2d:d3:92:3e:d1:7f:cd:c8:
                    b4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:A8:40:9A:1C:05:E7:37:58:C7:C7:44:82:4C:E0:E5:D7:0C:DE:9A
            X509v3 Authority Key Identifier:
                keyid:D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/v6hAmhwF5zdYx8dEgkzg5dcM3po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.200.0/21
                  171.22.8.0/22
                  185.62.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:ab:64:8b:06:c6:53:0b:70:19:cf:c2:67:43:4f:fb:c9:86:
         7d:bb:e4:5a:b6:95:b6:b7:aa:3f:1d:a6:e6:48:15:40:58:47:
         9a:c2:a4:9b:9c:8d:d2:05:94:dc:67:df:84:30:18:07:21:d8:
         11:37:28:91:b8:16:d8:36:7d:7c:41:01:a3:f9:83:8d:68:c3:
         68:c5:42:d7:e3:4f:da:64:ff:e9:ee:dc:28:ec:2b:26:a7:0e:
         39:93:83:80:1a:99:21:80:1e:07:9a:86:ce:80:a7:f6:20:25:
         01:ec:58:5f:46:4f:ae:91:e3:14:58:55:0b:b5:8d:a9:47:13:
         af:f1:45:2d:6c:83:d1:b8:c0:92:a2:a5:ff:2e:5d:30:d1:bd:
         2e:89:84:13:34:2b:f7:68:ad:08:8d:4d:14:b0:4d:aa:37:25:
         70:a3:e5:46:9b:c4:9e:4c:13:21:b8:d2:95:0c:f7:df:3f:4f:
         f7:68:e8:83:84:02:81:94:43:db:bc:12:97:de:ff:be:93:77:
         8a:54:0d:85:57:b7:46:20:fe:31:7c:2c:a7:e9:16:75:f4:04:
         47:b6:38:2d:b6:31:ba:f9:91:2e:32:2a:08:bd:48:58:19:07:
         0c:be:49:23:9b:cc:4c:e1:c8:07:4c:b4:06:ee:a7:58:27:2d:
         a7:1a:b3:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnxoiNuZK3hpEmVscqE1YUBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNmE0NDA5ZWE5MWY1MDZkNjMzODcxYzZjMzU1NDBkNDYw
MzM3ZDEwHhcNMjUxMDE3MTAwNTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmE4NDA5YTFjMDVlNzM3NThjN2M3NDQ4MjRjZTBlNWQ3MGNkZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NmdiBRNjOAhxTnzuX01D0so6o4j
tSxIP9cXR1C77kXuwNs8PKz0V7Nr716K0idQ6Y52jqJ+Ia2A/JebYxhaAM+irwgN
byHBl/8QiWVNUvHk7B7kFhmykQGyIVsLUA7lIAgMZQeOhzloCgHRHVZYZjnYx7l6
EksRVP+lDqJmKXbLg0MSAQedcGwlD3XkhYcX2GAOVqwDSvLml6ns7Fwkbr3BA2cz
DNe/fRpK6Pnv6P+3wDt4Zdvf7zV2pTbOLKcCgROol++SDh4DkoT7xA9lanyq38aX
1J4WZIY7yDCquj29Y1M8/54dWJZF2Dcqod5VyP96hpPgLdOSPtF/zci0jQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL+oQJocBec3WMfHRIJM4OXXDN6aMB8GA1UdIwQY
MBaAFNJqRAnqkfUG1jOHHGw1VA1GAzfRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYt
Y2ZlZmRmZGZiZTZiLzEvdjZoQW1od0Y1emRZeDhkRWdremc1ZGNNM3BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYtY2ZlZmRmZGZiZTZi
LzEvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBT3IAwQC
qxYIAwQCuT4UMA0GCSqGSIb3DQEBCwUAA4IBAQAoq2SLBsZTC3AZz8JnQ0/7yYZ9
u+RatpW2t6o/HabmSBVAWEeawqSbnI3SBZTcZ9+EMBgHIdgRNyiRuBbYNn18QQGj
+YONaMNoxULX40/aZP/p7two7Csmpw45k4OAGpkhgB4HmobOgKf2ICUB7FhfRk+u
keMUWFULtY2pRxOv8UUtbIPRuMCSoqX/Ll0w0b0uiYQTNCv3aK0IjU0UsE2qNyVw
o+VGm8SeTBMhuNKVDPffP0/3aOiDhAKBlEPbvBKX3v++k3eKVA2FV7dGIP4xfCyn
6RZ19ARHtjgttjG6+ZEuMioIvUhYGQcMvkkjm8xM4cgHTLQG7qdYJy2nGrMc
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:40 2025 by rpki-client