Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/ZD6IQx0QGy15hp-snS4osazDoS4.roa
File:                     ZD6IQx0QGy15hp-snS4osazDoS4.roa (raw, json)
Hash identifier:          Udr1AeGDcu95NbGnNGzt1ymxEOmuOSiOTJK7SDovbcQ=
Subject key identifier:   64:3E:88:43:1D:10:1B:2D:79:86:9F:AC:9D:2E:28:B1:AC:C3:A1:2E
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       019947FEF2FC15D6071B8A8411ECF22781E6
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/ZD6IQx0QGy15hp-snS4osazDoS4.roa
Signing time:             Sun 14 Sep 2025 11:31:54 +0000
ROA not before:           Sun 14 Sep 2025 11:31:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        45.154.120.0/22 maxlen: 24
                          77.83.48.0/23 maxlen: 24
                          77.83.48.0/24 maxlen: 24
                          77.83.49.0/24 maxlen: 24
                          86.62.53.0/24 maxlen: 24
                          86.62.54.0/24 maxlen: 24
                          88.218.81.0/24 maxlen: 24
                          88.218.82.0/23 maxlen: 24
                          91.245.238.0/24 maxlen: 24
                          95.214.244.0/22 maxlen: 24
                          193.9.56.0/24 maxlen: 24
                          193.31.124.0/23 maxlen: 24
                          193.160.74.0/24 maxlen: 24
                          193.160.75.0/24 maxlen: 24
                          194.124.41.0/24 maxlen: 24
                          213.109.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:47:fe:f2:fc:15:d6:07:1b:8a:84:11:ec:f2:27:81:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Sep 14 11:31:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=643e88431d101b2d79869fac9d2e28b1acc3a12e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c5:ca:8c:67:be:c4:9c:5b:eb:58:59:52:c2:
                    7a:66:31:fc:5e:f8:81:3c:cf:3e:71:d1:17:f8:be:
                    a6:2b:b3:2c:49:06:33:94:20:99:a5:a7:57:e8:67:
                    e2:d3:64:5a:11:cb:19:3c:49:82:f7:24:c2:16:85:
                    99:a4:d2:1b:f8:f5:58:70:a5:8e:b8:27:c5:3d:7e:
                    9d:56:9a:c9:5d:bb:e6:6d:af:0e:b8:82:85:56:e1:
                    77:01:e7:4d:ac:a9:33:c6:08:c1:f9:bd:60:fb:bc:
                    fb:30:f2:3b:7f:86:a7:40:40:72:81:55:76:66:00:
                    1f:05:df:04:73:ca:00:d3:5b:18:a9:32:19:a8:4e:
                    e9:cd:25:68:03:ff:39:e1:46:3d:12:05:c0:54:b0:
                    47:2f:e5:fc:50:e4:f0:d9:98:23:24:51:11:7c:4c:
                    64:2d:5b:52:3a:4c:1b:de:98:97:a6:ab:4c:31:79:
                    75:dd:ae:69:8a:c1:21:8a:51:8c:fb:65:47:59:8e:
                    12:b7:3a:68:14:01:63:d6:45:a8:25:7f:c4:25:ab:
                    59:be:08:ce:aa:bf:df:47:9d:49:2a:e0:5a:00:9b:
                    48:95:44:75:cb:5a:58:9f:77:c0:d7:5d:4a:e5:24:
                    90:bb:c5:a8:c3:77:08:65:f1:51:bf:92:c7:e6:79:
                    80:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:3E:88:43:1D:10:1B:2D:79:86:9F:AC:9D:2E:28:B1:AC:C3:A1:2E
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/ZD6IQx0QGy15hp-snS4osazDoS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.120.0/22
                  77.83.48.0/23
                  86.62.53.0-86.62.54.255
                  88.218.81.0-88.218.83.255
                  91.245.238.0/24
                  95.214.244.0/22
                  193.9.56.0/24
                  193.31.124.0/23
                  193.160.74.0/23
                  194.124.41.0/24
                  213.109.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:7a:ec:bc:3f:5c:34:f2:b6:4c:ac:01:72:05:4d:de:fc:db:
         79:b0:9e:b8:92:2a:8f:dd:b4:a3:4d:2e:7b:d8:40:4e:66:6c:
         85:11:35:b7:db:a2:a2:64:7f:a1:b3:63:f4:f7:c5:98:84:6e:
         0e:8f:ec:c4:e1:6d:d2:f0:38:b7:01:e2:1c:03:b4:fd:2f:72:
         1f:0b:05:46:c1:4e:46:61:10:22:07:c0:72:31:d6:79:14:2f:
         d0:47:ba:6d:3b:24:ab:1d:b2:97:0b:35:ea:03:48:6a:11:e3:
         43:31:65:e0:c7:65:e3:84:9f:05:d9:c0:ac:3a:7d:2a:9b:1a:
         58:75:6e:cb:2e:1d:dc:e1:10:59:99:8a:c5:ea:52:b7:15:c5:
         db:34:aa:f0:b5:cf:df:a4:1d:21:1e:9f:41:2f:45:99:38:d7:
         d1:c7:63:82:9e:5e:5d:cc:5d:39:ea:2f:40:05:0d:f4:a1:24:
         e5:8c:6f:4d:0b:e6:f5:a4:da:f0:bc:82:a4:31:73:80:f9:5b:
         4d:0e:71:70:81:e3:54:03:b9:dc:12:3d:4b:8c:8b:70:32:98:
         4e:bc:9b:eb:72:c2:64:a3:e5:4a:1a:47:76:be:4d:96:70:4e:
         3f:48:86:fa:2c:a7:20:11:c2:57:1e:f5:2c:82:14:01:aa:5b:
         57:e7:f2:c6
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAZlH/vL8FdYHG4qEEezyJ4HmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjUwOTE0MTEzMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDNlODg0MzFkMTAxYjJkNzk4NjlmYWM5ZDJlMjhiMWFjYzNhMTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8XKjGe+xJxb61hZUsJ6ZjH8XviB
PM8+cdEX+L6mK7MsSQYzlCCZpadX6Gfi02RaEcsZPEmC9yTCFoWZpNIb+PVYcKWO
uCfFPX6dVprJXbvmba8OuIKFVuF3AedNrKkzxgjB+b1g+7z7MPI7f4anQEBygVV2
ZgAfBd8Ec8oA01sYqTIZqE7pzSVoA/854UY9EgXAVLBHL+X8UOTw2ZgjJFERfExk
LVtSOkwb3piXpqtMMXl13a5pisEhilGM+2VHWY4StzpoFAFj1kWoJX/EJatZvgjO
qr/fR51JKuBaAJtIlUR1y1pYn3fA111K5SSQu8Wow3cIZfFRv5LH5nmAmwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFGQ+iEMdEBsteYafrJ0uKLGsw6EuMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvWkQ2SVF4MFFHeTE1aHAtc25TNG9zYXpEb1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQCLZp4AwQB
TVMwMAwDBABWPjUDBABWPjYwDAMEAFjaUQMEAljaUAMEAFv17gMEAl/W9AMEAMEJ
OAMEAcEffAMEAcGgSgMEAMJ8KQMEAtVtvDANBgkqhkiG9w0BAQsFAAOCAQEAGHrs
vD9cNPK2TKwBcgVN3vzbebCeuJIqj920o00ue9hATmZshRE1t9uiomR/obNj9PfF
mIRuDo/sxOFt0vA4twHiHAO0/S9yHwsFRsFORmEQIgfAcjHWeRQv0Ee6bTskqx2y
lws16gNIahHjQzFl4Mdl44SfBdnArDp9KpsaWHVuyy4d3OEQWZmKxepStxXF2zSq
8LXP36QdIR6fQS9FmTjX0cdjgp5eXcxdOeovQAUN9KEk5YxvTQvm9aTa8LyCpDFz
gPlbTQ5xcIHjVAO53BI9S4yLcDKYTryb63LCZKPlShpHdr5NlnBOP0iG+iynIBHC
Vx71LIIUAapbV+fyxg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:43 2025 by rpki-client