Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/iF9-NKAWtTux6MwMaI6QJdJJltI.roa
File:                     iF9-NKAWtTux6MwMaI6QJdJJltI.roa (raw, json)
Hash identifier:          xbmH6KKP+n2z6UfbQYpzZpWwVeqplqlQYplIkYXDK08=
Subject key identifier:   88:5F:7E:34:A0:16:B5:3B:B1:E8:CC:0C:68:8E:90:25:D2:49:96:D2
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       019982CFD6A05BAC31F6D5E2B179C7653503
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/iF9-NKAWtTux6MwMaI6QJdJJltI.roa
Signing time:             Thu 25 Sep 2025 21:38:02 +0000
ROA not before:           Thu 25 Sep 2025 21:38:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        31.40.195.0/24 maxlen: 24
                          37.72.141.0/24 maxlen: 24
                          45.141.128.0/24 maxlen: 24
                          45.159.21.0/24 maxlen: 24
                          45.159.22.0/24 maxlen: 24
                          46.253.131.0/24 maxlen: 24
                          62.204.49.0/24 maxlen: 24
                          77.83.24.0/22 maxlen: 24
                          83.97.116.0/22 maxlen: 24
                          88.218.45.0/24 maxlen: 24
                          88.218.47.0/24 maxlen: 24
                          91.246.51.0/24 maxlen: 24
                          91.247.163.0/24 maxlen: 24
                          94.154.113.0/24 maxlen: 24
                          178.20.28.0/22 maxlen: 24
                          185.202.108.0/24 maxlen: 24
                          185.212.115.0/24 maxlen: 24
                          193.31.126.0/24 maxlen: 24
                          193.42.245.0/24 maxlen: 24
                          193.151.189.0/24 maxlen: 24
                          193.151.190.0/24 maxlen: 24
                          193.151.191.0/24 maxlen: 24
                          193.163.89.0/24 maxlen: 24
                          193.163.92.0/24 maxlen: 24
                          193.163.207.0/24 maxlen: 24
                          194.70.234.0/24 maxlen: 24
                          194.99.24.0/24 maxlen: 24
                          194.99.26.0/24 maxlen: 24
                          212.18.113.0/24 maxlen: 24
                          212.18.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:82:cf:d6:a0:5b:ac:31:f6:d5:e2:b1:79:c7:65:35:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Sep 25 21:38:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=885f7e34a016b53bb1e8cc0c688e9025d24996d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:02:d3:8d:db:6e:b1:31:ae:15:bb:c3:ec:98:
                    92:2f:16:9d:cd:50:2c:bc:af:9d:c8:62:66:ed:79:
                    e5:3f:de:26:a6:a5:a9:28:e5:de:54:5f:a8:d2:a7:
                    7a:7b:80:55:fd:af:3e:8d:0c:98:d1:e6:d7:82:b7:
                    e3:f3:d1:b7:95:94:d8:12:8b:83:64:2f:66:17:48:
                    34:53:5c:bc:3a:34:76:6b:55:e3:e0:76:b5:bb:8d:
                    8a:b1:6e:f0:49:1f:21:55:e8:24:c9:d5:40:9a:41:
                    d1:94:0b:d8:b7:df:95:df:4d:a7:dd:85:0d:3d:f7:
                    f6:4b:fc:4c:13:01:18:00:cc:57:ea:ca:1e:6c:47:
                    b7:b9:e0:68:43:01:b5:e2:3d:7b:51:32:da:8b:cf:
                    5b:f5:4a:c7:91:24:2a:0f:eb:3c:17:31:92:f2:bd:
                    00:e8:21:92:ca:3f:d3:e9:b2:69:2f:20:f9:c7:a5:
                    07:89:49:0e:f7:41:2d:d2:15:88:ea:bd:9e:80:51:
                    54:86:40:ad:8b:18:54:11:44:f2:85:b1:5e:93:7e:
                    55:2c:21:aa:02:20:ba:65:e6:80:c8:72:fe:f1:0e:
                    05:52:b5:00:a7:5a:0e:4a:b4:54:35:36:22:28:9c:
                    28:0c:85:41:5b:70:d9:c0:6c:91:45:ef:26:a1:e4:
                    71:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:5F:7E:34:A0:16:B5:3B:B1:E8:CC:0C:68:8E:90:25:D2:49:96:D2
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/iF9-NKAWtTux6MwMaI6QJdJJltI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.195.0/24
                  37.72.141.0/24
                  45.141.128.0/24
                  45.159.21.0-45.159.22.255
                  46.253.131.0/24
                  62.204.49.0/24
                  77.83.24.0/22
                  83.97.116.0/22
                  88.218.45.0/24
                  88.218.47.0/24
                  91.246.51.0/24
                  91.247.163.0/24
                  94.154.113.0/24
                  178.20.28.0/22
                  185.202.108.0/24
                  185.212.115.0/24
                  193.31.126.0/24
                  193.42.245.0/24
                  193.151.189.0-193.151.191.255
                  193.163.89.0/24
                  193.163.92.0/24
                  193.163.207.0/24
                  194.70.234.0/24
                  194.99.24.0/24
                  194.99.26.0/24
                  212.18.113.0/24
                  212.18.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:14:d4:b7:42:c5:da:9d:2a:1c:f3:bc:56:d3:40:a5:77:2d:
         3a:f1:9f:ab:df:7a:bd:f5:06:62:ab:85:c3:d6:3a:d4:d8:e6:
         ef:a6:58:d9:cf:a1:da:98:2b:95:a1:9c:c8:90:20:c9:d8:b3:
         fc:c8:75:70:db:b8:37:5f:7b:96:dd:bf:a7:e3:81:4f:1c:09:
         8a:e3:e5:c7:b1:50:03:3c:02:a3:0f:dd:c3:a3:51:0f:6a:8f:
         b8:ca:9e:52:60:40:b3:2d:da:7c:53:2e:aa:0d:0f:80:75:2e:
         7a:47:94:9f:cb:f9:19:25:52:5c:6b:d9:a5:52:39:17:09:69:
         e4:1c:98:8e:6b:f1:09:13:e1:02:60:2b:5e:32:cf:60:d3:2d:
         f4:d4:1a:9f:8e:f2:57:3a:17:b3:cd:3b:4f:eb:ea:68:dd:5e:
         0c:d3:96:69:94:39:06:ac:be:01:c3:8d:e7:ae:12:fd:10:d7:
         c6:1a:1c:95:68:f3:a0:be:b0:eb:ff:4b:93:7d:62:b2:6f:b1:
         21:27:44:0f:4b:fe:7b:41:8e:52:20:d7:bc:7a:c9:8a:01:24:
         88:0d:ae:af:7a:fa:98:d8:f6:5d:12:b2:5e:34:56:86:80:79:
         6d:3a:55:a6:f4:db:f1:a7:8b:19:c1:74:29:1e:fa:04:08:2d:
         34:f6:fc:f6
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgISAZmCz9agW6wx9tXisXnHZTUDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjUwOTI1MjEzODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODVmN2UzNGEwMTZiNTNiYjFlOGNjMGM2ODhlOTAyNWQyNDk5NmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ALTjdtusTGuFbvD7JiSLxadzVAs
vK+dyGJm7XnlP94mpqWpKOXeVF+o0qd6e4BV/a8+jQyY0ebXgrfj89G3lZTYEouD
ZC9mF0g0U1y8OjR2a1Xj4Ha1u42KsW7wSR8hVegkydVAmkHRlAvYt9+V302n3YUN
Pff2S/xMEwEYAMxX6soebEe3ueBoQwG14j17UTLai89b9UrHkSQqD+s8FzGS8r0A
6CGSyj/T6bJpLyD5x6UHiUkO90Et0hWI6r2egFFUhkCtixhUEUTyhbFek35VLCGq
AiC6ZeaAyHL+8Q4FUrUAp1oOSrRUNTYiKJwoDIVBW3DZwGyRRe8moeRxSwIDAQAB
o4ICujCCArYwHQYDVR0OBBYEFIhffjSgFrU7sejMDGiOkCXSSZbSMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvaUY5LU5LQVd0VHV4Nk13TWFJNlFKZEpKbHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHPBggrBgEFBQcBBwEB/wSBvzCBvDCBuQQCAAEwgbIDBAAf
KMMDBAAlSI0DBAAtjYAwDAMEAC2fFQMEAC2fFgMEAC79gwMEAD7MMQMEAk1TGAME
AlNhdAMEAFjaLQMEAFjaLwMEAFv2MwMEAFv3owMEAF6acQMEArIUHAMEALnKbAME
ALnUcwMEAMEffgMEAMEq9TAMAwQAwZe9AwQGwZeAAwQAwaNZAwQAwaNcAwQAwaPP
AwQAwkbqAwQAwmMYAwQAwmMaAwQA1BJxAwQA1BJ/MA0GCSqGSIb3DQEBCwUAA4IB
AQCTFNS3QsXanSoc87xW00Cldy068Z+r33q99QZiq4XD1jrU2ObvpljZz6HamCuV
oZzIkCDJ2LP8yHVw27g3X3uW3b+n44FPHAmK4+XHsVADPAKjD93Do1EPao+4yp5S
YECzLdp8Uy6qDQ+AdS56R5Sfy/kZJVJca9mlUjkXCWnkHJiOa/EJE+ECYCteMs9g
0y301BqfjvJXOhezzTtP6+po3V4M05ZplDkGrL4Bw43nrhL9ENfGGhyVaPOgvrDr
/0uTfWKyb7EhJ0QPS/57QY5SINe8esmKASSIDa6vevqY2PZdErJeNFaGgHltOlWm
9Nvxp4sZwXQpHvoECC009vz2
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:00 2025 by rpki-client