Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/UD3JFe8qzAAYF0MGl23bzSXmgIM.roa
File:                     UD3JFe8qzAAYF0MGl23bzSXmgIM.roa (raw, json)
Hash identifier:          2f6gHnM4fMoGAoqUuW0tbuaDgq4ItUGQxvo9tHrTTOY=
Subject key identifier:   50:3D:C9:15:EF:2A:CC:00:18:17:43:06:97:6D:DB:CD:25:E6:80:83
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019992C89458C090349C933E7EB351A7C40E
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/UD3JFe8qzAAYF0MGl23bzSXmgIM.roa
Signing time:             Mon 29 Sep 2025 00:04:02 +0000
ROA not before:           Mon 29 Sep 2025 00:04:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        109.111.32.0/23 maxlen: 24
                          109.111.34.0/23 maxlen: 24
                          109.111.40.0/23 maxlen: 24
                          185.65.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:92:c8:94:58:c0:90:34:9c:93:3e:7e:b3:51:a7:c4:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Sep 29 00:04:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=503dc915ef2acc0018174306976ddbcd25e68083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:86:21:2a:83:14:3a:67:ea:15:e6:c2:a6:25:
                    0e:45:9e:fb:71:e6:58:9a:bb:5e:8e:b1:15:01:62:
                    5f:d1:aa:bb:d6:8f:04:01:5a:f1:68:ce:15:41:d3:
                    02:c7:0c:c5:bb:01:bb:f7:01:2b:ec:7d:0c:ff:3a:
                    aa:a1:15:77:ad:63:de:34:92:52:15:73:e5:a5:28:
                    8b:b3:a9:6c:a0:14:40:7c:a6:62:af:95:d0:23:87:
                    65:66:fa:93:14:a0:40:f9:e2:aa:6b:65:a7:b7:e2:
                    11:e6:77:ef:ed:d5:74:b2:cd:77:33:15:53:d3:33:
                    55:de:d3:03:1f:4c:0b:8e:99:78:e5:d5:42:ad:bf:
                    99:6d:d0:7f:1d:3c:32:91:11:f9:a6:b4:85:e7:77:
                    84:5a:3a:ef:86:3d:96:45:3d:08:74:e2:1d:cd:3b:
                    72:f8:b2:d9:e2:3a:2a:df:24:01:81:85:89:03:76:
                    98:32:85:b8:d9:5a:35:af:3e:ee:8d:b8:0d:ba:1e:
                    3a:e2:38:d2:2f:f0:c5:32:52:cd:3d:cd:c2:37:cb:
                    63:68:bc:1f:45:ab:cb:37:79:6f:68:9b:d6:37:1f:
                    e9:cc:ee:5b:67:76:25:10:bc:17:ee:1c:e6:8d:8d:
                    05:98:48:b4:29:de:4b:1a:21:96:b5:ba:b1:27:6b:
                    d0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:3D:C9:15:EF:2A:CC:00:18:17:43:06:97:6D:DB:CD:25:E6:80:83
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/UD3JFe8qzAAYF0MGl23bzSXmgIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.32.0/22
                  109.111.40.0/23
                  185.65.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:89:3c:26:6f:be:6d:d4:ef:54:41:86:31:a1:45:2a:79:88:
         54:f2:75:da:e3:c4:99:7a:9c:5e:0f:a3:ff:e1:cc:ec:57:b0:
         aa:05:82:0a:9c:6d:37:3d:49:15:ed:94:43:f0:43:d9:cc:11:
         33:54:91:15:e3:16:a1:dc:90:12:1f:4c:89:fa:d3:59:9b:83:
         36:e8:b3:f7:81:0f:00:70:36:48:c8:9e:ab:aa:8e:96:e3:25:
         c8:80:f0:93:64:5e:ac:b6:aa:88:07:de:b2:5c:66:1a:e2:0d:
         df:01:5c:13:f6:fe:83:ac:94:f3:55:81:49:81:47:a5:f6:7c:
         8c:66:0f:e2:6e:4f:5f:7f:f2:2e:f8:d1:4e:24:f4:fc:d5:61:
         8c:e7:e1:9e:33:6c:e5:46:73:86:fc:71:0e:5d:8d:65:96:16:
         c7:48:fe:a2:36:ef:5f:8a:cd:22:83:29:2a:ac:1b:ee:06:32:
         68:e6:28:b1:65:cd:8a:43:46:d6:c0:a6:a3:2e:a6:7d:a9:af:
         67:52:87:45:6b:ed:1f:c1:80:e3:02:86:7b:d7:68:d7:5f:ba:
         7c:97:bb:75:ab:45:0f:20:92:97:3a:16:43:ed:4c:18:53:14:
         99:69:82:72:29:51:40:1b:71:45:5e:08:3b:be:de:18:24:30:
         ae:1b:89:eb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmSyJRYwJA0nJM+frNRp8QOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwOTI5MDAwNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDNkYzkxNWVmMmFjYzAwMTgxNzQzMDY5NzZkZGJjZDI1ZTY4MDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYYhKoMUOmfqFebCpiUORZ77ceZY
mrtejrEVAWJf0aq71o8EAVrxaM4VQdMCxwzFuwG79wEr7H0M/zqqoRV3rWPeNJJS
FXPlpSiLs6lsoBRAfKZir5XQI4dlZvqTFKBA+eKqa2Wnt+IR5nfv7dV0ss13MxVT
0zNV3tMDH0wLjpl45dVCrb+ZbdB/HTwykRH5prSF53eEWjrvhj2WRT0IdOIdzTty
+LLZ4joq3yQBgYWJA3aYMoW42Vo1rz7ujbgNuh464jjSL/DFMlLNPc3CN8tjaLwf
RavLN3lvaJvWNx/pzO5bZ3YlELwX7hzmjY0FmEi0Kd5LGiGWtbqxJ2vQ1wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFA9yRXvKswAGBdDBpdt280l5oCDMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvVUQzSkZlOHF6QUFZRjBNR2wyM2J6U1htZ0lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCbW8gAwQB
bW8oAwQAuUE+MA0GCSqGSIb3DQEBCwUAA4IBAQAiiTwmb75t1O9UQYYxoUUqeYhU
8nXa48SZepxeD6P/4czsV7CqBYIKnG03PUkV7ZRD8EPZzBEzVJEV4xah3JASH0yJ
+tNZm4M26LP3gQ8AcDZIyJ6rqo6W4yXIgPCTZF6stqqIB96yXGYa4g3fAVwT9v6D
rJTzVYFJgUel9nyMZg/ibk9ff/Iu+NFOJPT81WGM5+GeM2zlRnOG/HEOXY1llhbH
SP6iNu9fis0igykqrBvuBjJo5iixZc2KQ0bWwKajLqZ9qa9nUodFa+0fwYDjAoZ7
12jXX7p8l7t1q0UPIJKXOhZD7UwYUxSZaYJyKVFAG3FFXgg7vt4YJDCuG4nr
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:49 2025 by rpki-client