Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/nD6BDJDA_dWwFQl4pf7gAHlOGhg.roa
File:                     nD6BDJDA_dWwFQl4pf7gAHlOGhg.roa (raw, json)
Hash identifier:          1WAvivFyuRPy1SS+2soFEsbLPwjNLXdysbcvAmnfq4I=
Subject key identifier:   9C:3E:81:0C:90:C0:FD:D5:B0:15:09:78:A5:FE:E0:00:79:4E:1A:18
Certificate issuer:       /CN=4c3c665e51cc4cb5caf05b8294843e2733a13dee
Certificate serial:       01999A3361FA71FB8F1516ECC097BF81CA84
Authority key identifier: 4C:3C:66:5E:51:CC:4C:B5:CA:F0:5B:82:94:84:3E:27:33:A1:3D:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDxmXlHMTLXK8FuClIQ-JzOhPe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/nD6BDJDA_dWwFQl4pf7gAHlOGhg.roa
Signing time:             Tue 30 Sep 2025 10:38:02 +0000
ROA not before:           Tue 30 Sep 2025 10:38:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43606
IP address blocks:        94.131.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/TDxmXlHMTLXK8FuClIQ-JzOhPe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/TDxmXlHMTLXK8FuClIQ-JzOhPe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDxmXlHMTLXK8FuClIQ-JzOhPe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:33:61:fa:71:fb:8f:15:16:ec:c0:97:bf:81:ca:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3c665e51cc4cb5caf05b8294843e2733a13dee
        Validity
            Not Before: Sep 30 10:38:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c3e810c90c0fdd5b0150978a5fee000794e1a18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e0:6f:a4:dd:19:53:68:d5:94:81:72:99:99:
                    84:6e:11:3d:61:ac:50:52:04:e2:5c:4d:57:79:c0:
                    41:63:cc:06:a8:81:fe:9e:e2:9e:e7:ed:00:ce:49:
                    41:53:96:f0:59:12:16:56:2d:f6:4c:3a:84:fd:78:
                    53:8b:c9:76:f7:93:0e:1b:1e:c7:a5:a0:48:48:ce:
                    a4:68:35:02:52:93:ac:df:7e:b9:dc:32:64:89:09:
                    00:c9:0f:6f:0e:ad:e5:94:32:5c:73:f0:64:ea:bd:
                    dc:fe:b5:b2:73:28:7a:b4:4a:6f:40:39:63:fd:8b:
                    ad:43:a2:b3:24:40:ed:aa:b1:fb:d5:c4:40:8b:53:
                    8a:7b:89:b1:fb:2b:84:75:1c:df:05:de:e3:af:82:
                    7d:9a:94:9d:fc:34:a0:17:ea:42:a2:cf:f5:fe:78:
                    a1:f6:d0:a4:9d:ec:82:b9:05:16:ef:a4:77:7f:55:
                    d8:d4:6e:56:e9:da:f5:7e:2f:ee:4f:a7:56:f5:23:
                    fe:61:dc:58:6f:f8:b9:8c:fd:31:dc:c1:d2:9c:26:
                    66:c8:19:94:75:2b:7f:0c:73:ab:42:b9:59:6a:dc:
                    20:15:7e:4b:8b:62:05:f0:63:24:76:df:35:9c:b3:
                    50:5d:74:66:50:d4:fb:dd:56:5f:b5:04:fe:1e:cc:
                    3e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:3E:81:0C:90:C0:FD:D5:B0:15:09:78:A5:FE:E0:00:79:4E:1A:18
            X509v3 Authority Key Identifier:
                keyid:4C:3C:66:5E:51:CC:4C:B5:CA:F0:5B:82:94:84:3E:27:33:A1:3D:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDxmXlHMTLXK8FuClIQ-JzOhPe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/nD6BDJDA_dWwFQl4pf7gAHlOGhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/6b66b4-064c-42ee-a5ee-1a65b91bee58/1/TDxmXlHMTLXK8FuClIQ-JzOhPe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:50:63:09:3d:8d:b4:9b:32:ce:6a:00:19:b8:af:83:35:71:
         22:88:e7:86:94:49:0d:4c:01:aa:a0:94:c2:af:83:c6:62:6f:
         00:3e:20:35:6f:a1:e2:ca:af:a5:06:df:e9:86:02:3d:55:b8:
         96:dd:f7:0a:b6:dd:47:b4:2e:58:31:27:cd:38:49:60:91:06:
         f8:4d:e1:b5:f4:63:4f:dc:16:02:87:e2:8a:16:ef:b5:0a:e8:
         e0:a7:75:75:74:98:ba:d8:54:84:e9:44:2e:df:3c:93:40:11:
         5c:50:cb:fe:72:a5:b2:7c:09:90:12:8c:9d:63:31:c3:9a:3a:
         a3:d0:6c:62:fd:c6:2c:b0:b9:84:b6:de:1e:93:d8:3f:29:6b:
         3c:08:fa:2f:63:4c:22:0e:1a:0a:32:62:50:f9:05:2a:3b:29:
         a3:d4:6f:09:5b:65:e8:23:47:42:96:88:77:34:b7:e8:d6:2a:
         44:1e:d5:dd:81:f5:a3:b7:ef:40:78:60:2f:85:d1:45:c3:04:
         90:df:71:d1:58:6d:8a:e1:78:60:b2:4f:d2:bf:38:b8:a4:d4:
         76:6d:ce:b2:ba:17:37:93:79:ce:59:26:91:52:d6:0e:62:54:
         74:f4:9e:bb:53:d6:1c:c3:85:80:19:33:3a:ce:55:77:a6:e9:
         9e:8a:a5:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmaM2H6cfuPFRbswJe/gcqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjM2M2NjVlNTFjYzRjYjVjYWYwNWI4Mjk0ODQzZTI3MzNh
MTNkZWUwHhcNMjUwOTMwMTAzODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzNlODEwYzkwYzBmZGQ1YjAxNTA5NzhhNWZlZTAwMDc5NGUxYTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uBvpN0ZU2jVlIFymZmEbhE9YaxQ
UgTiXE1XecBBY8wGqIH+nuKe5+0AzklBU5bwWRIWVi32TDqE/XhTi8l295MOGx7H
paBISM6kaDUCUpOs33653DJkiQkAyQ9vDq3llDJcc/Bk6r3c/rWycyh6tEpvQDlj
/YutQ6KzJEDtqrH71cRAi1OKe4mx+yuEdRzfBd7jr4J9mpSd/DSgF+pCos/1/nih
9tCkneyCuQUW76R3f1XY1G5W6dr1fi/uT6dW9SP+YdxYb/i5jP0x3MHSnCZmyBmU
dSt/DHOrQrlZatwgFX5Li2IF8GMkdt81nLNQXXRmUNT73VZftQT+Hsw+yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJw+gQyQwP3VsBUJeKX+4AB5ThoYMB8GA1UdIwQY
MBaAFEw8Zl5RzEy1yvBbgpSEPiczoT3uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVER4bVhsSE1UTFhLOEZ1Q2xJUS1Kek9oUGU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS82YjY2YjQtMDY0Yy00MmVlLWE1ZWUt
MWE2NWI5MWJlZTU4LzEvbkQ2QkRKREFfZFd3RlFsNHBmN2dBSGxPR2hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS82YjY2YjQtMDY0Yy00MmVlLWE1ZWUtMWE2NWI5MWJlZTU4
LzEvVER4bVhsSE1UTFhLOEZ1Q2xJUS1Kek9oUGU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoPuMA0G
CSqGSIb3DQEBCwUAA4IBAQBQUGMJPY20mzLOagAZuK+DNXEiiOeGlEkNTAGqoJTC
r4PGYm8APiA1b6Hiyq+lBt/phgI9VbiW3fcKtt1HtC5YMSfNOElgkQb4TeG19GNP
3BYCh+KKFu+1Cujgp3V1dJi62FSE6UQu3zyTQBFcUMv+cqWyfAmQEoydYzHDmjqj
0Gxi/cYssLmEtt4ek9g/KWs8CPovY0wiDhoKMmJQ+QUqOymj1G8JW2XoI0dCloh3
NLfo1ipEHtXdgfWjt+9AeGAvhdFFwwSQ33HRWG2K4Xhgsk/Svzi4pNR2bc6yuhc3
k3nOWSaRUtYOYlR09J67U9Ycw4WAGTM6zlV3pumeiqUt
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:28:41 2025 by rpki-client