Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/89542a-587d-4c27-a523-6a1b9c1c6924/1/L6iR0CMwTlXaB3-hN4yCOodUYRY.roa
File:                     L6iR0CMwTlXaB3-hN4yCOodUYRY.roa (raw, json)
Hash identifier:          eWR/YwFC9Nkq/Z8RvdCdYOBK7oxzXqUpetNS4HVcl8U=
Subject key identifier:   2F:A8:91:D0:23:30:4E:55:DA:07:7F:A1:37:8C:82:3A:87:54:61:16
Certificate issuer:       /CN=4789c5dc0dd544fc02b7e67e5f1bac456aabfe61
Certificate serial:       019971960F410709A5FDD4A2E4568D1DEF92
Authority key identifier: 47:89:C5:DC:0D:D5:44:FC:02:B7:E6:7E:5F:1B:AC:45:6A:AB:FE:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R4nF3A3VRPwCt-Z-XxusRWqr_mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/89542a-587d-4c27-a523-6a1b9c1c6924/1/L6iR0CMwTlXaB3-hN4yCOodUYRY.roa
Signing time:             Mon 22 Sep 2025 13:21:23 +0000
ROA not before:           Mon 22 Sep 2025 13:21:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47178
IP address blocks:        93.188.112.0/21 maxlen: 24
                          185.99.224.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/89542a-587d-4c27-a523-6a1b9c1c6924/1/R4nF3A3VRPwCt-Z-XxusRWqr_mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/89542a-587d-4c27-a523-6a1b9c1c6924/1/R4nF3A3VRPwCt-Z-XxusRWqr_mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R4nF3A3VRPwCt-Z-XxusRWqr_mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:71:96:0f:41:07:09:a5:fd:d4:a2:e4:56:8d:1d:ef:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4789c5dc0dd544fc02b7e67e5f1bac456aabfe61
        Validity
            Not Before: Sep 22 13:21:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2fa891d023304e55da077fa1378c823a87546116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:21:12:66:97:b0:45:82:21:20:f8:e0:dd:33:
                    02:3d:51:b8:70:6a:7f:ef:08:95:58:40:af:be:2f:
                    d4:e2:0d:28:ef:71:f3:ab:e0:a0:fc:81:00:b5:36:
                    88:9b:09:f1:ea:69:cd:8d:11:33:a0:50:11:61:bc:
                    83:05:3a:c8:ad:9b:40:b4:64:85:18:5e:f2:ee:7f:
                    1c:37:31:54:06:aa:38:75:07:04:b5:02:8b:3c:c4:
                    1f:76:43:af:3c:ac:9e:69:18:54:fa:3e:c7:9e:32:
                    24:79:27:91:e6:51:5a:49:41:31:65:e2:48:2c:30:
                    15:51:26:ab:70:70:8a:d6:74:5a:65:5c:a3:f2:ea:
                    f0:5b:e3:93:38:6c:a6:06:51:ef:97:82:66:a0:f3:
                    d4:e5:13:e5:74:3c:60:66:e7:a0:41:dc:63:08:02:
                    0b:eb:32:dc:c6:28:59:69:8e:0f:85:49:14:94:46:
                    d5:28:f2:a7:41:69:4e:e0:a5:d9:1b:3d:ec:17:f4:
                    bd:c5:38:79:fe:02:2b:4b:59:39:81:61:2e:96:2a:
                    81:5d:33:89:ee:b0:a7:a4:28:89:99:21:d7:7e:a2:
                    ae:e9:8b:de:e6:10:63:87:b5:a5:c9:d4:a6:49:4b:
                    18:76:5b:7a:7d:78:b5:99:e5:55:68:e1:33:8e:d3:
                    81:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:A8:91:D0:23:30:4E:55:DA:07:7F:A1:37:8C:82:3A:87:54:61:16
            X509v3 Authority Key Identifier:
                keyid:47:89:C5:DC:0D:D5:44:FC:02:B7:E6:7E:5F:1B:AC:45:6A:AB:FE:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R4nF3A3VRPwCt-Z-XxusRWqr_mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/89542a-587d-4c27-a523-6a1b9c1c6924/1/L6iR0CMwTlXaB3-hN4yCOodUYRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/89542a-587d-4c27-a523-6a1b9c1c6924/1/R4nF3A3VRPwCt-Z-XxusRWqr_mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.188.112.0/21
                  185.99.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:eb:26:a8:23:fa:b3:ac:3f:f6:7f:5c:6f:7b:8e:bf:46:1e:
         ce:13:66:93:0b:67:92:4f:b1:e2:47:90:18:f5:a3:3f:a7:19:
         76:29:a0:a8:f2:58:29:35:9e:8c:f9:a1:f2:69:ac:4a:97:a2:
         ae:7f:8f:a9:88:79:cf:87:21:ad:ac:0d:04:b4:bd:ab:7a:7f:
         1a:0d:c8:50:5b:b6:b5:e1:1d:6e:66:0f:33:47:e4:b4:c5:fb:
         41:8c:37:4d:b7:38:59:f6:ac:2d:c4:3f:83:76:a1:98:3e:a5:
         b5:e1:19:b5:95:21:8f:79:db:7f:79:de:af:f3:01:b9:66:41:
         ba:f2:61:4c:72:a5:8f:91:52:53:96:a6:86:2c:c5:21:06:77:
         a5:34:ad:dd:e6:7d:f4:90:83:d0:ec:9e:77:5b:bf:95:e4:1e:
         f0:aa:fa:af:4a:8d:d6:26:e2:48:4f:f4:e5:f6:6b:a4:d8:42:
         29:b7:4d:8a:69:8a:5e:9d:cf:12:c7:b5:b7:17:4c:b4:9d:8f:
         65:3c:ef:d1:8f:56:bf:a4:0f:6e:ad:33:bc:b1:ff:b7:a6:52:
         78:2e:32:19:83:78:36:5a:b0:75:81:8a:91:2c:a9:70:95:9e:
         a5:8a:f1:66:9a:05:86:6d:ed:71:d1:b7:2b:9e:4a:06:4b:af:
         57:5b:c6:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlxlg9BBwml/dSi5FaNHe+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ODljNWRjMGRkNTQ0ZmMwMmI3ZTY3ZTVmMWJhYzQ1NmFh
YmZlNjEwHhcNMjUwOTIyMTMyMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmE4OTFkMDIzMzA0ZTU1ZGEwNzdmYTEzNzhjODIzYTg3NTQ2MTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviESZpewRYIhIPjg3TMCPVG4cGp/
7wiVWECvvi/U4g0o73Hzq+Cg/IEAtTaImwnx6mnNjREzoFARYbyDBTrIrZtAtGSF
GF7y7n8cNzFUBqo4dQcEtQKLPMQfdkOvPKyeaRhU+j7HnjIkeSeR5lFaSUExZeJI
LDAVUSarcHCK1nRaZVyj8urwW+OTOGymBlHvl4JmoPPU5RPldDxgZuegQdxjCAIL
6zLcxihZaY4PhUkUlEbVKPKnQWlO4KXZGz3sF/S9xTh5/gIrS1k5gWEuliqBXTOJ
7rCnpCiJmSHXfqKu6Yve5hBjh7WlydSmSUsYdlt6fXi1meVVaOEzjtOBEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC+okdAjME5V2gd/oTeMgjqHVGEWMB8GA1UdIwQY
MBaAFEeJxdwN1UT8Arfmfl8brEVqq/5hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjRuRjNBM1ZSUHdDdC1aLVh4dXNSV3FyX21FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS84OTU0MmEtNTg3ZC00YzI3LWE1MjMt
NmExYjljMWM2OTI0LzEvTDZpUjBDTXdUbFhhQjMtaE40eUNPb2RVWVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS84OTU0MmEtNTg3ZC00YzI3LWE1MjMtNmExYjljMWM2OTI0
LzEvUjRuRjNBM1ZSUHdDdC1aLVh4dXNSV3FyX21FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXbxwAwQC
uWPgMA0GCSqGSIb3DQEBCwUAA4IBAQCy6yaoI/qzrD/2f1xve46/Rh7OE2aTC2eS
T7HiR5AY9aM/pxl2KaCo8lgpNZ6M+aHyaaxKl6Kuf4+piHnPhyGtrA0EtL2ren8a
DchQW7a14R1uZg8zR+S0xftBjDdNtzhZ9qwtxD+DdqGYPqW14Rm1lSGPedt/ed6v
8wG5ZkG68mFMcqWPkVJTlqaGLMUhBnelNK3d5n30kIPQ7J53W7+V5B7wqvqvSo3W
JuJIT/Tl9muk2EIpt02KaYpenc8Sx7W3F0y0nY9lPO/Rj1a/pA9urTO8sf+3plJ4
LjIZg3g2WrB1gYqRLKlwlZ6livFmmgWGbe1x0bcrnkoGS69XW8bj
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:35 2025 by rpki-client