Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/WYZsdgUIQCczgUY2AkmXvA3fVKQ.roa
File:                     WYZsdgUIQCczgUY2AkmXvA3fVKQ.roa (raw, json)
Hash identifier:          sFPZ2DuAWHM9OSVjMlTenNHsyiMBgilDhrQElF6qLoQ=
Subject key identifier:   59:86:6C:76:05:08:40:27:33:81:46:36:02:49:97:BC:0D:DF:54:A4
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01997547CCC023C4B4D0AEACEABEF6F84857
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/WYZsdgUIQCczgUY2AkmXvA3fVKQ.roa
Signing time:             Tue 23 Sep 2025 06:34:23 +0000
ROA not before:           Tue 23 Sep 2025 06:34:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29278
IP address blocks:        79.172.196.0/24 maxlen: 24
                          79.172.199.0/24 maxlen: 24
                          79.172.203.0/24 maxlen: 24
                          79.172.209.0/24 maxlen: 24
                          79.172.211.0/24 maxlen: 24
                          79.172.213.0/24 maxlen: 24
                          79.172.216.0/24 maxlen: 24
                          79.172.225.0/24 maxlen: 24
                          79.172.236.0/24 maxlen: 24
                          79.172.238.0/24 maxlen: 24
                          79.172.240.0/24 maxlen: 24
                          79.172.241.0/24 maxlen: 24
                          79.172.243.0/24 maxlen: 24
                          79.172.248.0/24 maxlen: 24
                          79.172.253.0/24 maxlen: 24
                          79.172.255.0/24 maxlen: 24
                          84.21.0.0/19 maxlen: 19
                          84.21.7.0/24 maxlen: 24
                          84.21.8.0/24 maxlen: 24
                          84.21.18.0/24 maxlen: 24
                          84.21.19.0/24 maxlen: 24
                          87.229.15.0/24 maxlen: 24
                          87.229.26.0/24 maxlen: 24
                          87.229.32.0/24 maxlen: 24
                          87.229.33.0/24 maxlen: 24
                          87.229.40.0/24 maxlen: 24
                          87.229.45.0/24 maxlen: 24
                          87.229.51.0/24 maxlen: 24
                          87.229.53.0/24 maxlen: 24
                          87.229.54.0/24 maxlen: 24
                          87.229.55.0/24 maxlen: 24
                          87.229.56.0/24 maxlen: 24
                          87.229.58.0/24 maxlen: 24
                          87.229.59.0/24 maxlen: 24
                          87.229.65.0/24 maxlen: 24
                          87.229.66.0/24 maxlen: 24
                          87.229.71.0/24 maxlen: 24
                          87.229.73.0/24 maxlen: 24
                          87.229.74.0/23 maxlen: 23
                          87.229.78.0/24 maxlen: 24
                          87.229.83.0/24 maxlen: 24
                          87.229.93.0/24 maxlen: 24
                          87.229.94.0/24 maxlen: 24
                          87.229.96.0/24 maxlen: 24
                          87.229.105.0/24 maxlen: 24
                          87.229.113.0/24 maxlen: 24
                          87.229.114.0/24 maxlen: 24
                          87.229.116.0/24 maxlen: 24
                          87.229.118.0/24 maxlen: 24
                          87.229.121.0/24 maxlen: 24
                          95.138.192.0/21 maxlen: 21
                          178.238.208.0/20 maxlen: 20
                          178.238.208.0/21 maxlen: 21
                          178.238.214.0/24 maxlen: 24
                          178.238.216.0/21 maxlen: 21
                          213.181.196.0/24 maxlen: 24
                          213.181.197.0/24 maxlen: 24
                          213.181.198.0/24 maxlen: 24
                          213.181.200.0/24 maxlen: 24
                          213.181.204.0/24 maxlen: 24
                          213.181.207.0/24 maxlen: 24
                          213.181.210.0/24 maxlen: 24
                          213.181.219.0/24 maxlen: 24
                          213.181.221.0/24 maxlen: 24
                          217.113.50.0/24 maxlen: 24
                          217.113.51.0/24 maxlen: 24
                          217.113.52.0/24 maxlen: 24
                          217.113.59.0/24 maxlen: 24
                          217.113.61.0/24 maxlen: 24
                          217.113.63.0/24 maxlen: 24
                          217.144.48.0/23 maxlen: 23
                          217.144.50.0/24 maxlen: 24
                          217.144.56.0/21 maxlen: 21
                          217.144.62.0/24 maxlen: 24
                          2a02:730::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:75:47:cc:c0:23:c4:b4:d0:ae:ac:ea:be:f6:f8:48:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Sep 23 06:34:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59866c760508402733814636024997bc0ddf54a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:00:07:f8:7b:c7:4e:1b:f7:85:a2:45:dd:82:
                    ba:36:ce:2a:fc:4b:65:2c:e8:88:91:ad:11:41:8d:
                    da:f4:1a:aa:2e:32:c6:67:0a:35:15:3b:3f:27:04:
                    e0:1b:be:d9:88:4a:1d:ce:a6:72:c9:04:d2:91:30:
                    0c:d4:00:f8:26:8c:68:44:9b:aa:72:0a:fb:40:86:
                    52:2e:98:da:dd:2b:e8:12:42:1a:bb:83:f7:19:5b:
                    a8:e1:9a:16:8d:7f:d3:03:de:4a:54:27:91:11:f5:
                    85:3a:54:b4:b9:c9:61:c3:25:47:c1:46:70:4a:96:
                    66:84:36:be:6c:52:6b:22:22:bd:b3:c0:1c:1f:b5:
                    64:42:50:0b:0b:31:6a:bf:d4:e0:ca:de:94:d8:61:
                    d2:19:3c:5d:29:f6:db:c4:fa:05:0e:59:74:85:b5:
                    92:61:00:4e:22:5a:f8:8c:d2:da:45:f3:cb:40:d4:
                    c9:e9:34:a3:ef:fc:ed:f4:91:fe:77:b7:ec:67:11:
                    6b:ea:bd:ee:6e:15:ba:b2:11:b2:e9:ef:45:58:76:
                    ff:60:80:b8:55:49:11:bd:f7:b1:f3:99:53:cb:7f:
                    67:a4:dd:25:b4:f4:20:ae:0a:bd:23:54:9d:86:61:
                    e5:e9:86:5f:f1:a5:b8:cf:29:15:fd:16:5b:d3:20:
                    a6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:86:6C:76:05:08:40:27:33:81:46:36:02:49:97:BC:0D:DF:54:A4
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/WYZsdgUIQCczgUY2AkmXvA3fVKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.196.0/24
                  79.172.199.0/24
                  79.172.203.0/24
                  79.172.209.0/24
                  79.172.211.0/24
                  79.172.213.0/24
                  79.172.216.0/24
                  79.172.225.0/24
                  79.172.236.0/24
                  79.172.238.0/24
                  79.172.240.0/23
                  79.172.243.0/24
                  79.172.248.0/24
                  79.172.253.0/24
                  79.172.255.0/24
                  84.21.0.0/19
                  87.229.15.0/24
                  87.229.26.0/24
                  87.229.32.0/23
                  87.229.40.0/24
                  87.229.45.0/24
                  87.229.51.0/24
                  87.229.53.0-87.229.56.255
                  87.229.58.0/23
                  87.229.65.0-87.229.66.255
                  87.229.71.0/24
                  87.229.73.0-87.229.75.255
                  87.229.78.0/24
                  87.229.83.0/24
                  87.229.93.0-87.229.94.255
                  87.229.96.0/24
                  87.229.105.0/24
                  87.229.113.0-87.229.114.255
                  87.229.116.0/24
                  87.229.118.0/24
                  87.229.121.0/24
                  95.138.192.0/21
                  178.238.208.0/20
                  213.181.196.0-213.181.198.255
                  213.181.200.0/24
                  213.181.204.0/24
                  213.181.207.0/24
                  213.181.210.0/24
                  213.181.219.0/24
                  213.181.221.0/24
                  217.113.50.0-217.113.52.255
                  217.113.59.0/24
                  217.113.61.0/24
                  217.113.63.0/24
                  217.144.48.0-217.144.50.255
                  217.144.56.0/21
                IPv6:
                  2a02:730::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:f2:d0:0b:4e:36:c6:50:1d:f3:31:08:51:c0:65:03:27:a8:
         8b:f7:dd:79:9a:79:3a:12:4f:40:1f:cd:42:8b:31:51:21:74:
         26:8f:16:8b:d5:4f:18:b6:86:b3:b9:05:df:9c:f2:51:99:23:
         03:bd:91:9a:a6:6f:e7:f1:9d:02:c2:a2:88:78:00:3d:05:32:
         7f:48:57:a4:04:4a:1c:b8:7b:ba:a6:0a:a5:50:e7:44:df:82:
         87:d0:b1:39:80:0a:c2:eb:50:6c:35:2c:97:60:87:33:dc:d6:
         99:b4:8d:5a:3e:04:59:53:5d:e4:e4:5c:10:f9:f5:44:5c:1b:
         6c:78:9a:30:ff:30:e9:7d:3a:a0:41:5e:3e:a3:24:62:42:f3:
         c8:98:98:5a:99:72:d8:be:8e:5b:89:c8:ae:fa:99:c7:58:ab:
         d2:3f:5e:1d:ee:eb:df:58:51:7a:30:6d:41:80:1f:6f:92:f7:
         02:8f:da:6e:d6:16:c7:20:43:c5:53:4b:3a:cc:77:b8:6f:72:
         dc:c8:69:f5:16:08:4a:be:98:03:81:9e:1b:a8:98:16:ee:11:
         01:1a:52:e4:e0:8d:bf:ea:0c:cf:9d:3b:aa:63:69:9f:ea:b8:
         d3:a6:00:45:c2:49:3c:9b:43:63:ed:a2:10:4c:93:48:dc:d7:
         d1:a4:3e:62
-----BEGIN CERTIFICATE-----
MIIGgjCCBWqgAwIBAgISAZl1R8zAI8S00K6s6r72+EhXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwOTIzMDYzNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTg2NmM3NjA1MDg0MDI3MzM4MTQ2MzYwMjQ5OTdiYzBkZGY1NGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AAH+HvHThv3haJF3YK6Ns4q/Etl
LOiIka0RQY3a9BqqLjLGZwo1FTs/JwTgG77ZiEodzqZyyQTSkTAM1AD4JoxoRJuq
cgr7QIZSLpja3SvoEkIau4P3GVuo4ZoWjX/TA95KVCeREfWFOlS0uclhwyVHwUZw
SpZmhDa+bFJrIiK9s8AcH7VkQlALCzFqv9Tgyt6U2GHSGTxdKfbbxPoFDll0hbWS
YQBOIlr4jNLaRfPLQNTJ6TSj7/zt9JH+d7fsZxFr6r3ubhW6shGy6e9FWHb/YIC4
VUkRvfex85lTy39npN0ltPQgrgq9I1SdhmHl6YZf8aW4zykV/RZb0yCm0QIDAQAB
o4IDjjCCA4owHQYDVR0OBBYEFFmGbHYFCEAnM4FGNgJJl7wN31SkMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvV1lac2RnVUlRQ2N6Z1VZMkFrbVh2QTNmVktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBogYIKwYBBQUHAQcBAf8EggGRMIIBjTCCAXoEAgABMIIB
cgMEAE+sxAMEAE+sxwMEAE+sywMEAE+s0QMEAE+s0wMEAE+s1QMEAE+s2AMEAE+s
4QMEAE+s7AMEAE+s7gMEAU+s8AMEAE+s8wMEAE+s+AMEAE+s/QMEAE+s/wMEBVQV
AAMEAFflDwMEAFflGgMEAVflIAMEAFflKAMEAFflLQMEAFflMzAMAwQAV+U1AwQA
V+U4AwQBV+U6MAwDBABX5UEDBABX5UIDBABX5UcwDAMEAFflSQMEAlflSAMEAFfl
TgMEAFflUzAMAwQAV+VdAwQAV+VeAwQAV+VgAwQAV+VpMAwDBABX5XEDBABX5XID
BABX5XQDBABX5XYDBABX5XkDBANfisADBASy7tAwDAMEAtW1xAMEANW1xgMEANW1
yAMEANW1zAMEANW1zwMEANW10gMEANW12wMEANW13TAMAwQB2XEyAwQA2XE0AwQA
2XE7AwQA2XE9AwQA2XE/MAwDBATZkDADBADZkDIDBAPZkDgwDQQCAAIwBwMFACoC
BzAwDQYJKoZIhvcNAQELBQADggEBAFzy0AtONsZQHfMxCFHAZQMnqIv33XmaeToS
T0AfzUKLMVEhdCaPFovVTxi2hrO5Bd+c8lGZIwO9kZqmb+fxnQLCooh4AD0FMn9I
V6QEShy4e7qmCqVQ50TfgofQsTmACsLrUGw1LJdghzPc1pm0jVo+BFlTXeTkXBD5
9URcG2x4mjD/MOl9OqBBXj6jJGJC88iYmFqZcti+jluJyK76mcdYq9I/Xh3u699Y
UXowbUGAH2+S9wKP2m7WFscgQ8VTSzrMd7hvctzIafUWCEq+mAOBnhuomBbuEQEa
UuTgjb/qDM+dO6pjaZ/quNOmAEXCSTybQ2PtohBMk0jc19GkPmI=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:55 2025 by rpki-client