Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/oBB4ZpSr6Ntg7Ts7Vgc8eux6UZU.roa
File:                     oBB4ZpSr6Ntg7Ts7Vgc8eux6UZU.roa (raw, json)
Hash identifier:          v295JYMgq8RKDVMwEZsqAtzglVHP4/oUU7/EiSmjSik=
Subject key identifier:   A0:10:78:66:94:AB:E8:DB:60:ED:3B:3B:56:07:3C:7A:EC:7A:51:95
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01999B4F33254B4E4F60B2157AFE092E35E1
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/oBB4ZpSr6Ntg7Ts7Vgc8eux6UZU.roa
Signing time:             Tue 30 Sep 2025 15:48:02 +0000
ROA not before:           Tue 30 Sep 2025 15:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63199
IP address blocks:        79.172.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9b:4f:33:25:4b:4e:4f:60:b2:15:7a:fe:09:2e:35:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Sep 30 15:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a010786694abe8db60ed3b3b56073c7aec7a5195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:74:d3:83:08:cb:9b:83:f2:94:ee:b5:f5:28:
                    e3:3a:7c:aa:5d:0e:e1:0d:2c:e5:fe:64:d3:4c:a7:
                    f1:b3:82:1c:7b:7d:49:fd:e3:2a:5a:6c:7a:c6:09:
                    9e:bd:2f:9c:ec:01:7d:fc:a7:37:30:76:63:65:84:
                    e0:8f:3b:0d:35:24:b7:e1:86:f8:bf:6a:53:3e:ee:
                    a8:51:fb:40:50:4a:eb:27:97:64:76:7e:48:21:bb:
                    af:43:8e:01:c4:92:3b:f8:a4:91:55:e3:a1:01:f4:
                    57:a4:ac:a3:03:e3:eb:42:02:05:62:f4:97:e7:f9:
                    b4:c0:55:98:9f:47:c3:5c:5b:51:c0:a2:7a:8e:25:
                    a0:61:e8:81:34:d7:e6:16:71:9d:95:4f:8b:c9:e3:
                    7d:4d:cf:b7:3a:8a:61:3e:6b:ca:a4:91:cc:9d:5f:
                    82:7a:c0:db:3d:74:6b:bb:4a:5f:62:f7:ff:53:dc:
                    22:45:03:3b:d1:3b:0c:e7:96:9c:1a:96:43:03:5a:
                    79:38:ec:7e:b9:c6:54:47:c4:67:c7:48:da:88:b9:
                    d1:e5:b0:9e:5d:cc:a9:d3:c0:05:f1:6d:2a:c0:56:
                    37:d2:b7:d6:7a:d3:0f:77:30:7c:1f:21:b3:b0:4e:
                    fa:b7:9f:a3:ea:cf:11:bd:4f:6c:a2:32:0b:b7:c0:
                    12:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:10:78:66:94:AB:E8:DB:60:ED:3B:3B:56:07:3C:7A:EC:7A:51:95
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/oBB4ZpSr6Ntg7Ts7Vgc8eux6UZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:92:11:91:f9:64:84:c1:ad:6e:3c:37:2a:a5:b5:17:c5:fc:
         2b:fd:21:f4:c8:2a:2f:f3:91:20:b8:7c:94:10:4b:db:86:3e:
         37:f6:ab:44:fd:33:fb:b9:03:da:ab:00:5c:bc:41:47:41:ac:
         58:26:56:6f:ff:4c:52:0e:72:75:1b:fd:e7:5c:ad:bb:29:e8:
         84:32:ea:82:f6:70:0f:06:df:b2:e4:a4:e9:eb:bb:2d:27:7f:
         52:10:db:31:43:b1:97:6e:7b:0f:16:c2:02:fc:63:e1:4f:61:
         90:eb:8a:b2:e2:1e:ab:1e:4a:92:51:05:76:5c:bc:f5:1b:66:
         f1:46:16:5f:89:26:e5:64:c5:3a:67:b5:8a:cd:c6:bd:f6:f2:
         f4:8f:7c:d2:e8:5b:1a:f0:f9:b9:46:b6:ae:a6:09:d1:d9:be:
         53:1c:57:65:dc:1d:92:a6:b9:67:a5:3a:69:9a:38:ab:cd:15:
         8d:36:6f:90:f1:53:2b:e5:9c:78:ab:ac:15:8f:1b:f0:f5:38:
         1e:7e:61:a0:ac:56:54:34:47:a8:bc:88:05:97:50:3e:fe:5e:
         69:5a:ac:b0:1a:ea:89:87:28:38:c5:e9:4e:3b:46:29:57:9c:
         ba:e6:18:0c:85:90:c9:3a:50:50:3c:80:06:7e:75:2f:b5:37:
         30:72:40:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmbTzMlS05PYLIVev4JLjXhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwOTMwMTU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDEwNzg2Njk0YWJlOGRiNjBlZDNiM2I1NjA3M2M3YWVjN2E1MTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknTTgwjLm4PylO619SjjOnyqXQ7h
DSzl/mTTTKfxs4Ice31J/eMqWmx6xgmevS+c7AF9/Kc3MHZjZYTgjzsNNSS34Yb4
v2pTPu6oUftAUErrJ5dkdn5IIbuvQ44BxJI7+KSRVeOhAfRXpKyjA+PrQgIFYvSX
5/m0wFWYn0fDXFtRwKJ6jiWgYeiBNNfmFnGdlU+LyeN9Tc+3OophPmvKpJHMnV+C
esDbPXRru0pfYvf/U9wiRQM70TsM55acGpZDA1p5OOx+ucZUR8Rnx0jaiLnR5bCe
Xcyp08AF8W0qwFY30rfWetMPdzB8HyGzsE76t5+j6s8RvU9sojILt8ASwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAQeGaUq+jbYO07O1YHPHrselGVMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvb0JCNFpwU3I2TnRnN1RzN1ZnYzhldXg2VVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zbMA0G
CSqGSIb3DQEBCwUAA4IBAQARkhGR+WSEwa1uPDcqpbUXxfwr/SH0yCov85EguHyU
EEvbhj439qtE/TP7uQPaqwBcvEFHQaxYJlZv/0xSDnJ1G/3nXK27KeiEMuqC9nAP
Bt+y5KTp67stJ39SENsxQ7GXbnsPFsIC/GPhT2GQ64qy4h6rHkqSUQV2XLz1G2bx
RhZfiSblZMU6Z7WKzca99vL0j3zS6Fsa8Pm5RraupgnR2b5THFdl3B2SprlnpTpp
mjirzRWNNm+Q8VMr5Zx4q6wVjxvw9TgefmGgrFZUNEeovIgFl1A+/l5pWqywGuqJ
hyg4xelOO0YpV5y65hgMhZDJOlBQPIAGfnUvtTcwckDj
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:43 2025 by rpki-client