Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/X3vNtvsomO27Kd2vA5pm18uPmdU.roa
File:                     X3vNtvsomO27Kd2vA5pm18uPmdU.roa (raw, json)
Hash identifier:          qr4mzjHU/2+nlh+IYLU51D2SlEL1XSnDydpL/wjE4BM=
Subject key identifier:   5F:7B:CD:B6:FB:28:98:ED:BB:29:DD:AF:03:9A:66:D7:CB:8F:99:D5
Certificate issuer:       /CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
Certificate serial:       019956E47043400492621E634ED0408B8CA0
Authority key identifier: D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/X3vNtvsomO27Kd2vA5pm18uPmdU.roa
Signing time:             Wed 17 Sep 2025 08:57:15 +0000
ROA not before:           Wed 17 Sep 2025 08:57:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58065
IP address blocks:        5.157.6.0/24 maxlen: 24
                          5.157.11.0/24 maxlen: 24
                          5.157.19.0/24 maxlen: 24
                          5.157.21.0/24 maxlen: 24
                          5.157.23.0/24 maxlen: 24
                          5.157.24.0/24 maxlen: 24
                          5.157.26.0/24 maxlen: 24
                          5.157.29.0/24 maxlen: 24
                          5.157.32.0/24 maxlen: 24
                          5.157.33.0/24 maxlen: 24
                          5.157.34.0/24 maxlen: 24
                          5.157.37.0/24 maxlen: 24
                          5.157.43.0/24 maxlen: 24
                          5.157.51.0/24 maxlen: 24
                          5.157.53.0/24 maxlen: 24
                          5.157.55.0/24 maxlen: 24
                          5.157.57.0/24 maxlen: 24
                          23.92.115.0/24 maxlen: 24
                          23.92.116.0/24 maxlen: 24
                          23.92.126.0/24 maxlen: 24
                          37.72.186.0/24 maxlen: 24
                          104.160.3.0/24 maxlen: 24
                          104.160.11.0/24 maxlen: 24
                          104.160.16.0/24 maxlen: 24
                          104.160.17.0/24 maxlen: 24
                          107.150.64.0/24 maxlen: 24
                          107.150.65.0/24 maxlen: 24
                          107.150.67.0/24 maxlen: 24
                          107.150.69.0/24 maxlen: 24
                          107.150.70.0/24 maxlen: 24
                          107.150.71.0/24 maxlen: 24
                          107.150.88.0/24 maxlen: 24
                          107.150.89.0/24 maxlen: 24
                          107.150.90.0/24 maxlen: 24
                          107.150.91.0/24 maxlen: 24
                          130.185.153.0/24 maxlen: 24
                          151.237.188.0/24 maxlen: 24
                          162.212.168.0/24 maxlen: 24
                          162.212.169.0/24 maxlen: 24
                          162.212.170.0/24 maxlen: 24
                          162.212.171.0/24 maxlen: 24
                          162.212.172.0/24 maxlen: 24
                          162.212.173.0/24 maxlen: 24
                          162.212.174.0/24 maxlen: 24
                          162.212.175.0/24 maxlen: 24
                          2a02:5740:4::/48 maxlen: 48
                          2a02:5740:9::/48 maxlen: 48
                          2a02:5740:14::/48 maxlen: 48
                          2a02:5740:24::/48 maxlen: 48
                          2a02:5740:26::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:56:e4:70:43:40:04:92:62:1e:63:4e:d0:40:8b:8c:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
        Validity
            Not Before: Sep 17 08:57:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f7bcdb6fb2898edbb29ddaf039a66d7cb8f99d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:67:64:18:05:0f:37:7b:de:fe:bf:9a:89:53:
                    42:33:ce:cf:90:ca:4c:18:47:5a:c5:3d:d8:15:9d:
                    31:42:2e:d4:45:13:f4:ca:37:db:73:22:48:5c:0c:
                    ac:5c:6e:09:34:66:01:69:72:1e:45:d5:86:5b:35:
                    76:c6:1f:83:e6:2b:a4:3f:b5:37:3e:02:70:22:33:
                    f0:69:ee:9c:a9:53:4f:51:6f:36:39:b7:34:94:3f:
                    72:9b:2e:8d:1b:63:90:ed:34:92:3f:02:3d:e2:ef:
                    36:5b:1d:bb:36:4e:94:d3:81:70:44:79:b9:a1:8b:
                    f9:8e:12:ba:db:36:65:15:df:6e:be:aa:f2:04:41:
                    bb:6f:a4:7d:f3:08:a7:83:1c:e2:4f:f7:85:1a:2d:
                    85:4b:16:b6:98:9e:ec:57:33:bf:ec:3d:88:08:0d:
                    16:73:45:6c:20:2a:37:1d:f0:12:0e:cf:0b:8f:8c:
                    e8:60:6e:91:37:7a:48:ff:15:f5:27:1c:e8:fe:1a:
                    7b:d2:90:fe:6a:1c:9e:de:4c:8f:5f:f8:0d:45:19:
                    9c:50:cf:3a:38:6d:77:78:12:7c:62:fa:6a:ec:e3:
                    25:5a:16:50:73:df:93:bc:7c:35:9d:b7:2b:31:11:
                    03:11:26:93:5a:01:02:18:1c:aa:d6:98:1c:ff:9e:
                    19:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:7B:CD:B6:FB:28:98:ED:BB:29:DD:AF:03:9A:66:D7:CB:8F:99:D5
            X509v3 Authority Key Identifier:
                keyid:D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/X3vNtvsomO27Kd2vA5pm18uPmdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.157.6.0/24
                  5.157.11.0/24
                  5.157.19.0/24
                  5.157.21.0/24
                  5.157.23.0-5.157.24.255
                  5.157.26.0/24
                  5.157.29.0/24
                  5.157.32.0-5.157.34.255
                  5.157.37.0/24
                  5.157.43.0/24
                  5.157.51.0/24
                  5.157.53.0/24
                  5.157.55.0/24
                  5.157.57.0/24
                  23.92.115.0-23.92.116.255
                  23.92.126.0/24
                  37.72.186.0/24
                  104.160.3.0/24
                  104.160.11.0/24
                  104.160.16.0/23
                  107.150.64.0/23
                  107.150.67.0/24
                  107.150.69.0-107.150.71.255
                  107.150.88.0/22
                  130.185.153.0/24
                  151.237.188.0/24
                  162.212.168.0/21
                IPv6:
                  2a02:5740:4::/48
                  2a02:5740:9::/48
                  2a02:5740:14::/48
                  2a02:5740:24::/48
                  2a02:5740:26::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:8b:c3:f0:25:e1:86:91:24:ad:79:4f:25:7e:89:62:b2:e2:
         77:b4:db:5a:0c:05:94:4a:f9:0b:f9:88:c0:0b:6c:2e:7a:f0:
         b7:67:ff:ca:b1:57:7a:60:bc:7e:38:37:af:97:ce:6f:da:4a:
         9f:04:a5:00:01:30:a1:8b:fc:47:6f:29:df:c4:7a:cf:ff:6b:
         a3:c2:31:73:07:5c:bc:b5:1d:c0:7a:68:36:d4:b8:43:f5:f0:
         e0:b0:64:18:b4:04:4c:46:f3:42:09:c2:0d:2d:31:89:8f:a4:
         30:5d:f0:6c:96:61:82:4d:20:04:88:87:e0:f5:ad:c9:df:e9:
         16:38:a6:d5:f1:2b:22:ae:75:61:ef:ec:29:89:b5:e7:a7:ca:
         83:c1:6e:55:f7:2a:e6:d5:94:13:6f:af:d8:9e:23:c2:d4:c4:
         76:94:d0:03:be:e1:a4:8a:d5:92:1f:d4:b2:40:17:a7:29:a2:
         9f:b3:16:9c:15:24:07:49:d0:a6:97:21:e2:47:cb:90:96:24:
         5d:ed:da:3f:65:bf:d4:d6:c7:db:38:ea:aa:92:a1:41:9a:73:
         1d:1f:25:b9:4f:b5:f8:41:68:78:87:61:6d:dd:57:03:ea:19:
         1e:2e:a4:9f:6d:2b:7d:7b:cc:84:8b:2b:b9:d4:7a:47:1e:7e:
         6c:d2:12:c1
-----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgISAZlW5HBDQASSYh5jTtBAi4ygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MmNiNDNjYTNjMGM1NzgxNmNlZTM2MDQ3OGQwY2Y4ODIy
MDdmZDIwHhcNMjUwOTE3MDg1NzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjdiY2RiNmZiMjg5OGVkYmIyOWRkYWYwMzlhNjZkN2NiOGY5OWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2dkGAUPN3ve/r+aiVNCM87PkMpM
GEdaxT3YFZ0xQi7URRP0yjfbcyJIXAysXG4JNGYBaXIeRdWGWzV2xh+D5iukP7U3
PgJwIjPwae6cqVNPUW82Obc0lD9ymy6NG2OQ7TSSPwI94u82Wx27Nk6U04FwRHm5
oYv5jhK62zZlFd9uvqryBEG7b6R98wingxziT/eFGi2FSxa2mJ7sVzO/7D2ICA0W
c0VsICo3HfASDs8Lj4zoYG6RN3pI/xX1Jxzo/hp70pD+ahye3kyPX/gNRRmcUM86
OG13eBJ8Yvpq7OMlWhZQc9+TvHw1nbcrMREDESaTWgECGByq1pgc/54ZvwIDAQAB
o4IDAjCCAv4wHQYDVR0OBBYEFF97zbb7KJjtuyndrwOaZtfLj5nVMB8GA1UdIwQY
MBaAFNgstDyjwMV4Fs7jYEeNDPiCIH/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAt
MTVmMTNlM2Y3ZDg1LzEvWDN2TnR2c29tTzI3S2QydkE1cG0xOHVQbWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAtMTVmMTNlM2Y3ZDg1
LzEvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBFgYIKwYBBQUHAQcBAf8EggEFMIIBATCByQQCAAEwgcID
BAAFnQYDBAAFnQsDBAAFnRMDBAAFnRUwDAMEAAWdFwMEAAWdGAMEAAWdGgMEAAWd
HTAMAwQFBZ0gAwQABZ0iAwQABZ0lAwQABZ0rAwQABZ0zAwQABZ01AwQABZ03AwQA
BZ05MAwDBAAXXHMDBAAXXHQDBAAXXH4DBAAlSLoDBABooAMDBABooAsDBAFooBAD
BAFrlkADBABrlkMwDAMEAGuWRQMEA2uWQAMEAmuWWAMEAIK5mQMEAJftvAMEA6LU
qDAzBAIAAjAtAwcAKgJXQAAEAwcAKgJXQAAJAwcAKgJXQAAUAwcAKgJXQAAkAwcA
KgJXQAAmMA0GCSqGSIb3DQEBCwUAA4IBAQACi8PwJeGGkSSteU8lfolisuJ3tNta
DAWUSvkL+YjAC2wuevC3Z//KsVd6YLx+ODevl85v2kqfBKUAATChi/xHbynfxHrP
/2ujwjFzB1y8tR3Aemg21LhD9fDgsGQYtARMRvNCCcINLTGJj6QwXfBslmGCTSAE
iIfg9a3J3+kWOKbV8SsirnVh7+wpibXnp8qDwW5V9yrm1ZQTb6/YniPC1MR2lNAD
vuGkitWSH9SyQBenKaKfsxacFSQHSdCmlyHiR8uQliRd7do/Zb/U1sfbOOqqkqFB
mnMdHyW5T7X4QWh4h2Ft3VcD6hkeLqSfbSt9e8yEiyu51HpHHn5s0hLB
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:29:26 2025 by rpki-client