Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/n71Z9zO5i6A3MnYNwx7Uxb_OUGA.roa
File:                     n71Z9zO5i6A3MnYNwx7Uxb_OUGA.roa (raw, json)
Hash identifier:          CVGNrsSAJVnXCFxttiW1g0o49r+f3Le2U2M52m4z4p8=
Subject key identifier:   9F:BD:59:F7:33:B9:8B:A0:37:32:76:0D:C3:1E:D4:C5:BF:CE:50:60
Certificate issuer:       /CN=43ca7f3f65d2947af94f398bb3c7c9c320019084
Certificate serial:       0199CE33B07D578A7C424B49FC573B4C7840
Authority key identifier: 43:CA:7F:3F:65:D2:94:7A:F9:4F:39:8B:B3:C7:C9:C3:20:01:90:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/n71Z9zO5i6A3MnYNwx7Uxb_OUGA.roa
Signing time:             Fri 10 Oct 2025 12:58:37 +0000
ROA not before:           Fri 10 Oct 2025 12:58:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42093
IP address blocks:        146.19.214.0/24 maxlen: 24
                          178.251.24.0/21 maxlen: 21
                          185.10.156.0/22 maxlen: 24
                          185.10.158.0/24 maxlen: 24
                          185.218.224.0/24 maxlen: 24
                          195.22.100.0/22 maxlen: 22
                          195.253.241.0/24 maxlen: 24
                          2a00:1938::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:33:b0:7d:57:8a:7c:42:4b:49:fc:57:3b:4c:78:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43ca7f3f65d2947af94f398bb3c7c9c320019084
        Validity
            Not Before: Oct 10 12:58:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fbd59f733b98ba03732760dc31ed4c5bfce5060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5c:63:4b:34:c4:4f:27:d8:d8:81:f1:4e:1b:
                    d3:dc:b4:57:42:c9:34:77:78:b2:64:a7:76:b4:ae:
                    12:4c:bf:b2:56:04:c7:20:84:fa:0c:e3:72:14:06:
                    db:b6:24:31:65:20:26:98:92:46:f3:92:25:ab:26:
                    a3:49:a0:e7:6d:e8:bb:83:a0:89:de:1c:44:24:e9:
                    6a:fe:6c:3a:2f:f3:1f:70:f8:11:fc:b8:a3:fb:19:
                    1c:d6:62:90:0f:a7:ba:20:b9:2d:39:a3:51:7d:f1:
                    ae:93:bb:99:ab:eb:a1:94:bc:8d:09:56:c9:57:e1:
                    44:32:38:1a:0d:fb:c2:78:8d:c9:66:f1:35:fc:18:
                    f0:61:df:b7:74:90:a4:64:69:21:79:e0:4b:c6:89:
                    3f:a7:68:dc:da:4d:5e:a8:30:c7:3e:d5:45:6a:67:
                    b8:0f:74:21:75:ef:c6:96:ad:b9:08:b7:b3:84:bf:
                    48:19:17:6c:3c:28:ea:39:db:5f:ff:36:65:57:92:
                    a3:ee:d9:5d:5c:f2:e3:5d:57:4f:43:3d:06:e5:ab:
                    82:41:22:90:7c:5d:2a:cc:a1:a6:6f:1c:62:20:f3:
                    e1:b8:e1:e8:e5:d2:02:dc:d8:2e:4a:d7:41:3d:16:
                    ff:44:a7:e8:55:f6:fb:a5:58:18:83:8c:30:4c:27:
                    b2:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:BD:59:F7:33:B9:8B:A0:37:32:76:0D:C3:1E:D4:C5:BF:CE:50:60
            X509v3 Authority Key Identifier:
                keyid:43:CA:7F:3F:65:D2:94:7A:F9:4F:39:8B:B3:C7:C9:C3:20:01:90:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/n71Z9zO5i6A3MnYNwx7Uxb_OUGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.214.0/24
                  178.251.24.0/21
                  185.10.156.0/22
                  185.218.224.0/24
                  195.22.100.0/22
                  195.253.241.0/24
                IPv6:
                  2a00:1938::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:14:f5:08:36:33:eb:6c:86:e6:bb:e4:84:65:d2:06:0c:38:
         5d:69:6a:33:4a:ac:ec:da:d3:17:5d:00:8d:00:99:9b:f2:10:
         8b:32:c1:ab:e7:ef:00:a8:a0:d6:ca:24:59:2b:42:13:7a:e7:
         84:18:7f:12:67:30:79:04:6c:d4:59:4a:39:53:62:a1:4d:6e:
         81:62:a3:a8:1d:d6:1f:38:3b:f6:20:6c:2e:f3:a7:24:7b:e1:
         a4:df:40:89:9b:84:2c:c5:9b:e2:a6:33:0c:66:02:32:de:eb:
         ec:92:d7:13:0a:52:9b:5d:43:f0:c5:f8:44:21:ea:e2:75:4a:
         ed:f1:18:e9:04:7c:34:f5:22:73:45:15:88:c4:39:ae:89:e7:
         e8:26:d3:8e:4e:76:c1:90:c8:c4:51:09:39:78:b7:f9:31:ce:
         d8:2e:a9:bc:8d:bb:c2:76:62:b5:65:8c:56:36:6b:df:17:2a:
         fc:c5:c9:f0:62:91:3f:b4:70:66:e7:12:7f:3e:f7:c4:19:6d:
         ce:c6:22:0c:7e:06:f2:c7:05:a0:e5:b7:ec:d1:b4:bc:75:fc:
         ca:49:95:c0:cb:9b:e3:9e:b3:4c:86:f6:86:5d:62:b0:68:df:
         e1:5a:17:2d:2c:e5:51:e1:6e:87:5f:eb:94:69:bf:4d:6c:a3:
         52:8a:8e:63
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZnOM7B9V4p8QktJ/Fc7THhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzY2E3ZjNmNjVkMjk0N2FmOTRmMzk4YmIzYzdjOWMzMjAw
MTkwODQwHhcNMjUxMDEwMTI1ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmJkNTlmNzMzYjk4YmEwMzczMjc2MGRjMzFlZDRjNWJmY2U1MDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVxjSzTETyfY2IHxThvT3LRXQsk0
d3iyZKd2tK4STL+yVgTHIIT6DONyFAbbtiQxZSAmmJJG85IlqyajSaDnbei7g6CJ
3hxEJOlq/mw6L/MfcPgR/Lij+xkc1mKQD6e6ILktOaNRffGuk7uZq+uhlLyNCVbJ
V+FEMjgaDfvCeI3JZvE1/BjwYd+3dJCkZGkheeBLxok/p2jc2k1eqDDHPtVFame4
D3Qhde/Glq25CLezhL9IGRdsPCjqOdtf/zZlV5Kj7tldXPLjXVdPQz0G5auCQSKQ
fF0qzKGmbxxiIPPhuOHo5dIC3NguStdBPRb/RKfoVfb7pVgYg4wwTCeywwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFJ+9WfczuYugNzJ2DcMe1MW/zlBgMB8GA1UdIwQY
MBaAFEPKfz9l0pR6+U85i7PHycMgAZCEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThwX1AyWFNsSHI1VHptTHM4Zkp3eUFCa0lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9mNmNmNDQtNjZkMy00ZjBiLTgxMzIt
ZDUzODExZmJkN2IwLzEvbjcxWjl6TzVpNkEzTW5ZTnd4N1V4Yl9PVUdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9mNmNmNDQtNjZkMy00ZjBiLTgxMzItZDUzODExZmJkN2Iw
LzEvUThwX1AyWFNsSHI1VHptTHM4Zkp3eUFCa0lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAkhPWAwQD
svsYAwQCuQqcAwQAudrgAwQCwxZkAwQAw/3xMA0EAgACMAcDBQAqABk4MA0GCSqG
SIb3DQEBCwUAA4IBAQBZFPUINjPrbIbmu+SEZdIGDDhdaWozSqzs2tMXXQCNAJmb
8hCLMsGr5+8AqKDWyiRZK0ITeueEGH8SZzB5BGzUWUo5U2KhTW6BYqOoHdYfODv2
IGwu86cke+Gk30CJm4QsxZvipjMMZgIy3uvsktcTClKbXUPwxfhEIeridUrt8Rjp
BHw09SJzRRWIxDmuiefoJtOOTnbBkMjEUQk5eLf5Mc7YLqm8jbvCdmK1ZYxWNmvf
Fyr8xcnwYpE/tHBm5xJ/PvfEGW3OxiIMfgbyxwWg5bfs0bS8dfzKSZXAy5vjnrNM
hvaGXWKwaN/hWhctLOVR4W6HX+uUab9NbKNSio5j
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:35 2025 by rpki-client