Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/97be50-2ce6-4e2b-a3e7-1a6ac98ac6f9/1/Sf4JDKtmxmTCB0tTVfdGGPNzKJE.roa
File:                     Sf4JDKtmxmTCB0tTVfdGGPNzKJE.roa (raw, json)
Hash identifier:          TM/ueYP3efRi0gGmWlRzw9T+QccRhYDTBK2qLm6mLxw=
Subject key identifier:   49:FE:09:0C:AB:66:C6:64:C2:07:4B:53:55:F7:46:18:F3:73:28:91
Certificate issuer:       /CN=be3364bc38f75b18d6f6eef203209f71c2768d85
Certificate serial:       0198E12DAF2DFBE61AF1300BCBA2A7837CD7
Authority key identifier: BE:33:64:BC:38:F7:5B:18:D6:F6:EE:F2:03:20:9F:71:C2:76:8D:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vjNkvDj3WxjW9u7yAyCfccJ2jYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/97be50-2ce6-4e2b-a3e7-1a6ac98ac6f9/1/Sf4JDKtmxmTCB0tTVfdGGPNzKJE.roa
Signing time:             Mon 25 Aug 2025 12:22:04 +0000
ROA not before:           Mon 25 Aug 2025 12:22:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203203
IP address blocks:        185.179.84.0/22 maxlen: 22
                          185.179.84.0/24 maxlen: 24
                          185.179.85.0/24 maxlen: 24
                          185.179.86.0/24 maxlen: 24
                          185.179.87.0/24 maxlen: 24
                          185.232.228.0/22 maxlen: 24
                          2a0a:7e80::/29 maxlen: 29
                          2a0a:7e80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/97be50-2ce6-4e2b-a3e7-1a6ac98ac6f9/1/vjNkvDj3WxjW9u7yAyCfccJ2jYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/97be50-2ce6-4e2b-a3e7-1a6ac98ac6f9/1/vjNkvDj3WxjW9u7yAyCfccJ2jYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vjNkvDj3WxjW9u7yAyCfccJ2jYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e1:2d:af:2d:fb:e6:1a:f1:30:0b:cb:a2:a7:83:7c:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be3364bc38f75b18d6f6eef203209f71c2768d85
        Validity
            Not Before: Aug 25 12:22:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49fe090cab66c664c2074b5355f74618f3732891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b2:a0:54:10:41:0a:51:14:f5:4b:af:f5:3f:
                    5d:60:c3:a7:64:1d:57:4e:dd:3b:f1:17:0d:9d:b7:
                    ad:03:bb:d4:a7:52:8e:38:c7:5a:13:ba:7d:da:7d:
                    d4:78:91:25:ce:a9:2e:b3:f7:1d:1a:b1:ee:f1:a7:
                    e6:bb:a2:86:bf:40:d3:1e:e3:a2:41:a2:3f:db:c0:
                    ac:36:7e:95:4c:07:76:ec:38:c9:1e:66:e5:7a:e1:
                    ae:39:8d:21:32:33:38:09:34:fd:55:4c:f9:71:c1:
                    e7:20:7d:0b:50:a1:0e:d2:19:f2:a7:ce:a6:06:5d:
                    5d:9f:2f:b0:2a:92:96:bf:b5:b8:09:a9:86:e1:12:
                    24:e1:ad:24:71:1a:89:38:67:08:64:19:27:24:a1:
                    7e:4d:60:4a:4a:11:54:2b:29:ef:9d:33:c1:84:e8:
                    e3:11:cb:df:65:d2:54:c0:9e:2e:c1:de:01:65:23:
                    9b:01:62:74:a3:03:f9:1a:93:e8:b0:fc:94:03:13:
                    b3:f4:70:4a:e3:a3:40:f0:3a:94:70:68:a1:ec:6c:
                    5d:bd:c3:3e:2d:43:4b:b5:c1:42:99:7b:53:13:e9:
                    aa:c9:35:48:78:a5:8c:f2:39:05:4b:4a:43:95:47:
                    c5:a3:c3:ed:43:df:7a:f9:cc:63:e7:c3:8a:48:cb:
                    72:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:FE:09:0C:AB:66:C6:64:C2:07:4B:53:55:F7:46:18:F3:73:28:91
            X509v3 Authority Key Identifier:
                keyid:BE:33:64:BC:38:F7:5B:18:D6:F6:EE:F2:03:20:9F:71:C2:76:8D:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vjNkvDj3WxjW9u7yAyCfccJ2jYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/97be50-2ce6-4e2b-a3e7-1a6ac98ac6f9/1/Sf4JDKtmxmTCB0tTVfdGGPNzKJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/97be50-2ce6-4e2b-a3e7-1a6ac98ac6f9/1/vjNkvDj3WxjW9u7yAyCfccJ2jYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.84.0/22
                  185.232.228.0/22
                IPv6:
                  2a0a:7e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:07:ba:89:93:55:77:4e:50:83:9c:f5:7d:f3:8a:49:00:47:
         2a:af:95:69:7a:b9:cc:49:e2:1a:e8:cf:e2:dd:36:d2:7c:f1:
         e4:b5:72:5c:06:4f:44:10:25:9a:10:79:28:7e:16:23:95:90:
         99:65:97:63:59:36:1a:84:bd:6d:e6:00:e7:e3:6f:4b:f1:d0:
         fe:f7:1d:a1:ac:46:36:62:2a:80:06:e4:81:ba:6e:13:02:c8:
         2c:0d:8e:1c:a2:f4:a9:5e:c1:c5:b7:dd:0a:51:e7:d9:7a:42:
         64:19:0a:3b:90:e6:28:ec:46:9b:da:15:81:78:9d:84:cd:20:
         a0:1e:45:6e:fe:da:fb:98:a7:58:e7:4f:8e:de:d3:c5:1e:44:
         e3:08:72:45:0b:07:af:24:37:04:38:0e:59:da:1d:91:12:7c:
         d0:ad:64:f7:4c:68:65:3c:0d:43:fa:1b:59:26:fb:3d:2e:5b:
         de:ce:09:e4:c3:c2:aa:07:48:5d:65:21:a2:c7:9f:fe:d4:53:
         b8:5c:21:a5:df:4a:93:b7:3c:c6:9c:58:61:6b:6f:d0:92:14:
         a2:e2:5c:cf:ac:ba:b0:1a:63:fe:a8:e6:e7:d2:42:49:1c:a8:
         41:af:f0:fd:5d:7e:31:95:bc:92:6e:ba:f4:88:70:15:de:86:
         12:64:6f:b0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZjhLa8t++Ya8TALy6Kng3zXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlMzM2NGJjMzhmNzViMThkNmY2ZWVmMjAzMjA5ZjcxYzI3
NjhkODUwHhcNMjUwODI1MTIyMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWZlMDkwY2FiNjZjNjY0YzIwNzRiNTM1NWY3NDYxOGYzNzMyODkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrKgVBBBClEU9Uuv9T9dYMOnZB1X
Tt078RcNnbetA7vUp1KOOMdaE7p92n3UeJElzqkus/cdGrHu8afmu6KGv0DTHuOi
QaI/28CsNn6VTAd27DjJHmbleuGuOY0hMjM4CTT9VUz5ccHnIH0LUKEO0hnyp86m
Bl1dny+wKpKWv7W4CamG4RIk4a0kcRqJOGcIZBknJKF+TWBKShFUKynvnTPBhOjj
EcvfZdJUwJ4uwd4BZSObAWJ0owP5GpPosPyUAxOz9HBK46NA8DqUcGih7GxdvcM+
LUNLtcFCmXtTE+mqyTVIeKWM8jkFS0pDlUfFo8PtQ996+cxj58OKSMty+wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEn+CQyrZsZkwgdLU1X3RhjzcyiRMB8GA1UdIwQY
MBaAFL4zZLw491sY1vbu8gMgn3HCdo2FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmpOa3ZEajNXeGpXOXU3eUF5Q2ZjY0oyallVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy85N2JlNTAtMmNlNi00ZTJiLWEzZTct
MWE2YWM5OGFjNmY5LzEvU2Y0SkRLdG14bVRDQjB0VFZmZEdHUE56S0pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy85N2JlNTAtMmNlNi00ZTJiLWEzZTctMWE2YWM5OGFjNmY5
LzEvdmpOa3ZEajNXeGpXOXU3eUF5Q2ZjY0oyallVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCubNUAwQC
uejkMA0EAgACMAcDBQMqCn6AMA0GCSqGSIb3DQEBCwUAA4IBAQAFB7qJk1V3TlCD
nPV984pJAEcqr5VpernMSeIa6M/i3TbSfPHktXJcBk9EECWaEHkofhYjlZCZZZdj
WTYahL1t5gDn429L8dD+9x2hrEY2YiqABuSBum4TAsgsDY4covSpXsHFt90KUefZ
ekJkGQo7kOYo7Eab2hWBeJ2EzSCgHkVu/tr7mKdY50+O3tPFHkTjCHJFCwevJDcE
OA5Z2h2REnzQrWT3TGhlPA1D+htZJvs9Llvezgnkw8KqB0hdZSGix5/+1FO4XCGl
30qTtzzGnFhha2/QkhSi4lzPrLqwGmP+qObn0kJJHKhBr/D9XX4xlbySbrr0iHAV
3oYSZG+w
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:32:35 2025 by rpki-client