Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/9AIi77eyMXYQqzkZbks1-lSoIwE.roa
File:                     9AIi77eyMXYQqzkZbks1-lSoIwE.roa (raw, json)
Hash identifier:          94Rm67YhF7MhSltT1b4XxhfF3ZfgArDzkeJDqYpfyew=
Subject key identifier:   F4:02:22:EF:B7:B2:31:76:10:AB:39:19:6E:4B:35:FA:54:A8:23:01
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0199DBC61E075DE593D7A2634B5100ED7AAD
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/9AIi77eyMXYQqzkZbks1-lSoIwE.roa
Signing time:             Mon 13 Oct 2025 04:13:38 +0000
ROA not before:           Mon 13 Oct 2025 04:13:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        89.34.106.0/24 maxlen: 24
                          93.114.183.0/24 maxlen: 24
                          93.115.106.0/24 maxlen: 24
                          94.177.106.0/24 maxlen: 24
                          103.73.35.0/24 maxlen: 24
                          193.124.36.0/24 maxlen: 24
                          193.124.80.0/24 maxlen: 24
                          194.58.47.0/24 maxlen: 24
                          212.192.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:db:c6:1e:07:5d:e5:93:d7:a2:63:4b:51:00:ed:7a:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Oct 13 04:13:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f40222efb7b2317610ab39196e4b35fa54a82301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:0b:39:23:63:da:db:56:e7:5c:f2:70:1e:4a:
                    1e:74:23:59:fb:fe:ff:04:d4:3c:27:f8:4e:c3:c8:
                    b5:3e:5c:74:13:a5:a0:17:3d:ba:e4:ed:6e:51:b6:
                    39:ea:ef:5d:48:fd:8a:aa:c2:88:30:48:58:bf:4c:
                    37:c9:02:f8:e8:54:09:02:85:ed:65:4f:18:2f:23:
                    d0:eb:b6:33:25:ea:7e:e5:92:79:0e:36:1b:6b:cc:
                    62:63:d3:d1:e5:29:e4:cd:42:d2:09:4a:70:7c:04:
                    93:39:a3:4f:9c:f9:9c:84:ac:bb:89:85:8d:1a:ed:
                    b9:94:97:d3:ef:80:a9:b7:e6:ee:3a:02:d9:0f:dc:
                    f3:dc:86:4f:f2:dc:6a:5b:d3:e9:17:66:75:e8:07:
                    38:e1:72:26:2a:7a:0e:a7:2e:3d:19:14:32:4e:69:
                    3c:fa:ed:7f:08:e9:54:de:d7:61:cf:2a:2d:21:3d:
                    14:b0:4d:50:ad:30:90:d4:42:95:1b:37:92:dc:c0:
                    62:e1:6a:ea:9b:0b:71:90:70:8c:8b:7c:41:b0:b1:
                    a4:c1:10:f4:90:a3:9a:d3:59:f0:ea:4e:5d:50:7a:
                    0a:eb:65:da:02:53:22:8f:ed:f1:13:e8:2a:1e:13:
                    1f:55:31:44:95:e3:4e:39:ce:63:61:4a:26:64:2e:
                    f2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:02:22:EF:B7:B2:31:76:10:AB:39:19:6E:4B:35:FA:54:A8:23:01
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/9AIi77eyMXYQqzkZbks1-lSoIwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.106.0/24
                  93.114.183.0/24
                  93.115.106.0/24
                  94.177.106.0/24
                  103.73.35.0/24
                  193.124.36.0/24
                  193.124.80.0/24
                  194.58.47.0/24
                  212.192.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:fa:c4:8a:4f:98:5a:20:37:e3:ad:dc:79:da:66:54:fd:cf:
         f2:32:a6:d8:da:b8:12:b7:f6:76:16:2a:cc:ca:89:ca:bb:b2:
         0f:7f:6d:57:97:66:06:b4:f8:18:ed:af:60:95:50:db:12:23:
         af:d1:51:bf:17:a0:e8:cf:94:12:37:38:e2:4b:e5:6e:90:8d:
         c7:9d:be:61:84:dc:91:c9:3b:1a:56:45:b3:98:36:e9:36:ba:
         04:82:0e:9f:d6:cf:ff:77:d3:fc:1f:22:8a:58:a2:59:6b:6d:
         eb:f5:d3:8f:81:02:a4:ce:78:b0:2a:e9:c7:e2:56:17:31:69:
         01:73:7e:f3:6f:e1:88:33:f0:e2:54:47:62:93:24:4a:55:41:
         af:f3:80:ca:b1:3e:c7:c5:ec:40:b3:57:c7:e9:1b:85:af:f1:
         45:cc:3c:74:45:13:4f:3e:60:ff:49:13:fb:f4:58:ca:b8:45:
         38:59:b9:1f:2e:1e:39:89:bf:7c:2d:1c:6a:e7:91:bb:ff:40:
         0e:e5:0d:09:25:5d:fe:a4:eb:2d:bf:ac:d4:2a:fe:6f:5e:34:
         d1:81:49:3f:f1:08:d7:2d:55:a6:89:6e:d0:2d:39:07:11:d6:
         57:17:88:10:9a:ae:79:42:dd:5f:bb:36:12:fb:6e:fa:5c:61:
         95:d3:28:42
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZnbxh4HXeWT16JjS1EA7XqtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUxMDEzMDQxMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDAyMjJlZmI3YjIzMTc2MTBhYjM5MTk2ZTRiMzVmYTU0YTgyMzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8gs5I2Pa21bnXPJwHkoedCNZ+/7/
BNQ8J/hOw8i1Plx0E6WgFz265O1uUbY56u9dSP2KqsKIMEhYv0w3yQL46FQJAoXt
ZU8YLyPQ67YzJep+5ZJ5DjYba8xiY9PR5SnkzULSCUpwfASTOaNPnPmchKy7iYWN
Gu25lJfT74Cpt+buOgLZD9zz3IZP8txqW9PpF2Z16Ac44XImKnoOpy49GRQyTmk8
+u1/COlU3tdhzyotIT0UsE1QrTCQ1EKVGzeS3MBi4WrqmwtxkHCMi3xBsLGkwRD0
kKOa01nw6k5dUHoK62XaAlMij+3xE+gqHhMfVTFEleNOOc5jYUomZC7yzQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFPQCIu+3sjF2EKs5GW5LNfpUqCMBMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvOUFJaTc3ZXlNWFlRcXprWmJrczEtbFNvSXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAWSJqAwQA
XXK3AwQAXXNqAwQAXrFqAwQAZ0kjAwQAwXwkAwQAwXxQAwQAwjovAwQA1MALMA0G
CSqGSIb3DQEBCwUAA4IBAQAk+sSKT5haIDfjrdx52mZU/c/yMqbY2rgSt/Z2FirM
yonKu7IPf21Xl2YGtPgY7a9glVDbEiOv0VG/F6Doz5QSNzjiS+VukI3Hnb5hhNyR
yTsaVkWzmDbpNroEgg6f1s//d9P8HyKKWKJZa23r9dOPgQKkzniwKunH4lYXMWkB
c37zb+GIM/DiVEdikyRKVUGv84DKsT7HxexAs1fH6RuFr/FFzDx0RRNPPmD/SRP7
9FjKuEU4WbkfLh45ib98LRxq55G7/0AO5Q0JJV3+pOstv6zUKv5vXjTRgUk/8QjX
LVWmiW7QLTkHEdZXF4gQmq55Qt1fuzYS+276XGGV0yhC
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:43 2025 by rpki-client