Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/TEJEbJfLCSRRss_K_5H5CYFaiCg.roa
File:                     TEJEbJfLCSRRss_K_5H5CYFaiCg.roa (raw, json)
Hash identifier:          M75oi001sE7d1H5/CUbAVgDs1DNoW5yTIFB3xJzgE24=
Subject key identifier:   4C:42:44:6C:97:CB:09:24:51:B2:CF:CA:FF:91:F9:09:81:5A:88:28
Certificate issuer:       /CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
Certificate serial:       01992973E06B3F4D038A93607902B821B771
Authority key identifier: D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/TEJEbJfLCSRRss_K_5H5CYFaiCg.roa
Signing time:             Mon 08 Sep 2025 13:11:23 +0000
ROA not before:           Mon 08 Sep 2025 13:11:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216127
IP address blocks:        93.185.156.0/24 maxlen: 24
                          93.185.158.0/24 maxlen: 24
                          93.185.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:29:73:e0:6b:3f:4d:03:8a:93:60:79:02:b8:21:b7:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
        Validity
            Not Before: Sep  8 13:11:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c42446c97cb092451b2cfcaff91f909815a8828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:09:d8:44:bd:e9:9b:a0:f8:33:e8:ec:82:91:
                    10:6e:15:86:c6:ca:8f:d9:90:bf:21:14:f2:25:2a:
                    c0:67:1e:70:cd:0a:04:b4:1b:6d:8e:4a:87:f2:9e:
                    18:4f:ef:b3:c5:8d:73:da:6a:8c:b1:4f:28:ff:b0:
                    e4:d8:ef:54:70:6e:76:b1:67:8b:70:22:75:29:7e:
                    39:56:ec:dd:b6:28:e5:44:e4:9c:51:a1:fe:74:13:
                    40:4c:34:cb:38:62:40:06:16:a9:1a:16:f2:93:8a:
                    12:b4:5d:46:a0:9d:69:72:9e:a7:90:6d:33:6a:04:
                    a3:29:a9:03:b4:73:93:c7:6d:6d:d2:bc:df:1d:b0:
                    db:e9:69:8a:00:28:66:f4:af:7b:8a:33:5d:01:03:
                    0b:84:ee:c7:59:38:cb:d6:a8:16:21:aa:a5:00:93:
                    03:d5:75:72:bc:5e:fb:c9:6b:69:ed:3f:dd:9a:95:
                    a1:4e:30:83:53:a7:21:eb:6a:ea:07:39:48:e0:52:
                    1a:32:3f:df:95:39:15:ef:db:c4:e3:16:61:04:7c:
                    29:83:af:26:e7:ff:87:8a:73:94:3d:61:44:82:fa:
                    07:c2:eb:e8:b9:c2:64:f8:66:a4:36:35:e1:c7:cf:
                    7d:6a:78:eb:ca:f1:9a:16:11:5d:30:ab:d2:a2:68:
                    03:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:42:44:6C:97:CB:09:24:51:B2:CF:CA:FF:91:F9:09:81:5A:88:28
            X509v3 Authority Key Identifier:
                keyid:D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/TEJEbJfLCSRRss_K_5H5CYFaiCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.156.0/24
                  93.185.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:ec:85:0b:31:b4:e1:b2:72:9a:34:9d:e3:d1:17:65:5b:7c:
         32:95:62:d8:49:59:50:c3:c7:95:1f:7b:3b:24:64:18:a2:38:
         9c:0c:92:75:10:47:a2:93:6a:81:3b:e8:75:09:68:48:23:52:
         37:ff:3b:ab:da:3f:59:dd:c5:59:c0:1d:9b:ce:17:4b:b8:9f:
         56:6e:19:1b:9b:94:c6:3e:57:a1:ac:65:49:5f:0d:a9:9d:06:
         3b:15:6c:77:bd:b2:d8:12:1d:2d:7b:09:5b:a2:2b:32:fd:44:
         94:02:ff:26:93:1e:9d:46:4a:30:f0:08:cd:60:90:71:f3:65:
         04:f4:c2:54:7b:d9:c1:24:2b:3e:5f:bc:c0:f6:12:3e:a0:e8:
         d9:b2:03:ea:47:68:c6:6b:db:ce:1e:39:dc:f2:fb:41:32:0d:
         ba:92:56:f0:c6:3e:17:cd:13:2c:5b:05:d2:98:bf:a0:46:ec:
         78:8f:3a:42:84:73:cf:16:36:7a:8c:08:6e:77:e6:88:88:36:
         54:aa:9e:29:3e:ea:a0:73:95:35:61:8c:9a:44:92:cd:91:64:
         16:75:f6:52:ca:d4:6b:07:ee:d4:be:73:d4:a1:1d:37:38:77:
         10:2f:99:01:de:b6:96:bf:df:c3:a7:0b:51:f5:18:78:31:6f:
         f2:0c:3a:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkpc+BrP00DipNgeQK4IbdxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZTk3MDMzYTM2YWE5YmNjMGMyZjE2N2U2MjBkN2NhMTQ5
M2NiZWEwHhcNMjUwOTA4MTMxMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzQyNDQ2Yzk3Y2IwOTI0NTFiMmNmY2FmZjkxZjkwOTgxNWE4ODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgnYRL3pm6D4M+jsgpEQbhWGxsqP
2ZC/IRTyJSrAZx5wzQoEtBttjkqH8p4YT++zxY1z2mqMsU8o/7Dk2O9UcG52sWeL
cCJ1KX45VuzdtijlROScUaH+dBNATDTLOGJABhapGhbyk4oStF1GoJ1pcp6nkG0z
agSjKakDtHOTx21t0rzfHbDb6WmKAChm9K97ijNdAQMLhO7HWTjL1qgWIaqlAJMD
1XVyvF77yWtp7T/dmpWhTjCDU6ch62rqBzlI4FIaMj/flTkV79vE4xZhBHwpg68m
5/+HinOUPWFEgvoHwuvoucJk+GakNjXhx899anjryvGaFhFdMKvSomgDMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFExCRGyXywkkUbLPyv+R+QmBWogoMB8GA1UdIwQY
MBaAFNPpcDOjaqm8wMLxZ+Yg18oUk8vqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMt
ZGJmOWQ0MWYxNzk4LzEvVEVKRWJKZkxDU1JSc3NfS181SDVDWUZhaUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMtZGJmOWQ0MWYxNzk4
LzEvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXbmcAwQB
XbmeMA0GCSqGSIb3DQEBCwUAA4IBAQAR7IULMbThsnKaNJ3j0RdlW3wylWLYSVlQ
w8eVH3s7JGQYojicDJJ1EEeik2qBO+h1CWhII1I3/zur2j9Z3cVZwB2bzhdLuJ9W
bhkbm5TGPlehrGVJXw2pnQY7FWx3vbLYEh0tewlboisy/USUAv8mkx6dRkow8AjN
YJBx82UE9MJUe9nBJCs+X7zA9hI+oOjZsgPqR2jGa9vOHjnc8vtBMg26klbwxj4X
zRMsWwXSmL+gRux4jzpChHPPFjZ6jAhud+aIiDZUqp4pPuqgc5U1YYyaRJLNkWQW
dfZSytRrB+7UvnPUoR03OHcQL5kB3raWv9/DpwtR9Rh4MW/yDDrO
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:32:36 2025 by rpki-client