Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/H109jlzd5dNNOIfkYbAwwFJJZN0.roa
File:                     H109jlzd5dNNOIfkYbAwwFJJZN0.roa (raw, json)
Hash identifier:          ZhvWm3NOjRuzNitstoFh8mEhbT+uxvntuHI8shcAFb0=
Subject key identifier:   1F:5D:3D:8E:5C:DD:E5:D3:4D:38:87:E4:61:B0:30:C0:52:49:64:DD
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019999129616A2C2CFFBAAB3D1CA2E43B1DB
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/H109jlzd5dNNOIfkYbAwwFJJZN0.roa
Signing time:             Tue 30 Sep 2025 05:22:35 +0000
ROA not before:           Tue 30 Sep 2025 05:22:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38008
IP address blocks:        45.146.242.0/23 maxlen: 24
                          89.251.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:99:12:96:16:a2:c2:cf:fb:aa:b3:d1:ca:2e:43:b1:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Sep 30 05:22:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f5d3d8e5cdde5d34d3887e461b030c0524964dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e3:98:a8:a6:34:db:7a:ee:30:11:14:b4:f0:
                    7c:fb:68:11:29:15:14:9d:f0:cc:ee:6a:c7:25:fd:
                    70:9d:43:5f:9b:ac:82:f7:31:87:5b:29:22:9a:06:
                    a3:39:8b:92:b9:1c:42:f0:18:36:5e:8f:0f:28:69:
                    7d:bf:c3:3e:2b:77:44:d8:bf:04:c9:a1:02:a8:19:
                    fe:86:e1:f4:e8:e4:c8:8d:3b:56:3b:a2:10:41:52:
                    dc:8f:4d:28:97:a8:dd:ec:a0:91:67:67:ee:c0:23:
                    5e:15:c2:1d:42:62:d3:45:0b:f9:6a:96:d1:62:bd:
                    e2:39:7a:6d:96:20:4d:cb:f5:5b:68:3b:f6:87:08:
                    1f:61:07:7d:fc:6d:50:f2:2d:03:56:5b:f5:61:78:
                    f3:b5:7b:ab:13:d1:e6:7c:46:1a:b3:a8:71:62:98:
                    24:0f:49:f1:4f:e3:cf:bf:66:52:89:48:64:87:f1:
                    cb:8b:ba:cb:39:81:24:e4:7f:ce:4d:10:05:7e:23:
                    20:22:1a:cf:00:41:12:39:5a:8a:a4:e6:c9:95:36:
                    82:e7:87:00:88:44:ff:ef:40:3b:1f:21:57:a0:f2:
                    80:71:99:77:ea:3f:f5:fc:55:f1:10:22:4e:a7:23:
                    f7:f7:40:0e:3a:58:0a:64:89:e4:2b:2f:4f:91:69:
                    cb:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:5D:3D:8E:5C:DD:E5:D3:4D:38:87:E4:61:B0:30:C0:52:49:64:DD
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/H109jlzd5dNNOIfkYbAwwFJJZN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.242.0/23
                  89.251.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:32:1d:e8:be:b9:a4:cb:9e:4b:4d:59:08:2d:30:4f:ea:f2:
         9c:d0:83:b6:c3:5b:99:49:5f:3d:9f:62:07:55:b2:e7:89:1c:
         f0:1a:38:44:e4:69:74:15:45:9c:db:04:99:d4:23:28:d3:86:
         e9:4a:f4:39:e4:cc:42:be:ea:d6:a1:85:35:21:f5:35:56:07:
         5b:5f:88:b0:d0:e9:9d:c2:e3:b3:68:8b:8a:e1:7c:a0:aa:86:
         3a:25:2a:71:ed:5c:69:db:20:1e:eb:15:84:48:08:b7:13:3f:
         94:46:63:f4:f2:5e:e6:60:99:ed:42:5d:f5:a7:d0:72:96:da:
         11:db:0e:ae:1c:e8:00:aa:fe:8c:15:65:0c:d1:21:f1:17:a8:
         5e:62:c2:2c:75:14:9a:54:19:14:33:a0:54:42:44:44:18:39:
         e6:65:65:56:c2:fa:d0:d4:64:8b:2e:4a:c6:5e:4b:9c:78:ea:
         7a:f2:34:8c:26:45:bc:e1:02:e6:e4:58:fb:ed:74:c5:60:9a:
         06:55:1d:51:e2:57:2e:f7:63:aa:01:3e:8c:70:c9:22:75:82:
         7b:eb:e8:94:c4:57:c0:5c:76:7e:11:28:db:3b:52:db:5a:87:
         c3:6c:5e:85:8a:e6:f1:57:96:01:4a:1f:61:79:19:14:8f:f7:
         80:93:88:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmZEpYWosLP+6qz0couQ7HbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwOTMwMDUyMjM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjVkM2Q4ZTVjZGRlNWQzNGQzODg3ZTQ2MWIwMzBjMDUyNDk2NGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOOYqKY023ruMBEUtPB8+2gRKRUU
nfDM7mrHJf1wnUNfm6yC9zGHWykimgajOYuSuRxC8Bg2Xo8PKGl9v8M+K3dE2L8E
yaECqBn+huH06OTIjTtWO6IQQVLcj00ol6jd7KCRZ2fuwCNeFcIdQmLTRQv5apbR
Yr3iOXptliBNy/VbaDv2hwgfYQd9/G1Q8i0DVlv1YXjztXurE9HmfEYas6hxYpgk
D0nxT+PPv2ZSiUhkh/HLi7rLOYEk5H/OTRAFfiMgIhrPAEESOVqKpObJlTaC54cA
iET/70A7HyFXoPKAcZl36j/1/FXxECJOpyP390AOOlgKZInkKy9PkWnLqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB9dPY5c3eXTTTiH5GGwMMBSSWTdMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvSDEwOWpsemQ1ZE5OT0lma1liQXd3RkpKWk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZLyAwQA
WfsLMA0GCSqGSIb3DQEBCwUAA4IBAQBMMh3ovrmky55LTVkILTBP6vKc0IO2w1uZ
SV89n2IHVbLniRzwGjhE5Gl0FUWc2wSZ1CMo04bpSvQ55MxCvurWoYU1IfU1Vgdb
X4iw0OmdwuOzaIuK4XygqoY6JSpx7Vxp2yAe6xWESAi3Ez+URmP08l7mYJntQl31
p9ByltoR2w6uHOgAqv6MFWUM0SHxF6heYsIsdRSaVBkUM6BUQkREGDnmZWVWwvrQ
1GSLLkrGXkuceOp68jSMJkW84QLm5Fj77XTFYJoGVR1R4lcu92OqAT6McMkidYJ7
6+iUxFfAXHZ+ESjbO1LbWofDbF6FiubxV5YBSh9heRkUj/eAk4it
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:12 2025 by rpki-client