Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/izCpFo4CWb69uwm1dLOVZkhDEOY.roa
File:                     izCpFo4CWb69uwm1dLOVZkhDEOY.roa (raw, json)
Hash identifier:          CP3hv66fB1ICf0JmvROxHKSLTXS8CrF7FPdoFfZ8Xnk=
Subject key identifier:   8B:30:A9:16:8E:02:59:BE:BD:BB:09:B5:74:B3:95:66:48:43:10:E6
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0199C1376A351D27EEB6069F872E5B8A2AC3
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/izCpFo4CWb69uwm1dLOVZkhDEOY.roa
Signing time:             Wed 08 Oct 2025 00:27:38 +0000
ROA not before:           Wed 08 Oct 2025 00:27:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62048
IP address blocks:        45.86.87.0/24 maxlen: 24
                          188.253.1.0/24 maxlen: 24
                          188.253.2.0/24 maxlen: 24
                          188.253.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c1:37:6a:35:1d:27:ee:b6:06:9f:87:2e:5b:8a:2a:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Oct  8 00:27:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b30a9168e0259bebdbb09b574b39566484310e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1d:14:8f:c8:16:ca:cf:13:87:1f:fa:8c:35:
                    21:9f:c8:fe:23:ff:a6:af:73:6e:46:5a:0f:3d:a8:
                    fc:09:bd:93:95:de:19:bb:56:ec:cc:64:c8:37:e1:
                    0a:49:25:f4:1a:2c:a5:f4:b3:15:e5:c8:81:b2:af:
                    3a:b1:11:dc:c6:d2:56:b7:76:39:ad:d7:4a:7f:42:
                    76:49:dc:1b:e2:83:09:87:76:27:fd:d3:7f:04:51:
                    da:44:97:11:58:ae:0a:69:e7:4b:87:66:08:8b:5c:
                    02:fe:76:4d:55:d6:7e:82:9c:f8:91:7d:a2:3a:cf:
                    76:b5:e2:fe:4e:70:e4:15:62:ed:37:a7:3e:44:a3:
                    d8:8d:31:eb:1c:b5:5d:53:2a:a1:c3:94:74:a8:87:
                    d1:1b:ce:c4:4a:a0:d7:c4:a0:dc:18:75:15:71:f4:
                    71:ad:0b:5d:20:d2:1c:b6:8f:10:02:30:bf:d2:28:
                    a4:b1:4a:35:23:85:33:a9:79:85:27:28:08:35:4e:
                    53:da:73:0e:70:e6:5d:19:2f:e4:95:07:52:a1:0b:
                    aa:65:d0:c9:ba:3d:d4:38:94:b9:ca:c3:56:7f:3f:
                    52:8e:12:5c:ab:ed:b0:64:9c:6f:24:12:66:9b:6f:
                    b7:3f:c1:ab:cb:09:64:a2:45:f3:8a:8b:1a:c8:b4:
                    5e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:30:A9:16:8E:02:59:BE:BD:BB:09:B5:74:B3:95:66:48:43:10:E6
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/izCpFo4CWb69uwm1dLOVZkhDEOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.87.0/24
                  188.253.1.0-188.253.3.255

    Signature Algorithm: sha256WithRSAEncryption
         08:d4:89:04:06:df:cc:7a:b2:bf:91:77:48:78:bd:dc:cd:f0:
         a6:e5:a2:9e:6f:ff:05:28:73:0b:3d:7a:8e:f9:fa:f0:c0:5a:
         df:62:96:fe:42:35:18:92:62:2e:d8:3a:d5:32:b1:58:2f:6f:
         01:5a:03:28:44:9d:59:da:6d:7b:53:ce:f4:2b:9a:f7:8b:14:
         b6:fb:b7:e2:90:bc:09:4c:18:cd:d8:16:28:99:f2:97:39:b4:
         d4:be:e8:a9:b0:6f:59:2e:a1:54:bb:69:e1:7b:d7:67:6f:48:
         b9:19:42:0d:73:a5:9e:c1:b4:4d:5e:61:ba:10:28:90:75:4a:
         8c:bb:98:6f:d5:00:b8:c9:15:41:1c:f5:85:79:32:38:60:0e:
         5b:4f:03:34:1c:4c:a9:07:73:96:df:d1:ae:b8:f5:3e:8c:78:
         b3:9c:dd:52:72:e4:f6:30:f8:d8:3e:45:65:e3:e6:b1:84:48:
         3d:63:93:15:8a:f3:42:e1:52:c7:de:0d:19:db:80:97:cf:10:
         f4:ef:3a:c2:fd:f2:75:ff:ac:de:41:af:a7:c5:c1:6d:bf:a6:
         d3:f9:ff:ff:d2:43:16:22:f0:1d:1d:d2:da:f2:3a:a7:dc:79:
         e1:a4:28:45:57:d8:13:79:92:07:f8:96:34:f9:86:cf:ea:60:
         b7:15:b5:96
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZnBN2o1HSfutgafhy5biirDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUxMDA4MDAyNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjMwYTkxNjhlMDI1OWJlYmRiYjA5YjU3NGIzOTU2NjQ4NDMxMGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvx0Uj8gWys8Thx/6jDUhn8j+I/+m
r3NuRloPPaj8Cb2Tld4Zu1bszGTIN+EKSSX0Giyl9LMV5ciBsq86sRHcxtJWt3Y5
rddKf0J2Sdwb4oMJh3Yn/dN/BFHaRJcRWK4KaedLh2YIi1wC/nZNVdZ+gpz4kX2i
Os92teL+TnDkFWLtN6c+RKPYjTHrHLVdUyqhw5R0qIfRG87ESqDXxKDcGHUVcfRx
rQtdINIcto8QAjC/0iiksUo1I4UzqXmFJygINU5T2nMOcOZdGS/klQdSoQuqZdDJ
uj3UOJS5ysNWfz9SjhJcq+2wZJxvJBJmm2+3P8GrywlkokXziosayLRePwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIswqRaOAlm+vbsJtXSzlWZIQxDmMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvaXpDcEZvNENXYjY5dXdtMWRMT1Zaa2hERU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQALVZXMAwD
BAC8/QEDBAK8/QAwDQYJKoZIhvcNAQELBQADggEBAAjUiQQG38x6sr+Rd0h4vdzN
8Kblop5v/wUocws9eo75+vDAWt9ilv5CNRiSYi7YOtUysVgvbwFaAyhEnVnabXtT
zvQrmveLFLb7t+KQvAlMGM3YFiiZ8pc5tNS+6Kmwb1kuoVS7aeF712dvSLkZQg1z
pZ7BtE1eYboQKJB1Soy7mG/VALjJFUEc9YV5MjhgDltPAzQcTKkHc5bf0a649T6M
eLOc3VJy5PYw+Ng+RWXj5rGESD1jkxWK80LhUsfeDRnbgJfPEPTvOsL98nX/rN5B
r6fFwW2/ptP5///SQxYi8B0d0tryOqfceeGkKEVX2BN5kgf4ljT5hs/qYLcVtZY=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:15 2025 by rpki-client