Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/j8QnWP5cR0dfX3FAdq6-EnOc_VM.roa
File:                     j8QnWP5cR0dfX3FAdq6-EnOc_VM.roa (raw, json)
Hash identifier:          sTydeV6IGtIv/GRPPl9lqNoI7uHkPGrHwokCV4Ie3Q8=
Subject key identifier:   8F:C4:27:58:FE:5C:47:47:5F:5F:71:40:76:AE:BE:12:73:9C:FD:53
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0199B8BD0AC17E8BED93B30E080E08899951
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/j8QnWP5cR0dfX3FAdq6-EnOc_VM.roa
Signing time:             Mon 06 Oct 2025 08:57:00 +0000
ROA not before:           Mon 06 Oct 2025 08:57:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213122
IP address blocks:        5.226.52.0/22 maxlen: 24
                          43.225.88.0/23 maxlen: 24
                          45.139.6.0/23 maxlen: 24
                          46.249.97.0/24 maxlen: 24
                          178.173.232.0/22 maxlen: 24
                          178.173.236.0/22 maxlen: 24
                          178.173.242.0/23 maxlen: 24
                          178.173.244.0/22 maxlen: 24
                          185.215.246.0/24 maxlen: 24
                          188.209.156.0/22 maxlen: 24
                          188.253.28.0/22 maxlen: 24
                          188.253.104.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b8:bd:0a:c1:7e:8b:ed:93:b3:0e:08:0e:08:89:99:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Oct  6 08:57:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fc42758fe5c47475f5f714076aebe12739cfd53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2f:56:70:73:41:e1:3f:f1:6d:ac:c9:56:f2:
                    c9:b7:19:01:bf:3f:c2:e0:73:e0:51:cc:93:e1:05:
                    59:4d:a1:52:23:a1:7c:66:50:7a:33:b0:f1:e7:9d:
                    29:89:a9:7e:f6:bd:1a:fc:07:d2:a9:ef:b7:e3:89:
                    dc:ec:6a:33:d7:02:d7:5a:9b:59:07:5c:49:de:58:
                    db:84:09:be:31:f8:44:b4:50:39:ed:ef:9e:66:57:
                    24:a5:fe:f8:fc:19:07:79:dc:f6:e5:c3:87:8b:3b:
                    92:21:19:6e:c3:dd:07:89:af:ba:b6:5c:01:30:df:
                    a0:80:7c:25:4e:b1:c7:78:5b:e0:20:31:d4:c9:e9:
                    9f:ca:be:ec:fa:32:5e:1b:1e:32:b1:2b:a8:72:c3:
                    a5:f0:41:a8:9d:4f:d8:ab:08:8a:a3:56:44:56:ce:
                    d3:5a:3a:c6:7f:ba:cf:39:d3:d1:cf:42:95:ef:51:
                    f6:3f:7f:2f:c8:8f:86:bf:1e:68:cb:58:c4:11:44:
                    58:02:0e:01:22:e7:27:99:49:89:14:2d:d7:23:e6:
                    3b:e0:d6:f0:48:44:cb:cb:9a:2b:c0:78:37:2c:6a:
                    1b:b2:8f:82:5a:b8:d6:4d:7b:5d:0f:3e:bd:4f:2d:
                    54:9b:b6:fd:da:83:09:d2:f6:96:b7:53:d5:ba:98:
                    ff:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:C4:27:58:FE:5C:47:47:5F:5F:71:40:76:AE:BE:12:73:9C:FD:53
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/j8QnWP5cR0dfX3FAdq6-EnOc_VM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.52.0/22
                  43.225.88.0/23
                  45.139.6.0/23
                  46.249.97.0/24
                  178.173.232.0/21
                  178.173.242.0-178.173.247.255
                  185.215.246.0/24
                  188.209.156.0/22
                  188.253.28.0/22
                  188.253.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         84:78:03:9b:8e:c2:b6:bb:23:10:ca:18:5d:fa:32:ae:72:8e:
         31:31:cb:15:24:f5:53:a4:d2:3d:7f:bb:3f:b8:f4:23:4b:84:
         df:2f:09:70:85:54:a9:fb:cb:58:c7:a5:d2:b9:92:f2:d8:e9:
         02:af:56:b5:ec:a2:88:6b:53:fd:47:2b:bf:6f:55:cb:24:90:
         60:21:73:51:2c:9c:4e:46:45:96:35:ee:02:d6:e0:cd:68:7d:
         19:0b:de:38:df:b3:dd:94:6e:c9:75:c4:da:94:30:02:ae:68:
         89:aa:5a:6a:50:c3:98:6c:e6:39:cb:01:86:d9:8a:04:fe:da:
         4d:32:47:78:c3:24:95:4b:0c:05:28:73:01:8a:82:96:44:9e:
         10:35:00:a6:89:e3:99:df:de:b2:db:b8:7c:cf:0b:cd:be:ef:
         2f:89:43:af:14:fd:de:4c:b8:22:96:3e:5c:4a:cd:3d:74:64:
         3a:78:ad:c2:3b:be:fd:bb:7e:da:2e:41:d4:ba:c3:fd:f9:a1:
         b6:1d:5e:ab:25:ae:81:0a:68:c5:f4:20:a0:c0:cd:9e:01:9d:
         59:4b:38:ed:1b:ae:5c:a6:c1:26:40:ee:d5:3b:b5:af:b0:81:
         4c:6b:3d:77:88:19:43:26:77:da:41:c9:3c:02:ab:8c:42:a8:
         11:4e:03:8a
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZm4vQrBfovtk7MOCA4IiZlRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUxMDA2MDg1NzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmM0Mjc1OGZlNWM0NzQ3NWY1ZjcxNDA3NmFlYmUxMjczOWNmZDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtC9WcHNB4T/xbazJVvLJtxkBvz/C
4HPgUcyT4QVZTaFSI6F8ZlB6M7Dx550pial+9r0a/AfSqe+344nc7Goz1wLXWptZ
B1xJ3ljbhAm+MfhEtFA57e+eZlckpf74/BkHedz25cOHizuSIRluw90Hia+6tlwB
MN+ggHwlTrHHeFvgIDHUyemfyr7s+jJeGx4ysSuocsOl8EGonU/YqwiKo1ZEVs7T
WjrGf7rPOdPRz0KV71H2P38vyI+Gvx5oy1jEEURYAg4BIucnmUmJFC3XI+Y74Nbw
SETLy5orwHg3LGobso+CWrjWTXtdDz69Ty1Um7b92oMJ0vaWt1PVupj/BwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFI/EJ1j+XEdHX19xQHauvhJznP1TMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvajhRbldQNWNSMGRmWDNGQWRxNi1Fbk9jX1ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCBeI0AwQB
K+FYAwQBLYsGAwQALvlhAwQDsq3oMAwDBAGyrfIDBAOyrfADBAC51/YDBAK80ZwD
BAK8/RwDBAO8/WgwDQYJKoZIhvcNAQELBQADggEBAIR4A5uOwra7IxDKGF36Mq5y
jjExyxUk9VOk0j1/uz+49CNLhN8vCXCFVKn7y1jHpdK5kvLY6QKvVrXsoohrU/1H
K79vVcskkGAhc1EsnE5GRZY17gLW4M1ofRkL3jjfs92Ubsl1xNqUMAKuaImqWmpQ
w5hs5jnLAYbZigT+2k0yR3jDJJVLDAUocwGKgpZEnhA1AKaJ45nf3rLbuHzPC82+
7y+JQ68U/d5MuCKWPlxKzT10ZDp4rcI7vv27ftouQdS6w/35obYdXqslroEKaMX0
IKDAzZ4BnVlLOO0brlymwSZA7tU7ta+wgUxrPXeIGUMmd9pByTwCq4xCqBFOA4o=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:34 2025 by rpki-client