Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oSPEa0kHD4BJ8hH4pQ-DK8L5IR4.roa
File:                     oSPEa0kHD4BJ8hH4pQ-DK8L5IR4.roa (raw, json)
Hash identifier:          Q8FlBmgfveR3aQS3jtGyEIPKFj2WDSKa4QTCCEi/rWI=
Subject key identifier:   A1:23:C4:6B:49:07:0F:80:49:F2:11:F8:A5:0F:83:2B:C2:F9:21:1E
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0199E4FD6F3D3477D668670E6F6DA0445685
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oSPEa0kHD4BJ8hH4pQ-DK8L5IR4.roa
Signing time:             Tue 14 Oct 2025 23:10:38 +0000
ROA not before:           Tue 14 Oct 2025 23:10:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205899
IP address blocks:        46.249.110.0/24 maxlen: 24
                          89.251.10.0/24 maxlen: 24
                          185.215.247.0/24 maxlen: 24
                          185.231.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e4:fd:6f:3d:34:77:d6:68:67:0e:6f:6d:a0:44:56:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Oct 14 23:10:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a123c46b49070f8049f211f8a50f832bc2f9211e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:68:52:70:90:3a:6a:1c:b2:a5:8d:26:ed:fa:
                    3b:94:41:63:16:b4:a1:4a:6f:b5:fe:02:b1:6f:c4:
                    2f:20:64:c7:e8:91:0f:21:ce:7b:5e:86:29:4b:4d:
                    7d:4e:e3:71:34:43:15:8e:97:00:a6:b5:8d:e8:b7:
                    c2:f2:7a:1a:9c:14:a0:89:66:93:ec:b5:52:2a:7d:
                    fd:a8:5c:ce:cc:82:68:b1:98:f0:46:26:7c:44:2a:
                    fa:2e:c3:d0:17:cc:8a:16:38:fc:b7:8f:fc:af:04:
                    71:0e:c0:7a:de:25:49:d6:1d:ba:82:84:b3:d6:d9:
                    c4:38:e5:9a:f8:a6:ce:7c:94:9f:76:a2:3a:7f:90:
                    1f:e6:ef:5c:18:b7:da:b7:de:5b:84:2e:c6:f7:ae:
                    7c:3c:38:4e:d5:9a:54:d2:32:cc:70:df:2e:da:68:
                    50:80:2e:1c:14:f8:93:b0:a4:0b:c2:fd:8f:fc:b0:
                    a3:83:47:9c:ef:30:40:e4:3a:a1:07:2b:a1:b8:df:
                    5a:ce:30:ac:d1:1c:77:6e:80:50:24:4d:92:49:34:
                    d7:1b:5c:5c:18:e1:1a:d9:8e:0f:64:44:bd:e8:48:
                    78:15:3e:32:af:7e:3b:35:a7:3f:08:41:c3:6e:dc:
                    25:49:23:ea:5a:ee:78:56:54:a9:71:c2:0e:5f:6d:
                    b8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:23:C4:6B:49:07:0F:80:49:F2:11:F8:A5:0F:83:2B:C2:F9:21:1E
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oSPEa0kHD4BJ8hH4pQ-DK8L5IR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.110.0/24
                  89.251.10.0/24
                  185.215.247.0/24
                  185.231.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:50:df:2f:4d:35:b9:f7:5a:69:99:f6:9d:5d:7f:85:6e:05:
         3a:23:5f:39:2d:43:2d:16:13:ef:95:d4:8c:ce:41:a7:03:f1:
         60:09:ad:36:96:de:41:f3:52:4f:31:e8:bc:fc:a1:00:a7:06:
         4f:7c:42:35:a2:a7:c5:4d:0e:05:50:74:e8:d3:78:0b:a5:ec:
         02:46:6e:86:83:69:cb:49:5d:38:aa:1a:9b:2a:ec:e7:a6:49:
         99:b2:47:63:22:4b:50:4f:70:b3:a9:e6:6e:76:c7:78:05:e7:
         d1:60:15:22:17:d4:61:e8:04:97:bc:74:a0:ef:09:fe:bd:d3:
         e4:98:c3:d1:f6:51:90:f4:23:15:ae:c9:c6:8c:2d:67:6f:72:
         85:cd:4a:d9:c9:48:ed:3b:47:a6:cd:61:4e:c3:ee:b6:f4:57:
         f8:d5:7f:82:7d:51:bc:4e:35:1e:5a:99:d2:e1:cd:80:4d:c3:
         3d:06:63:43:16:20:0d:0b:d8:59:a4:72:31:b8:ce:51:ca:e9:
         4d:45:4c:b1:14:d1:8f:0f:df:aa:99:07:5d:c6:1b:01:de:bf:
         13:d8:2a:c1:fa:99:45:51:28:de:01:62:ed:87:a0:b0:7f:48:
         d0:a3:49:c3:ac:a1:77:65:24:4a:3f:19:ec:1b:bb:ec:af:a1:
         7c:0e:ed:11
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZnk/W89NHfWaGcOb22gRFaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUxMDE0MjMxMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTIzYzQ2YjQ5MDcwZjgwNDlmMjExZjhhNTBmODMyYmMyZjkyMTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2hScJA6ahyypY0m7fo7lEFjFrSh
Sm+1/gKxb8QvIGTH6JEPIc57XoYpS019TuNxNEMVjpcAprWN6LfC8noanBSgiWaT
7LVSKn39qFzOzIJosZjwRiZ8RCr6LsPQF8yKFjj8t4/8rwRxDsB63iVJ1h26goSz
1tnEOOWa+KbOfJSfdqI6f5Af5u9cGLfat95bhC7G9658PDhO1ZpU0jLMcN8u2mhQ
gC4cFPiTsKQLwv2P/LCjg0ec7zBA5DqhByuhuN9azjCs0Rx3boBQJE2SSTTXG1xc
GOEa2Y4PZES96Eh4FT4yr347Nac/CEHDbtwlSSPqWu54VlSpccIOX224owIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKEjxGtJBw+ASfIR+KUPgyvC+SEeMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvb1NQRWEwa0hENEJKOGhINHBRLURLOEw1SVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALvluAwQA
WfsKAwQAudf3AwQAueetMA0GCSqGSIb3DQEBCwUAA4IBAQBdUN8vTTW591ppmfad
XX+FbgU6I185LUMtFhPvldSMzkGnA/FgCa02lt5B81JPMei8/KEApwZPfEI1oqfF
TQ4FUHTo03gLpewCRm6Gg2nLSV04qhqbKuznpkmZskdjIktQT3CzqeZudsd4BefR
YBUiF9Rh6ASXvHSg7wn+vdPkmMPR9lGQ9CMVrsnGjC1nb3KFzUrZyUjtO0emzWFO
w+629Ff41X+CfVG8TjUeWpnS4c2ATcM9BmNDFiANC9hZpHIxuM5RyulNRUyxFNGP
D9+qmQddxhsB3r8T2CrB+plFUSjeAWLth6Cwf0jQo0nDrKF3ZSRKPxnsG7vsr6F8
Du0R
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:45:16 2025 by rpki-client