Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/rvzReihTyFBt9nI6M3bCSbVPs9o.roa
File:                     rvzReihTyFBt9nI6M3bCSbVPs9o.roa (raw, json)
Hash identifier:          NcjJOdYLLfElvdCgCeH7K9NSaDYZDakTLQfXQ3OdkBo=
Subject key identifier:   AE:FC:D1:7A:28:53:C8:50:6D:F6:72:3A:33:76:C2:49:B5:4F:B3:DA
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       01997922BD1A9E7966F75D77B75949FCAB68
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/rvzReihTyFBt9nI6M3bCSbVPs9o.roa
Signing time:             Wed 24 Sep 2025 00:32:23 +0000
ROA not before:           Wed 24 Sep 2025 00:32:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18464
IP address blocks:        178.173.224.0/21 maxlen: 24
                          178.173.224.0/24 maxlen: 24
                          178.173.225.0/24 maxlen: 24
                          178.173.226.0/24 maxlen: 24
                          178.173.227.0/24 maxlen: 24
                          178.173.228.0/24 maxlen: 24
                          178.173.229.0/24 maxlen: 24
                          178.173.230.0/24 maxlen: 24
                          178.173.241.0/24 maxlen: 24
                          2001:16c0:16c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:79:22:bd:1a:9e:79:66:f7:5d:77:b7:59:49:fc:ab:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Sep 24 00:32:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aefcd17a2853c8506df6723a3376c249b54fb3da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3d:1c:83:a3:07:c2:88:0f:1b:17:68:55:d7:
                    c7:53:22:d4:8a:03:be:39:b5:d1:13:26:f6:79:b9:
                    23:11:33:13:1a:c3:ce:13:b4:18:4b:74:78:51:16:
                    16:38:4d:32:58:74:24:3e:5b:be:3d:71:6b:97:a0:
                    a1:a7:67:8c:29:7e:ca:11:7b:06:14:7d:6a:05:63:
                    79:e9:b8:11:40:ea:ec:7e:41:d2:bc:bb:17:ad:56:
                    1e:d9:9d:4c:43:da:bd:ed:56:e1:0a:07:9c:90:06:
                    75:10:8e:19:c6:e7:ed:89:01:0a:68:d7:83:37:e9:
                    f1:67:18:ca:39:fb:0b:9b:0c:f9:76:98:68:86:eb:
                    cf:90:eb:a3:3e:b0:bf:6f:f3:8b:b1:50:f8:c4:64:
                    5c:57:73:41:83:26:5c:75:a7:79:7d:fe:82:41:ae:
                    8a:ff:53:b1:9d:d9:b9:8a:e2:45:e7:55:94:38:94:
                    f4:5b:06:03:e9:01:01:d3:fb:c1:94:8b:cd:34:72:
                    fe:38:fe:58:f6:2f:7e:16:8e:da:9d:77:ee:1f:91:
                    b9:63:5b:c4:5d:3d:33:db:01:88:1a:ea:cf:c0:2b:
                    8e:26:ed:c2:f0:10:96:75:10:ea:f1:a4:05:07:25:
                    a6:fd:0b:d7:d0:5d:ac:80:4e:38:3f:0f:7f:68:b6:
                    fb:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:FC:D1:7A:28:53:C8:50:6D:F6:72:3A:33:76:C2:49:B5:4F:B3:DA
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/rvzReihTyFBt9nI6M3bCSbVPs9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.173.224.0/21
                  178.173.241.0/24
                IPv6:
                  2001:16c0:16c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:7c:31:23:43:b0:61:7a:54:cc:c8:30:c4:3a:d8:78:e0:40:
         cb:af:02:2a:c7:80:5a:55:f5:12:e1:89:c2:f4:7b:89:e2:1a:
         6e:34:da:da:8e:ae:eb:8a:dd:1b:25:4d:45:b2:2a:d9:c1:91:
         cc:b8:77:d8:bb:16:8d:40:65:29:19:fb:d7:e9:a5:02:17:ab:
         f0:df:aa:0a:b6:52:2d:24:73:8e:01:c3:ef:93:84:c2:62:79:
         06:5e:67:d9:1a:ed:f1:22:2a:32:9a:74:28:27:b5:ea:e6:83:
         57:7a:65:b8:1a:0d:5f:3e:f3:3e:3d:21:0e:08:97:c8:5b:16:
         56:b4:c9:14:0d:64:b2:67:f7:df:dc:10:f0:79:b0:0d:11:7f:
         70:a5:2e:d3:5c:e1:37:d0:84:c6:85:4a:c3:bf:e0:2f:62:bc:
         7f:e5:21:b7:89:a3:94:4c:88:bb:67:e9:52:ce:3b:63:d0:fb:
         7c:ba:50:1e:0e:8e:02:18:5e:d3:22:7c:e4:1a:17:e8:89:f2:
         87:2e:56:71:26:ca:64:2e:1c:5c:0e:96:a3:71:de:5c:86:b9:
         78:f4:08:d8:d9:e2:4c:32:2a:7f:a2:cc:35:7b:33:ac:b4:f8:
         82:27:4c:7c:f5:ed:f2:f4:3c:52:ba:a6:91:9f:9f:33:38:3d:
         6b:34:ea:f6
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZl5Ir0annlm9113t1lJ/KtoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwOTI0MDAzMjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWZjZDE3YTI4NTNjODUwNmRmNjcyM2EzMzc2YzI0OWI1NGZiM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxj0cg6MHwogPGxdoVdfHUyLUigO+
ObXREyb2ebkjETMTGsPOE7QYS3R4URYWOE0yWHQkPlu+PXFrl6Chp2eMKX7KEXsG
FH1qBWN56bgRQOrsfkHSvLsXrVYe2Z1MQ9q97VbhCgeckAZ1EI4ZxuftiQEKaNeD
N+nxZxjKOfsLmwz5dphohuvPkOujPrC/b/OLsVD4xGRcV3NBgyZcdad5ff6CQa6K
/1Oxndm5iuJF51WUOJT0WwYD6QEB0/vBlIvNNHL+OP5Y9i9+Fo7anXfuH5G5Y1vE
XT0z2wGIGurPwCuOJu3C8BCWdRDq8aQFByWm/QvX0F2sgE44Pw9/aLb74QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFK780XooU8hQbfZyOjN2wkm1T7PaMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvcnZ6UmVpaFR5RkJ0OW5JNk0zYkNTYlZQczlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDsq3gAwQA
sq3xMA8EAgACMAkDBwAgARbAFsAwDQYJKoZIhvcNAQELBQADggEBAMZ8MSNDsGF6
VMzIMMQ62HjgQMuvAirHgFpV9RLhicL0e4niGm402tqOruuK3RslTUWyKtnBkcy4
d9i7Fo1AZSkZ+9fppQIXq/Dfqgq2Ui0kc44Bw++ThMJieQZeZ9ka7fEiKjKadCgn
termg1d6ZbgaDV8+8z49IQ4Il8hbFla0yRQNZLJn99/cEPB5sA0Rf3ClLtNc4TfQ
hMaFSsO/4C9ivH/lIbeJo5RMiLtn6VLOO2PQ+3y6UB4OjgIYXtMifOQaF+iJ8ocu
VnEmymQuHFwOlqNx3lyGuXj0CNjZ4kwyKn+izDV7M6y0+IInTHz17fL0PFK6ppGf
nzM4PWs06vY=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:29 2025 by rpki-client