Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/s2kTMiM7Wtdri570-2tJAJRb6o4.roa
File:                     s2kTMiM7Wtdri570-2tJAJRb6o4.roa (raw, json)
Hash identifier:          WVrE6vFh8+7u0CvGZufbBkg3wClpuzVUmqxIsJvNHmo=
Subject key identifier:   B3:69:13:32:23:3B:5A:D7:6B:8B:9E:F4:FB:6B:49:00:94:5B:EA:8E
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0199C2A445F049E4F2BC2F03E4E6EFE2E1CF
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/s2kTMiM7Wtdri570-2tJAJRb6o4.roa
Signing time:             Wed 08 Oct 2025 07:06:09 +0000
ROA not before:           Wed 08 Oct 2025 07:06:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31732
IP address blocks:        188.209.155.0/24 maxlen: 24
                          212.90.100.0/22 maxlen: 24
                          2001:16c0::/29 maxlen: 29
                          2001:16c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c2:a4:45:f0:49:e4:f2:bc:2f:03:e4:e6:ef:e2:e1:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Oct  8 07:06:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3691332233b5ad76b8b9ef4fb6b4900945bea8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e8:00:20:35:f0:1e:94:ab:2f:98:39:89:58:
                    6e:06:db:56:3d:46:ae:da:5a:47:11:91:3c:a4:f7:
                    5b:c6:6a:b0:92:1e:f5:95:ac:a0:00:ec:4d:8a:b6:
                    29:66:9e:12:21:52:8e:b8:fc:4e:01:f1:a0:d4:3c:
                    9c:55:38:6b:aa:7b:74:ec:fe:54:0a:56:76:d9:2d:
                    8f:46:09:f2:e5:7f:85:cf:30:d3:0b:53:53:f3:1c:
                    24:fd:83:45:2a:f0:bc:58:21:62:a2:09:e5:6e:8c:
                    32:e9:46:73:19:1e:e6:c9:59:78:4a:96:2a:0f:6e:
                    7c:94:f7:24:ed:55:3f:b1:82:b9:79:5d:d1:a0:f4:
                    4b:69:d5:c1:c9:bc:45:8b:e9:0a:ea:97:6c:15:a4:
                    ff:82:72:97:12:4b:c4:b7:28:cd:00:ce:56:04:fa:
                    f4:ba:1b:d7:39:a2:e0:eb:63:81:18:90:7e:a0:04:
                    19:27:a7:4e:3c:95:e5:45:c5:9e:c2:00:b3:8d:19:
                    6b:ec:92:c5:08:ff:56:37:7c:cd:b2:a2:b1:14:db:
                    2c:c7:f4:78:45:64:e1:63:a2:42:ee:3d:2c:35:d6:
                    20:72:9e:d3:ee:b3:c6:ae:88:99:e3:83:c0:63:ed:
                    19:b3:3a:fe:1d:57:2b:8f:81:b9:df:9a:a3:93:6b:
                    dd:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:69:13:32:23:3B:5A:D7:6B:8B:9E:F4:FB:6B:49:00:94:5B:EA:8E
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/s2kTMiM7Wtdri570-2tJAJRb6o4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.155.0/24
                  212.90.100.0/22
                IPv6:
                  2001:16c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c8:89:b5:6e:15:83:3a:d7:d8:bd:83:1b:46:ea:ef:af:e3:bb:
         d9:07:d6:1c:69:9f:42:08:4d:78:55:7b:66:e6:6b:55:b9:54:
         f2:7e:07:af:e3:21:b4:29:2c:14:03:1a:7a:88:8c:fe:eb:92:
         c8:15:40:50:43:3f:ea:61:0b:4d:63:5a:1b:67:3a:bb:08:a1:
         d9:59:31:ac:4a:6f:60:f8:ca:c6:a2:ce:a9:b9:28:a9:d9:0c:
         93:4d:8c:e3:fd:63:8b:37:05:67:9a:c0:1d:37:b7:42:aa:4e:
         dc:ba:8e:fd:4f:6e:dd:07:5d:d3:5f:c6:bb:71:29:a8:17:d5:
         30:5c:b1:70:99:d4:a9:93:a9:fc:9d:b6:8d:33:78:7e:da:00:
         fa:3c:bf:53:75:c0:df:4a:0f:ef:02:0f:11:37:45:51:d5:bf:
         ff:d1:f2:45:b4:0b:df:12:e0:b8:59:40:05:26:74:2d:2d:92:
         53:6a:27:53:6b:77:6a:99:4d:d2:4c:2f:c6:45:6f:71:be:3c:
         66:2a:54:ff:58:ce:d1:5f:fd:d9:23:8d:77:67:62:0d:1f:22:
         2c:8a:4a:90:06:7d:3c:d4:28:49:51:50:cc:de:56:68:a7:aa:
         0d:66:49:a9:52:68:6f:01:97:64:83:be:18:7c:1f:4e:ce:76:
         74:2f:b9:0c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZnCpEXwSeTyvC8D5Obv4uHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUxMDA4MDcwNjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzY5MTMzMjIzM2I1YWQ3NmI4YjllZjRmYjZiNDkwMDk0NWJlYThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOgAIDXwHpSrL5g5iVhuBttWPUau
2lpHEZE8pPdbxmqwkh71laygAOxNirYpZp4SIVKOuPxOAfGg1DycVThrqnt07P5U
ClZ22S2PRgny5X+FzzDTC1NT8xwk/YNFKvC8WCFiognlbowy6UZzGR7myVl4SpYq
D258lPck7VU/sYK5eV3RoPRLadXBybxFi+kK6pdsFaT/gnKXEkvEtyjNAM5WBPr0
uhvXOaLg62OBGJB+oAQZJ6dOPJXlRcWewgCzjRlr7JLFCP9WN3zNsqKxFNssx/R4
RWThY6JC7j0sNdYgcp7T7rPGroiZ44PAY+0Zszr+HVcrj4G535qjk2vdDwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLNpEzIjO1rXa4ue9PtrSQCUW+qOMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvczJrVE1pTTdXdGRyaTU3MC0ydEpBSlJiNm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAvNGbAwQC
1FpkMA0EAgACMAcDBQMgARbAMA0GCSqGSIb3DQEBCwUAA4IBAQDIibVuFYM619i9
gxtG6u+v47vZB9YcaZ9CCE14VXtm5mtVuVTyfgev4yG0KSwUAxp6iIz+65LIFUBQ
Qz/qYQtNY1obZzq7CKHZWTGsSm9g+MrGos6puSip2QyTTYzj/WOLNwVnmsAdN7dC
qk7cuo79T27dB13TX8a7cSmoF9UwXLFwmdSpk6n8nbaNM3h+2gD6PL9TdcDfSg/v
Ag8RN0VR1b//0fJFtAvfEuC4WUAFJnQtLZJTaidTa3dqmU3STC/GRW9xvjxmKlT/
WM7RX/3ZI413Z2INHyIsikqQBn081ChJUVDM3lZop6oNZkmpUmhvAZdkg74YfB9O
znZ0L7kM
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:21 2025 by rpki-client