Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/jGH0zuu46Tv1DGmxFrsiA-wH_ns.roa
File:                     jGH0zuu46Tv1DGmxFrsiA-wH_ns.roa (raw, json)
Hash identifier:          pzD5LkcY95jYgOd3J/To7SsZ3cs9FQTHeKJ7xcy8lLM=
Subject key identifier:   8C:61:F4:CE:EB:B8:E9:3B:F5:0C:69:B1:16:BB:22:03:EC:07:FE:7B
Certificate issuer:       /CN=5a939b0ced38d75cc63ed50d6e5ce72bbb5b4b10
Certificate serial:       0199F1C7ACEC1F77AE65FFEBF6ADE1A614FE
Authority key identifier: 5A:93:9B:0C:ED:38:D7:5C:C6:3E:D5:0D:6E:5C:E7:2B:BB:5B:4B:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/jGH0zuu46Tv1DGmxFrsiA-wH_ns.roa
Signing time:             Fri 17 Oct 2025 10:46:58 +0000
ROA not before:           Fri 17 Oct 2025 10:46:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199435
IP address blocks:        5.34.128.0/19 maxlen: 24
                          185.93.80.0/22 maxlen: 22
                          188.92.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 10:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f1:c7:ac:ec:1f:77:ae:65:ff:eb:f6:ad:e1:a6:14:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a939b0ced38d75cc63ed50d6e5ce72bbb5b4b10
        Validity
            Not Before: Oct 17 10:46:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c61f4ceebb8e93bf50c69b116bb2203ec07fe7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:48:1a:1f:1b:9e:8c:c7:54:5d:d0:61:11:47:
                    d4:be:f4:12:5d:54:88:00:c1:d1:1a:ba:45:d4:67:
                    7b:25:89:7b:51:ec:0c:ea:ea:3d:34:74:82:93:7c:
                    a6:01:bf:22:02:38:86:24:93:d0:d6:5f:f1:90:a4:
                    33:90:71:4f:97:a6:a8:9c:30:8e:fb:61:dd:b7:0b:
                    7e:05:73:a2:e5:3f:54:ed:76:7b:fa:6c:7a:94:d3:
                    b7:fb:13:63:d2:ed:ba:d6:49:33:a0:cb:23:b7:88:
                    91:44:0e:df:78:9b:5f:1c:52:a8:40:83:3e:72:cf:
                    a3:93:c4:5e:d2:f0:b9:bc:53:ab:b3:58:1a:db:f7:
                    eb:99:3c:17:0c:08:6a:4f:45:31:74:30:5f:f4:a1:
                    53:6d:fb:44:16:7b:fc:d3:cc:90:bb:6f:5f:ae:1a:
                    43:60:01:7c:ff:d0:57:2a:8d:e9:28:21:31:af:6b:
                    a3:fe:f1:cb:47:b8:c9:d0:8b:27:01:10:cd:ff:08:
                    cc:07:72:30:0d:b4:6d:18:ab:c3:44:db:79:d2:ac:
                    5d:0a:77:e8:01:d1:bb:ee:96:fa:a4:ac:a3:56:d7:
                    f1:71:a6:14:6f:22:4c:ab:d2:37:62:a7:83:e1:7b:
                    94:98:61:0b:a0:3e:7a:0c:a3:9d:de:09:1e:73:b3:
                    cf:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:61:F4:CE:EB:B8:E9:3B:F5:0C:69:B1:16:BB:22:03:EC:07:FE:7B
            X509v3 Authority Key Identifier:
                keyid:5A:93:9B:0C:ED:38:D7:5C:C6:3E:D5:0D:6E:5C:E7:2B:BB:5B:4B:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/jGH0zuu46Tv1DGmxFrsiA-wH_ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.128.0/19
                  185.93.80.0/22
                  188.92.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:51:6d:bc:5a:bd:a7:a7:12:5b:6d:05:ff:55:5f:83:45:99:
         21:65:f2:00:1f:82:ca:0c:53:7c:05:70:3d:7c:fb:2d:b7:a1:
         6f:96:29:5c:b1:fd:3d:ff:00:ee:90:bc:c6:d4:6a:4d:e7:f9:
         09:07:6e:2a:14:4a:09:48:4b:db:6b:99:45:d0:85:73:23:73:
         fe:d1:63:f6:fe:33:d8:78:43:9e:13:e2:37:43:03:a1:46:da:
         f9:dd:35:72:cf:8d:0d:ce:b2:c1:fd:79:27:e1:f2:6a:8f:09:
         39:be:ee:4e:00:80:5c:ed:95:ed:5d:5a:bd:a7:7a:f2:42:60:
         5a:fd:f2:d8:fe:e7:46:d8:82:7c:bb:49:2c:32:02:68:58:b9:
         4f:6a:fb:ea:7e:20:36:70:7e:b0:a9:6b:e4:19:3d:3e:f2:e3:
         27:87:4e:91:a3:43:fb:5b:bb:6b:b0:6c:27:27:69:e4:36:5c:
         23:4a:52:52:94:63:76:25:8c:92:c9:e7:91:80:7b:21:dc:6e:
         aa:0e:f2:ec:fa:8a:34:35:90:0e:90:40:d6:d1:5a:c7:35:b7:
         b4:5d:89:2d:a4:be:f2:c5:96:16:2e:d5:58:4c:45:5c:8b:66:
         66:fa:c3:34:2c:3d:1d:1a:ea:c7:24:e4:eb:d8:2c:3c:47:45:
         25:94:e3:95
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnxx6zsH3euZf/r9q3hphT+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOTM5YjBjZWQzOGQ3NWNjNjNlZDUwZDZlNWNlNzJiYmI1
YjRiMTAwHhcNMjUxMDE3MTA0NjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzYxZjRjZWViYjhlOTNiZjUwYzY5YjExNmJiMjIwM2VjMDdmZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30gaHxuejMdUXdBhEUfUvvQSXVSI
AMHRGrpF1Gd7JYl7UewM6uo9NHSCk3ymAb8iAjiGJJPQ1l/xkKQzkHFPl6aonDCO
+2Hdtwt+BXOi5T9U7XZ7+mx6lNO3+xNj0u261kkzoMsjt4iRRA7feJtfHFKoQIM+
cs+jk8Re0vC5vFOrs1ga2/frmTwXDAhqT0UxdDBf9KFTbftEFnv808yQu29frhpD
YAF8/9BXKo3pKCExr2uj/vHLR7jJ0IsnARDN/wjMB3IwDbRtGKvDRNt50qxdCnfo
AdG77pb6pKyjVtfxcaYUbyJMq9I3YqeD4XuUmGELoD56DKOd3gkec7PPJwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIxh9M7ruOk79QxpsRa7IgPsB/57MB8GA1UdIwQY
MBaAFFqTmwztONdcxj7VDW5c5yu7W0sQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3BPYkRPMDQxMXpHUHRVTmJsem5LN3RiU3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iZWExNGEtMGQzMi00YWE3LWI4OTgt
ZDYwYjNiNmNjYTZlLzEvakdIMHp1dTQ2VHYxREdteEZyc2lBLXdIX25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iZWExNGEtMGQzMi00YWE3LWI4OTgtZDYwYjNiNmNjYTZl
LzEvV3BPYkRPMDQxMXpHUHRVTmJsem5LN3RiU3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFBSKAAwQC
uV1QAwQCvFx8MA0GCSqGSIb3DQEBCwUAA4IBAQCDUW28Wr2npxJbbQX/VV+DRZkh
ZfIAH4LKDFN8BXA9fPstt6Fvlilcsf09/wDukLzG1GpN5/kJB24qFEoJSEvba5lF
0IVzI3P+0WP2/jPYeEOeE+I3QwOhRtr53TVyz40NzrLB/Xkn4fJqjwk5vu5OAIBc
7ZXtXVq9p3ryQmBa/fLY/udG2IJ8u0ksMgJoWLlPavvqfiA2cH6wqWvkGT0+8uMn
h06Ro0P7W7trsGwnJ2nkNlwjSlJSlGN2JYySyeeRgHsh3G6qDvLs+oo0NZAOkEDW
0VrHNbe0XYktpL7yxZYWLtVYTEVci2Zm+sM0LD0dGurHJOTr2Cw8R0UllOOV
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:32:37 2025 by rpki-client