Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/T5Y8EpkKeGetNi2zzo4rltFiFJA.roa
File:                     T5Y8EpkKeGetNi2zzo4rltFiFJA.roa (raw, json)
Hash identifier:          s9NKmZqIE9A+OEbtw2wi/j7clLv1bNESgqd0VT1/y7w=
Subject key identifier:   4F:96:3C:12:99:0A:78:67:AD:36:2D:B3:CE:8E:2B:96:D1:62:14:90
Certificate issuer:       /CN=acde2358f57439c44f6b1662f55615a0aab6bacb
Certificate serial:       01993D6B2291D4BA7A910E32678BF064EA5B
Authority key identifier: AC:DE:23:58:F5:74:39:C4:4F:6B:16:62:F5:56:15:A0:AA:B6:BA:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rN4jWPV0OcRPaxZi9VYVoKq2uss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/T5Y8EpkKeGetNi2zzo4rltFiFJA.roa
Signing time:             Fri 12 Sep 2025 10:14:15 +0000
ROA not before:           Fri 12 Sep 2025 10:14:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202204
IP address blocks:        2.58.24.0/22 maxlen: 24
                          2.58.26.0/23 maxlen: 23
                          78.26.0.0/18 maxlen: 23
                          139.28.124.0/22 maxlen: 22
                          141.195.16.0/20 maxlen: 23
                          152.228.64.0/19 maxlen: 23
                          171.22.152.0/22 maxlen: 22
                          185.100.204.0/22 maxlen: 22
                          185.161.136.0/22 maxlen: 22
                          2a00:ea0::/29 maxlen: 48
                          2a00:ea0::/32 maxlen: 32
                          2a09:5c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/rN4jWPV0OcRPaxZi9VYVoKq2uss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/rN4jWPV0OcRPaxZi9VYVoKq2uss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rN4jWPV0OcRPaxZi9VYVoKq2uss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:6b:22:91:d4:ba:7a:91:0e:32:67:8b:f0:64:ea:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acde2358f57439c44f6b1662f55615a0aab6bacb
        Validity
            Not Before: Sep 12 10:14:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f963c12990a7867ad362db3ce8e2b96d1621490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:cd:61:02:a9:6b:55:a0:91:53:b5:19:73:2c:
                    2a:dd:4a:cd:ce:2f:fb:0e:b5:74:c2:ac:f4:d9:1e:
                    ad:c6:ae:c8:26:60:bc:1d:06:e8:da:3a:2d:e6:a8:
                    f2:ad:6f:b1:4b:43:71:37:38:09:f3:4e:b9:2b:3c:
                    a8:47:c6:18:8a:82:b7:e6:5b:2e:22:05:79:fc:7e:
                    ce:8e:b1:86:61:6b:9f:18:96:63:0e:79:3c:6d:f6:
                    e6:70:a9:44:d0:fc:d2:de:d0:7d:88:de:14:2e:7d:
                    ff:47:a7:71:de:81:4d:62:26:60:9b:78:ac:08:9c:
                    b2:e1:d8:27:ee:86:a3:d0:84:6f:bd:ec:2d:f0:0a:
                    3d:a0:50:c9:dc:a8:48:6a:20:20:1a:fe:09:29:c4:
                    23:70:eb:cb:31:d5:ec:10:ec:78:7b:67:09:8e:1c:
                    cf:7e:ad:5f:c5:fe:c4:93:57:d7:b4:3d:68:79:3d:
                    c2:83:ea:27:1f:c3:85:fe:9d:ca:00:d9:60:6f:37:
                    f8:88:6d:1c:bc:71:44:65:96:7a:01:37:d9:a6:0c:
                    77:1c:97:b6:b3:2e:01:01:54:86:15:1b:f8:39:69:
                    6f:d3:f5:03:e9:2a:9e:da:e7:17:1d:87:64:56:ad:
                    84:97:e6:af:26:bf:26:a5:ce:27:4f:25:01:5e:d1:
                    e9:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:96:3C:12:99:0A:78:67:AD:36:2D:B3:CE:8E:2B:96:D1:62:14:90
            X509v3 Authority Key Identifier:
                keyid:AC:DE:23:58:F5:74:39:C4:4F:6B:16:62:F5:56:15:A0:AA:B6:BA:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rN4jWPV0OcRPaxZi9VYVoKq2uss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/T5Y8EpkKeGetNi2zzo4rltFiFJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/b65e33-f947-4968-a27c-dd99d397e4d6/1/rN4jWPV0OcRPaxZi9VYVoKq2uss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.24.0/22
                  78.26.0.0/18
                  139.28.124.0/22
                  141.195.16.0/20
                  152.228.64.0/19
                  171.22.152.0/22
                  185.100.204.0/22
                  185.161.136.0/22
                IPv6:
                  2a00:ea0::/29
                  2a09:5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         bc:51:cd:df:a3:c0:a2:0c:65:35:bc:36:cd:a5:cc:19:89:7b:
         67:6c:0c:4f:dc:21:38:ee:eb:18:e0:76:c1:9b:d4:68:43:91:
         05:3c:13:3a:b5:2a:d0:3f:1c:bf:8f:55:34:27:65:19:f8:e5:
         31:c2:a6:ab:36:b3:b6:f8:a0:82:86:cf:b7:00:aa:26:15:0f:
         73:fa:67:34:32:a4:bc:4f:a4:54:79:f7:d4:0e:cf:a3:50:94:
         ce:f0:62:56:44:10:bf:5d:c9:3b:10:42:e4:bb:c8:1a:83:84:
         bf:cc:4b:2e:8b:62:07:e6:08:e6:3c:96:45:53:f0:93:bd:9e:
         3e:d6:fc:40:0b:c7:85:a6:38:e2:74:26:e9:2b:74:35:63:57:
         97:2d:bd:56:06:01:19:11:29:eb:00:0a:a1:91:53:55:61:30:
         a1:9e:6c:ce:b0:b3:0a:33:85:c6:30:55:5d:9d:99:17:3d:96:
         f5:82:b0:48:3d:fa:4a:3e:35:15:30:af:3d:32:da:a8:1e:da:
         50:e0:78:d8:f5:6b:61:ee:92:81:1e:aa:bb:21:c0:7c:5d:9c:
         83:d8:da:5a:64:da:18:11:47:64:ec:62:17:63:1d:e4:95:6f:
         73:e8:8a:f1:6e:39:62:7c:7f:b9:8b:dc:0a:4a:82:8e:df:9f:
         d6:7b:ce:5e
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZk9ayKR1Lp6kQ4yZ4vwZOpbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZGUyMzU4ZjU3NDM5YzQ0ZjZiMTY2MmY1NTYxNWEwYWFi
NmJhY2IwHhcNMjUwOTEyMTAxNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjk2M2MxMjk5MGE3ODY3YWQzNjJkYjNjZThlMmI5NmQxNjIxNDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7M1hAqlrVaCRU7UZcywq3UrNzi/7
DrV0wqz02R6txq7IJmC8HQbo2jot5qjyrW+xS0NxNzgJ8065KzyoR8YYioK35lsu
IgV5/H7OjrGGYWufGJZjDnk8bfbmcKlE0PzS3tB9iN4ULn3/R6dx3oFNYiZgm3is
CJyy4dgn7oaj0IRvvewt8Ao9oFDJ3KhIaiAgGv4JKcQjcOvLMdXsEOx4e2cJjhzP
fq1fxf7Ek1fXtD1oeT3Cg+onH8OF/p3KANlgbzf4iG0cvHFEZZZ6ATfZpgx3HJe2
sy4BAVSGFRv4OWlv0/UD6Sqe2ucXHYdkVq2El+avJr8mpc4nTyUBXtHprQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFE+WPBKZCnhnrTYts86OK5bRYhSQMB8GA1UdIwQY
MBaAFKzeI1j1dDnET2sWYvVWFaCqtrrLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck40aldQVjBPY1JQYXhaaTlWWVZvS3EydXNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9iNjVlMzMtZjk0Ny00OTY4LWEyN2Mt
ZGQ5OWQzOTdlNGQ2LzEvVDVZOEVwa0tlR2V0TmkyenpvNHJsdEZpRkpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9iNjVlMzMtZjk0Ny00OTY4LWEyN2MtZGQ5OWQzOTdlNGQ2
LzEvck40aldQVjBPY1JQYXhaaTlWWVZvS3EydXNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQCAjoYAwQG
ThoAAwQCixx8AwQEjcMQAwQFmORAAwQCqxaYAwQCuWTMAwQCuaGIMBQEAgACMA4D
BQMqAA6gAwUDKgkFwDANBgkqhkiG9w0BAQsFAAOCAQEAvFHN36PAogxlNbw2zaXM
GYl7Z2wMT9whOO7rGOB2wZvUaEORBTwTOrUq0D8cv49VNCdlGfjlMcKmqzaztvig
gobPtwCqJhUPc/pnNDKkvE+kVHn31A7Po1CUzvBiVkQQv13JOxBC5LvIGoOEv8xL
LotiB+YI5jyWRVPwk72ePtb8QAvHhaY44nQm6St0NWNXly29VgYBGREp6wAKoZFT
VWEwoZ5szrCzCjOFxjBVXZ2ZFz2W9YKwSD36Sj41FTCvPTLaqB7aUOB42PVrYe6S
gR6quyHAfF2cg9jaWmTaGBFHZOxiF2Md5JVvc+iK8W45Ynx/uYvcCkqCjt+f1nvO
Xg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:52:11 2025 by rpki-client