Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/BRWfo7q6D0lMJM7hE-YIGw2NCYA.roa
File:                     BRWfo7q6D0lMJM7hE-YIGw2NCYA.roa (raw, json)
Hash identifier:          jzPBiZpZ7XLNHJw0fZFvNdbjpilYs57dBBcGcV5ctNQ=
Subject key identifier:   05:15:9F:A3:BA:BA:0F:49:4C:24:CE:E1:13:E6:08:1B:0D:8D:09:80
Certificate issuer:       /CN=10543a5197eb2544447e9d36b3ebf14452c777eb
Certificate serial:       01999FBA071F4F1D8D867E61A022D03032BF
Authority key identifier: 10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/BRWfo7q6D0lMJM7hE-YIGw2NCYA.roa
Signing time:             Wed 01 Oct 2025 12:23:12 +0000
ROA not before:           Wed 01 Oct 2025 12:23:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32787
IP address blocks:        193.120.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9f:ba:07:1f:4f:1d:8d:86:7e:61:a0:22:d0:30:32:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10543a5197eb2544447e9d36b3ebf14452c777eb
        Validity
            Not Before: Oct  1 12:23:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05159fa3baba0f494c24cee113e6081b0d8d0980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f1:51:71:8f:eb:8a:44:ff:7e:3f:a6:aa:9b:
                    6e:ab:da:39:cf:c4:32:34:d6:21:98:24:4c:d6:82:
                    15:bd:7e:bd:e1:55:0f:04:4f:a6:fb:9e:03:7c:fc:
                    0a:d7:b4:2d:12:ed:77:43:11:29:52:57:6b:f1:9e:
                    1a:ae:c4:db:74:6c:14:c0:f2:ca:46:24:fa:9b:1f:
                    6f:29:c7:0d:55:86:c7:cb:08:61:31:15:61:e7:37:
                    09:90:64:cc:37:d1:6d:86:2c:8e:05:4e:c7:80:c6:
                    d7:d5:44:fd:44:f0:67:3e:56:13:08:ed:f8:f4:37:
                    1b:9c:36:83:b9:e9:ed:2a:c7:2c:d9:b0:ac:68:42:
                    ee:69:c5:4c:bd:fc:81:f4:eb:69:77:31:27:da:6d:
                    5f:0f:e7:3b:05:9b:bf:20:52:52:d4:2d:eb:03:31:
                    ad:5b:d2:54:98:49:c0:fe:c8:8b:28:82:1b:1a:4a:
                    40:aa:12:d4:19:68:e6:76:34:91:90:1b:bf:3f:c5:
                    40:3d:1b:26:f8:b3:28:c8:de:e6:e3:ee:29:9e:87:
                    95:2f:8c:da:48:fe:d8:86:68:66:5e:12:9c:66:39:
                    19:c0:2b:53:5d:de:cd:8e:11:5d:e2:6e:1f:fa:76:
                    4a:d1:03:a4:a5:ad:76:78:e9:d3:6d:2a:80:89:1d:
                    0d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:15:9F:A3:BA:BA:0F:49:4C:24:CE:E1:13:E6:08:1B:0D:8D:09:80
            X509v3 Authority Key Identifier:
                keyid:10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/BRWfo7q6D0lMJM7hE-YIGw2NCYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.120.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:d1:df:1f:98:f4:cb:9e:fe:c8:1e:89:d7:61:7a:5f:22:3b:
         78:d6:4c:d0:2b:24:d8:bf:d0:17:10:b3:0b:24:03:6d:90:64:
         9f:27:45:ae:7d:f3:bc:37:97:75:fc:b9:98:1f:07:e6:b5:12:
         f4:ef:62:1c:40:61:a6:bb:ca:e2:f7:eb:9b:63:95:36:45:36:
         ad:6c:00:78:9e:9b:68:32:12:08:50:ae:a9:b0:12:26:f9:a5:
         aa:0a:d5:c8:ff:45:78:22:a0:44:28:5f:8c:fb:70:d0:28:18:
         de:17:72:47:29:b1:b5:32:28:84:3a:63:41:73:66:82:8f:18:
         d5:af:4d:cb:bf:bf:ad:f4:2e:16:c5:94:3d:fb:0d:22:78:8f:
         8e:81:81:fe:af:39:cb:41:0b:87:6c:3c:ca:d9:13:39:5d:f8:
         22:c5:4e:5e:49:8f:d7:c0:89:21:bc:d9:d3:00:b9:e5:01:4f:
         5e:68:7e:98:49:f8:3a:16:ee:2c:5c:e1:23:9c:2f:56:29:0d:
         87:55:0f:02:5e:50:b5:e8:32:87:6b:92:c9:eb:a1:30:dd:87:
         8a:6d:6e:9b:91:cd:d2:f6:54:85:38:f8:2c:2e:a8:39:25:8c:
         53:b5:7b:41:77:b2:5c:d7:b1:95:e1:26:96:3a:9e:f0:c5:c2:
         b8:68:f4:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmfugcfTx2Nhn5hoCLQMDK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTQzYTUxOTdlYjI1NDQ0NDdlOWQzNmIzZWJmMTQ0NTJj
Nzc3ZWIwHhcNMjUxMDAxMTIyMzEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTE1OWZhM2JhYmEwZjQ5NGMyNGNlZTExM2U2MDgxYjBkOGQwOTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovFRcY/rikT/fj+mqptuq9o5z8Qy
NNYhmCRM1oIVvX694VUPBE+m+54DfPwK17QtEu13QxEpUldr8Z4arsTbdGwUwPLK
RiT6mx9vKccNVYbHywhhMRVh5zcJkGTMN9FthiyOBU7HgMbX1UT9RPBnPlYTCO34
9DcbnDaDuentKscs2bCsaELuacVMvfyB9OtpdzEn2m1fD+c7BZu/IFJS1C3rAzGt
W9JUmEnA/siLKIIbGkpAqhLUGWjmdjSRkBu/P8VAPRsm+LMoyN7m4+4pnoeVL4za
SP7YhmhmXhKcZjkZwCtTXd7NjhFd4m4f+nZK0QOkpa12eOnTbSqAiR0NrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUVn6O6ug9JTCTO4RPmCBsNjQmAMB8GA1UdIwQY
MBaAFBBUOlGX6yVERH6dNrPr8URSx3frMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmIt
ZjdlMGM1ZTI3MDJlLzEvQlJXZm83cTZEMGxNSk03aEUtWUlHdzJOQ1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmItZjdlMGM1ZTI3MDJl
LzEvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXgqMA0G
CSqGSIb3DQEBCwUAA4IBAQAW0d8fmPTLnv7IHonXYXpfIjt41kzQKyTYv9AXELML
JANtkGSfJ0WuffO8N5d1/LmYHwfmtRL072IcQGGmu8ri9+ubY5U2RTatbAB4npto
MhIIUK6psBIm+aWqCtXI/0V4IqBEKF+M+3DQKBjeF3JHKbG1MiiEOmNBc2aCjxjV
r03Lv7+t9C4WxZQ9+w0ieI+OgYH+rznLQQuHbDzK2RM5XfgixU5eSY/XwIkhvNnT
ALnlAU9eaH6YSfg6Fu4sXOEjnC9WKQ2HVQ8CXlC16DKHa5LJ66Ew3YeKbW6bkc3S
9lSFOPgsLqg5JYxTtXtBd7Jc17GV4SaWOp7wxcK4aPQS
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:32 2025 by rpki-client