Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/ysAe9gPPhCsZkqGLoH8Nd4f8kFU.roa
File:                     ysAe9gPPhCsZkqGLoH8Nd4f8kFU.roa (raw, json)
Hash identifier:          fpsD9ECkrPIFTg+vtTdi/ySXoJt5P42w1onB70hUeiw=
Subject key identifier:   CA:C0:1E:F6:03:CF:84:2B:19:92:A1:8B:A0:7F:0D:77:87:FC:90:55
Certificate issuer:       /CN=10543a5197eb2544447e9d36b3ebf14452c777eb
Certificate serial:       0199296537CDE415BA595828422828C6ED27
Authority key identifier: 10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/ysAe9gPPhCsZkqGLoH8Nd4f8kFU.roa
Signing time:             Mon 08 Sep 2025 12:55:23 +0000
ROA not before:           Mon 08 Sep 2025 12:55:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2110
IP address blocks:        78.16.0.0/14 maxlen: 14
                          78.16.0.0/16 maxlen: 16
                          78.17.0.0/16 maxlen: 16
                          78.18.0.0/15 maxlen: 15
                          185.146.180.0/22 maxlen: 22
                          185.146.180.0/24 maxlen: 24
                          192.111.39.0/24 maxlen: 24
                          193.95.128.0/18 maxlen: 24
                          193.120.0.0/16 maxlen: 16
                          193.120.52.0/24 maxlen: 24
                          193.120.216.0/24 maxlen: 24
                          193.203.128.0/19 maxlen: 19
                          194.46.192.0/18 maxlen: 18
                          194.125.0.0/17 maxlen: 17
                          194.145.128.0/21 maxlen: 21
                          194.165.160.0/19 maxlen: 19
                          212.2.160.0/19 maxlen: 19
                          213.202.128.0/18 maxlen: 18
                          2001:7c8::/29 maxlen: 29
                          2001:7c8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:29:65:37:cd:e4:15:ba:59:58:28:42:28:28:c6:ed:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10543a5197eb2544447e9d36b3ebf14452c777eb
        Validity
            Not Before: Sep  8 12:55:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cac01ef603cf842b1992a18ba07f0d7787fc9055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:62:30:1f:7b:12:71:2f:92:75:7c:7b:c5:2f:
                    15:e1:c2:f3:4f:f9:54:1e:7a:73:67:68:52:bc:3d:
                    a1:aa:74:47:60:9f:6b:17:ea:ef:79:5f:53:cc:c0:
                    7a:72:ef:d3:15:18:58:51:f3:90:5c:b7:3c:f1:85:
                    4d:a3:b0:06:70:2f:7c:e5:ed:b0:1e:39:3c:16:b3:
                    0a:d3:f9:39:2d:9d:69:81:aa:97:3d:e1:27:ff:26:
                    f9:2b:b1:3d:53:13:c0:45:49:d0:8c:81:94:93:cf:
                    ed:f0:9d:60:3b:0d:d7:96:39:fe:36:e7:54:13:ec:
                    ca:4e:b1:67:5c:7d:8b:99:e7:ab:87:1b:64:cc:54:
                    e0:35:6c:21:58:5c:12:42:01:c8:96:74:54:92:88:
                    f2:2a:55:93:47:cf:6a:c5:0c:7c:3f:f2:6e:d5:f2:
                    f2:1c:7d:03:f4:37:20:ca:a2:c0:8a:ce:49:cf:ce:
                    5e:2a:e2:3f:81:3d:8e:7a:85:33:ea:98:8c:2c:18:
                    ad:15:16:00:ee:38:82:fc:b6:b7:4f:33:c9:a3:b1:
                    48:4c:8c:cb:67:77:f4:3c:16:ca:a6:4c:f7:19:4e:
                    61:61:c0:bf:ec:b7:40:60:9e:37:ef:53:b0:ec:6a:
                    66:51:ea:e7:dc:3c:52:8f:99:bf:3f:3a:6b:cd:05:
                    c6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:C0:1E:F6:03:CF:84:2B:19:92:A1:8B:A0:7F:0D:77:87:FC:90:55
            X509v3 Authority Key Identifier:
                keyid:10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/ysAe9gPPhCsZkqGLoH8Nd4f8kFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.16.0.0/14
                  185.146.180.0/22
                  192.111.39.0/24
                  193.95.128.0/18
                  193.120.0.0/16
                  193.203.128.0/19
                  194.46.192.0/18
                  194.125.0.0/17
                  194.145.128.0/21
                  194.165.160.0/19
                  212.2.160.0/19
                  213.202.128.0/18
                IPv6:
                  2001:7c8::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:dd:c5:d3:03:7e:2e:c7:78:12:82:d8:3a:5a:fb:08:82:f6:
         ac:70:fc:f1:2c:00:f7:1e:9d:47:f5:0c:83:3d:fa:ca:0a:74:
         e2:b8:d8:ae:47:e8:0f:05:9d:cc:32:7b:3b:b4:d9:fe:6f:2d:
         78:db:87:81:29:01:3a:f9:32:ad:5a:e3:02:0e:18:b7:62:3d:
         12:5f:ee:63:3e:da:36:59:73:0c:d6:7f:13:8f:7b:bb:ac:73:
         03:6b:17:72:0f:a6:44:42:93:0d:09:01:71:87:ab:f1:01:61:
         44:33:47:04:69:ca:b1:f2:32:c0:41:83:66:e5:03:7c:7b:1a:
         b7:4f:24:d4:81:3a:19:29:27:d7:67:f3:bf:a2:25:03:2c:c9:
         ae:52:f0:d2:e8:e0:60:e2:3a:69:9d:01:d6:68:8e:1d:c0:c8:
         cb:10:ea:26:cb:aa:7b:cd:1f:ff:25:37:52:3a:7c:17:b1:cb:
         02:ed:2f:f3:ea:be:bb:f2:f4:cb:08:b6:2c:93:03:e2:a2:af:
         55:9e:dd:46:99:83:86:3b:d2:d1:31:7b:7c:9f:fc:e2:02:2c:
         15:bc:03:24:17:36:55:e2:29:f8:e6:d1:f5:5a:a3:2a:23:40:
         76:2f:c1:9d:13:03:61:83:f2:70:f9:e0:95:7c:af:fe:5a:94:
         1c:03:a2:09
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAZkpZTfN5BW6WVgoQigoxu0nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTQzYTUxOTdlYjI1NDQ0NDdlOWQzNmIzZWJmMTQ0NTJj
Nzc3ZWIwHhcNMjUwOTA4MTI1NTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWMwMWVmNjAzY2Y4NDJiMTk5MmExOGJhMDdmMGQ3Nzg3ZmM5MDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGIwH3sScS+SdXx7xS8V4cLzT/lU
HnpzZ2hSvD2hqnRHYJ9rF+rveV9TzMB6cu/TFRhYUfOQXLc88YVNo7AGcC985e2w
Hjk8FrMK0/k5LZ1pgaqXPeEn/yb5K7E9UxPARUnQjIGUk8/t8J1gOw3Xljn+NudU
E+zKTrFnXH2LmeerhxtkzFTgNWwhWFwSQgHIlnRUkojyKlWTR89qxQx8P/Ju1fLy
HH0D9DcgyqLAis5Jz85eKuI/gT2OeoUz6piMLBitFRYA7jiC/La3TzPJo7FITIzL
Z3f0PBbKpkz3GU5hYcC/7LdAYJ4371Ow7GpmUern3DxSj5m/PzprzQXGnwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFMrAHvYDz4QrGZKhi6B/DXeH/JBVMB8GA1UdIwQY
MBaAFBBUOlGX6yVERH6dNrPr8URSx3frMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmIt
ZjdlMGM1ZTI3MDJlLzEveXNBZTlnUFBoQ3Naa3FHTG9IOE5kNGY4a0ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmItZjdlMGM1ZTI3MDJl
LzEvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwMCThADBAK5
krQDBADAbycDBAbBX4ADAwDBeAMEBcHLgAMEBsIuwAMEB8J9AAMEA8KRgAMEBcKl
oAMEBdQCoAMEBtXKgDANBAIAAjAHAwUDIAEHyDANBgkqhkiG9w0BAQsFAAOCAQEA
b93F0wN+Lsd4EoLYOlr7CIL2rHD88SwA9x6dR/UMgz36ygp04rjYrkfoDwWdzDJ7
O7TZ/m8teNuHgSkBOvkyrVrjAg4Yt2I9El/uYz7aNllzDNZ/E497u6xzA2sXcg+m
REKTDQkBcYer8QFhRDNHBGnKsfIywEGDZuUDfHsat08k1IE6GSkn12fzv6IlAyzJ
rlLw0ujgYOI6aZ0B1miOHcDIyxDqJsuqe80f/yU3Ujp8F7HLAu0v8+q+u/L0ywi2
LJMD4qKvVZ7dRpmDhjvS0TF7fJ/84gIsFbwDJBc2VeIp+ObR9VqjKiNAdi/BnRMD
YYPycPnglXyv/lqUHAOiCQ==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:38 2025 by rpki-client