Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/IRcza-0CKTSELNSgEp9IbAYQ7NA.roa
File:                     IRcza-0CKTSELNSgEp9IbAYQ7NA.roa (raw, json)
Hash identifier:          D9Pka5mUsp4gJ1mHK7X0EK4OE3ncNGm0orJcZI7/Jdk=
Subject key identifier:   21:17:33:6B:ED:02:29:34:84:2C:D4:A0:12:9F:48:6C:06:10:EC:D0
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       0199944DD662F494CEBD17D58B5F909CF045
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/IRcza-0CKTSELNSgEp9IbAYQ7NA.roa
Signing time:             Mon 29 Sep 2025 07:09:12 +0000
ROA not before:           Mon 29 Sep 2025 07:09:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        62.171.240.0/22 maxlen: 24
                          194.238.56.0/22 maxlen: 24
                          194.238.78.0/24 maxlen: 24
                          194.238.79.0/24 maxlen: 24
                          213.18.200.0/21 maxlen: 24
                          213.18.245.0/24 maxlen: 24
                          217.177.0.0/21 maxlen: 24
                          217.177.32.0/24 maxlen: 24
                          217.177.35.0/24 maxlen: 24
                          217.177.44.0/22 maxlen: 24
                          217.177.75.0/24 maxlen: 24
                          217.177.80.0/22 maxlen: 24
                          217.177.84.0/22 maxlen: 24
                          217.179.56.0/22 maxlen: 24
                          217.179.72.0/22 maxlen: 24
                          217.179.88.0/24 maxlen: 24
                          217.179.91.0/24 maxlen: 24
                          217.180.20.0/24 maxlen: 24
                          217.180.22.0/23 maxlen: 24
                          217.180.45.0/24 maxlen: 24
                          217.180.46.0/24 maxlen: 24
                          217.181.80.0/21 maxlen: 24
                          217.181.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:4d:d6:62:f4:94:ce:bd:17:d5:8b:5f:90:9c:f0:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Sep 29 07:09:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2117336bed022934842cd4a0129f486c0610ecd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:05:e8:59:ff:4d:e6:1e:a5:63:e4:6c:59:e1:
                    10:9a:96:2b:88:a7:12:a5:45:0f:6e:76:be:3e:8d:
                    f2:b8:f0:6a:53:f6:7c:b9:a5:1f:0f:98:ac:f1:9b:
                    50:d7:80:73:21:00:cc:b4:83:e6:b8:d9:7c:23:50:
                    17:91:5f:ce:35:db:88:2f:4e:c7:86:33:4c:de:3f:
                    6f:d0:83:fa:34:ac:0c:77:08:69:12:03:94:f6:cc:
                    6f:4d:4b:d0:52:9d:7c:20:bc:aa:13:2f:5b:6a:3d:
                    88:14:2d:37:88:85:56:13:dd:fa:d3:13:09:eb:19:
                    ac:c8:0a:fe:98:76:ec:98:d2:e5:d1:34:1e:1f:a9:
                    03:7d:45:71:44:6f:b9:73:8d:73:e2:29:31:8d:ec:
                    ca:4d:d6:be:76:a0:b0:06:72:37:6b:3f:4a:5d:39:
                    f7:15:94:91:3e:8e:90:f3:b1:d6:1a:df:5d:da:94:
                    d7:48:2f:a6:94:95:8d:ef:08:d5:4e:f4:34:b4:28:
                    6a:6d:31:2f:b9:23:cf:42:20:ac:52:86:75:8a:f6:
                    f6:6d:3f:f9:49:f6:98:51:02:c2:9c:35:e3:17:8d:
                    45:99:ae:45:69:2e:90:74:23:1b:d1:a5:87:bf:11:
                    04:b6:26:49:18:0e:42:c3:a5:5f:df:28:00:f0:23:
                    fb:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:17:33:6B:ED:02:29:34:84:2C:D4:A0:12:9F:48:6C:06:10:EC:D0
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/IRcza-0CKTSELNSgEp9IbAYQ7NA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.240.0/22
                  194.238.56.0/22
                  194.238.78.0/23
                  213.18.200.0/21
                  213.18.245.0/24
                  217.177.0.0/21
                  217.177.32.0/24
                  217.177.35.0/24
                  217.177.44.0/22
                  217.177.75.0/24
                  217.177.80.0/21
                  217.179.56.0/22
                  217.179.72.0/22
                  217.179.88.0/24
                  217.179.91.0/24
                  217.180.20.0/24
                  217.180.22.0/23
                  217.180.45.0-217.180.46.255
                  217.181.80.0-217.181.91.255

    Signature Algorithm: sha256WithRSAEncryption
         2d:ed:78:84:69:2e:f1:b1:d3:d8:5b:c8:ae:2e:c9:ff:8e:78:
         46:e1:13:19:a9:10:4c:70:9d:b5:5f:90:67:dd:0c:a3:73:62:
         24:bb:cb:c3:f7:93:d3:d3:59:72:8f:56:e6:1f:af:43:04:65:
         48:1e:3d:76:ba:fc:82:67:7e:0a:35:df:c2:93:62:90:82:28:
         14:86:80:a3:72:df:b9:e4:5d:e6:3e:32:a8:3b:db:c3:ce:b5:
         2e:09:6b:64:1a:86:67:37:9b:f8:f0:ca:27:20:b9:c5:3f:3b:
         15:c8:57:1b:13:9e:51:79:8c:8a:80:c2:8f:fb:27:5a:8c:40:
         89:07:71:d5:2a:56:2e:1d:a2:ce:87:46:5d:4e:a9:05:a9:3c:
         bf:ed:aa:f8:74:ea:22:58:51:62:52:63:e7:1a:9c:c6:13:f9:
         64:96:d4:a8:29:55:55:86:5a:30:50:0a:cd:8f:7c:d2:8f:8d:
         9b:a9:45:d6:d6:1e:62:02:db:2f:a3:0a:bb:dc:53:25:f9:b4:
         4e:34:16:2d:e8:1f:01:f5:cd:b9:25:c8:ef:b1:63:f9:f8:cb:
         0c:99:02:88:a2:89:7a:f8:bc:32:0b:3e:c3:e0:29:26:c0:e0:
         34:7a:59:12:09:04:21:2f:5d:34:02:56:74:9a:77:ec:48:42:
         c9:da:47:db
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAZmUTdZi9JTOvRfVi1+QnPBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwOTI5MDcwOTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTE3MzM2YmVkMDIyOTM0ODQyY2Q0YTAxMjlmNDg2YzA2MTBlY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgXoWf9N5h6lY+RsWeEQmpYriKcS
pUUPbna+Po3yuPBqU/Z8uaUfD5is8ZtQ14BzIQDMtIPmuNl8I1AXkV/ONduIL07H
hjNM3j9v0IP6NKwMdwhpEgOU9sxvTUvQUp18ILyqEy9baj2IFC03iIVWE9360xMJ
6xmsyAr+mHbsmNLl0TQeH6kDfUVxRG+5c41z4ikxjezKTda+dqCwBnI3az9KXTn3
FZSRPo6Q87HWGt9d2pTXSC+mlJWN7wjVTvQ0tChqbTEvuSPPQiCsUoZ1ivb2bT/5
SfaYUQLCnDXjF41Fma5FaS6QdCMb0aWHvxEEtiZJGA5Cw6Vf3ygA8CP7zQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFCEXM2vtAik0hCzUoBKfSGwGEOzQMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvSVJjemEtMENLVFNFTE5TZ0VwOUliQVlRN05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGfBggrBgEFBQcBBwEB/wSBjzCBjDCBiQQCAAEwgYIDBAI+
q/ADBALC7jgDBAHC7k4DBAPVEsgDBADVEvUDBAPZsQADBADZsSADBADZsSMDBALZ
sSwDBADZsUsDBAPZsVADBALZszgDBALZs0gDBADZs1gDBADZs1sDBADZtBQDBAHZ
tBYwDAMEANm0LQMEANm0LjAMAwQE2bVQAwQC2bVYMA0GCSqGSIb3DQEBCwUAA4IB
AQAt7XiEaS7xsdPYW8iuLsn/jnhG4RMZqRBMcJ21X5Bn3Qyjc2Iku8vD95PT01ly
j1bmH69DBGVIHj12uvyCZ34KNd/Ck2KQgigUhoCjct+55F3mPjKoO9vDzrUuCWtk
GoZnN5v48MonILnFPzsVyFcbE55ReYyKgMKP+ydajECJB3HVKlYuHaLOh0ZdTqkF
qTy/7ar4dOoiWFFiUmPnGpzGE/lkltSoKVVVhlowUArNj3zSj42bqUXW1h5iAtsv
owq73FMl+bRONBYt6B8B9c25JcjvsWP5+MsMmQKIool6+LwyCz7D4CkmwOA0elkS
CQQhL100AlZ0mnfsSELJ2kfb
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:42 2025 by rpki-client