Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/_NrheerKEayxLxmeSrF5Edjv82w.roa
File:                     _NrheerKEayxLxmeSrF5Edjv82w.roa (raw, json)
Hash identifier:          rlfA5r2zqgBZ+HVZA2nRWDL9rzPJ7BtVbwVR6RUPhIk=
Subject key identifier:   FC:DA:E1:79:EA:CA:11:AC:B1:2F:19:9E:4A:B1:79:11:D8:EF:F3:6C
Certificate issuer:       /CN=3718b734349bf327d9453b96501e44b192e55142
Certificate serial:       01997170863B1EEC06CB2D97DFED9BCD6863
Authority key identifier: 37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/_NrheerKEayxLxmeSrF5Edjv82w.roa
Signing time:             Mon 22 Sep 2025 12:40:23 +0000
ROA not before:           Mon 22 Sep 2025 12:40:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        45.132.27.0/24 maxlen: 24
                          185.155.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:71:70:86:3b:1e:ec:06:cb:2d:97:df:ed:9b:cd:68:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3718b734349bf327d9453b96501e44b192e55142
        Validity
            Not Before: Sep 22 12:40:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcdae179eaca11acb12f199e4ab17911d8eff36c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7c:74:d0:e3:a8:92:36:e5:81:d2:9c:89:cc:
                    71:98:7d:42:4d:37:62:8c:9e:34:eb:e4:8f:a3:8d:
                    2c:39:ae:2d:15:95:8b:0a:3c:1c:12:43:3b:5d:99:
                    45:37:6c:a2:b6:47:05:8b:ea:d2:ab:2b:88:4d:03:
                    3f:b9:17:13:1f:61:fb:f7:15:fc:6f:38:87:4a:f7:
                    d7:cf:ad:a1:42:c9:47:8e:1f:de:38:70:11:a1:59:
                    c9:c3:ff:d2:e3:cb:ca:28:92:37:74:2d:5c:00:59:
                    09:aa:94:eb:ba:a7:c7:f6:53:b5:a2:e9:e4:b8:5f:
                    8f:70:b7:2e:51:98:d8:6e:6f:48:fa:a0:5e:91:9a:
                    ae:af:21:1d:18:0a:fc:0a:df:0a:8c:4b:32:88:c8:
                    20:7a:7a:07:28:15:a2:64:8b:e4:0e:17:04:82:2b:
                    65:35:97:97:14:20:62:33:32:f4:ce:cb:27:ca:85:
                    55:1a:06:a8:b5:c9:a7:0c:82:8e:a3:ff:89:9e:c6:
                    d4:75:f2:41:51:05:2d:ae:02:25:38:ae:ab:ca:4f:
                    fa:39:5c:eb:d2:e4:58:0d:85:30:bc:d5:db:c2:3f:
                    d4:98:7f:48:5f:fc:02:66:a6:54:29:73:9d:a8:51:
                    3f:6b:4f:3b:8c:f0:f7:25:70:96:18:69:2e:43:61:
                    54:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DA:E1:79:EA:CA:11:AC:B1:2F:19:9E:4A:B1:79:11:D8:EF:F3:6C
            X509v3 Authority Key Identifier:
                keyid:37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/_NrheerKEayxLxmeSrF5Edjv82w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.27.0/24
                  185.155.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:4d:ba:7f:a8:83:9c:68:5b:40:a2:5d:a4:48:67:e8:59:16:
         fa:23:b0:3f:79:6e:27:7d:23:67:68:0c:ab:6c:e8:4c:b4:7e:
         73:d4:e7:4e:ec:72:f5:66:b7:05:c1:83:9d:ab:34:78:f2:4f:
         f2:40:85:c2:4e:94:ab:6b:ad:87:a0:12:1d:d1:0e:6f:52:fd:
         1e:22:0a:11:58:5c:68:a0:84:7b:85:ee:aa:82:bd:20:2d:63:
         92:82:33:7f:91:ff:55:87:94:fa:1a:81:e1:b5:f3:1e:41:94:
         fb:fd:99:3e:a9:c5:f1:cb:81:76:c2:3d:95:de:ce:fa:5f:7e:
         75:3c:91:b7:c8:49:de:b8:93:f3:5f:aa:d5:3c:6d:97:b3:68:
         24:f5:a1:d4:a3:c4:a2:d2:f4:14:f2:49:40:ff:07:ba:a9:c4:
         e7:7a:ca:02:2f:80:f1:6a:65:f2:cf:c6:f6:6b:e5:0f:b2:bb:
         34:ba:3e:e9:26:0b:c7:46:58:47:4e:31:95:ef:96:6c:c6:4a:
         5f:41:2c:c7:0e:f1:33:b5:da:b2:c5:2b:2c:19:36:4a:15:82:
         10:80:d2:92:13:16:fe:ff:f1:8b:99:90:fa:96:f5:15:d2:07:
         9e:bd:17:7a:b4:2a:e6:fb:2d:63:96:9e:30:f2:67:9a:9e:49:
         74:f7:49:0f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlxcIY7HuwGyy2X3+2bzWhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MThiNzM0MzQ5YmYzMjdkOTQ1M2I5NjUwMWU0NGIxOTJl
NTUxNDIwHhcNMjUwOTIyMTI0MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2RhZTE3OWVhY2ExMWFjYjEyZjE5OWU0YWIxNzkxMWQ4ZWZmMzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3x00OOokjblgdKcicxxmH1CTTdi
jJ406+SPo40sOa4tFZWLCjwcEkM7XZlFN2yitkcFi+rSqyuITQM/uRcTH2H79xX8
bziHSvfXz62hQslHjh/eOHARoVnJw//S48vKKJI3dC1cAFkJqpTruqfH9lO1ounk
uF+PcLcuUZjYbm9I+qBekZquryEdGAr8Ct8KjEsyiMggenoHKBWiZIvkDhcEgitl
NZeXFCBiMzL0zssnyoVVGgaotcmnDIKOo/+JnsbUdfJBUQUtrgIlOK6ryk/6OVzr
0uRYDYUwvNXbwj/UmH9IX/wCZqZUKXOdqFE/a087jPD3JXCWGGkuQ2FUBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPza4XnqyhGssS8ZnkqxeRHY7/NsMB8GA1UdIwQY
MBaAFDcYtzQ0m/Mn2UU7llAeRLGS5VFCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjct
YzgyM2NjOGYzODM3LzEvX05yaGVlcktFYXl4THhtZVNyRjVFZGp2ODJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjctYzgyM2NjOGYzODM3
LzEvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYQbAwQA
uZs1MA0GCSqGSIb3DQEBCwUAA4IBAQABTbp/qIOcaFtAol2kSGfoWRb6I7A/eW4n
fSNnaAyrbOhMtH5z1OdO7HL1ZrcFwYOdqzR48k/yQIXCTpSra62HoBId0Q5vUv0e
IgoRWFxooIR7he6qgr0gLWOSgjN/kf9Vh5T6GoHhtfMeQZT7/Zk+qcXxy4F2wj2V
3s76X351PJG3yEneuJPzX6rVPG2Xs2gk9aHUo8Si0vQU8klA/we6qcTnesoCL4Dx
amXyz8b2a+UPsrs0uj7pJgvHRlhHTjGV75ZsxkpfQSzHDvEztdqyxSssGTZKFYIQ
gNKSExb+//GLmZD6lvUV0geevRd6tCrm+y1jlp4w8meankl090kP
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:42 2025 by rpki-client