Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/WWYl82GSEd1qQAxiD5G7v3lLaQM.roa
File:                     WWYl82GSEd1qQAxiD5G7v3lLaQM.roa (raw, json)
Hash identifier:          v6KLQe+v+na5DQ568uRBwOpKNe98JkD2TIoeCWqcFqk=
Subject key identifier:   59:66:25:F3:61:92:11:DD:6A:40:0C:62:0F:91:BB:BF:79:4B:69:03
Certificate issuer:       /CN=54b0bec8f58db0ce5b91f34505277e40bfd3ae11
Certificate serial:       019985211A410CE5F669E20B794539306944
Authority key identifier: 54:B0:BE:C8:F5:8D:B0:CE:5B:91:F3:45:05:27:7E:40:BF:D3:AE:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/WWYl82GSEd1qQAxiD5G7v3lLaQM.roa
Signing time:             Fri 26 Sep 2025 08:26:03 +0000
ROA not before:           Fri 26 Sep 2025 08:26:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24768
IP address blocks:        95.85.200.0/22 maxlen: 22
                          95.85.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:21:1a:41:0c:e5:f6:69:e2:0b:79:45:39:30:69:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54b0bec8f58db0ce5b91f34505277e40bfd3ae11
        Validity
            Not Before: Sep 26 08:26:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=596625f3619211dd6a400c620f91bbbf794b6903
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0f:2c:12:59:1c:fd:e4:51:19:80:73:4a:d7:
                    87:d4:7d:cd:b6:9e:f6:4b:e5:88:fd:24:a7:80:1a:
                    e0:e0:91:f7:ad:b4:bd:5d:ba:45:d5:ff:8a:5c:95:
                    ad:b1:52:b3:ee:18:03:a8:70:1f:e6:11:63:1c:3d:
                    74:88:28:61:61:3e:6c:48:75:ed:3d:3b:2d:4e:f1:
                    cc:ea:8b:a4:20:c7:e5:74:b8:98:2d:4b:61:f3:e2:
                    d9:6c:ee:85:29:44:e0:19:88:22:df:5c:d9:f7:09:
                    18:01:b7:ac:b2:8c:ca:33:dd:17:f1:24:2a:50:09:
                    d3:1e:34:f7:4f:8c:01:59:63:88:78:40:bb:94:ce:
                    05:22:e3:74:82:bc:77:01:63:f8:e2:6e:69:e4:2e:
                    8d:a2:a9:93:4f:f4:2f:55:36:51:a8:d7:56:00:e1:
                    6b:56:b3:15:33:07:00:f2:1e:a0:af:92:42:b3:0e:
                    a0:f8:c1:9e:14:2d:35:0c:ca:07:bc:59:11:4f:87:
                    aa:30:bd:67:bf:68:10:eb:64:0b:0b:b0:d0:bb:67:
                    63:41:54:d1:77:43:2e:3f:9f:09:a0:29:5e:3e:0c:
                    e7:59:1d:d5:7d:c5:0a:f5:96:ad:29:f6:2f:89:54:
                    f0:2a:d7:8c:34:51:fb:53:69:01:70:1f:d8:e3:34:
                    5a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:66:25:F3:61:92:11:DD:6A:40:0C:62:0F:91:BB:BF:79:4B:69:03
            X509v3 Authority Key Identifier:
                keyid:54:B0:BE:C8:F5:8D:B0:CE:5B:91:F3:45:05:27:7E:40:BF:D3:AE:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VLC-yPWNsM5bkfNFBSd-QL_TrhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/WWYl82GSEd1qQAxiD5G7v3lLaQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ad34e-b1e5-4d8c-948e-0f4dbb890bd0/1/VLC-yPWNsM5bkfNFBSd-QL_TrhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.85.200.0/22
                  95.85.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:7f:cb:e5:b9:09:36:ae:89:a7:77:59:c4:bf:9a:95:3d:36:
         a8:61:76:77:ed:bf:53:87:80:65:c6:8c:47:95:5d:37:0b:a6:
         02:83:be:2d:c4:66:25:8d:9e:8e:eb:f4:0f:4b:71:53:63:a7:
         de:0c:9c:35:2e:0a:f1:bf:ec:be:c6:dd:e7:b6:18:df:c0:6e:
         4f:88:52:c1:bb:27:26:14:38:50:fc:76:fa:25:2d:6e:4e:b9:
         49:3b:39:4f:34:6e:ef:0b:6b:50:b2:1c:88:9f:7f:9c:98:98:
         73:86:22:39:05:d5:b2:24:58:6a:bd:16:ba:e1:15:ef:29:f9:
         1a:05:fe:fc:ac:b5:f2:e1:25:de:48:cb:54:f1:c2:b8:6f:35:
         5b:c4:59:48:80:cb:28:19:cc:88:9b:72:37:f2:0c:a9:d3:0c:
         96:f5:92:d7:f3:e8:9b:fc:5a:e1:ff:0a:af:e4:4a:63:3a:d2:
         5c:38:f2:9c:ca:64:ef:aa:43:f1:6c:e6:ea:62:f6:5f:06:3d:
         63:06:8b:f1:eb:6e:87:75:ec:6a:b3:3d:35:86:0e:56:58:8b:
         c2:ca:aa:08:26:4f:30:83:b3:1a:42:13:b6:4d:fe:fd:39:c8:
         05:cd:7e:6f:d4:58:20:cd:82:2e:c9:76:35:9f:a4:26:92:cd:
         46:8a:ac:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmFIRpBDOX2aeILeUU5MGlEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YjBiZWM4ZjU4ZGIwY2U1YjkxZjM0NTA1Mjc3ZTQwYmZk
M2FlMTEwHhcNMjUwOTI2MDgyNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTY2MjVmMzYxOTIxMWRkNmE0MDBjNjIwZjkxYmJiZjc5NGI2OTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQ8sElkc/eRRGYBzSteH1H3Ntp72
S+WI/SSngBrg4JH3rbS9XbpF1f+KXJWtsVKz7hgDqHAf5hFjHD10iChhYT5sSHXt
PTstTvHM6oukIMfldLiYLUth8+LZbO6FKUTgGYgi31zZ9wkYAbessozKM90X8SQq
UAnTHjT3T4wBWWOIeEC7lM4FIuN0grx3AWP44m5p5C6NoqmTT/QvVTZRqNdWAOFr
VrMVMwcA8h6gr5JCsw6g+MGeFC01DMoHvFkRT4eqML1nv2gQ62QLC7DQu2djQVTR
d0MuP58JoClePgznWR3VfcUK9ZatKfYviVTwKteMNFH7U2kBcB/Y4zRaGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFlmJfNhkhHdakAMYg+Ru795S2kDMB8GA1UdIwQY
MBaAFFSwvsj1jbDOW5HzRQUnfkC/064RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkxDLXlQV05zTTVia2ZORkJTZC1RTF9UcmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yYWQzNGUtYjFlNS00ZDhjLTk0OGUt
MGY0ZGJiODkwYmQwLzEvV1dZbDgyR1NFZDFxUUF4aUQ1Rzd2M2xMYVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8yYWQzNGUtYjFlNS00ZDhjLTk0OGUtMGY0ZGJiODkwYmQw
LzEvVkxDLXlQV05zTTVia2ZORkJTZC1RTF9UcmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCX1XIAwQC
X1XcMA0GCSqGSIb3DQEBCwUAA4IBAQCZf8vluQk2romnd1nEv5qVPTaoYXZ37b9T
h4BlxoxHlV03C6YCg74txGYljZ6O6/QPS3FTY6feDJw1Lgrxv+y+xt3nthjfwG5P
iFLBuycmFDhQ/Hb6JS1uTrlJOzlPNG7vC2tQshyIn3+cmJhzhiI5BdWyJFhqvRa6
4RXvKfkaBf78rLXy4SXeSMtU8cK4bzVbxFlIgMsoGcyIm3I38gyp0wyW9ZLX8+ib
/Frh/wqv5EpjOtJcOPKcymTvqkPxbObqYvZfBj1jBovx626Hdexqsz01hg5WWIvC
yqoIJk8wg7MaQhO2Tf79OcgFzX5v1FggzYIuyXY1n6Qmks1GiqyF
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:29:30 2025 by rpki-client