Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/84acdf-ba85-4a81-a306-f9ab3b052349/1/3vQJX1qiDpD0wMY9PTYA0PPaBPY.roa
File:                     3vQJX1qiDpD0wMY9PTYA0PPaBPY.roa (raw, json)
Hash identifier:          9p9BvXjVY0nIdlxupAXb84lfifwZdaujC3Pou0+e2uY=
Subject key identifier:   DE:F4:09:5F:5A:A2:0E:90:F4:C0:C6:3D:3D:36:00:D0:F3:DA:04:F6
Certificate issuer:       /CN=6ffb0f9bdc3a2fae47b47e70218993c919f10fb0
Certificate serial:       0199E1E1D688B068457448A4355B9658BA74
Authority key identifier: 6F:FB:0F:9B:DC:3A:2F:AE:47:B4:7E:70:21:89:93:C9:19:F1:0F:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b_sPm9w6L65HtH5wIYmTyRnxD7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/84acdf-ba85-4a81-a306-f9ab3b052349/1/3vQJX1qiDpD0wMY9PTYA0PPaBPY.roa
Signing time:             Tue 14 Oct 2025 08:41:38 +0000
ROA not before:           Tue 14 Oct 2025 08:41:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2799
IP address blocks:        147.186.0.0/16 maxlen: 16
                          2001:67c:49c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/84acdf-ba85-4a81-a306-f9ab3b052349/1/b_sPm9w6L65HtH5wIYmTyRnxD7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/84acdf-ba85-4a81-a306-f9ab3b052349/1/b_sPm9w6L65HtH5wIYmTyRnxD7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b_sPm9w6L65HtH5wIYmTyRnxD7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e1:e1:d6:88:b0:68:45:74:48:a4:35:5b:96:58:ba:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ffb0f9bdc3a2fae47b47e70218993c919f10fb0
        Validity
            Not Before: Oct 14 08:41:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=def4095f5aa20e90f4c0c63d3d3600d0f3da04f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:dd:49:9f:02:47:e6:da:34:f3:a1:31:85:13:
                    5d:05:25:54:fc:fb:da:cd:8f:4a:ad:3e:14:86:5c:
                    23:de:e4:29:ec:df:a3:0b:b9:90:10:1c:41:08:d2:
                    d9:9a:63:af:8d:94:cd:6f:f7:fd:44:ab:ba:b5:e4:
                    47:71:49:1c:15:6e:be:5a:a3:c7:2e:12:f0:93:fa:
                    be:6c:8a:5d:3c:14:b4:17:48:ab:cf:56:eb:32:73:
                    ba:e8:2e:a5:6c:24:5f:3c:85:7e:73:34:7b:67:2d:
                    00:5f:e8:b3:21:8c:91:79:67:10:49:68:d5:f2:69:
                    3a:52:46:86:ae:52:85:57:aa:69:94:21:b2:f1:b1:
                    99:29:3e:d1:35:0e:54:71:b9:c7:19:e9:5d:1f:eb:
                    78:c5:7b:6e:56:1a:89:22:31:d0:21:31:0e:ba:31:
                    7d:1a:16:ac:ac:61:ae:2c:33:38:a7:af:a5:b9:ba:
                    f8:a2:6c:12:a6:f6:b1:b8:31:47:5c:e6:44:d4:bb:
                    b7:e9:fb:ae:7a:10:79:72:ec:c7:a1:ea:12:ce:9c:
                    56:07:b9:05:be:36:c4:f0:22:60:20:34:2b:ba:cc:
                    8f:4d:27:09:ed:ab:50:9c:2b:fb:dd:f9:f1:ac:ff:
                    a1:70:d8:4d:92:de:e0:8f:85:2e:1a:d2:5b:fa:ec:
                    4d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:F4:09:5F:5A:A2:0E:90:F4:C0:C6:3D:3D:36:00:D0:F3:DA:04:F6
            X509v3 Authority Key Identifier:
                keyid:6F:FB:0F:9B:DC:3A:2F:AE:47:B4:7E:70:21:89:93:C9:19:F1:0F:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b_sPm9w6L65HtH5wIYmTyRnxD7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/84acdf-ba85-4a81-a306-f9ab3b052349/1/3vQJX1qiDpD0wMY9PTYA0PPaBPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/84acdf-ba85-4a81-a306-f9ab3b052349/1/b_sPm9w6L65HtH5wIYmTyRnxD7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.186.0.0/16
                IPv6:
                  2001:67c:49c::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:c4:4e:2c:83:6e:68:c5:01:9c:72:67:c7:12:2f:97:d3:b3:
         07:f6:b3:82:cb:04:c3:78:d3:6b:1e:a1:79:21:fb:7a:89:2e:
         e4:f3:37:3f:ca:94:6a:37:8f:12:3e:fa:70:e8:9c:13:ef:33:
         96:48:a8:2c:1d:ac:da:b9:0f:56:e6:6e:0f:03:fe:58:0a:f7:
         29:37:62:40:0b:18:eb:09:99:5a:29:4c:69:63:79:6d:ec:9c:
         94:98:9e:65:77:34:cc:b5:4e:97:2f:33:13:b5:7f:98:1a:17:
         b1:8e:bb:29:4d:6a:8b:f4:3a:e6:9e:b9:d1:74:79:0f:79:3f:
         56:ec:0f:19:6c:20:8b:37:c8:85:da:6e:c8:05:ad:49:9a:5e:
         39:20:51:a3:e7:5d:99:18:c4:cb:50:28:31:63:fd:49:df:7d:
         56:f7:5d:cf:cd:a4:24:06:6f:83:44:c5:f0:46:50:e3:92:06:
         aa:67:0f:ee:5d:e6:16:c7:2a:b5:59:1d:75:65:aa:f0:8d:38:
         1e:69:4d:33:a9:20:17:bb:3b:79:7f:df:cf:02:25:f0:64:30:
         7e:a0:82:d8:fb:fb:e8:e8:6c:9f:a8:b1:02:c6:e0:28:ed:f1:
         33:29:ef:cd:6c:e5:06:10:92:c6:f8:25:13:e6:c0:6a:03:a2:
         3c:59:15:f7
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZnh4daIsGhFdEikNVuWWLp0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZmIwZjliZGMzYTJmYWU0N2I0N2U3MDIxODk5M2M5MTlm
MTBmYjAwHhcNMjUxMDE0MDg0MTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWY0MDk1ZjVhYTIwZTkwZjRjMGM2M2QzZDM2MDBkMGYzZGEwNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlt1JnwJH5to086ExhRNdBSVU/Pva
zY9KrT4Uhlwj3uQp7N+jC7mQEBxBCNLZmmOvjZTNb/f9RKu6teRHcUkcFW6+WqPH
LhLwk/q+bIpdPBS0F0irz1brMnO66C6lbCRfPIV+czR7Zy0AX+izIYyReWcQSWjV
8mk6UkaGrlKFV6pplCGy8bGZKT7RNQ5UcbnHGeldH+t4xXtuVhqJIjHQITEOujF9
GhasrGGuLDM4p6+lubr4omwSpvaxuDFHXOZE1Lu36fuuehB5cuzHoeoSzpxWB7kF
vjbE8CJgIDQrusyPTScJ7atQnCv73fnxrP+hcNhNkt7gj4UuGtJb+uxNHQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFN70CV9aog6Q9MDGPT02ANDz2gT2MB8GA1UdIwQY
MBaAFG/7D5vcOi+uR7R+cCGJk8kZ8Q+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYl9zUG05dzZMNjVIdEg1d0lZbVR5Um54RDdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi84NGFjZGYtYmE4NS00YTgxLWEzMDYt
ZjlhYjNiMDUyMzQ5LzEvM3ZRSlgxcWlEcEQwd01ZOVBUWUEwUFBhQlBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi84NGFjZGYtYmE4NS00YTgxLWEzMDYtZjlhYjNiMDUyMzQ5
LzEvYl9zUG05dzZMNjVIdEg1d0lZbVR5Um54RDdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjALBAIAATAFAwMAk7owDwQC
AAIwCQMHACABBnwEnDANBgkqhkiG9w0BAQsFAAOCAQEAJcROLINuaMUBnHJnxxIv
l9OzB/azgssEw3jTax6heSH7eoku5PM3P8qUajePEj76cOicE+8zlkioLB2s2rkP
VuZuDwP+WAr3KTdiQAsY6wmZWilMaWN5beyclJieZXc0zLVOly8zE7V/mBoXsY67
KU1qi/Q65p650XR5D3k/VuwPGWwgizfIhdpuyAWtSZpeOSBRo+ddmRjEy1AoMWP9
Sd99Vvddz82kJAZvg0TF8EZQ45IGqmcP7l3mFscqtVkddWWq8I04HmlNM6kgF7s7
eX/fzwIl8GQwfqCC2Pv76Ohsn6ixAsbgKO3xMynvzWzlBhCSxvglE+bAagOiPFkV
9w==
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:52 2025 by rpki-client