Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/mvZM5xM19MdXjcSx3hdO4Ii-xy8.roa
File:                     mvZM5xM19MdXjcSx3hdO4Ii-xy8.roa (raw, json)
Hash identifier:          CQDijVYEwX5HABzrSvTmoz9CzxyBTY+nMkyehydT72w=
Subject key identifier:   9A:F6:4C:E7:13:35:F4:C7:57:8D:C4:B1:DE:17:4E:E0:88:BE:C7:2F
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0199666ADFD8EFF7CF896F68EA2EEF2DFFFB
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/mvZM5xM19MdXjcSx3hdO4Ii-xy8.roa
Signing time:             Sat 20 Sep 2025 09:18:24 +0000
ROA not before:           Sat 20 Sep 2025 09:18:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152565
IP address blocks:        37.202.203.0/24 maxlen: 24
                          151.243.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:66:6a:df:d8:ef:f7:cf:89:6f:68:ea:2e:ef:2d:ff:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Sep 20 09:18:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9af64ce71335f4c7578dc4b1de174ee088bec72f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2d:60:ed:01:01:ff:98:b4:e0:5e:5a:cf:b0:
                    0d:92:be:e2:91:d0:2b:01:54:3f:26:b5:b1:d6:c7:
                    0b:15:5d:ff:0b:7e:6b:27:57:5f:ac:02:c2:c7:87:
                    9d:a5:09:09:c4:72:72:fc:19:3b:a8:94:56:e0:33:
                    1d:99:79:17:24:9f:c2:a7:a4:42:5f:27:65:9a:fc:
                    2f:57:c0:61:ee:20:3d:ad:7c:97:ed:9a:e6:f5:4a:
                    f4:f2:15:d0:b0:c9:48:b1:54:9b:a7:6f:fc:35:6d:
                    8f:ea:7b:a2:1a:84:99:40:16:27:8f:f9:6a:07:32:
                    3a:be:85:53:66:a7:1a:7c:af:e1:07:7f:31:90:0e:
                    02:9c:7b:fc:07:ff:b5:86:8a:9d:eb:25:9a:4d:86:
                    1a:1f:20:fe:23:dd:28:79:3c:db:61:31:be:ad:b1:
                    50:1e:63:25:0d:86:ac:2f:5a:d8:1f:1f:c4:c5:b1:
                    c8:2a:1c:65:f7:90:80:a1:3a:23:38:c3:09:b5:0a:
                    c7:54:e7:69:b7:0c:3b:a4:44:e8:9a:da:49:24:48:
                    eb:5b:42:4f:74:b6:e4:87:4f:e1:2c:bd:c8:57:b2:
                    d5:45:20:cc:b1:3a:45:65:ea:ca:06:a8:cd:3b:3a:
                    84:6a:cc:ea:98:a2:6c:70:20:f3:6c:14:bc:5e:35:
                    8a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F6:4C:E7:13:35:F4:C7:57:8D:C4:B1:DE:17:4E:E0:88:BE:C7:2F
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/mvZM5xM19MdXjcSx3hdO4Ii-xy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.203.0/24
                  151.243.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:51:b3:7d:6e:51:1b:4e:cd:3e:1a:d9:6e:85:f6:38:21:cb:
         11:c4:65:93:a1:fc:d6:a9:a9:cc:98:0b:f4:88:12:c4:e1:0b:
         8f:13:cb:a0:0e:bb:9e:e5:49:5d:a2:c1:61:28:5d:ea:fd:69:
         a6:0e:0a:48:2c:4c:d9:e8:70:60:2f:5e:e5:47:ae:b3:15:de:
         ef:0a:9b:f6:09:8c:f5:e7:51:de:4f:ff:53:f3:49:41:f8:20:
         c3:86:ae:92:1e:4b:e6:ce:d7:a3:61:e4:45:f3:f9:72:6a:8b:
         80:41:8c:3d:cf:47:e7:25:1b:1c:f5:64:95:bb:f9:6e:13:e7:
         29:b8:b4:66:c3:2a:fb:9e:0c:34:0a:ac:e9:c3:6c:3f:b8:d3:
         96:1b:2f:85:ec:41:77:28:43:db:51:a0:34:21:c8:2f:6b:be:
         52:a6:f9:62:f1:34:fe:5c:2d:b0:0b:f7:6b:a7:dd:1f:50:36:
         da:fb:30:71:c2:93:b7:f4:bb:6c:1d:45:c5:7b:04:ac:93:27:
         0a:4e:c3:a7:19:aa:8b:cb:af:33:f6:0c:ed:c9:b9:e7:50:71:
         e9:78:9f:01:01:04:9d:e6:6a:d3:e2:c4:59:ba:37:7b:83:ca:
         53:f4:72:7c:dc:17:ea:cf:ec:be:16:7d:42:27:f8:8e:6c:01:
         3a:19:3f:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlmat/Y7/fPiW9o6i7vLf/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwOTIwMDkxODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWY2NGNlNzEzMzVmNGM3NTc4ZGM0YjFkZTE3NGVlMDg4YmVjNzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvy1g7QEB/5i04F5az7ANkr7ikdAr
AVQ/JrWx1scLFV3/C35rJ1dfrALCx4edpQkJxHJy/Bk7qJRW4DMdmXkXJJ/Cp6RC
XydlmvwvV8Bh7iA9rXyX7Zrm9Ur08hXQsMlIsVSbp2/8NW2P6nuiGoSZQBYnj/lq
BzI6voVTZqcafK/hB38xkA4CnHv8B/+1hoqd6yWaTYYaHyD+I90oeTzbYTG+rbFQ
HmMlDYasL1rYHx/ExbHIKhxl95CAoTojOMMJtQrHVOdptww7pETomtpJJEjrW0JP
dLbkh0/hLL3IV7LVRSDMsTpFZerKBqjNOzqEaszqmKJscCDzbBS8XjWKJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJr2TOcTNfTHV43Esd4XTuCIvscvMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbXZaTTV4TTE5TWRYamNTeDNoZE80SWkteHk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJcrLAwQA
l/OSMA0GCSqGSIb3DQEBCwUAA4IBAQBOUbN9blEbTs0+GtluhfY4IcsRxGWTofzW
qanMmAv0iBLE4QuPE8ugDrue5UldosFhKF3q/WmmDgpILEzZ6HBgL17lR66zFd7v
Cpv2CYz151HeT/9T80lB+CDDhq6SHkvmztejYeRF8/lyaouAQYw9z0fnJRsc9WSV
u/luE+cpuLRmwyr7ngw0Cqzpw2w/uNOWGy+F7EF3KEPbUaA0Icgva75Spvli8TT+
XC2wC/drp90fUDba+zBxwpO39LtsHUXFewSskycKTsOnGaqLy68z9gztybnnUHHp
eJ8BAQSd5mrT4sRZujd7g8pT9HJ83Bfqz+y+Fn1CJ/iObAE6GT/A
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:17 2025 by rpki-client