Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/0laar789lWX2-65-BfO0C43Kjqw.roa
File:                     0laar789lWX2-65-BfO0C43Kjqw.roa (raw, json)
Hash identifier:          qA62Wk12qtwW9Q6Z6JfBejGbdGShPZxSeZLDsIRfnAM=
Subject key identifier:   D2:56:9A:AF:BF:3D:95:65:F6:FB:AE:7E:05:F3:B4:0B:8D:CA:8E:AC
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0199E3C6273D4754A69E16E5943E62C7EDC2
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/0laar789lWX2-65-BfO0C43Kjqw.roa
Signing time:             Tue 14 Oct 2025 17:30:38 +0000
ROA not before:           Tue 14 Oct 2025 17:30:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33185
IP address blocks:        213.182.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e3:c6:27:3d:47:54:a6:9e:16:e5:94:3e:62:c7:ed:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Oct 14 17:30:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2569aafbf3d9565f6fbae7e05f3b40b8dca8eac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fd:f7:f7:c3:39:e6:a0:a4:e1:ce:fa:17:64:
                    62:eb:e2:74:e3:a0:df:4e:24:5f:74:46:6f:78:4b:
                    ef:56:10:bc:49:0b:ea:a4:21:56:4f:a0:2d:83:69:
                    7d:bc:f0:de:df:01:1e:0d:da:74:33:17:5d:b1:e9:
                    47:fb:cf:eb:26:69:c9:a4:e2:8d:9e:99:44:3c:47:
                    9b:37:f3:e7:dc:0e:06:6b:99:cd:a4:b9:5c:48:10:
                    d9:17:f3:33:ac:b3:0f:3c:57:c1:74:86:95:0b:e6:
                    75:f6:de:d7:07:1f:61:41:74:ed:6e:0a:cd:88:70:
                    0e:d3:49:22:f6:02:b7:18:73:85:bf:87:bd:08:b9:
                    f6:71:82:03:8f:16:0a:31:3e:4c:26:41:60:5d:0c:
                    6c:91:3a:85:1e:a5:78:74:c9:33:7b:ba:ec:27:6a:
                    67:45:12:62:bd:d8:32:21:e8:f5:a8:ca:1b:22:ec:
                    f0:96:7a:3c:32:72:2c:33:42:db:64:24:8b:98:0e:
                    70:cf:64:c3:01:31:09:23:16:fc:c2:62:e3:bb:05:
                    ae:5f:74:b0:dd:b5:50:ea:cb:80:de:b5:9d:af:1e:
                    30:9b:a6:d1:08:a7:bf:bd:7c:32:2b:b0:2f:6e:0f:
                    49:3e:da:15:6f:9d:11:89:80:d1:e9:64:fc:db:a5:
                    87:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:56:9A:AF:BF:3D:95:65:F6:FB:AE:7E:05:F3:B4:0B:8D:CA:8E:AC
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/0laar789lWX2-65-BfO0C43Kjqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:49:01:cc:57:8d:29:a3:8e:bc:15:8c:81:3d:31:c0:40:58:
         78:23:9f:fa:d1:16:9e:97:00:34:14:0f:76:4d:98:3e:13:51:
         61:7d:9a:a7:e9:31:c5:ca:81:ac:c4:e1:1c:a7:68:8d:bf:69:
         8b:bf:3f:ff:75:27:0d:24:a8:af:bf:4d:60:cc:c3:1f:6f:71:
         20:c2:35:9c:2a:0e:e3:59:06:c7:bf:d2:88:ee:4e:5b:22:5a:
         92:40:41:18:ca:9a:00:93:17:14:b1:e1:ab:02:3e:75:36:cf:
         bb:23:22:4a:fb:6d:43:a6:c5:e5:eb:f8:af:8a:f5:7b:a5:cb:
         b9:15:53:d3:a0:44:5a:71:36:21:e7:32:54:ce:43:cd:98:1c:
         f5:07:86:56:af:38:f4:c6:1a:a9:7a:22:bc:f4:97:9a:ff:97:
         f8:14:cf:14:fc:e9:df:3c:39:68:76:8c:1e:85:18:df:f4:44:
         64:dd:a6:f6:59:a4:f6:8f:ee:48:49:7d:12:8f:68:97:0f:62:
         1f:00:57:52:dc:bc:29:fa:95:bb:37:b2:47:45:d0:73:26:c7:
         33:d0:38:79:41:83:c7:4b:9a:62:0c:69:aa:47:77:f6:b9:a6:
         b5:e0:de:92:25:1e:b6:20:e9:27:46:58:0f:a2:e5:9e:3f:c0:
         85:cc:13:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnjxic9R1SmnhbllD5ix+3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUxMDE0MTczMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjU2OWFhZmJmM2Q5NTY1ZjZmYmFlN2UwNWYzYjQwYjhkY2E4ZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP3398M55qCk4c76F2Ri6+J046Df
TiRfdEZveEvvVhC8SQvqpCFWT6Atg2l9vPDe3wEeDdp0MxddselH+8/rJmnJpOKN
nplEPEebN/Pn3A4Ga5nNpLlcSBDZF/MzrLMPPFfBdIaVC+Z19t7XBx9hQXTtbgrN
iHAO00ki9gK3GHOFv4e9CLn2cYIDjxYKMT5MJkFgXQxskTqFHqV4dMkze7rsJ2pn
RRJivdgyIej1qMobIuzwlno8MnIsM0LbZCSLmA5wz2TDATEJIxb8wmLjuwWuX3Sw
3bVQ6suA3rWdrx4wm6bRCKe/vXwyK7Avbg9JPtoVb50RiYDR6WT826WHqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJWmq+/PZVl9vuufgXztAuNyo6sMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvMGxhYXI3ODlsV1gyLTY1LUJmTzBDNDNLanF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1bbcMA0G
CSqGSIb3DQEBCwUAA4IBAQCCSQHMV40po468FYyBPTHAQFh4I5/60RaelwA0FA92
TZg+E1FhfZqn6THFyoGsxOEcp2iNv2mLvz//dScNJKivv01gzMMfb3EgwjWcKg7j
WQbHv9KI7k5bIlqSQEEYypoAkxcUseGrAj51Ns+7IyJK+21DpsXl6/ivivV7pcu5
FVPToERacTYh5zJUzkPNmBz1B4ZWrzj0xhqpeiK89Jea/5f4FM8U/OnfPDlodowe
hRjf9ERk3ab2WaT2j+5ISX0Sj2iXD2IfAFdS3Lwp+pW7N7JHRdBzJscz0Dh5QYPH
S5piDGmqR3f2uaa14N6SJR62IOknRlgPouWeP8CFzBPg
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:40 2025 by rpki-client