Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/8cHwMfOElAOtUhKJMQnFdtVynac.roa
File:                     8cHwMfOElAOtUhKJMQnFdtVynac.roa (raw, json)
Hash identifier:          BX5kiADLkG8Ax4FiuAtWSeygXw2CbkULb5L6Dz7ZXb8=
Subject key identifier:   F1:C1:F0:31:F3:84:94:03:AD:52:12:89:31:09:C5:76:D5:72:9D:A7
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0199299C74FD2B66981E107C98443B00E53A
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/8cHwMfOElAOtUhKJMQnFdtVynac.roa
Signing time:             Mon 08 Sep 2025 13:55:43 +0000
ROA not before:           Mon 08 Sep 2025 13:55:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214286
IP address blocks:        195.216.185.0/24 maxlen: 24
                          213.182.211.0/24 maxlen: 24
                          213.182.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:29:9c:74:fd:2b:66:98:1e:10:7c:98:44:3b:00:e5:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Sep  8 13:55:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1c1f031f3849403ad5212893109c576d5729da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e3:ed:ed:05:af:df:af:c5:c8:af:ad:3d:12:
                    dc:f4:0b:97:d8:07:11:49:76:20:b5:19:a0:d6:6f:
                    fa:71:cc:9b:6c:c2:01:72:28:21:dc:b0:d3:1d:d1:
                    d5:44:18:d7:5d:5a:f2:a4:5e:58:9e:a1:ea:67:4c:
                    db:f1:10:9f:aa:e1:f9:57:23:fd:03:fc:f4:16:9f:
                    84:f1:a5:cf:ba:f0:24:9f:94:19:27:be:ad:63:d9:
                    29:c7:99:f4:b8:fa:20:9e:91:2b:32:47:0c:7c:b0:
                    8d:a6:23:9d:bc:1a:e1:a0:aa:24:da:ce:03:a0:59:
                    32:f4:fe:fb:03:f0:3a:da:7c:1c:a8:61:38:81:c9:
                    ba:15:a1:59:1f:1c:d7:d3:03:20:c7:da:1d:3e:a5:
                    c9:56:0b:0e:5a:6d:e1:82:24:a6:c1:8a:86:b9:a3:
                    f7:66:82:02:67:65:2b:2a:45:81:43:04:b7:f5:25:
                    c3:41:e8:e5:2a:d7:3b:90:91:d8:70:a8:c5:30:4b:
                    1e:97:5e:6f:85:a4:fe:e3:40:fc:27:c1:71:f4:d7:
                    30:0e:df:9c:dd:1b:76:bc:d9:db:10:96:58:e1:ce:
                    da:76:0e:de:89:f9:8e:c4:02:82:2a:90:c3:ca:3d:
                    dd:ed:dd:af:b8:ed:98:c3:c5:03:82:81:93:5c:d9:
                    98:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:C1:F0:31:F3:84:94:03:AD:52:12:89:31:09:C5:76:D5:72:9D:A7
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/8cHwMfOElAOtUhKJMQnFdtVynac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.185.0/24
                  213.182.211.0/24
                  213.182.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:01:9f:98:48:ef:30:7a:b3:57:16:64:73:98:35:20:41:73:
         7b:75:a9:56:e2:bf:c5:a6:35:9a:ed:15:5d:89:b6:e3:b9:98:
         12:d1:87:ee:e0:12:31:16:da:54:6a:95:e9:50:61:d9:12:9e:
         2c:88:b6:b8:23:e3:43:d7:11:bf:b2:b2:ef:f0:d4:25:82:c2:
         ab:29:f0:1b:66:f1:3f:d7:24:a1:ad:e2:c1:c2:91:e1:d8:76:
         dd:ec:2e:99:6e:62:38:81:dc:97:9c:01:ab:7b:02:10:ce:60:
         2a:f5:5b:55:32:2e:ea:36:8b:6b:3d:7e:ae:fd:92:d9:b8:c5:
         61:f4:df:a8:01:a9:02:58:67:e4:50:2c:cf:36:c3:66:b6:48:
         9f:50:2c:19:19:37:95:ec:42:97:83:3d:90:d7:05:02:cb:8f:
         ec:cf:d6:78:af:74:7c:87:ec:a4:d3:9a:fd:7d:09:a5:78:83:
         7f:07:b5:8c:2a:ad:f9:65:79:a2:49:f6:35:30:ac:3b:8c:94:
         cb:d6:b6:d9:df:30:47:60:11:23:92:7c:96:71:84:33:7d:e7:
         79:3a:2e:13:6d:4a:91:b9:5a:43:0a:2e:28:ed:30:4c:97:82:
         18:bd:1c:84:19:5e:f9:58:48:65:c3:f1:cf:07:1c:0e:d1:82:
         14:a5:48:01
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkpnHT9K2aYHhB8mEQ7AOU6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwOTA4MTM1NTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWMxZjAzMWYzODQ5NDAzYWQ1MjEyODkzMTA5YzU3NmQ1NzI5ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuPt7QWv36/FyK+tPRLc9AuX2AcR
SXYgtRmg1m/6ccybbMIBcigh3LDTHdHVRBjXXVrypF5YnqHqZ0zb8RCfquH5VyP9
A/z0Fp+E8aXPuvAkn5QZJ76tY9kpx5n0uPognpErMkcMfLCNpiOdvBrhoKok2s4D
oFky9P77A/A62nwcqGE4gcm6FaFZHxzX0wMgx9odPqXJVgsOWm3hgiSmwYqGuaP3
ZoICZ2UrKkWBQwS39SXDQejlKtc7kJHYcKjFMEsel15vhaT+40D8J8Fx9NcwDt+c
3Rt2vNnbEJZY4c7adg7eifmOxAKCKpDDyj3d7d2vuO2Yw8UDgoGTXNmYOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPHB8DHzhJQDrVISiTEJxXbVcp2nMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvOGNId01mT0VsQU90VWhLSk1RbkZkdFZ5bmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAw9i5AwQA
1bbTAwQA1bbXMA0GCSqGSIb3DQEBCwUAA4IBAQBnAZ+YSO8werNXFmRzmDUgQXN7
dalW4r/FpjWa7RVdibbjuZgS0Yfu4BIxFtpUapXpUGHZEp4siLa4I+ND1xG/srLv
8NQlgsKrKfAbZvE/1yShreLBwpHh2Hbd7C6ZbmI4gdyXnAGrewIQzmAq9VtVMi7q
NotrPX6u/ZLZuMVh9N+oAakCWGfkUCzPNsNmtkifUCwZGTeV7EKXgz2Q1wUCy4/s
z9Z4r3R8h+yk05r9fQmleIN/B7WMKq35ZXmiSfY1MKw7jJTL1rbZ3zBHYBEjknyW
cYQzfed5Oi4TbUqRuVpDCi4o7TBMl4IYvRyEGV75WEhlw/HPBxwO0YIUpUgB
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:44 2025 by rpki-client