Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/HjUbHI7aX25iVhab0lso8dRqV_4.roa
File:                     HjUbHI7aX25iVhab0lso8dRqV_4.roa (raw, json)
Hash identifier:          0REU2g0MEJQKeIiJcHq2HYM6d2KNhD9vS+mjUsahpK4=
Subject key identifier:   1E:35:1B:1C:8E:DA:5F:6E:62:56:16:9B:D2:5B:28:F1:D4:6A:57:FE
Certificate issuer:       /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial:       01997641BC81E1E5507D7B8A10BDD4323230
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/HjUbHI7aX25iVhab0lso8dRqV_4.roa
Signing time:             Tue 23 Sep 2025 11:07:23 +0000
ROA not before:           Tue 23 Sep 2025 11:07:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212335
IP address blocks:        2.56.184.0/24 maxlen: 24
                          2.56.185.0/24 maxlen: 24
                          2.56.186.0/24 maxlen: 24
                          2.56.187.0/24 maxlen: 24
                          45.11.154.0/24 maxlen: 24
                          85.8.168.0/24 maxlen: 24
                          85.8.169.0/24 maxlen: 24
                          85.8.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:41:bc:81:e1:e5:50:7d:7b:8a:10:bd:d4:32:32:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
        Validity
            Not Before: Sep 23 11:07:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e351b1c8eda5f6e6256169bd25b28f1d46a57fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:33:db:a5:5a:44:7c:a7:d8:38:56:ee:e0:90:
                    c3:02:e5:b8:85:ed:56:13:8a:31:91:cf:a0:7a:6b:
                    5e:4a:7b:e0:33:ac:65:e2:18:cd:9b:1e:21:d2:1c:
                    31:f0:70:b6:f0:35:45:3d:b2:bb:46:1f:33:c9:2c:
                    b7:63:bc:65:28:6e:7a:08:27:b4:e2:13:87:6f:b0:
                    5c:01:e2:f2:39:93:e2:80:f4:90:a4:10:d8:59:9e:
                    2a:da:24:fd:c4:a2:f0:5a:c9:b1:86:84:6c:a2:75:
                    7c:8b:a7:c9:f8:88:74:ea:c3:f0:9f:33:2d:00:01:
                    9b:95:5b:16:5a:52:ee:ae:42:98:39:9e:a6:b3:ac:
                    ea:65:21:70:ae:08:aa:34:f6:8c:e3:0c:ce:b0:9e:
                    d2:fd:86:54:d3:ef:c2:e8:83:9c:7d:c6:70:37:e6:
                    6b:38:00:5a:e1:1c:7e:99:a1:12:66:cf:29:53:4e:
                    be:99:0e:61:5c:cf:06:ef:7f:e9:93:35:11:68:37:
                    2d:bd:c3:0e:09:48:46:ee:22:95:f8:b7:c1:e0:70:
                    56:59:85:f4:25:64:81:ad:02:b9:5f:72:b0:41:9d:
                    ff:bf:26:e7:05:dc:4a:75:8f:16:30:be:b3:30:0e:
                    97:ef:84:93:9c:a4:39:1f:ef:a1:c1:85:6f:3c:e3:
                    a0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:35:1B:1C:8E:DA:5F:6E:62:56:16:9B:D2:5B:28:F1:D4:6A:57:FE
            X509v3 Authority Key Identifier:
                keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/HjUbHI7aX25iVhab0lso8dRqV_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.184.0/22
                  45.11.154.0/24
                  85.8.168.0/23
                  85.8.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:a9:c8:20:a2:67:1f:5b:56:91:dd:cc:63:04:a9:5d:a6:13:
         21:f1:4e:f6:c1:95:cc:1e:c3:56:8d:ac:3a:d2:0a:c1:50:41:
         c1:4f:4c:8b:97:85:8e:7b:53:85:52:a6:2c:7f:97:7a:fc:94:
         cf:13:5b:e9:a0:7e:a1:32:28:f2:06:28:be:da:d4:55:34:ce:
         41:9b:33:ec:52:75:73:bd:1a:d9:8a:5d:d6:1f:56:fa:d2:68:
         1e:b2:9b:7e:0c:1c:53:bc:57:14:ce:3f:c7:6a:0e:3b:d6:22:
         6f:15:20:60:b9:b7:7d:92:0e:0a:81:ef:48:e0:f5:72:ad:14:
         72:c2:6e:da:0a:31:3a:d9:9b:3e:98:fb:53:cc:6a:6c:07:cc:
         95:7a:9b:9c:85:4b:f8:80:51:ec:0e:11:f2:f5:11:55:d5:d8:
         b2:d2:9a:4c:1e:d0:5d:16:0a:4e:ce:58:db:d8:3f:56:b8:78:
         09:7c:05:04:56:84:90:7d:83:18:c6:6f:82:7c:67:b2:e0:db:
         c3:9c:af:2d:f1:55:96:9a:e0:7e:4d:78:e1:41:5c:b0:bd:52:
         92:ae:17:2c:44:e1:a3:d7:da:13:73:0f:22:89:63:0d:80:5e:
         e2:dc:34:00:49:3e:bf:93:ac:e7:d1:86:b3:61:82:67:14:c3:
         41:4f:0b:67
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZl2QbyB4eVQfXuKEL3UMjIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjUwOTIzMTEwNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTM1MWIxYzhlZGE1ZjZlNjI1NjE2OWJkMjViMjhmMWQ0NmE1N2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDPbpVpEfKfYOFbu4JDDAuW4he1W
E4oxkc+gemteSnvgM6xl4hjNmx4h0hwx8HC28DVFPbK7Rh8zySy3Y7xlKG56CCe0
4hOHb7BcAeLyOZPigPSQpBDYWZ4q2iT9xKLwWsmxhoRsonV8i6fJ+Ih06sPwnzMt
AAGblVsWWlLurkKYOZ6ms6zqZSFwrgiqNPaM4wzOsJ7S/YZU0+/C6IOcfcZwN+Zr
OABa4Rx+maESZs8pU06+mQ5hXM8G73/pkzURaDctvcMOCUhG7iKV+LfB4HBWWYX0
JWSBrQK5X3KwQZ3/vybnBdxKdY8WML6zMA6X74STnKQ5H++hwYVvPOOg3QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFB41GxyO2l9uYlYWm9JbKPHUalf+MB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvSGpVYkhJN2FYMjVpVmhhYjBsc284ZFJxVl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCAji4AwQA
LQuaAwQBVQioAwQAVQirMA0GCSqGSIb3DQEBCwUAA4IBAQA8qcggomcfW1aR3cxj
BKldphMh8U72wZXMHsNWjaw60grBUEHBT0yLl4WOe1OFUqYsf5d6/JTPE1vpoH6h
MijyBii+2tRVNM5BmzPsUnVzvRrZil3WH1b60mgespt+DBxTvFcUzj/Hag471iJv
FSBgubd9kg4Kge9I4PVyrRRywm7aCjE62Zs+mPtTzGpsB8yVepuchUv4gFHsDhHy
9RFV1diy0ppMHtBdFgpOzljb2D9WuHgJfAUEVoSQfYMYxm+CfGey4NvDnK8t8VWW
muB+TXjhQVywvVKSrhcsROGj19oTcw8iiWMNgF7i3DQAST6/k6zn0YazYYJnFMNB
Twtn
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:56 2025 by rpki-client