Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/c13e12-e50d-4338-8a2f-fffb5a4e762a/1/23bca3VQeIrruEqgH6VNWFAiuWs.roa
File:                     23bca3VQeIrruEqgH6VNWFAiuWs.roa (raw, json)
Hash identifier:          AgG1ZxIJ9G4cx9MANuRKQ+cw/0IS8xxAcB1MqAzxpGw=
Subject key identifier:   DB:76:DC:6B:75:50:78:8A:EB:B8:4A:A0:1F:A5:4D:58:50:22:B9:6B
Certificate issuer:       /CN=27d7304c1b59dc22731bb53eff5a84ed9a30614c
Certificate serial:       0199382B5E58D95712730E001577A9F15AF4
Authority key identifier: 27:D7:30:4C:1B:59:DC:22:73:1B:B5:3E:FF:5A:84:ED:9A:30:61:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J9cwTBtZ3CJzG7U-_1qE7ZowYUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/c13e12-e50d-4338-8a2f-fffb5a4e762a/1/23bca3VQeIrruEqgH6VNWFAiuWs.roa
Signing time:             Thu 11 Sep 2025 09:46:30 +0000
ROA not before:           Thu 11 Sep 2025 09:46:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        5.79.64.0/18 maxlen: 18
                          37.48.64.0/18 maxlen: 18
                          62.212.64.0/19 maxlen: 19
                          81.17.47.0/24 maxlen: 24
                          81.17.49.0/24 maxlen: 24
                          81.17.50.0/24 maxlen: 24
                          81.17.51.0/24 maxlen: 24
                          81.17.52.0/24 maxlen: 24
                          81.17.53.0/24 maxlen: 24
                          81.17.54.0/24 maxlen: 24
                          81.17.55.0/24 maxlen: 24
                          81.171.0.0/19 maxlen: 19
                          82.192.64.0/19 maxlen: 19
                          83.149.64.0/18 maxlen: 18
                          85.17.0.0/16 maxlen: 16
                          89.149.192.0/18 maxlen: 18
                          89.149.192.0/20 maxlen: 20
                          94.75.192.0/18 maxlen: 18
                          95.168.160.0/20 maxlen: 20
                          95.211.0.0/16 maxlen: 16
                          95.211.51.0/24 maxlen: 24
                          95.211.85.0/24 maxlen: 24
                          173.234.68.0/22 maxlen: 22
                          178.162.128.0/18 maxlen: 23
                          178.162.162.0/23 maxlen: 23
                          178.162.164.0/22 maxlen: 22
                          178.162.168.0/22 maxlen: 22
                          178.162.176.0/20 maxlen: 20
                          185.17.184.0/22 maxlen: 22
                          212.7.192.0/20 maxlen: 20
                          212.7.208.0/22 maxlen: 22
                          212.32.224.0/19 maxlen: 19
                          213.227.128.0/19 maxlen: 19
                          2001:1af8::/32 maxlen: 32
                          2001:1af8:8000::/36 maxlen: 36
                          2001:1af8:8000::/40 maxlen: 40
                          2001:1af8:8100::/44 maxlen: 44
                          2001:1af8:8110::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/c13e12-e50d-4338-8a2f-fffb5a4e762a/1/J9cwTBtZ3CJzG7U-_1qE7ZowYUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/c13e12-e50d-4338-8a2f-fffb5a4e762a/1/J9cwTBtZ3CJzG7U-_1qE7ZowYUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J9cwTBtZ3CJzG7U-_1qE7ZowYUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:38:2b:5e:58:d9:57:12:73:0e:00:15:77:a9:f1:5a:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27d7304c1b59dc22731bb53eff5a84ed9a30614c
        Validity
            Not Before: Sep 11 09:46:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db76dc6b7550788aebb84aa01fa54d585022b96b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:df:a2:63:7d:06:4e:76:c0:95:5c:a4:c7:ca:
                    36:00:56:82:bc:3d:fe:b0:0c:a6:4c:a9:c7:22:52:
                    a9:df:68:de:a2:fc:96:b0:02:0f:3c:ca:86:94:6d:
                    30:ed:00:01:e3:25:58:00:aa:39:58:fb:05:49:ad:
                    7a:4b:e2:26:d6:b9:2a:8c:f5:d5:38:62:a4:cf:be:
                    a4:a3:ff:c1:fc:c9:6b:76:c3:98:47:46:af:3d:8f:
                    f3:27:7f:f2:ef:47:40:51:ed:f7:40:70:7d:b7:f4:
                    a6:ed:ae:ad:9a:86:d3:56:bc:9e:7d:af:54:73:c1:
                    cc:88:f4:18:3e:7b:fe:a3:e9:5e:3d:05:a8:f2:af:
                    89:b7:58:42:b2:ba:20:f9:b3:fc:d3:77:7b:30:52:
                    2d:64:e5:df:05:47:e2:15:81:dd:c3:2d:cb:43:0d:
                    33:11:30:73:d6:30:07:bd:0b:0e:87:1e:5d:bb:c9:
                    ba:10:10:f4:9f:59:19:1d:aa:19:23:45:93:7c:2c:
                    41:89:58:4b:75:f1:76:45:9a:95:6e:51:a3:8c:d5:
                    28:1d:48:29:3a:00:db:09:f0:ab:ad:87:96:16:02:
                    ac:af:5b:46:83:11:fc:e2:65:1c:b0:e4:3a:f6:0a:
                    89:60:c8:b1:a1:9b:2a:16:95:02:bf:64:2a:03:cb:
                    37:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:76:DC:6B:75:50:78:8A:EB:B8:4A:A0:1F:A5:4D:58:50:22:B9:6B
            X509v3 Authority Key Identifier:
                keyid:27:D7:30:4C:1B:59:DC:22:73:1B:B5:3E:FF:5A:84:ED:9A:30:61:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J9cwTBtZ3CJzG7U-_1qE7ZowYUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c13e12-e50d-4338-8a2f-fffb5a4e762a/1/23bca3VQeIrruEqgH6VNWFAiuWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c13e12-e50d-4338-8a2f-fffb5a4e762a/1/J9cwTBtZ3CJzG7U-_1qE7ZowYUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.79.64.0/18
                  37.48.64.0/18
                  62.212.64.0/19
                  81.17.47.0/24
                  81.17.49.0-81.17.55.255
                  81.171.0.0/19
                  82.192.64.0/19
                  83.149.64.0/18
                  85.17.0.0/16
                  89.149.192.0/18
                  94.75.192.0/18
                  95.168.160.0/20
                  95.211.0.0/16
                  173.234.68.0/22
                  178.162.128.0/18
                  185.17.184.0/22
                  212.7.192.0-212.7.211.255
                  212.32.224.0/19
                  213.227.128.0/19
                IPv6:
                  2001:1af8::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:75:3e:03:10:a8:56:30:67:26:58:b9:92:9a:a9:48:97:83:
         fc:7c:e5:b3:eb:60:14:95:df:13:e6:53:fd:c6:96:53:df:fe:
         a3:cf:9f:db:68:13:a3:fb:72:36:59:ea:c0:b4:bf:4b:ad:e9:
         2f:b9:5f:18:f9:8d:18:6f:a5:45:3e:c3:f6:db:6e:c1:43:67:
         23:d4:83:04:01:96:2c:90:b0:ec:e3:69:07:45:c6:57:95:15:
         c8:9b:cd:6d:b4:3e:6c:35:fd:00:01:e4:24:8a:e8:5a:11:51:
         e6:a0:e8:dd:f0:9c:d1:d4:08:0f:4e:41:26:f0:39:d3:ea:72:
         c3:f0:6b:cb:3a:65:da:a6:23:2c:54:f7:7f:bd:7e:c8:7d:fe:
         e9:08:f9:c0:9e:1d:bd:e3:ab:5f:84:6d:28:d3:80:ed:26:30:
         e0:38:89:4e:4c:96:9e:e3:9b:9d:4d:fc:e3:8b:b1:ac:64:8e:
         46:24:a5:65:a5:a9:61:18:79:43:c7:95:ca:17:b2:3d:c3:e5:
         ee:85:87:19:ed:0b:d9:5f:6d:cd:2b:fa:d0:71:9a:e3:72:c8:
         e9:80:ca:4e:67:1e:55:4b:c9:58:8d:df:b6:bc:e1:bf:82:f4:
         cc:20:42:60:89:66:57:21:5c:56:d3:94:53:08:57:f2:a7:c9:
         d2:f2:44:ff
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgISAZk4K15Y2VcScw4AFXep8Vr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZDczMDRjMWI1OWRjMjI3MzFiYjUzZWZmNWE4NGVkOWEz
MDYxNGMwHhcNMjUwOTExMDk0NjMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjc2ZGM2Yjc1NTA3ODhhZWJiODRhYTAxZmE1NGQ1ODUwMjJiOTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19+iY30GTnbAlVykx8o2AFaCvD3+
sAymTKnHIlKp32jeovyWsAIPPMqGlG0w7QAB4yVYAKo5WPsFSa16S+Im1rkqjPXV
OGKkz76ko//B/MlrdsOYR0avPY/zJ3/y70dAUe33QHB9t/Sm7a6tmobTVryefa9U
c8HMiPQYPnv+o+lePQWo8q+Jt1hCsrog+bP803d7MFItZOXfBUfiFYHdwy3LQw0z
ETBz1jAHvQsOhx5du8m6EBD0n1kZHaoZI0WTfCxBiVhLdfF2RZqVblGjjNUoHUgp
OgDbCfCrrYeWFgKsr1tGgxH84mUcsOQ69gqJYMixoZsqFpUCv2QqA8s3iQIDAQAB
o4IClzCCApMwHQYDVR0OBBYEFNt23Gt1UHiK67hKoB+lTVhQIrlrMB8GA1UdIwQY
MBaAFCfXMEwbWdwicxu1Pv9ahO2aMGFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjljd1RCdFozQ0p6RzdVLV8xcUU3Wm93WVV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9jMTNlMTItZTUwZC00MzM4LThhMmYt
ZmZmYjVhNGU3NjJhLzEvMjNiY2EzVlFlSXJydUVxZ0g2Vk5XRkFpdVdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9jMTNlMTItZTUwZC00MzM4LThhMmYtZmZmYjVhNGU3NjJh
LzEvSjljd1RCdFozQ0p6RzdVLV8xcUU3Wm93WVV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGsBggrBgEFBQcBBwEB/wSBnDCBmTCBhwQCAAEwgYADBAYF
T0ADBAYlMEADBAU+1EADBABRES8wDAMEAFERMQMEA1ERMAMEBVGrAAMEBVLAQAME
BlOVQAMDAFURAwQGWZXAAwQGXkvAAwQEX6igAwMAX9MDBAKt6kQDBAayooADBAK5
EbgwDAMEBtQHwAMEAtQH0AMEBdQg4AMEBdXjgDANBAIAAjAHAwUAIAEa+DANBgkq
hkiG9w0BAQsFAAOCAQEAKXU+AxCoVjBnJli5kpqpSJeD/Hzls+tgFJXfE+ZT/caW
U9/+o8+f22gTo/tyNlnqwLS/S63pL7lfGPmNGG+lRT7D9ttuwUNnI9SDBAGWLJCw
7ONpB0XGV5UVyJvNbbQ+bDX9AAHkJIroWhFR5qDo3fCc0dQID05BJvA50+pyw/Br
yzpl2qYjLFT3f71+yH3+6Qj5wJ4dveOrX4RtKNOA7SYw4DiJTkyWnuObnU3844ux
rGSORiSlZaWpYRh5Q8eVyheyPcPl7oWHGe0L2V9tzSv60HGa43LI6YDKTmceVUvJ
WI3ftrzhv4L0zCBCYIlmVyFcVtOUUwhX8qfJ0vJE/w==
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:50:51 2025 by rpki-client