Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/a7clVcf7Mcv_qJSO5qDvQ3LcnVQ.roa
File:                     a7clVcf7Mcv_qJSO5qDvQ3LcnVQ.roa (raw, json)
Hash identifier:          38jbVqYOXElIoD9S/EjUyB0D8z6sldWD32qy7lRuw68=
Subject key identifier:   6B:B7:25:55:C7:FB:31:CB:FF:A8:94:8E:E6:A0:EF:43:72:DC:9D:54
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       0199BF27E15546F32CB5531A00A0DDBB0717
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/a7clVcf7Mcv_qJSO5qDvQ3LcnVQ.roa
Signing time:             Tue 07 Oct 2025 14:51:25 +0000
ROA not before:           Tue 07 Oct 2025 14:51:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42728
IP address blocks:        193.232.241.0/24 maxlen: 24
                          2a0c:a9c7:241::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bf:27:e1:55:46:f3:2c:b5:53:1a:00:a0:dd:bb:07:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Oct  7 14:51:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6bb72555c7fb31cbffa8948ee6a0ef4372dc9d54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:77:69:c0:a0:56:90:7a:79:e0:28:6a:be:2b:
                    ca:6f:7f:fc:68:b2:5a:50:5c:d0:9e:fa:d1:77:69:
                    b0:15:a6:41:e8:71:24:e0:d5:5f:46:1b:6d:33:79:
                    77:68:8b:c7:64:88:aa:52:2a:16:44:a8:30:7b:f1:
                    d7:cd:09:78:36:74:62:ce:a5:92:33:c5:1c:36:44:
                    4e:01:d6:28:28:40:ea:a3:45:b7:0c:30:23:8d:37:
                    17:db:a6:d0:d0:39:71:86:25:ba:97:95:62:de:d2:
                    ad:c2:4b:91:db:87:d4:f3:d6:c7:64:6f:3e:55:51:
                    15:67:9f:7c:ce:6d:7d:09:9b:7d:5d:09:6f:b9:43:
                    1d:1a:e2:43:de:d6:2b:ef:6d:a5:73:af:b7:c3:65:
                    da:be:2c:e0:61:32:da:d4:94:13:3d:b0:9a:ad:b4:
                    d6:97:e8:38:80:50:a4:be:14:df:c6:6f:1a:12:45:
                    38:27:5e:6e:cb:7c:2a:08:33:48:67:00:aa:98:25:
                    f2:09:b4:ff:71:8f:75:c5:81:a1:e7:24:90:50:f4:
                    90:c7:17:bd:d2:19:c5:f7:e1:a2:da:0b:f6:ab:3a:
                    fb:b3:87:dd:83:e7:97:b4:ba:af:e7:ad:75:40:96:
                    c6:67:4e:a7:6f:de:1d:c1:0f:4c:b5:76:bf:f4:e2:
                    1a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:B7:25:55:C7:FB:31:CB:FF:A8:94:8E:E6:A0:EF:43:72:DC:9D:54
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/a7clVcf7Mcv_qJSO5qDvQ3LcnVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.241.0/24
                IPv6:
                  2a0c:a9c7:241::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:72:cf:58:8d:ec:4b:43:16:0e:52:64:0b:58:ee:fd:de:87:
         25:3e:67:3e:0a:77:c8:0a:c6:2f:7c:df:a1:c2:d6:68:74:fc:
         25:4f:04:04:22:f4:35:71:1b:fe:85:10:39:c2:5e:e1:c7:07:
         1c:19:a7:1c:85:4c:f7:8c:88:f4:47:aa:f0:e8:0d:a0:a0:91:
         b9:79:5f:48:09:70:fd:0d:76:9a:c5:88:55:b5:d6:ea:33:93:
         94:61:ae:33:78:f0:25:17:d9:6c:e3:a8:47:71:ca:0c:91:90:
         43:b6:21:c5:4a:79:f3:0f:bf:cf:b9:cc:95:7b:ed:6b:17:f8:
         e1:a5:a6:68:d3:11:93:06:29:58:4b:68:00:aa:ce:23:56:37:
         bc:44:69:5e:f5:2f:0f:3d:6b:ff:a6:34:51:41:de:13:f2:14:
         44:a8:74:08:ed:6d:a7:4e:e4:f1:6f:60:c6:97:5c:e5:2b:55:
         89:00:70:64:6c:0e:63:66:72:26:37:e8:c7:e7:da:8c:7f:e6:
         07:19:55:4c:94:b3:66:ad:38:15:80:48:fd:31:40:6e:c1:cd:
         dd:b8:92:83:d8:9f:a0:2b:dd:84:e6:20:7a:08:00:60:85:36:
         b6:e9:a5:5c:2b:27:31:89:5a:c7:7e:f6:8d:80:b3:db:81:df:
         fb:34:ee:ab
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZm/J+FVRvMstVMaAKDduwcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUxMDA3MTQ1MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmI3MjU1NWM3ZmIzMWNiZmZhODk0OGVlNmEwZWY0MzcyZGM5ZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ndpwKBWkHp54ChqvivKb3/8aLJa
UFzQnvrRd2mwFaZB6HEk4NVfRhttM3l3aIvHZIiqUioWRKgwe/HXzQl4NnRizqWS
M8UcNkROAdYoKEDqo0W3DDAjjTcX26bQ0DlxhiW6l5Vi3tKtwkuR24fU89bHZG8+
VVEVZ598zm19CZt9XQlvuUMdGuJD3tYr722lc6+3w2XavizgYTLa1JQTPbCarbTW
l+g4gFCkvhTfxm8aEkU4J15uy3wqCDNIZwCqmCXyCbT/cY91xYGh5ySQUPSQxxe9
0hnF9+Gi2gv2qzr7s4fdg+eXtLqv5611QJbGZ06nb94dwQ9MtXa/9OIa2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGu3JVXH+zHL/6iUjuag70Ny3J1UMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvYTdjbFZjZjdNY3ZfcUpTTzVxRHZRM0xjblZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwejxMA8E
AgACMAkDBwAqDKnHAkEwDQYJKoZIhvcNAQELBQADggEBACpyz1iN7EtDFg5SZAtY
7v3ehyU+Zz4Kd8gKxi9836HC1mh0/CVPBAQi9DVxG/6FEDnCXuHHBxwZpxyFTPeM
iPRHqvDoDaCgkbl5X0gJcP0NdprFiFW11uozk5RhrjN48CUX2WzjqEdxygyRkEO2
IcVKefMPv8+5zJV77WsX+OGlpmjTEZMGKVhLaACqziNWN7xEaV71Lw89a/+mNFFB
3hPyFESodAjtbadO5PFvYMaXXOUrVYkAcGRsDmNmciY36Mfn2ox/5gcZVUyUs2at
OBWASP0xQG7Bzd24koPYn6Ar3YTmIHoIAGCFNrbppVwrJzGJWsd+9o2As9uB3/s0
7qs=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:29:07 2025 by rpki-client