Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/TH2FjafTPAZL_mWQxJbc1btzyxI.roa
File:                     TH2FjafTPAZL_mWQxJbc1btzyxI.roa (raw, json)
Hash identifier:          G8YErxusID/p1+2HPMXeLDbOJMfQf8vU1HgRFZ4uzuM=
Subject key identifier:   4C:7D:85:8D:A7:D3:3C:06:4B:FE:65:90:C4:96:DC:D5:BB:73:CB:12
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       0199F70C3F452330D7F1C9E0295EDFF3F525
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/TH2FjafTPAZL_mWQxJbc1btzyxI.roa
Signing time:             Sat 18 Oct 2025 11:19:58 +0000
ROA not before:           Sat 18 Oct 2025 11:19:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.13.179.0/24 maxlen: 24
                          193.168.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f7:0c:3f:45:23:30:d7:f1:c9:e0:29:5e:df:f3:f5:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Oct 18 11:19:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c7d858da7d33c064bfe6590c496dcd5bb73cb12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cc:20:85:a7:85:11:5c:78:86:ab:e0:1f:ec:
                    d9:b7:0e:d0:af:43:15:5d:28:0a:be:92:33:7f:21:
                    0b:bd:a6:5a:ff:fd:a3:0d:35:18:e3:74:d7:12:96:
                    55:7c:7f:87:58:c3:a9:ea:2f:f0:c5:c5:f2:92:6c:
                    7c:88:75:09:42:e6:cc:bb:6c:fa:16:43:50:f4:95:
                    6b:63:e2:6c:bf:7c:06:59:b6:57:30:de:3d:46:e8:
                    06:b7:e1:ea:eb:27:a6:a6:65:2c:d8:13:d4:15:d2:
                    82:a1:a2:fe:bf:01:8a:a5:c4:d7:2e:46:bd:bf:4b:
                    c4:d0:6f:0e:95:2b:d1:20:2e:0b:73:bf:b5:7c:5b:
                    f2:8d:74:5d:b8:c0:51:4e:ac:a8:d4:77:ab:6b:90:
                    6d:b7:68:dc:ba:9d:47:ef:c2:d0:40:6d:13:b3:7f:
                    bb:d0:f8:0d:14:9d:93:22:c2:f6:1b:65:d0:9c:06:
                    a0:4e:32:8d:5b:b4:2f:45:67:e6:8c:44:de:f8:1d:
                    f6:14:1e:a8:69:bb:ba:e8:a6:d6:d0:0a:57:f0:9e:
                    d1:d5:a2:e1:25:6a:20:cb:07:23:07:20:e5:df:14:
                    e6:9d:4e:7d:d3:dc:b5:5d:04:63:46:eb:4d:08:f9:
                    f0:01:20:b6:d2:d9:d3:51:eb:64:0e:d9:39:35:ee:
                    63:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:7D:85:8D:A7:D3:3C:06:4B:FE:65:90:C4:96:DC:D5:BB:73:CB:12
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/TH2FjafTPAZL_mWQxJbc1btzyxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.179.0/24
                  193.168.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:5d:ff:cd:70:c9:f2:23:9e:ba:23:5b:7c:63:17:b3:30:88:
         d2:f7:e3:d8:45:cf:30:ef:7f:64:d7:ee:da:23:d2:b5:54:f8:
         cd:cb:54:77:61:a3:40:f8:4f:91:5e:e0:36:64:68:17:3c:76:
         ec:b4:90:07:86:45:54:43:03:2b:a1:e9:e7:ca:e3:ff:de:81:
         ef:e6:8f:fc:63:8f:1a:fb:43:a1:6f:29:40:b9:18:74:b4:e2:
         c4:65:f8:e2:69:86:24:3f:af:76:e5:5f:57:04:92:f9:54:52:
         26:7c:2e:6a:5d:4a:3b:3e:e6:ce:90:0d:c8:39:ee:dc:f6:db:
         82:f1:57:ef:1b:ac:6f:ad:af:dd:0a:ed:0a:26:9d:17:6c:c0:
         2c:7f:50:a8:2e:d9:3c:ce:38:ae:f6:e6:de:b7:50:59:05:8e:
         60:65:e1:9e:ac:dd:a8:73:57:0c:3f:c7:02:bf:71:1f:bc:27:
         0c:cf:3a:19:cd:c4:fb:6e:32:a1:53:e3:62:9a:f2:58:44:d0:
         96:57:d3:90:43:01:e3:82:0f:44:b4:f1:f7:68:60:73:bd:d7:
         c1:a7:55:35:ee:36:96:d6:ca:57:ef:33:92:35:8c:26:68:af:
         22:b7:6c:1e:08:b7:77:e0:ee:ec:bf:a6:69:c5:89:58:4c:c5:
         eb:2d:d0:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZn3DD9FIzDX8cngKV7f8/UlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUxMDE4MTExOTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzdkODU4ZGE3ZDMzYzA2NGJmZTY1OTBjNDk2ZGNkNWJiNzNjYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsswghaeFEVx4hqvgH+zZtw7Qr0MV
XSgKvpIzfyELvaZa//2jDTUY43TXEpZVfH+HWMOp6i/wxcXykmx8iHUJQubMu2z6
FkNQ9JVrY+Jsv3wGWbZXMN49RugGt+Hq6yempmUs2BPUFdKCoaL+vwGKpcTXLka9
v0vE0G8OlSvRIC4Lc7+1fFvyjXRduMBRTqyo1Hera5Btt2jcup1H78LQQG0Ts3+7
0PgNFJ2TIsL2G2XQnAagTjKNW7QvRWfmjETe+B32FB6oabu66KbW0ApX8J7R1aLh
JWogywcjByDl3xTmnU5909y1XQRjRutNCPnwASC20tnTUetkDtk5Ne5jTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEx9hY2n0zwGS/5lkMSW3NW7c8sSMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvVEgyRmphZlRQQVpMX21XUXhKYmMxYnR6eXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ2zAwQA
wai6MA0GCSqGSIb3DQEBCwUAA4IBAQC/Xf/NcMnyI566I1t8YxezMIjS9+PYRc8w
739k1+7aI9K1VPjNy1R3YaNA+E+RXuA2ZGgXPHbstJAHhkVUQwMroennyuP/3oHv
5o/8Y48a+0OhbylAuRh0tOLEZfjiaYYkP6925V9XBJL5VFImfC5qXUo7PubOkA3I
Oe7c9tuC8VfvG6xvra/dCu0KJp0XbMAsf1CoLtk8zjiu9ubet1BZBY5gZeGerN2o
c1cMP8cCv3EfvCcMzzoZzcT7bjKhU+NimvJYRNCWV9OQQwHjgg9EtPH3aGBzvdfB
p1U17jaW1spX7zOSNYwmaK8it2weCLd34O7sv6ZpxYlYTMXrLdBc
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:45 2025 by rpki-client