Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/tTfX1pe5RTBDA8rpWDL9o3SrrsQ.roa
File:                     tTfX1pe5RTBDA8rpWDL9o3SrrsQ.roa (raw, json)
Hash identifier:          0Boop2PPC+Kquo+edf/AvMEIcfKlqZO/IjiPFQIbjyo=
Subject key identifier:   B5:37:D7:D6:97:B9:45:30:43:03:CA:E9:58:32:FD:A3:74:AB:AE:C4
Certificate issuer:       /CN=f571bbf1d3d3c0efe36de110392be0c7ac447a84
Certificate serial:       0199E06FF7D2A1EAF02BF3CD23F9E2514A96
Authority key identifier: F5:71:BB:F1:D3:D3:C0:EF:E3:6D:E1:10:39:2B:E0:C7:AC:44:7A:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9XG78dPTwO_jbeEQOSvgx6xEeoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/tTfX1pe5RTBDA8rpWDL9o3SrrsQ.roa
Signing time:             Tue 14 Oct 2025 01:57:38 +0000
ROA not before:           Tue 14 Oct 2025 01:57:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42926
IP address blocks:        31.210.64.0/18 maxlen: 24
                          46.45.128.0/18 maxlen: 24
                          46.45.185.0/24 maxlen: 24
                          46.45.186.0/24 maxlen: 24
                          46.45.187.0/24 maxlen: 24
                          46.45.188.0/24 maxlen: 24
                          77.75.32.0/21 maxlen: 24
                          79.98.128.0/21 maxlen: 24
                          94.101.80.0/20 maxlen: 24
                          94.101.90.0/24 maxlen: 24
                          176.53.0.0/17 maxlen: 24
                          176.53.74.0/24 maxlen: 24
                          176.53.96.0/24 maxlen: 24
                          176.53.112.0/24 maxlen: 24
                          178.211.32.0/19 maxlen: 24
                          178.211.61.0/24 maxlen: 24
                          185.25.100.0/22 maxlen: 22
                          185.25.100.0/24 maxlen: 24
                          185.25.101.0/24 maxlen: 24
                          185.25.102.0/24 maxlen: 24
                          185.25.103.0/24 maxlen: 24
                          185.157.40.0/22 maxlen: 24
                          185.184.208.0/22 maxlen: 24
                          213.128.64.0/19 maxlen: 24
                          213.128.93.0/24 maxlen: 24
                          213.128.94.0/24 maxlen: 24
                          213.128.95.0/24 maxlen: 24
                          2a00:56a0::/32 maxlen: 48
                          2a01:790::/32 maxlen: 48
                          2a0b:5f40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/9XG78dPTwO_jbeEQOSvgx6xEeoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/9XG78dPTwO_jbeEQOSvgx6xEeoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9XG78dPTwO_jbeEQOSvgx6xEeoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e0:6f:f7:d2:a1:ea:f0:2b:f3:cd:23:f9:e2:51:4a:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f571bbf1d3d3c0efe36de110392be0c7ac447a84
        Validity
            Not Before: Oct 14 01:57:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b537d7d697b945304303cae95832fda374abaec4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6f:b7:62:9a:c5:e6:af:b5:16:d7:a8:66:6b:
                    a2:04:fc:77:98:3b:38:48:6a:a9:18:31:2c:d6:e2:
                    62:3a:bc:26:3d:24:47:b8:79:7a:22:ff:f1:30:4f:
                    3a:bb:66:91:e1:3d:94:51:36:67:08:7c:44:fd:fe:
                    7d:c2:5d:3d:2d:a0:28:d7:d7:60:e6:00:1d:d7:01:
                    d6:1b:7b:40:d3:1d:03:79:1a:7d:68:7b:33:24:8f:
                    89:e7:f1:10:a1:99:85:53:c9:01:a8:c6:b4:ca:db:
                    6c:fc:13:e0:7f:c0:70:23:ff:43:9c:c8:11:71:19:
                    ba:b9:b2:d9:ef:5f:10:c5:ee:3c:9e:e3:e9:99:38:
                    39:1f:63:f3:c4:0c:f3:f2:eb:9a:e2:78:05:29:bb:
                    96:a5:91:a6:28:ac:22:fc:66:67:1f:fa:2c:ee:ed:
                    d7:6f:3d:ff:73:78:3d:81:47:1b:7d:85:51:dd:62:
                    d7:ef:36:56:3a:71:40:42:bc:38:ce:a6:81:32:28:
                    ae:0f:d7:5d:9a:41:d9:93:e1:c7:d1:d7:52:92:66:
                    93:89:28:e2:f0:14:bc:8e:ce:4e:f9:42:23:17:2a:
                    83:7e:4c:c7:df:07:d9:26:3e:64:d5:36:58:86:a8:
                    21:54:96:93:d5:47:71:58:1d:d7:15:30:dd:06:5b:
                    6c:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:37:D7:D6:97:B9:45:30:43:03:CA:E9:58:32:FD:A3:74:AB:AE:C4
            X509v3 Authority Key Identifier:
                keyid:F5:71:BB:F1:D3:D3:C0:EF:E3:6D:E1:10:39:2B:E0:C7:AC:44:7A:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9XG78dPTwO_jbeEQOSvgx6xEeoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/tTfX1pe5RTBDA8rpWDL9o3SrrsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/9XG78dPTwO_jbeEQOSvgx6xEeoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.64.0/18
                  46.45.128.0/18
                  77.75.32.0/21
                  79.98.128.0/21
                  94.101.80.0/20
                  176.53.0.0/17
                  178.211.32.0/19
                  185.25.100.0/22
                  185.157.40.0/22
                  185.184.208.0/22
                  213.128.64.0/19
                IPv6:
                  2a00:56a0::/32
                  2a01:790::/32
                  2a0b:5f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         9a:a7:74:37:03:66:71:a1:af:a7:ff:e1:8c:5d:8f:d8:42:10:
         c1:f7:6b:85:c1:1f:62:a1:cb:45:25:0b:91:17:b3:2d:18:98:
         cf:23:f8:2e:6f:02:88:9f:63:8f:ca:dd:46:5d:d8:d4:7b:4a:
         4d:ee:3c:88:f6:ae:08:60:d4:88:75:6b:07:95:eb:9b:e7:73:
         17:aa:d3:59:ac:a4:dd:f2:79:12:d0:cf:03:1f:56:00:88:60:
         9e:19:eb:79:7e:3d:15:9d:f7:11:17:e9:86:e5:08:49:07:1d:
         d8:08:77:f7:b0:34:1a:c0:17:50:52:ac:ec:4d:08:3b:57:84:
         9a:c6:6a:ec:b0:e8:cd:97:11:c4:c5:0a:a2:11:90:97:66:f1:
         6a:30:3d:7e:b1:43:89:f8:16:49:9d:00:86:17:93:04:88:0c:
         18:94:df:e5:ce:18:a4:39:5e:ff:bb:9f:b9:68:a5:bd:5e:90:
         19:35:29:a2:9d:30:00:36:7b:ee:c2:d8:28:ab:8b:c6:70:d6:
         cb:1f:ce:08:13:2a:5b:7c:fe:03:67:a0:eb:78:32:d1:40:1b:
         da:0f:f8:aa:6c:cd:04:51:83:dc:db:c8:c8:97:a4:10:4d:79:
         9b:ab:fe:de:5e:cb:ed:17:48:fc:19:1e:a2:8d:72:cf:55:4b:
         8b:d4:07:a8
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZngb/fSoerwK/PNI/niUUqWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NzFiYmYxZDNkM2MwZWZlMzZkZTExMDM5MmJlMGM3YWM0
NDdhODQwHhcNMjUxMDE0MDE1NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTM3ZDdkNjk3Yjk0NTMwNDMwM2NhZTk1ODMyZmRhMzc0YWJhZWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2+3YprF5q+1FteoZmuiBPx3mDs4
SGqpGDEs1uJiOrwmPSRHuHl6Iv/xME86u2aR4T2UUTZnCHxE/f59wl09LaAo19dg
5gAd1wHWG3tA0x0DeRp9aHszJI+J5/EQoZmFU8kBqMa0ytts/BPgf8BwI/9DnMgR
cRm6ubLZ718Qxe48nuPpmTg5H2PzxAzz8uua4ngFKbuWpZGmKKwi/GZnH/os7u3X
bz3/c3g9gUcbfYVR3WLX7zZWOnFAQrw4zqaBMiiuD9ddmkHZk+HH0ddSkmaTiSji
8BS8js5O+UIjFyqDfkzH3wfZJj5k1TZYhqghVJaT1UdxWB3XFTDdBltsRQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFLU319aXuUUwQwPK6Vgy/aN0q67EMB8GA1UdIwQY
MBaAFPVxu/HT08Dv423hEDkr4MesRHqEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVhHNzhkUFR3T19qYmVFUU9Tdmd4NnhFZW9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82ODMwM2YtZThiMC00ZmUwLTk2YjYt
YTk2NTdlYjFmOGQ3LzEvdFRmWDFwZTVSVEJEQThycFdETDlvM1NycnNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi82ODMwM2YtZThiMC00ZmUwLTk2YjYtYTk2NTdlYjFmOGQ3
LzEvOVhHNzhkUFR3T19qYmVFUU9Tdmd4NnhFZW9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBIBAIAATBCAwQGH9JAAwQG
Li2AAwQDTUsgAwQDT2KAAwQEXmVQAwQHsDUAAwQFstMgAwQCuRlkAwQCuZ0oAwQC
ubjQAwQF1YBAMBsEAgACMBUDBQAqAFagAwUAKgEHkAMFAyoLX0AwDQYJKoZIhvcN
AQELBQADggEBAJqndDcDZnGhr6f/4Yxdj9hCEMH3a4XBH2Khy0UlC5EXsy0YmM8j
+C5vAoifY4/K3UZd2NR7Sk3uPIj2rghg1Ih1aweV65vncxeq01mspN3yeRLQzwMf
VgCIYJ4Z63l+PRWd9xEX6YblCEkHHdgId/ewNBrAF1BSrOxNCDtXhJrGauyw6M2X
EcTFCqIRkJdm8WowPX6xQ4n4FkmdAIYXkwSIDBiU3+XOGKQ5Xv+7n7lopb1ekBk1
KaKdMAA2e+7C2Ciri8Zw1ssfzggTKlt8/gNnoOt4MtFAG9oP+KpszQRRg9zbyMiX
pBBNeZur/t5ey+0XSPwZHqKNcs9VS4vUB6g=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:51:03 2025 by rpki-client