Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/hDkefyVIo6CtSmC9usLxfbXSHJo.roa
File:                     hDkefyVIo6CtSmC9usLxfbXSHJo.roa (raw, json)
Hash identifier:          2L43qW8nvv7ZuypirwxJV5b95hzLgxd1pp/3t2CraNw=
Subject key identifier:   84:39:1E:7F:25:48:A3:A0:AD:4A:60:BD:BA:C2:F1:7D:B5:D2:1C:9A
Certificate issuer:       /CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
Certificate serial:       0199D28A3A65391C192221D7B5400F2F03FB
Authority key identifier: 4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/hDkefyVIo6CtSmC9usLxfbXSHJo.roa
Signing time:             Sat 11 Oct 2025 09:11:38 +0000
ROA not before:           Sat 11 Oct 2025 09:11:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206854
IP address blocks:        94.139.188.0/24 maxlen: 24
                          94.139.190.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d2:8a:3a:65:39:1c:19:22:21:d7:b5:40:0f:2f:03:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
        Validity
            Not Before: Oct 11 09:11:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84391e7f2548a3a0ad4a60bdbac2f17db5d21c9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:57:68:ff:60:44:16:af:34:6a:b9:fc:b3:79:
                    0e:3f:60:f8:87:1c:9a:7a:22:80:17:48:61:d0:3e:
                    f1:8b:cf:53:d0:ba:08:18:4a:b6:85:98:a5:89:f9:
                    7b:ba:a0:9a:d9:4e:a8:6a:69:5c:00:1a:71:9a:cc:
                    e7:a7:fa:53:55:9b:1a:3f:78:55:0f:f1:47:a8:2e:
                    28:36:94:22:13:37:55:6b:6f:c5:72:c9:5c:96:2f:
                    0c:16:d8:d6:72:06:29:e5:27:78:58:57:35:bc:d3:
                    0a:58:5c:e5:8d:58:d3:4c:94:17:fd:12:39:a5:56:
                    62:b2:6e:96:62:66:17:11:00:e6:9a:da:c3:9a:a4:
                    87:10:82:bb:20:6a:5c:31:8e:fa:1f:f2:d5:05:cc:
                    12:61:aa:e4:26:75:47:5b:f4:89:6b:2f:bb:aa:ed:
                    51:09:36:a6:01:74:53:c2:88:d2:d3:98:3e:2c:9a:
                    72:06:4d:15:1d:07:b0:86:53:cc:09:52:80:5e:dd:
                    c8:05:d2:be:bf:c2:26:d2:b7:cc:a6:f4:17:69:81:
                    2f:b3:3c:45:90:dd:22:38:3c:7b:3d:3d:eb:72:17:
                    7a:d5:c6:44:29:2d:0d:69:c0:ae:b8:65:f8:29:8f:
                    6a:cf:b1:b4:c5:65:b7:f3:0e:a2:45:ca:77:36:1a:
                    88:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:39:1E:7F:25:48:A3:A0:AD:4A:60:BD:BA:C2:F1:7D:B5:D2:1C:9A
            X509v3 Authority Key Identifier:
                keyid:4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/hDkefyVIo6CtSmC9usLxfbXSHJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.139.188.0/24
                  94.139.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:23:9d:db:9c:a0:b6:b0:79:3b:96:d4:96:98:c4:68:2c:d6:
         e9:38:91:c2:b1:5f:ae:07:b3:0f:14:26:15:3d:84:eb:26:05:
         d6:6f:06:2b:01:9e:d9:3c:55:e0:3a:f6:70:80:73:ca:17:74:
         a8:5a:e5:30:d3:94:15:d2:16:2c:42:e1:29:bb:57:61:0f:31:
         8b:34:c6:d8:c1:ef:97:ba:80:42:96:df:53:7f:13:a5:fb:03:
         a8:ab:07:8f:74:1e:c1:e9:81:18:66:8a:22:25:40:93:ad:1c:
         56:6f:a5:93:4f:43:01:06:81:70:08:1f:29:6d:18:2b:7f:2b:
         1b:61:ac:f3:f6:53:62:59:99:0b:30:c0:6c:10:9f:b1:37:22:
         68:4f:25:3c:05:24:5a:42:37:21:fa:53:c0:ca:db:67:06:3f:
         19:47:40:99:68:38:0f:d1:c5:09:1e:75:be:0d:24:54:9c:5c:
         32:51:02:41:f9:76:d3:b7:53:45:88:55:33:6b:b5:04:48:5d:
         a9:71:f6:f4:57:dd:82:0c:36:2d:63:9f:72:b3:5a:5c:96:75:
         91:e6:77:a7:12:2e:91:62:f2:f8:c3:7f:92:e2:db:a6:76:a1:
         fd:b3:7e:d1:ab:a1:fa:7d:c9:e1:31:c1:5d:6c:f6:57:a2:cb:
         0f:0f:20:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnSijplORwZIiHXtUAPLwP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDc0ZmJiYmFlNThkZDA4NzZkOTllODBlYzgyYTExYTQ0
NzdmN2UwHhcNMjUxMDExMDkxMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDM5MWU3ZjI1NDhhM2EwYWQ0YTYwYmRiYWMyZjE3ZGI1ZDIxYzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61do/2BEFq80arn8s3kOP2D4hxya
eiKAF0hh0D7xi89T0LoIGEq2hZilifl7uqCa2U6oamlcABpxmsznp/pTVZsaP3hV
D/FHqC4oNpQiEzdVa2/Fcslcli8MFtjWcgYp5Sd4WFc1vNMKWFzljVjTTJQX/RI5
pVZism6WYmYXEQDmmtrDmqSHEIK7IGpcMY76H/LVBcwSYarkJnVHW/SJay+7qu1R
CTamAXRTwojS05g+LJpyBk0VHQewhlPMCVKAXt3IBdK+v8Im0rfMpvQXaYEvszxF
kN0iODx7PT3rchd61cZEKS0NacCuuGX4KY9qz7G0xWW38w6iRcp3NhqIUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIQ5Hn8lSKOgrUpgvbrC8X210hyaMB8GA1UdIwQY
MBaAFE3XT7u65Y3Qh22Z6A7IKhGkR39+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmIt
OGVhYjdmNGZlNzdlLzEvaERrZWZ5VklvNkN0U21DOXVzTHhmYlhTSEpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdl
LzEvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXou8AwQB
Xou+MA0GCSqGSIb3DQEBCwUAA4IBAQA5I53bnKC2sHk7ltSWmMRoLNbpOJHCsV+u
B7MPFCYVPYTrJgXWbwYrAZ7ZPFXgOvZwgHPKF3SoWuUw05QV0hYsQuEpu1dhDzGL
NMbYwe+XuoBClt9TfxOl+wOoqwePdB7B6YEYZooiJUCTrRxWb6WTT0MBBoFwCB8p
bRgrfysbYazz9lNiWZkLMMBsEJ+xNyJoTyU8BSRaQjch+lPAyttnBj8ZR0CZaDgP
0cUJHnW+DSRUnFwyUQJB+XbTt1NFiFUza7UESF2pcfb0V92CDDYtY59ys1pclnWR
5nenEi6RYvL4w3+S4tumdqH9s37Rq6H6fcnhMcFdbPZXossPDyCr
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:45 2025 by rpki-client