Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1-eDQG0lW6qJaqnPl-W2D7USsJOU.roa
File:                     1-eDQG0lW6qJaqnPl-W2D7USsJOU.roa (raw, json)
Hash identifier:          o6geDpXzRfzq+KqGmBjgU8yJ/MMEJhEhk7nT0703UAQ=
Subject key identifier:   F9:E0:D0:1B:49:56:EA:A2:5A:AA:73:E5:F9:6D:83:ED:44:AC:24:E5
Certificate issuer:       /CN=d48555f9a52727f6bcf715cb4750a2a4a6c35161
Certificate serial:       01997073D62A57E6C5C09E25C2E220498297
Authority key identifier: D4:85:55:F9:A5:27:27:F6:BC:F7:15:CB:47:50:A2:A4:A6:C3:51:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1-eDQG0lW6qJaqnPl-W2D7USsJOU.roa
Signing time:             Mon 22 Sep 2025 08:04:23 +0000
ROA not before:           Mon 22 Sep 2025 08:04:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39855
IP address blocks:        185.21.104.0/24 maxlen: 24
                          185.21.105.0/24 maxlen: 24
                          185.21.106.0/24 maxlen: 24
                          185.21.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:70:73:d6:2a:57:e6:c5:c0:9e:25:c2:e2:20:49:82:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48555f9a52727f6bcf715cb4750a2a4a6c35161
        Validity
            Not Before: Sep 22 08:04:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9e0d01b4956eaa25aaa73e5f96d83ed44ac24e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a7:d5:be:bd:4c:2b:cf:ab:a3:ca:e4:b5:bf:
                    73:8c:e1:f6:83:06:ea:a3:45:0f:e2:d0:fa:87:6c:
                    a8:d2:75:3e:53:fe:5e:2a:9b:08:e7:69:72:57:fe:
                    c5:80:a7:91:de:e2:42:91:ee:a5:5b:26:29:6b:15:
                    ee:6c:7b:7e:2f:9c:1c:63:5d:f9:7d:6b:26:cb:a8:
                    2a:9c:7d:23:49:32:73:9b:70:28:38:8e:b0:90:d9:
                    04:7d:7f:4a:5b:91:07:bb:8f:c5:86:3e:98:a7:a4:
                    91:9d:7c:74:c7:91:40:93:cc:e7:99:2a:9f:b4:38:
                    d5:f0:50:8d:07:b0:28:23:b9:12:c3:db:5a:90:40:
                    00:c7:a3:46:d2:8c:0d:79:18:71:bd:be:92:a0:a3:
                    a5:04:7a:94:d6:91:ad:c8:d4:76:d5:ea:73:fb:9c:
                    35:91:86:8e:d3:2e:75:d6:4a:af:88:e0:01:86:fa:
                    5c:58:ac:10:83:98:94:31:3a:10:8f:d9:b5:65:d9:
                    b8:d4:0c:a3:02:66:30:7d:3c:90:cc:91:98:44:2a:
                    45:7f:ae:cc:11:1e:01:67:78:b8:aa:bc:6a:d2:48:
                    89:2b:39:35:6b:b4:ca:c5:43:55:4f:ab:67:15:e7:
                    2a:74:65:7a:ed:71:33:f8:04:3f:f0:82:b2:fc:6d:
                    98:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E0:D0:1B:49:56:EA:A2:5A:AA:73:E5:F9:6D:83:ED:44:AC:24:E5
            X509v3 Authority Key Identifier:
                keyid:D4:85:55:F9:A5:27:27:F6:BC:F7:15:CB:47:50:A2:A4:A6:C3:51:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1IVV-aUnJ_a89xXLR1CipKbDUWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1-eDQG0lW6qJaqnPl-W2D7USsJOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/e45577-65b1-4d43-853a-02abf8572fcb/1/1IVV-aUnJ_a89xXLR1CipKbDUWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:45:0a:01:ff:2c:fd:fa:0f:60:e9:db:b6:bd:82:a3:67:7d:
         4c:42:9e:99:93:0d:ab:f1:b3:ac:a5:8c:65:36:e4:a9:18:23:
         47:ef:3e:7b:ec:e0:68:4c:8f:54:ac:2e:74:ca:7c:69:2d:1e:
         cc:73:d0:d5:7c:0e:8b:05:22:a8:a2:cd:a2:d1:18:5c:10:5b:
         ba:e9:9e:38:f5:7d:ed:63:8b:22:64:04:15:f1:86:3d:36:d2:
         52:a6:e3:af:bd:f0:49:66:3a:d6:c3:6d:5c:1b:3e:58:ac:92:
         0a:5a:82:02:eb:da:68:a1:95:2a:f6:88:59:f3:bf:ba:c8:12:
         ce:0f:a9:d7:45:9a:ae:f8:37:04:5f:e5:1c:7c:ba:1d:cd:14:
         7c:e2:01:c7:11:64:63:2f:a4:eb:04:49:ff:dc:c8:dc:2a:45:
         e8:be:8e:8e:76:45:5f:f9:64:a0:ab:6f:dd:25:3b:44:b4:94:
         87:cf:15:c6:a6:b7:c7:27:12:a2:3c:fb:74:91:4c:cb:31:b8:
         68:b4:17:1c:15:38:19:72:82:e1:9b:cf:cd:95:36:07:18:f7:
         7a:ae:dc:51:09:e5:0d:43:48:b2:dc:1f:d6:37:d1:6b:80:84:
         61:53:4e:7b:08:94:96:2f:46:af:7a:90:8e:24:ee:46:e2:fa:
         25:16:86:6b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZlwc9YqV+bFwJ4lwuIgSYKXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ODU1NWY5YTUyNzI3ZjZiY2Y3MTVjYjQ3NTBhMmE0YTZj
MzUxNjEwHhcNMjUwOTIyMDgwNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWUwZDAxYjQ5NTZlYWEyNWFhYTczZTVmOTZkODNlZDQ0YWMyNGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqfVvr1MK8+ro8rktb9zjOH2gwbq
o0UP4tD6h2yo0nU+U/5eKpsI52lyV/7FgKeR3uJCke6lWyYpaxXubHt+L5wcY135
fWsmy6gqnH0jSTJzm3AoOI6wkNkEfX9KW5EHu4/Fhj6Yp6SRnXx0x5FAk8znmSqf
tDjV8FCNB7AoI7kSw9takEAAx6NG0owNeRhxvb6SoKOlBHqU1pGtyNR21epz+5w1
kYaO0y511kqviOABhvpcWKwQg5iUMToQj9m1Zdm41AyjAmYwfTyQzJGYRCpFf67M
ER4BZ3i4qrxq0kiJKzk1a7TKxUNVT6tnFecqdGV67XEz+AQ/8IKy/G2YPQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPng0BtJVuqiWqpz5fltg+1ErCTlMB8GA1UdIwQY
MBaAFNSFVfmlJyf2vPcVy0dQoqSmw1FhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlWVi1hVW5KX2E4OXhYTFIxQ2lwS2JEVVdFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9lNDU1NzctNjViMS00ZDQzLTg1M2Et
MDJhYmY4NTcyZmNiLzEvMS1lRFFHMGxXNnFKYXFuUGwtVzJEN1VTc0pPVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWIvZTQ1NTc3LTY1YjEtNGQ0My04NTNhLTAyYWJmODU3MmZj
Yi8xLzFJVlYtYVVuSl9hODl4WExSMUNpcEtiRFVXRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArkVaDAN
BgkqhkiG9w0BAQsFAAOCAQEAlUUKAf8s/foPYOnbtr2Co2d9TEKemZMNq/GzrKWM
ZTbkqRgjR+8+e+zgaEyPVKwudMp8aS0ezHPQ1XwOiwUiqKLNotEYXBBbuumeOPV9
7WOLImQEFfGGPTbSUqbjr73wSWY61sNtXBs+WKySClqCAuvaaKGVKvaIWfO/usgS
zg+p10Warvg3BF/lHHy6Hc0UfOIBxxFkYy+k6wRJ/9zI3CpF6L6OjnZFX/lkoKtv
3SU7RLSUh88Vxqa3xycSojz7dJFMyzG4aLQXHBU4GXKC4ZvPzZU2Bxj3eq7cUQnl
DUNIstwf1jfRa4CEYVNOewiUli9Gr3qQjiTuRuL6JRaGaw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:38 2025 by rpki-client