Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/D4q5QeYMkgTngWc_wOjZD98RdmU.roa
File:                     D4q5QeYMkgTngWc_wOjZD98RdmU.roa (raw, json)
Hash identifier:          TIn/p4u3LHbpQIcSm7Z411bo2Gcl4RIpFyXkWWJvvQY=
Subject key identifier:   0F:8A:B9:41:E6:0C:92:04:E7:81:67:3F:C0:E8:D9:0F:DF:11:76:65
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       0199DCB51313FDB18B87FB1F5DFD5C211640
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/D4q5QeYMkgTngWc_wOjZD98RdmU.roa
Signing time:             Mon 13 Oct 2025 08:34:38 +0000
ROA not before:           Mon 13 Oct 2025 08:34:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        37.44.228.0/22 maxlen: 24
                          45.66.92.0/23 maxlen: 23
                          192.145.52.0/22 maxlen: 24
                          192.145.52.0/24 maxlen: 24
                          193.219.99.0/24 maxlen: 24
                          194.15.32.0/24 maxlen: 24
                          194.15.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dc:b5:13:13:fd:b1:8b:87:fb:1f:5d:fd:5c:21:16:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Oct 13 08:34:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f8ab941e60c9204e781673fc0e8d90fdf117665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a8:2d:57:67:e9:04:e7:11:ae:7a:fe:93:36:
                    4c:7d:cc:6a:e0:98:39:70:4c:7d:09:b3:40:b6:87:
                    3e:02:e8:da:de:14:5b:0d:b7:f3:95:69:dc:92:e1:
                    44:12:3b:80:7e:64:1a:9c:43:76:1f:70:c1:4c:33:
                    d2:f2:6c:1b:a8:9b:25:ba:bc:a6:95:39:af:e6:ee:
                    dc:1d:54:e2:33:07:ce:1d:a9:f3:bd:08:6a:1c:17:
                    73:0b:08:dc:55:41:04:4b:77:a8:f2:c0:7b:59:63:
                    43:b1:77:7d:0b:8a:98:77:51:fb:eb:63:dc:a3:51:
                    b6:0c:03:53:a7:d1:98:43:58:b5:4c:47:c5:27:c2:
                    a9:22:ef:25:82:45:b8:9b:d9:72:80:49:af:63:20:
                    3f:11:9d:db:47:bc:e2:d4:29:af:35:80:50:cb:16:
                    4d:d1:21:66:f9:d1:68:6a:60:3f:49:38:d9:44:c3:
                    bf:8a:f8:f7:f2:ff:b8:65:77:94:7d:be:09:93:94:
                    da:21:9f:92:6e:22:87:fc:b5:e0:46:33:70:dc:cf:
                    75:0b:bd:23:7c:b6:b8:42:27:f2:a9:a0:e6:77:36:
                    30:ba:f8:e2:ad:25:8d:37:f7:5b:7a:f4:6d:e0:fa:
                    92:f3:d8:9a:06:c0:72:b7:88:56:0a:f4:26:b6:4f:
                    05:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:8A:B9:41:E6:0C:92:04:E7:81:67:3F:C0:E8:D9:0F:DF:11:76:65
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/D4q5QeYMkgTngWc_wOjZD98RdmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.228.0/22
                  45.66.92.0/23
                  192.145.52.0/22
                  193.219.99.0/24
                  194.15.32.0/24
                  194.15.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:34:6e:4a:c8:7d:95:b6:0f:d1:41:3e:09:14:d1:23:19:fa:
         2d:76:73:7d:5e:c7:30:8a:d5:14:cf:0c:6f:c4:1f:5b:a5:57:
         80:89:cf:84:48:1a:0d:73:4f:79:01:d0:05:94:61:72:74:4f:
         c4:e6:4e:58:1b:af:dc:e5:69:0c:23:83:16:eb:8e:9f:8e:9c:
         76:ee:95:67:ad:c8:f2:f9:32:58:6c:21:f4:a0:d7:fa:37:c9:
         1d:d4:c0:06:c0:14:3a:73:4a:52:90:3c:98:ab:12:10:6d:b1:
         fd:e8:b9:84:d6:4b:13:17:a8:b7:7d:80:7c:27:02:2e:02:90:
         4c:c5:7d:84:64:49:f1:5c:15:5d:24:1e:f7:ee:66:53:11:d2:
         f5:66:f0:1b:17:87:79:53:a7:f1:16:13:df:3f:3d:a8:51:a7:
         70:7a:29:db:cc:7c:79:db:86:70:92:c2:2e:80:cf:5e:c2:f6:
         be:a2:6d:c9:27:5a:4b:83:66:f1:a5:5e:35:78:86:23:02:40:
         31:24:9a:69:a3:f9:3f:2d:be:5b:7e:9f:02:10:4a:21:3f:fd:
         60:85:c8:7d:c3:50:f4:69:62:e2:b3:a8:4c:e5:af:4d:33:ce:
         70:cf:2b:4d:4d:ae:fe:99:8b:e7:2e:bc:b1:a5:6e:f8:f4:80:
         c7:db:38:67
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZnctRMT/bGLh/sfXf1cIRZAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUxMDEzMDgzNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjhhYjk0MWU2MGM5MjA0ZTc4MTY3M2ZjMGU4ZDkwZmRmMTE3NjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxagtV2fpBOcRrnr+kzZMfcxq4Jg5
cEx9CbNAtoc+Auja3hRbDbfzlWnckuFEEjuAfmQanEN2H3DBTDPS8mwbqJslurym
lTmv5u7cHVTiMwfOHanzvQhqHBdzCwjcVUEES3eo8sB7WWNDsXd9C4qYd1H762Pc
o1G2DANTp9GYQ1i1TEfFJ8KpIu8lgkW4m9lygEmvYyA/EZ3bR7zi1CmvNYBQyxZN
0SFm+dFoamA/STjZRMO/ivj38v+4ZXeUfb4Jk5TaIZ+SbiKH/LXgRjNw3M91C70j
fLa4QifyqaDmdzYwuvjirSWNN/dbevRt4PqS89iaBsByt4hWCvQmtk8FUQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFA+KuUHmDJIE54FnP8Do2Q/fEXZlMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvRDRxNVFlWU1rZ1RuZ1djX3dPalpEOThSZG1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCJSzkAwQB
LUJcAwQCwJE0AwQAwdtjAwQAwg8gAwQAwg8iMA0GCSqGSIb3DQEBCwUAA4IBAQAl
NG5KyH2Vtg/RQT4JFNEjGfotdnN9XscwitUUzwxvxB9bpVeAic+ESBoNc095AdAF
lGFydE/E5k5YG6/c5WkMI4MW646fjpx27pVnrcjy+TJYbCH0oNf6N8kd1MAGwBQ6
c0pSkDyYqxIQbbH96LmE1ksTF6i3fYB8JwIuApBMxX2EZEnxXBVdJB737mZTEdL1
ZvAbF4d5U6fxFhPfPz2oUadweinbzHx524ZwksIugM9ewva+om3JJ1pLg2bxpV41
eIYjAkAxJJppo/k/Lb5bfp8CEEohP/1ghch9w1D0aWLis6hM5a9NM85wzytNTa7+
mYvnLryxpW749IDH2zhn
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:41 2025 by rpki-client