Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/9d960c-e234-4a05-aba2-4a8779e478c6/1/IMkMxuP_HIe-8yHaxaZmmkfgrkU.roa
File:                     IMkMxuP_HIe-8yHaxaZmmkfgrkU.roa (raw, json)
Hash identifier:          VP/3gFLV/p+/OXdm2saWsfz+k4M/NDwKldgBYB4HtdM=
Subject key identifier:   20:C9:0C:C6:E3:FF:1C:87:BE:F3:21:DA:C5:A6:66:9A:47:E0:AE:45
Certificate issuer:       /CN=050e3b7dfbd59910fe527cc7e29af64d53806c91
Certificate serial:       01995BEAC1691BFBE08D008C12142DFD0C7A
Authority key identifier: 05:0E:3B:7D:FB:D5:99:10:FE:52:7C:C7:E2:9A:F6:4D:53:80:6C:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BQ47ffvVmRD-UnzH4pr2TVOAbJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/9d960c-e234-4a05-aba2-4a8779e478c6/1/IMkMxuP_HIe-8yHaxaZmmkfgrkU.roa
Signing time:             Thu 18 Sep 2025 08:22:15 +0000
ROA not before:           Thu 18 Sep 2025 08:22:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41899
IP address blocks:        212.37.64.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/9d960c-e234-4a05-aba2-4a8779e478c6/1/BQ47ffvVmRD-UnzH4pr2TVOAbJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/9d960c-e234-4a05-aba2-4a8779e478c6/1/BQ47ffvVmRD-UnzH4pr2TVOAbJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BQ47ffvVmRD-UnzH4pr2TVOAbJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5b:ea:c1:69:1b:fb:e0:8d:00:8c:12:14:2d:fd:0c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=050e3b7dfbd59910fe527cc7e29af64d53806c91
        Validity
            Not Before: Sep 18 08:22:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20c90cc6e3ff1c87bef321dac5a6669a47e0ae45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:dd:a6:17:ff:8e:2f:e0:ee:8a:72:59:e6:94:
                    7f:ad:0e:07:c9:c3:2d:86:2d:74:28:25:f4:fc:c7:
                    3e:b4:d2:fb:a7:c2:26:0b:b0:15:93:05:c7:d2:a9:
                    67:a0:87:78:58:a4:40:da:1e:d2:76:60:5f:71:75:
                    8e:7a:91:2e:06:1a:33:2a:af:e4:06:00:78:59:02:
                    e9:86:c4:a3:b0:8a:8b:e2:04:45:0a:38:49:54:50:
                    db:68:f0:b1:a2:bf:d7:47:2b:0c:3f:ea:5f:7f:18:
                    46:85:f0:bc:e1:63:db:b8:14:3d:76:5e:a8:b1:5d:
                    1c:1f:1e:6d:75:02:a6:05:9a:09:80:f3:02:f3:95:
                    ed:29:eb:1f:6b:3d:90:3d:d6:76:17:bd:11:91:4f:
                    24:46:fa:4c:12:2c:b8:57:a9:e0:85:44:f2:72:2f:
                    8a:ff:cb:7a:c4:19:9c:5b:18:14:6d:32:87:11:85:
                    83:df:11:8c:3e:aa:f2:8e:83:61:09:66:55:3c:e1:
                    0c:e0:ce:78:b8:52:8f:b5:93:3f:c6:5b:1a:af:a2:
                    2e:a5:19:c9:38:ab:9f:0c:68:7b:6b:83:2f:ae:78:
                    5c:85:32:5c:31:7d:9b:78:d7:d1:bc:f5:a9:b7:fc:
                    96:14:76:c6:ea:b9:ac:49:4f:9c:5b:3b:77:19:14:
                    1c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C9:0C:C6:E3:FF:1C:87:BE:F3:21:DA:C5:A6:66:9A:47:E0:AE:45
            X509v3 Authority Key Identifier:
                keyid:05:0E:3B:7D:FB:D5:99:10:FE:52:7C:C7:E2:9A:F6:4D:53:80:6C:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BQ47ffvVmRD-UnzH4pr2TVOAbJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9d960c-e234-4a05-aba2-4a8779e478c6/1/IMkMxuP_HIe-8yHaxaZmmkfgrkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9d960c-e234-4a05-aba2-4a8779e478c6/1/BQ47ffvVmRD-UnzH4pr2TVOAbJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.37.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:02:89:19:4b:c3:f2:96:cb:b6:c7:18:0b:85:28:b4:fc:f9:
         3a:95:70:37:4d:93:e7:df:c7:4d:36:b0:b5:b2:2c:ea:34:f4:
         f5:66:c0:47:63:39:be:70:09:84:ff:d5:57:47:8b:1e:70:f5:
         70:e6:1b:7b:2b:20:3b:ad:cc:53:55:b1:1c:42:11:5d:25:74:
         9c:d0:28:4b:14:12:04:38:f1:3c:81:27:fb:fd:58:99:e2:3d:
         26:fe:bb:8d:5a:d4:d6:e5:f4:c0:da:f6:c7:86:a3:d6:51:f7:
         21:e8:86:35:7c:b1:4b:2c:75:e7:7a:25:e6:55:61:71:45:b1:
         d8:c6:e7:18:6a:d8:89:aa:80:c7:b5:11:9e:b0:05:10:e6:eb:
         28:4e:53:c5:c5:10:ef:39:85:53:4f:cb:48:0b:fd:6f:f6:78:
         10:18:21:83:9a:7c:c3:7f:d3:91:75:3c:71:98:07:cb:24:ff:
         53:d2:7d:25:f3:4a:3e:a3:2f:1e:01:0a:51:d7:87:c0:31:3b:
         0b:21:c4:9b:80:9d:06:4f:21:d3:97:22:ca:3b:63:28:df:36:
         f6:5f:a3:07:f6:02:da:f3:83:84:72:90:77:6a:bd:2c:38:68:
         c1:49:e7:b5:bc:13:80:a3:7e:b9:ee:97:d5:90:22:28:9f:f8:
         69:99:be:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlb6sFpG/vgjQCMEhQt/Qx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MGUzYjdkZmJkNTk5MTBmZTUyN2NjN2UyOWFmNjRkNTM4
MDZjOTEwHhcNMjUwOTE4MDgyMjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGM5MGNjNmUzZmYxYzg3YmVmMzIxZGFjNWE2NjY5YTQ3ZTBhZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAod2mF/+OL+DuinJZ5pR/rQ4HycMt
hi10KCX0/Mc+tNL7p8ImC7AVkwXH0qlnoId4WKRA2h7SdmBfcXWOepEuBhozKq/k
BgB4WQLphsSjsIqL4gRFCjhJVFDbaPCxor/XRysMP+pffxhGhfC84WPbuBQ9dl6o
sV0cHx5tdQKmBZoJgPMC85XtKesfaz2QPdZ2F70RkU8kRvpMEiy4V6nghUTyci+K
/8t6xBmcWxgUbTKHEYWD3xGMPqryjoNhCWZVPOEM4M54uFKPtZM/xlsar6IupRnJ
OKufDGh7a4MvrnhchTJcMX2beNfRvPWpt/yWFHbG6rmsSU+cWzt3GRQcUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDJDMbj/xyHvvMh2sWmZppH4K5FMB8GA1UdIwQY
MBaAFAUOO3371ZkQ/lJ8x+Ka9k1TgGyRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlE0N2ZmdlZtUkQtVW56SDRwcjJUVk9BYkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85ZDk2MGMtZTIzNC00YTA1LWFiYTIt
NGE4Nzc5ZTQ3OGM2LzEvSU1rTXh1UF9ISWUtOHlIYXhhWm1ta2ZncmtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85ZDk2MGMtZTIzNC00YTA1LWFiYTItNGE4Nzc5ZTQ3OGM2
LzEvQlE0N2ZmdlZtUkQtVW56SDRwcjJUVk9BYkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1CVAMA0G
CSqGSIb3DQEBCwUAA4IBAQB5AokZS8Pylsu2xxgLhSi0/Pk6lXA3TZPn38dNNrC1
sizqNPT1ZsBHYzm+cAmE/9VXR4secPVw5ht7KyA7rcxTVbEcQhFdJXSc0ChLFBIE
OPE8gSf7/ViZ4j0m/ruNWtTW5fTA2vbHhqPWUfch6IY1fLFLLHXneiXmVWFxRbHY
xucYatiJqoDHtRGesAUQ5usoTlPFxRDvOYVTT8tIC/1v9ngQGCGDmnzDf9ORdTxx
mAfLJP9T0n0l80o+oy8eAQpR14fAMTsLIcSbgJ0GTyHTlyLKO2Mo3zb2X6MH9gLa
84OEcpB3ar0sOGjBSee1vBOAo3657pfVkCIon/hpmb7B
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:57 2025 by rpki-client