Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/i6AMMlCBL4mI8fXSClWLBTgrr2w.roa
File:                     i6AMMlCBL4mI8fXSClWLBTgrr2w.roa (raw, json)
Hash identifier:          ibC1icVFA9nVxcZkqXGl9glghEao/S766jYYimUgQ+I=
Subject key identifier:   8B:A0:0C:32:50:81:2F:89:88:F1:F5:D2:0A:55:8B:05:38:2B:AF:6C
Certificate issuer:       /CN=2719412918a6627f99cce55c7aca139057b8574e
Certificate serial:       0199BFE3BFB2DA50CF9F40006164C327C45B
Authority key identifier: 27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/i6AMMlCBL4mI8fXSClWLBTgrr2w.roa
Signing time:             Tue 07 Oct 2025 18:16:37 +0000
ROA not before:           Tue 07 Oct 2025 18:16:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.149.60.0/23 maxlen: 23
                          194.50.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bf:e3:bf:b2:da:50:cf:9f:40:00:61:64:c3:27:c4:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2719412918a6627f99cce55c7aca139057b8574e
        Validity
            Not Before: Oct  7 18:16:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ba00c3250812f8988f1f5d20a558b05382baf6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:12:4f:0f:7c:9b:9d:89:84:1e:ed:10:41:39:
                    8d:13:8b:e8:e3:e4:6d:32:8d:ad:6a:c1:89:5a:08:
                    ea:39:c8:e1:a7:53:62:cd:24:af:20:b8:07:90:17:
                    f0:87:bf:e3:d7:52:7e:e9:77:2d:c1:93:94:90:5c:
                    ab:88:65:aa:96:f9:78:64:2d:bb:70:36:d2:a6:3a:
                    26:f4:1a:8b:d2:1f:ad:de:0d:46:27:7e:49:e3:8a:
                    08:8b:df:ff:c9:3c:a6:59:96:c8:e9:d9:0f:b6:f6:
                    43:c7:bf:9d:46:e3:7f:2c:df:08:01:94:f4:88:20:
                    eb:e4:68:e4:cd:7a:d0:cb:69:1d:b7:b8:7c:d1:cf:
                    26:83:21:ef:e2:87:5b:fb:b4:07:dd:55:b8:e2:48:
                    ad:03:f0:69:cc:cd:e7:92:75:3c:67:4b:62:20:63:
                    ec:dc:88:8c:04:ab:1b:a1:4f:e3:9f:c8:96:b2:09:
                    a6:33:77:fc:4a:5c:e6:37:e4:f6:03:32:f5:06:93:
                    52:f4:de:d7:ab:fc:29:c4:55:72:64:06:f2:04:4a:
                    65:0c:85:2d:34:d9:33:d7:4b:86:f9:ad:a7:b4:2d:
                    3b:bd:cf:ea:fa:bf:59:ac:b7:36:eb:16:e8:ba:b7:
                    42:de:a5:09:50:99:f1:6e:1a:34:05:82:c3:30:39:
                    0a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A0:0C:32:50:81:2F:89:88:F1:F5:D2:0A:55:8B:05:38:2B:AF:6C
            X509v3 Authority Key Identifier:
                keyid:27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/i6AMMlCBL4mI8fXSClWLBTgrr2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.60.0/23
                  194.50.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:6a:04:f4:b9:ca:33:4d:90:01:7e:80:bb:fe:0d:f8:9a:31:
         2c:60:bd:2d:9d:81:16:a0:7f:3c:0d:75:49:2a:82:26:76:96:
         f0:17:51:8f:4d:64:d1:b4:4c:c2:39:cc:d1:db:41:5b:de:e1:
         3f:42:9c:d3:37:51:f8:ad:5d:c6:29:30:13:aa:de:53:ad:0a:
         c8:68:d4:60:2c:41:cc:95:1f:0a:31:e5:7e:f4:d9:48:c6:47:
         d8:5a:b9:37:38:00:30:76:a1:fd:fb:e3:da:48:a2:72:a8:e9:
         a7:67:8e:94:68:29:7b:ac:2c:43:46:cb:93:60:8b:26:1b:0a:
         3f:a9:78:59:fc:e5:35:e5:a2:f7:ba:68:74:bc:ee:0c:0e:5e:
         07:87:c8:78:e3:15:a5:e5:ff:bf:f2:c4:eb:b3:c2:15:75:bd:
         6f:46:7f:ce:7f:ca:8c:b8:6a:d6:78:c8:2b:16:73:e2:e8:e7:
         43:f4:23:0e:e5:08:88:7c:c6:75:fc:0b:17:67:b8:e7:98:02:
         c2:0e:c2:fc:7a:59:c9:da:8f:3c:2f:b8:2c:fb:08:62:96:b2:
         c0:b5:b2:ab:3c:68:47:62:57:0d:92:98:9b:ce:f0:fe:ce:d1:
         ef:a0:69:df:68:f4:22:0b:a7:b2:2d:d8:f6:94:27:60:3d:a3:
         dd:9b:0b:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm/47+y2lDPn0AAYWTDJ8RbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MTk0MTI5MThhNjYyN2Y5OWNjZTU1YzdhY2ExMzkwNTdi
ODU3NGUwHhcNMjUxMDA3MTgxNjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmEwMGMzMjUwODEyZjg5ODhmMWY1ZDIwYTU1OGIwNTM4MmJhZjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxJPD3ybnYmEHu0QQTmNE4vo4+Rt
Mo2tasGJWgjqOcjhp1NizSSvILgHkBfwh7/j11J+6XctwZOUkFyriGWqlvl4ZC27
cDbSpjom9BqL0h+t3g1GJ35J44oIi9//yTymWZbI6dkPtvZDx7+dRuN/LN8IAZT0
iCDr5GjkzXrQy2kdt7h80c8mgyHv4odb+7QH3VW44kitA/BpzM3nknU8Z0tiIGPs
3IiMBKsboU/jn8iWsgmmM3f8SlzmN+T2AzL1BpNS9N7Xq/wpxFVyZAbyBEplDIUt
NNkz10uG+a2ntC07vc/q+r9ZrLc26xbourdC3qUJUJnxbho0BYLDMDkKywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIugDDJQgS+JiPH10gpViwU4K69sMB8GA1UdIwQY
MBaAFCcZQSkYpmJ/mczlXHrKE5BXuFdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYt
NGUyMjM5MTdiODYwLzEvaTZBTU1sQ0JMNG1JOGZYU0NsV0xCVGdycjJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYtNGUyMjM5MTdiODYw
LzEvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZU8AwQA
wjIBMA0GCSqGSIb3DQEBCwUAA4IBAQCGagT0ucozTZABfoC7/g34mjEsYL0tnYEW
oH88DXVJKoImdpbwF1GPTWTRtEzCOczR20Fb3uE/QpzTN1H4rV3GKTATqt5TrQrI
aNRgLEHMlR8KMeV+9NlIxkfYWrk3OAAwdqH9++PaSKJyqOmnZ46UaCl7rCxDRsuT
YIsmGwo/qXhZ/OU15aL3umh0vO4MDl4Hh8h44xWl5f+/8sTrs8IVdb1vRn/Of8qM
uGrWeMgrFnPi6OdD9CMO5QiIfMZ1/AsXZ7jnmALCDsL8elnJ2o88L7gs+whilrLA
tbKrPGhHYlcNkpibzvD+ztHvoGnfaPQiC6eyLdj2lCdgPaPdmwtI
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:46 2025 by rpki-client