Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/p797xYF79ghmDwX_B_VOi9b9mxU.roa
File:                     p797xYF79ghmDwX_B_VOi9b9mxU.roa (raw, json)
Hash identifier:          e+IK2FyU17ZAcWL5rbzdLFhxA19UKsEovIWWQwVtq/E=
Subject key identifier:   A7:BF:7B:C5:81:7B:F6:08:66:0F:05:FF:07:F5:4E:8B:D6:FD:9B:15
Certificate issuer:       /CN=5688b42175d6214a31a5407db8b6c95f1ec60d4e
Certificate serial:       0199B29740861F45F807287BF452FD6A8945
Authority key identifier: 56:88:B4:21:75:D6:21:4A:31:A5:40:7D:B8:B6:C9:5F:1E:C6:0D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Voi0IXXWIUoxpUB9uLbJXx7GDU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/p797xYF79ghmDwX_B_VOi9b9mxU.roa
Signing time:             Sun 05 Oct 2025 04:18:00 +0000
ROA not before:           Sun 05 Oct 2025 04:18:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212077
IP address blocks:        195.234.80.0/24 maxlen: 24
                          2a13:7b40:1::/48 maxlen: 48
                          2a13:7b40:2::/48 maxlen: 48
                          2a13:7b40:3::/48 maxlen: 48
                          2a13:7b40:4::/48 maxlen: 48
                          2a13:7b40:11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/Voi0IXXWIUoxpUB9uLbJXx7GDU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/Voi0IXXWIUoxpUB9uLbJXx7GDU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Voi0IXXWIUoxpUB9uLbJXx7GDU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 04:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b2:97:40:86:1f:45:f8:07:28:7b:f4:52:fd:6a:89:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5688b42175d6214a31a5407db8b6c95f1ec60d4e
        Validity
            Not Before: Oct  5 04:18:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7bf7bc5817bf608660f05ff07f54e8bd6fd9b15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:56:8f:c8:f8:01:e2:a8:12:36:35:f5:6e:89:
                    c6:ed:86:3d:14:ec:a7:34:87:76:e6:36:fe:83:62:
                    e5:d4:5a:3c:62:3d:f7:2e:b1:8f:3f:66:2c:f5:e1:
                    81:05:d3:e0:1b:c1:77:84:8a:98:c2:32:08:fe:74:
                    3c:e2:a0:74:61:db:fe:48:a8:09:b8:b6:29:6f:e6:
                    17:a9:03:e6:70:58:de:40:c1:b4:73:9e:f0:2c:4a:
                    95:2a:30:e9:46:0e:d9:22:85:87:1c:d8:f2:4e:ec:
                    75:e7:70:ae:28:79:b4:73:83:6e:7a:f8:b7:89:42:
                    a3:a2:2e:74:04:8f:59:b2:0b:dd:60:0a:6d:7a:22:
                    2d:3f:9b:6d:96:ee:75:7e:0e:49:06:91:93:a9:ce:
                    72:43:f1:58:c8:2d:76:a0:76:88:5c:7e:cd:89:3d:
                    d3:32:9e:b9:92:e9:cb:12:6c:a7:7a:7c:f3:d2:86:
                    06:aa:91:bd:c8:14:a9:c7:cd:cb:a0:89:e3:18:ed:
                    ce:7c:59:8b:5a:42:74:61:79:97:0e:1e:b6:a3:ea:
                    96:ab:0a:4a:e4:18:c2:03:bf:ce:24:f7:fa:ac:ac:
                    6e:5a:73:3a:9d:ba:68:e4:72:fb:52:11:3b:4d:e0:
                    c3:09:b5:65:07:be:54:75:45:52:f0:9e:99:0b:17:
                    9f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:BF:7B:C5:81:7B:F6:08:66:0F:05:FF:07:F5:4E:8B:D6:FD:9B:15
            X509v3 Authority Key Identifier:
                keyid:56:88:B4:21:75:D6:21:4A:31:A5:40:7D:B8:B6:C9:5F:1E:C6:0D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Voi0IXXWIUoxpUB9uLbJXx7GDU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/p797xYF79ghmDwX_B_VOi9b9mxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/83d6fa-461d-4a56-a844-9f942bc12a7e/1/Voi0IXXWIUoxpUB9uLbJXx7GDU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.80.0/24
                IPv6:
                  2a13:7b40:1::-2a13:7b40:4:ffff:ffff:ffff:ffff:ffff
                  2a13:7b40:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:8f:69:41:6a:e9:35:6c:46:32:52:d8:3c:bb:77:ba:63:d3:
         68:aa:c3:1d:ec:61:a2:01:d2:70:e3:92:c4:63:99:75:ce:2c:
         ce:01:07:14:81:63:d0:78:dc:99:a4:79:66:70:dc:ab:55:4f:
         33:1b:fe:c7:4f:70:7f:7f:f5:36:86:ec:d2:a5:65:93:52:d5:
         ed:a9:99:a6:cf:34:aa:5a:b6:05:d2:15:27:24:a2:d5:44:5e:
         dc:63:9d:90:77:23:bc:f4:d2:85:87:87:4c:6e:10:93:c6:e6:
         e9:ea:8a:c4:e3:b4:09:01:87:47:7e:26:0a:0a:44:4a:e1:d6:
         2d:26:8b:47:0e:3d:ca:b5:55:0d:ea:f4:04:08:f9:d6:68:02:
         c5:8e:65:7b:dd:c4:06:e1:9f:7b:59:4e:f5:fe:89:bc:10:01:
         da:09:8f:ee:60:a6:f6:66:ea:ea:dd:d9:dd:23:d6:1b:ac:84:
         b2:59:78:71:01:8c:95:c7:a5:0b:54:00:e8:90:52:f2:43:f3:
         90:a3:75:e9:dc:b7:77:3e:ef:14:d2:42:b2:b0:b8:2f:64:56:
         d0:4b:6b:92:af:8e:6d:38:e6:ab:00:e6:4f:87:c2:fc:8a:c7:
         10:33:e2:b5:e7:b1:fe:9c:c9:0b:1e:cd:e6:9a:db:1b:58:e7:
         d7:94:87:46
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZmyl0CGH0X4Byh79FL9aolFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ODhiNDIxNzVkNjIxNGEzMWE1NDA3ZGI4YjZjOTVmMWVj
NjBkNGUwHhcNMjUxMDA1MDQxODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2JmN2JjNTgxN2JmNjA4NjYwZjA1ZmYwN2Y1NGU4YmQ2ZmQ5YjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFaPyPgB4qgSNjX1bonG7YY9FOyn
NId25jb+g2Ll1Fo8Yj33LrGPP2Ys9eGBBdPgG8F3hIqYwjII/nQ84qB0Ydv+SKgJ
uLYpb+YXqQPmcFjeQMG0c57wLEqVKjDpRg7ZIoWHHNjyTux153CuKHm0c4Nuevi3
iUKjoi50BI9ZsgvdYApteiItP5ttlu51fg5JBpGTqc5yQ/FYyC12oHaIXH7NiT3T
Mp65kunLEmynenzz0oYGqpG9yBSpx83LoInjGO3OfFmLWkJ0YXmXDh62o+qWqwpK
5BjCA7/OJPf6rKxuWnM6nbpo5HL7UhE7TeDDCbVlB75UdUVS8J6ZCxefwwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFKe/e8WBe/YIZg8F/wf1TovW/ZsVMB8GA1UdIwQY
MBaAFFaItCF11iFKMaVAfbi2yV8exg1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9pMElYWFdJVW94cFVCOXVMYkpYeDdHRFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84M2Q2ZmEtNDYxZC00YTU2LWE4NDQt
OWY5NDJiYzEyYTdlLzEvcDc5N3hZRjc5Z2htRHdYX0JfVk9pOWI5bXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84M2Q2ZmEtNDYxZC00YTU2LWE4NDQtOWY5NDJiYzEyYTdl
LzEvVm9pMElYWFdJVW94cFVCOXVMYkpYeDdHRFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAMBAIAATAGAwQAw+pQMCME
AgACMB0wEgMHACoTe0AAAQMHACoTe0AABAMHACoTe0AAETANBgkqhkiG9w0BAQsF
AAOCAQEALo9pQWrpNWxGMlLYPLt3umPTaKrDHexhogHScOOSxGOZdc4szgEHFIFj
0HjcmaR5ZnDcq1VPMxv+x09wf3/1Nobs0qVlk1LV7amZps80qlq2BdIVJySi1URe
3GOdkHcjvPTShYeHTG4Qk8bm6eqKxOO0CQGHR34mCgpESuHWLSaLRw49yrVVDer0
BAj51mgCxY5le93EBuGfe1lO9f6JvBAB2gmP7mCm9mbq6t3Z3SPWG6yEsll4cQGM
lcelC1QA6JBS8kPzkKN16dy3dz7vFNJCsrC4L2RW0Etrkq+ObTjmqwDmT4fC/IrH
EDPiteex/pzJCx7N5prbG1jn15SHRg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:51:59 2025 by rpki-client