Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/46f147-173f-4260-aa7b-3a6bf890a01d/1/BiNIPlrjeE3rdm2XK22vRf-wuzQ.roa
File:                     BiNIPlrjeE3rdm2XK22vRf-wuzQ.roa (raw, json)
Hash identifier:          ezcE9QgtvtC5wwnkaiaobICKGA7cBVTWIAYbMzMm22U=
Subject key identifier:   06:23:48:3E:5A:E3:78:4D:EB:76:6D:97:2B:6D:AF:45:FF:B0:BB:34
Certificate issuer:       /CN=e0a0106cd2857ef13234867cb7f16a23a93faa93
Certificate serial:       0199F25A286830E45E474B018A2405253C63
Authority key identifier: E0:A0:10:6C:D2:85:7E:F1:32:34:86:7C:B7:F1:6A:23:A9:3F:AA:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4KAQbNKFfvEyNIZ8t_FqI6k_qpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/46f147-173f-4260-aa7b-3a6bf890a01d/1/BiNIPlrjeE3rdm2XK22vRf-wuzQ.roa
Signing time:             Fri 17 Oct 2025 13:26:58 +0000
ROA not before:           Fri 17 Oct 2025 13:26:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48885
IP address blocks:        37.252.128.0/19 maxlen: 19
                          37.252.128.0/24 maxlen: 24
                          217.146.48.0/20 maxlen: 24
                          217.146.48.0/24 maxlen: 24
                          217.146.49.0/24 maxlen: 24
                          217.146.50.0/24 maxlen: 24
                          217.146.51.0/24 maxlen: 24
                          217.146.52.0/24 maxlen: 24
                          217.146.53.0/24 maxlen: 24
                          217.146.55.0/24 maxlen: 24
                          217.146.63.0/24 maxlen: 24
                          2a00:dbc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/46f147-173f-4260-aa7b-3a6bf890a01d/1/4KAQbNKFfvEyNIZ8t_FqI6k_qpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/46f147-173f-4260-aa7b-3a6bf890a01d/1/4KAQbNKFfvEyNIZ8t_FqI6k_qpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4KAQbNKFfvEyNIZ8t_FqI6k_qpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 04:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:5a:28:68:30:e4:5e:47:4b:01:8a:24:05:25:3c:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0a0106cd2857ef13234867cb7f16a23a93faa93
        Validity
            Not Before: Oct 17 13:26:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0623483e5ae3784deb766d972b6daf45ffb0bb34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:30:2d:75:70:23:98:03:7f:35:42:75:ff:59:
                    ff:cc:26:fb:0e:ac:be:4b:2e:7a:39:6b:ce:fd:2f:
                    05:0b:73:cd:eb:d0:9f:d0:45:ef:34:9b:28:c4:b9:
                    53:e2:de:7a:54:6f:a6:40:93:90:f5:3e:e1:6a:be:
                    2f:5e:5c:c5:5e:43:a6:a5:5f:69:e7:bf:7c:5e:51:
                    a3:4f:41:9d:b2:68:0b:7e:d1:84:74:85:35:52:3f:
                    a6:6a:22:ba:37:d4:45:1c:a9:26:d3:c9:dd:9f:9f:
                    fb:9e:a0:4e:f4:00:44:41:15:ae:a6:22:23:ca:df:
                    20:da:c1:09:e8:1a:fe:f2:a5:2e:4d:44:31:1c:82:
                    d5:16:1f:c8:c4:b9:dd:7c:ca:98:a4:6b:b2:48:96:
                    56:46:ed:65:77:39:92:6e:f3:e5:d6:b2:b0:be:9f:
                    d0:17:21:27:af:ec:2b:39:a8:14:f1:82:6c:44:07:
                    c6:fc:01:49:70:cc:20:32:d3:5a:6b:f4:00:d3:47:
                    a0:09:7b:a9:a9:d7:b2:44:85:a6:df:12:50:f1:fb:
                    5c:4c:a3:ee:51:89:d3:7b:fa:b8:40:0b:1e:94:ee:
                    20:7c:45:02:7a:3c:7a:ec:19:7a:a2:dc:8a:71:f9:
                    26:6c:37:c2:d2:71:e3:a4:76:de:ff:e6:04:bd:fa:
                    05:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:23:48:3E:5A:E3:78:4D:EB:76:6D:97:2B:6D:AF:45:FF:B0:BB:34
            X509v3 Authority Key Identifier:
                keyid:E0:A0:10:6C:D2:85:7E:F1:32:34:86:7C:B7:F1:6A:23:A9:3F:AA:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4KAQbNKFfvEyNIZ8t_FqI6k_qpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/46f147-173f-4260-aa7b-3a6bf890a01d/1/BiNIPlrjeE3rdm2XK22vRf-wuzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/46f147-173f-4260-aa7b-3a6bf890a01d/1/4KAQbNKFfvEyNIZ8t_FqI6k_qpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.128.0/19
                  217.146.48.0/20
                IPv6:
                  2a00:dbc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:a5:d2:aa:a5:d9:19:fb:34:0d:4a:c1:7b:1f:bb:52:96:66:
         24:9e:c5:1f:e5:83:db:54:1c:7a:9d:08:63:8d:b2:ed:ad:19:
         c1:ee:1f:38:78:8e:73:e5:00:ce:63:13:e1:08:9a:66:d0:e7:
         1e:5a:a8:96:76:65:8c:c6:bd:36:3a:27:19:30:17:1b:bc:fc:
         c7:1e:8f:ee:9a:7b:46:f4:ec:21:d5:22:30:ed:06:0b:49:90:
         3e:4b:b1:dd:b6:63:d4:fc:c2:12:61:ed:17:f1:80:e2:80:2d:
         87:2c:9b:5c:31:3c:b4:81:3a:b2:64:59:43:8e:fd:8f:29:9b:
         37:1b:21:ba:9b:4d:82:d2:45:87:08:e5:5f:cc:3e:6b:5d:97:
         ef:5f:be:35:ef:48:aa:e0:f4:32:38:5a:bb:25:b1:b9:d1:e4:
         52:4e:29:20:84:6d:79:13:16:1c:9b:e6:2c:1b:cf:f9:1e:b9:
         4d:4d:f5:d4:09:a8:ea:36:b8:cc:3e:7d:01:4b:e8:d5:30:a7:
         dc:32:b3:1b:a3:16:9e:1d:80:2e:8c:88:47:20:23:36:b4:93:
         e0:39:63:06:2d:90:0a:00:35:95:56:02:a8:46:fd:5a:6f:5f:
         4d:a2:59:63:d3:a8:28:0d:ae:1c:ce:76:73:d2:7e:d3:20:bb:
         08:b9:db:77
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZnyWihoMOReR0sBiiQFJTxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYTAxMDZjZDI4NTdlZjEzMjM0ODY3Y2I3ZjE2YTIzYTkz
ZmFhOTMwHhcNMjUxMDE3MTMyNjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjIzNDgzZTVhZTM3ODRkZWI3NjZkOTcyYjZkYWY0NWZmYjBiYjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TAtdXAjmAN/NUJ1/1n/zCb7Dqy+
Sy56OWvO/S8FC3PN69Cf0EXvNJsoxLlT4t56VG+mQJOQ9T7har4vXlzFXkOmpV9p
5798XlGjT0GdsmgLftGEdIU1Uj+maiK6N9RFHKkm08ndn5/7nqBO9ABEQRWupiIj
yt8g2sEJ6Br+8qUuTUQxHILVFh/IxLndfMqYpGuySJZWRu1ldzmSbvPl1rKwvp/Q
FyEnr+wrOagU8YJsRAfG/AFJcMwgMtNaa/QA00egCXupqdeyRIWm3xJQ8ftcTKPu
UYnTe/q4QAselO4gfEUCejx67Bl6otyKcfkmbDfC0nHjpHbe/+YEvfoFSwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAYjSD5a43hN63Ztlyttr0X/sLs0MB8GA1UdIwQY
MBaAFOCgEGzShX7xMjSGfLfxaiOpP6qTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEtBUWJOS0ZmdkV5TklaOHRfRnFJNmtfcXBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi80NmYxNDctMTczZi00MjYwLWFhN2It
M2E2YmY4OTBhMDFkLzEvQmlOSVBscmplRTNyZG0yWEsyMnZSZi13dXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi80NmYxNDctMTczZi00MjYwLWFhN2ItM2E2YmY4OTBhMDFk
LzEvNEtBUWJOS0ZmdkV5TklaOHRfRnFJNmtfcXBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFJfyAAwQE
2ZIwMA0EAgACMAcDBQAqANvAMA0GCSqGSIb3DQEBCwUAA4IBAQB0pdKqpdkZ+zQN
SsF7H7tSlmYknsUf5YPbVBx6nQhjjbLtrRnB7h84eI5z5QDOYxPhCJpm0OceWqiW
dmWMxr02OicZMBcbvPzHHo/umntG9Owh1SIw7QYLSZA+S7HdtmPU/MISYe0X8YDi
gC2HLJtcMTy0gTqyZFlDjv2PKZs3GyG6m02C0kWHCOVfzD5rXZfvX74170iq4PQy
OFq7JbG50eRSTikghG15ExYcm+YsG8/5HrlNTfXUCajqNrjMPn0BS+jVMKfcMrMb
oxaeHYAujIhHICM2tJPgOWMGLZAKADWVVgKoRv1ab19Nollj06goDa4cznZz0n7T
ILsIudt3
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:29:31 2025 by rpki-client