Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/sA7wch0nct8RRso9DXSP98YUL-E.roa
File:                     sA7wch0nct8RRso9DXSP98YUL-E.roa (raw, json)
Hash identifier:          dvnlxnbiJr4Msf06JMyg+yRUZP0NFaueGSdO5cAvxsI=
Subject key identifier:   B0:0E:F0:72:1D:27:72:DF:11:46:CA:3D:0D:74:8F:F7:C6:14:2F:E1
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       01999FCEEE21204D939031C3F2CAAE7820AB
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/sA7wch0nct8RRso9DXSP98YUL-E.roa
Signing time:             Wed 01 Oct 2025 12:46:02 +0000
ROA not before:           Wed 01 Oct 2025 12:46:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31205
IP address blocks:        31.173.240.0/23 maxlen: 23
                          31.173.242.0/23 maxlen: 23
                          31.173.244.0/22 maxlen: 22
                          37.29.86.0/23 maxlen: 23
                          46.232.200.0/24 maxlen: 24
                          46.232.202.0/23 maxlen: 23
                          78.25.92.0/23 maxlen: 23
                          78.25.94.0/23 maxlen: 23
                          83.149.48.0/24 maxlen: 24
                          83.149.49.0/24 maxlen: 24
                          83.149.50.0/24 maxlen: 24
                          83.149.51.0/24 maxlen: 24
                          83.169.248.0/22 maxlen: 22
                          83.169.252.0/22 maxlen: 22
                          85.26.224.0/24 maxlen: 24
                          85.26.226.0/24 maxlen: 24
                          85.26.227.0/24 maxlen: 24
                          85.26.228.0/24 maxlen: 24
                          85.26.229.0/24 maxlen: 24
                          85.26.230.0/24 maxlen: 24
                          85.26.231.0/24 maxlen: 24
                          128.204.66.0/24 maxlen: 24
                          128.204.67.0/24 maxlen: 24
                          178.176.48.0/24 maxlen: 24
                          178.176.240.0/22 maxlen: 22
                          178.176.244.0/22 maxlen: 22
                          178.177.208.0/21 maxlen: 21
                          178.178.207.0/24 maxlen: 24
                          185.210.140.0/23 maxlen: 23
                          185.210.142.0/23 maxlen: 23
                          188.162.0.0/24 maxlen: 24
                          188.162.1.0/24 maxlen: 24
                          188.162.2.0/23 maxlen: 23
                          188.162.4.0/22 maxlen: 22
                          188.162.8.0/23 maxlen: 23
                          188.162.10.0/23 maxlen: 23
                          188.162.12.0/23 maxlen: 23
                          188.162.14.0/23 maxlen: 23
                          188.162.72.0/22 maxlen: 22
                          188.162.76.0/23 maxlen: 23
                          188.162.78.0/24 maxlen: 24
                          188.162.79.0/24 maxlen: 24
                          188.162.80.0/24 maxlen: 24
                          188.162.81.0/24 maxlen: 24
                          188.162.82.0/24 maxlen: 24
                          188.162.83.0/24 maxlen: 24
                          188.162.84.0/24 maxlen: 24
                          188.162.85.0/24 maxlen: 24
                          188.162.86.0/24 maxlen: 24
                          188.162.87.0/24 maxlen: 24
                          188.162.88.0/24 maxlen: 24
                          188.162.89.0/24 maxlen: 24
                          188.162.90.0/23 maxlen: 23
                          188.162.92.0/22 maxlen: 22
                          188.170.240.0/22 maxlen: 22
                          188.170.247.0/24 maxlen: 24
                          2a03:d000:6400::/40 maxlen: 40
                          2a03:d000:6500::/40 maxlen: 40
                          2a03:d000:67fe::/48 maxlen: 48
                          2a03:d000:67ff::/48 maxlen: 48
                          2a03:d000:6802::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9f:ce:ee:21:20:4d:93:90:31:c3:f2:ca:ae:78:20:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Oct  1 12:46:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b00ef0721d2772df1146ca3d0d748ff7c6142fe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2a:a7:f0:d0:e1:ab:e5:f3:7e:f4:3a:95:37:
                    34:b3:e4:48:88:81:fa:56:c4:da:bf:80:c4:3a:64:
                    86:d8:df:f8:c9:d4:a5:5f:d5:43:9f:c0:45:e3:98:
                    29:2c:66:6d:32:54:37:12:64:87:86:d6:b5:de:4b:
                    79:48:c8:60:a5:dd:0b:72:4b:dc:b9:89:85:ed:48:
                    dc:c2:8c:8c:88:b7:f1:e4:01:01:b4:5b:c2:96:50:
                    67:59:fe:5d:5f:c0:72:54:6f:8e:2f:d3:59:46:6a:
                    55:f1:2c:d6:a5:6c:29:dd:fa:a2:3c:65:1c:aa:dd:
                    7a:4a:04:97:1f:a1:e3:50:74:55:de:d5:90:6c:b2:
                    8f:e1:05:48:36:d7:37:e8:40:25:51:4a:24:48:64:
                    3e:5f:15:de:a3:2c:82:3a:80:38:e6:3f:7a:0b:68:
                    56:85:7d:9e:ff:16:65:2d:ba:a9:22:8d:a4:cd:a7:
                    99:3b:bb:00:cc:74:fe:23:95:9d:d0:30:44:b5:15:
                    a7:44:4e:9e:3d:26:f5:9d:c8:07:89:c6:73:4d:64:
                    61:f5:9d:3b:b4:80:d8:a4:fc:bc:09:55:64:d9:75:
                    c4:e8:d2:db:17:d7:5c:8a:b0:d1:e4:5d:66:43:bd:
                    cd:dc:d5:d2:e0:56:1c:4e:44:d6:33:76:86:04:f7:
                    fb:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:0E:F0:72:1D:27:72:DF:11:46:CA:3D:0D:74:8F:F7:C6:14:2F:E1
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/sA7wch0nct8RRso9DXSP98YUL-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.173.240.0/21
                  37.29.86.0/23
                  46.232.200.0/24
                  46.232.202.0/23
                  78.25.92.0/22
                  83.149.48.0/22
                  83.169.248.0/21
                  85.26.224.0/24
                  85.26.226.0-85.26.231.255
                  128.204.66.0/23
                  178.176.48.0/24
                  178.176.240.0/21
                  178.177.208.0/21
                  178.178.207.0/24
                  185.210.140.0/22
                  188.162.0.0/20
                  188.162.72.0-188.162.95.255
                  188.170.240.0/22
                  188.170.247.0/24
                IPv6:
                  2a03:d000:6400::/39
                  2a03:d000:67fe::/47
                  2a03:d000:6802::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:04:09:ee:e9:17:25:9e:a4:0a:73:43:d7:d6:49:5e:96:fc:
         1e:22:c0:4c:5f:6a:ef:23:65:51:21:90:45:8e:b3:4d:a0:3f:
         89:48:9a:ea:f0:a4:6a:72:81:32:53:48:df:84:c0:fa:56:78:
         cd:9f:7b:82:6c:6e:56:1f:28:5c:eb:cd:e1:ba:83:05:c1:14:
         9c:7c:5b:38:0e:8d:1d:06:12:cf:b8:df:d6:a7:f2:9b:8f:11:
         a9:2a:0d:c1:9c:9a:84:e4:13:82:53:1c:2b:ce:66:e1:53:c3:
         63:75:dd:87:98:d6:22:c0:ae:3e:db:2b:b4:dd:82:b9:43:82:
         b9:bd:6b:7d:d3:26:77:d4:b4:b4:68:7c:ed:3f:1a:22:60:6e:
         5d:22:13:06:04:98:c6:a8:67:50:3e:db:a6:ea:db:b0:96:e0:
         a8:a5:33:1a:ee:c4:80:cb:ec:f4:06:a6:9d:b7:fb:b4:11:dd:
         49:0d:45:aa:e8:95:64:f6:f3:86:cb:c9:ab:d0:40:bc:a9:0e:
         b5:a8:31:a1:27:00:a7:6a:29:91:71:08:60:d9:19:6e:66:b5:
         9b:ea:2e:30:8f:ac:4a:fe:0a:d4:24:7d:80:46:c9:df:aa:65:
         e2:d2:2f:cc:9b:63:73:55:72:aa:f3:eb:4b:87:e8:21:7b:f7:
         05:22:7c:03
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAZmfzu4hIE2TkDHD8squeCCrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUxMDAxMTI0NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDBlZjA3MjFkMjc3MmRmMTE0NmNhM2QwZDc0OGZmN2M2MTQyZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSqn8NDhq+XzfvQ6lTc0s+RIiIH6
VsTav4DEOmSG2N/4ydSlX9VDn8BF45gpLGZtMlQ3EmSHhta13kt5SMhgpd0Lckvc
uYmF7UjcwoyMiLfx5AEBtFvCllBnWf5dX8ByVG+OL9NZRmpV8SzWpWwp3fqiPGUc
qt16SgSXH6HjUHRV3tWQbLKP4QVINtc36EAlUUokSGQ+XxXeoyyCOoA45j96C2hW
hX2e/xZlLbqpIo2kzaeZO7sAzHT+I5Wd0DBEtRWnRE6ePSb1ncgHicZzTWRh9Z07
tIDYpPy8CVVk2XXE6NLbF9dcirDR5F1mQ73N3NXS4FYcTkTWM3aGBPf7mwIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFLAO8HIdJ3LfEUbKPQ10j/fGFC/hMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvc0E3d2NoMG5jdDhSUnNvOURYU1A5OFlVTC1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBiQQCAAEwgYIDBAMf
rfADBAElHVYDBAAu6MgDBAEu6MoDBAJOGVwDBAJTlTADBANTqfgDBABVGuAwDAME
AVUa4gMEA1Ua4AMEAYDMQgMEALKwMAMEA7Kw8AMEA7Kx0AMEALKyzwMEArnSjAME
BLyiADAMAwQDvKJIAwQFvKJAAwQCvKrwAwQAvKr3MCAEAgACMBoDBgEqA9AAZAMH
ASoD0ABn/gMHACoD0ABoAjANBgkqhkiG9w0BAQsFAAOCAQEAqAQJ7ukXJZ6kCnND
19ZJXpb8HiLATF9q7yNlUSGQRY6zTaA/iUia6vCkanKBMlNI34TA+lZ4zZ97gmxu
Vh8oXOvN4bqDBcEUnHxbOA6NHQYSz7jf1qfym48RqSoNwZyahOQTglMcK85m4VPD
Y3Xdh5jWIsCuPtsrtN2CuUOCub1rfdMmd9S0tGh87T8aImBuXSITBgSYxqhnUD7b
purbsJbgqKUzGu7EgMvs9Aamnbf7tBHdSQ1FquiVZPbzhsvJq9BAvKkOtagxoScA
p2opkXEIYNkZbma1m+ouMI+sSv4K1CR9gEbJ36pl4tIvzJtjc1VyqvPrS4foIXv3
BSJ8Aw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:52:43 2025 by rpki-client