Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Q1NjaMZS4Ow_3tAZrwQF4y1M-9s.roa
File:                     Q1NjaMZS4Ow_3tAZrwQF4y1M-9s.roa (raw, json)
Hash identifier:          o6hTq9rOEhOn79T+PBKaS3a32s2v11hvZ2e8GIzhWz8=
Subject key identifier:   43:53:63:68:C6:52:E0:EC:3F:DE:D0:19:AF:04:05:E3:2D:4C:FB:DB
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0199BE8E4258AF79143D7656EE8433F01505
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Q1NjaMZS4Ow_3tAZrwQF4y1M-9s.roa
Signing time:             Tue 07 Oct 2025 12:03:38 +0000
ROA not before:           Tue 07 Oct 2025 12:03:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          45.90.16.0/24 maxlen: 24
                          45.90.17.0/24 maxlen: 24
                          45.131.134.0/24 maxlen: 24
                          185.108.204.0/24 maxlen: 24
                          185.126.82.0/24 maxlen: 24
                          185.199.54.0/24 maxlen: 24
                          185.199.158.0/24 maxlen: 24
                          185.199.159.0/24 maxlen: 24
                          185.206.251.0/24 maxlen: 24
                          185.209.38.0/24 maxlen: 24
                          185.209.73.0/24 maxlen: 24
                          185.209.74.0/24 maxlen: 24
                          185.209.75.0/24 maxlen: 24
                          185.210.233.0/24 maxlen: 24
                          185.210.235.0/24 maxlen: 24
                          185.214.108.0/24 maxlen: 24
                          185.218.20.0/24 maxlen: 24
                          185.218.101.0/24 maxlen: 24
                          185.220.248.0/24 maxlen: 24
                          185.220.249.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.222.28.0/24 maxlen: 24
                          185.222.29.0/24 maxlen: 24
                          185.223.80.0/24 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.223.155.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.225.1.0/24 maxlen: 24
                          185.225.2.0/24 maxlen: 24
                          185.225.3.0/24 maxlen: 24
                          185.226.104.0/24 maxlen: 24
                          185.226.107.0/24 maxlen: 24
                          185.227.144.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          185.228.75.0/24 maxlen: 24
                          185.232.206.0/24 maxlen: 24
                          185.246.112.0/24 maxlen: 24
                          193.8.112.0/23 maxlen: 24
                          193.8.112.0/24 maxlen: 24
                          193.8.114.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24
                          193.58.146.0/24 maxlen: 24
                          194.5.64.0/24 maxlen: 24
                          194.5.67.0/24 maxlen: 24
                          194.76.169.0/24 maxlen: 24
                          194.76.172.0/24 maxlen: 24
                          194.124.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:be:8e:42:58:af:79:14:3d:76:56:ee:84:33:f0:15:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Oct  7 12:03:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43536368c652e0ec3fded019af0405e32d4cfbdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:71:6e:4b:f7:96:32:91:7e:40:70:9d:03:00:
                    f0:20:2e:42:ac:bc:36:68:5c:65:88:8c:88:06:ed:
                    3d:40:2a:75:eb:a1:c0:e0:9b:88:69:df:85:36:0e:
                    88:32:e4:1c:0a:bb:05:8c:50:30:02:70:3b:9c:1a:
                    31:76:3b:ce:ab:9d:f0:bc:87:6c:2b:3f:a0:b4:1d:
                    fa:8e:76:0f:94:a0:04:d0:ee:e9:13:73:bb:b2:e7:
                    cd:b6:2d:ba:ea:9f:42:07:25:1c:c6:58:a6:2c:61:
                    62:51:1b:b5:85:24:ec:f8:70:37:c7:ba:e9:c2:38:
                    62:9c:64:ff:69:e5:6b:0e:70:ca:4d:4d:21:de:2b:
                    4d:8e:ea:41:e5:61:3c:ab:59:4d:ff:65:67:20:29:
                    0a:d3:d9:87:5b:c3:7d:58:d2:c4:8f:04:e5:77:8e:
                    dc:7a:6d:00:a7:d2:4a:18:70:ab:ec:b2:86:dd:10:
                    7f:50:80:01:8b:14:28:f9:41:d8:9b:a8:fa:0e:90:
                    b0:6a:95:1e:52:ba:0f:41:00:21:c4:d7:59:4c:af:
                    25:4b:b5:af:0f:40:36:79:21:2d:cc:a2:08:c5:f0:
                    0c:b6:0d:1e:b7:c8:1e:03:b6:bc:40:65:55:4a:c6:
                    72:ce:39:25:0a:a8:4b:23:31:89:10:a0:52:6a:ec:
                    c0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:53:63:68:C6:52:E0:EC:3F:DE:D0:19:AF:04:05:E3:2D:4C:FB:DB
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Q1NjaMZS4Ow_3tAZrwQF4y1M-9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  45.90.16.0/23
                  45.131.134.0/24
                  185.108.204.0/24
                  185.126.82.0/24
                  185.199.54.0/24
                  185.199.158.0/23
                  185.206.251.0/24
                  185.209.38.0/24
                  185.209.73.0-185.209.75.255
                  185.210.233.0/24
                  185.210.235.0/24
                  185.214.108.0/24
                  185.218.20.0/24
                  185.218.101.0/24
                  185.220.248.0/22
                  185.222.28.0/23
                  185.223.80.0/24
                  185.223.82.0/24
                  185.223.155.0/24
                  185.225.0.0/22
                  185.226.104.0/24
                  185.226.107.0/24
                  185.227.144.0/24
                  185.227.146.0/23
                  185.228.75.0/24
                  185.232.206.0/24
                  185.246.112.0/24
                  193.8.112.0-193.8.114.255
                  193.58.146.0/23
                  194.5.64.0/24
                  194.5.67.0/24
                  194.76.169.0/24
                  194.76.172.0/24
                  194.124.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:54:be:fd:41:a4:7e:06:9e:b9:73:38:d1:9e:0f:77:69:a9:
         dc:c3:ba:be:04:81:e7:56:89:47:ee:e6:75:b3:30:1e:8f:a3:
         5d:4b:11:2b:22:8a:4a:0c:55:94:1f:e3:34:81:7b:fc:95:13:
         ba:3e:93:81:79:76:58:f6:fd:2f:a9:26:38:e9:78:63:76:c0:
         23:32:74:27:20:91:09:fc:ec:3f:97:15:66:14:cb:56:68:0a:
         a9:22:05:8f:b1:cf:e1:c8:05:f0:fc:79:9a:dc:58:17:09:f0:
         ee:4a:eb:92:80:2f:17:be:54:90:0e:5e:ba:7b:ac:58:0a:48:
         55:4b:87:f3:6b:02:01:a3:4e:da:50:55:d9:a7:d0:9d:c0:bf:
         d7:2d:d8:03:c8:76:c5:a0:a0:d8:07:c7:35:58:82:23:b7:75:
         44:78:2f:e3:88:7c:98:8e:51:f3:bf:58:59:07:e3:af:97:8c:
         c5:fb:06:91:eb:c3:eb:dc:db:c8:06:51:d3:8b:94:fe:e4:97:
         2f:ad:2a:4f:53:65:b3:28:1b:c9:18:53:d8:f5:c9:8b:5d:12:
         0d:d8:7a:7c:9b:a2:bc:f4:b4:85:1f:32:ff:2b:59:63:ec:cb:
         54:50:90:f7:60:1c:3e:b4:fd:32:e0:51:db:26:0e:12:7a:1f:
         26:20:1e:12
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgISAZm+jkJYr3kUPXZW7oQz8BUFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUxMDA3MTIwMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzUzNjM2OGM2NTJlMGVjM2ZkZWQwMTlhZjA0MDVlMzJkNGNmYmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXFuS/eWMpF+QHCdAwDwIC5CrLw2
aFxliIyIBu09QCp166HA4JuIad+FNg6IMuQcCrsFjFAwAnA7nBoxdjvOq53wvIds
Kz+gtB36jnYPlKAE0O7pE3O7sufNti266p9CByUcxlimLGFiURu1hSTs+HA3x7rp
wjhinGT/aeVrDnDKTU0h3itNjupB5WE8q1lN/2VnICkK09mHW8N9WNLEjwTld47c
em0Ap9JKGHCr7LKG3RB/UIABixQo+UHYm6j6DpCwapUeUroPQQAhxNdZTK8lS7Wv
D0A2eSEtzKIIxfAMtg0et8geA7a8QGVVSsZyzjklCqhLIzGJEKBSauzA0QIDAQAB
o4IC6jCCAuYwHQYDVR0OBBYEFENTY2jGUuDsP97QGa8EBeMtTPvbMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUTFOamFNWlM0T3dfM3RBWnJ3UUY0eTFNLTlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH/BggrBgEFBQcBBwEB/wSB7zCB7DCB6QQCAAEwgeIDBAAt
CBUDBAEtWhADBAAtg4YDBAC5bMwDBAC5flIDBAC5xzYDBAG5x54DBAC5zvsDBAC5
0SYwDAMEALnRSQMEArnRSAMEALnS6QMEALnS6wMEALnWbAMEALnaFAMEALnaZQME
Arnc+AMEAbneHAMEALnfUAMEALnfUgMEALnfmwMEArnhAAMEALniaAMEALniawME
ALnjkAMEAbnjkgMEALnkSwMEALnozgMEALn2cDAMAwQEwQhwAwQAwQhyAwQBwTqS
AwQAwgVAAwQAwgVDAwQAwkypAwQAwkysAwQAwnxFMA0GCSqGSIb3DQEBCwUAA4IB
AQBhVL79QaR+Bp65czjRng93aancw7q+BIHnVolH7uZ1szAej6NdSxErIopKDFWU
H+M0gXv8lRO6PpOBeXZY9v0vqSY46XhjdsAjMnQnIJEJ/Ow/lxVmFMtWaAqpIgWP
sc/hyAXw/Hma3FgXCfDuSuuSgC8XvlSQDl66e6xYCkhVS4fzawIBo07aUFXZp9Cd
wL/XLdgDyHbFoKDYB8c1WIIjt3VEeC/jiHyYjlHzv1hZB+Ovl4zF+waR68Pr3NvI
BlHTi5T+5JcvrSpPU2WzKBvJGFPY9cmLXRIN2Hp8m6K89LSFHzL/K1lj7MtUUJD3
YBw+tP0y4FHbJg4Seh8mIB4S
-----END CERTIFICATE-----
Generated at Sun Oct 19 14:41:41 2025 by rpki-client