Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/YVCFtTMPNszjEbvjq-ny3tBCqOA.roa
File:                     YVCFtTMPNszjEbvjq-ny3tBCqOA.roa (raw, json)
Hash identifier:          7CEhN6mtKGqVgp4iusVjUUyIwPOn6WoVIthZyb2HjXk=
Subject key identifier:   61:50:85:B5:33:0F:36:CC:E3:11:BB:E3:AB:E9:F2:DE:D0:42:A8:E0
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       019958EE4B3872DAA8234966FE33150EC15E
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/YVCFtTMPNszjEbvjq-ny3tBCqOA.roa
Signing time:             Wed 17 Sep 2025 18:27:15 +0000
ROA not before:           Wed 17 Sep 2025 18:27:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        45.136.0.0/24 maxlen: 32
                          45.136.2.0/24 maxlen: 32
                          45.136.3.0/24 maxlen: 32
                          128.0.119.0/24 maxlen: 32
                          185.117.23.0/24 maxlen: 32
                          185.144.100.0/24 maxlen: 32
                          185.144.102.0/24 maxlen: 32
                          185.211.48.0/24 maxlen: 32
                          185.211.49.0/24 maxlen: 32
                          185.211.50.0/24 maxlen: 32
                          185.227.240.0/24 maxlen: 32
                          185.227.241.0/24 maxlen: 32
                          185.227.242.0/24 maxlen: 32
                          185.227.243.0/24 maxlen: 32
                          193.201.208.0/24 maxlen: 32
                          193.201.209.0/24 maxlen: 32
                          193.201.210.0/24 maxlen: 32
                          193.201.211.0/24 maxlen: 32
                          194.36.102.0/24 maxlen: 32
                          194.36.103.0/24 maxlen: 32
                          194.124.64.0/24 maxlen: 32
                          194.124.65.0/24 maxlen: 32
                          194.124.66.0/24 maxlen: 32
                          194.124.67.0/24 maxlen: 32
                          195.85.68.0/24 maxlen: 32
                          195.85.69.0/24 maxlen: 32
                          195.85.70.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:58:ee:4b:38:72:da:a8:23:49:66:fe:33:15:0e:c1:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Sep 17 18:27:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=615085b5330f36cce311bbe3abe9f2ded042a8e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:01:04:ef:e4:22:98:52:e4:e4:8a:6a:31:cf:
                    07:fb:3c:2d:02:56:65:31:7f:01:43:a4:4e:0c:19:
                    86:62:64:e7:b0:07:da:21:ac:75:cc:5d:89:9e:d9:
                    f5:a4:31:2b:88:8c:b9:4e:d9:b2:3c:cd:02:fc:2c:
                    f2:e1:2e:9a:1a:95:c0:e5:e7:f0:fd:b8:66:28:e8:
                    01:b8:6a:f6:f1:69:81:ee:fc:ca:50:ef:43:cf:17:
                    f6:f9:03:1f:3c:72:dd:e0:3d:63:63:61:65:07:99:
                    24:82:72:79:35:1b:c2:ac:db:6d:28:ab:ce:c3:b1:
                    c7:dc:29:9a:f2:2a:76:68:6c:69:ce:ad:24:33:f0:
                    ef:36:5e:8c:44:06:fc:4a:8b:bb:c5:d5:fa:13:bc:
                    67:12:c0:5a:f0:b1:b5:a3:34:c0:86:30:b4:6d:c3:
                    e2:46:b3:f4:76:e0:24:d6:5a:11:a4:7f:0c:9c:26:
                    62:8c:87:2a:7f:3b:38:64:37:0f:69:34:4d:4b:d9:
                    52:fc:4f:9d:95:d8:36:5a:46:bd:0c:36:60:a4:e0:
                    21:32:0a:62:ca:e2:73:0d:1a:a6:72:a9:1d:c2:af:
                    eb:62:78:f8:e5:a0:3c:4a:bc:1f:3f:f8:ca:91:c2:
                    4b:34:b4:d6:09:cc:e8:73:76:c7:2a:fc:d9:71:1f:
                    b8:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:50:85:B5:33:0F:36:CC:E3:11:BB:E3:AB:E9:F2:DE:D0:42:A8:E0
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/YVCFtTMPNszjEbvjq-ny3tBCqOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.0.0/24
                  45.136.2.0/23
                  128.0.119.0/24
                  185.117.23.0/24
                  185.144.100.0/24
                  185.144.102.0/24
                  185.211.48.0-185.211.50.255
                  185.227.240.0/22
                  193.201.208.0/22
                  194.36.102.0/23
                  194.124.64.0/22
                  195.85.68.0-195.85.70.255

    Signature Algorithm: sha256WithRSAEncryption
         b6:c5:e7:35:04:da:cd:1e:29:6a:b0:95:71:6a:60:4a:42:26:
         98:f5:13:63:bd:15:b5:3e:67:c8:90:60:72:17:33:7d:6c:0e:
         02:c9:e5:43:7a:56:b1:3a:11:0e:0c:09:9e:5c:72:15:90:84:
         8d:65:0a:41:83:f7:20:20:07:ae:83:7e:43:b2:09:ce:bc:80:
         fe:a5:11:b4:33:02:75:15:b3:71:f4:7b:ee:63:7e:22:12:54:
         70:d4:86:19:02:b2:5f:eb:db:1c:b9:e4:cc:05:4f:ea:38:ac:
         f2:03:4c:c6:8b:93:92:a7:f2:d4:19:a7:87:ae:1e:74:e1:92:
         72:af:6e:e2:40:ab:f6:75:11:bf:47:c0:66:e1:36:ab:4e:38:
         53:23:80:33:85:30:7c:3a:4b:0a:4c:1b:5f:20:55:f6:7d:b3:
         f2:85:36:8e:a7:e3:35:6d:2f:b8:72:54:be:fe:f7:28:02:2a:
         48:31:7f:8d:c4:bc:ad:29:59:89:cb:72:01:23:22:d7:79:d2:
         cb:10:69:4a:df:cf:94:7e:b1:f9:86:4e:53:3d:66:7a:6d:0f:
         62:07:4d:f7:97:1d:0a:7a:3d:2e:d8:e5:94:92:9f:bc:b8:3c:
         33:af:98:ff:fc:d3:2e:bc:f8:c8:b0:fc:80:29:73:cc:7c:5a:
         92:51:72:00
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZlY7ks4ctqoI0lm/jMVDsFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwOTE3MTgyNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTUwODViNTMzMGYzNmNjZTMxMWJiZTNhYmU5ZjJkZWQwNDJhOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswEE7+QimFLk5IpqMc8H+zwtAlZl
MX8BQ6RODBmGYmTnsAfaIax1zF2Jntn1pDEriIy5TtmyPM0C/Czy4S6aGpXA5efw
/bhmKOgBuGr28WmB7vzKUO9Dzxf2+QMfPHLd4D1jY2FlB5kkgnJ5NRvCrNttKKvO
w7HH3Cma8ip2aGxpzq0kM/DvNl6MRAb8Sou7xdX6E7xnEsBa8LG1ozTAhjC0bcPi
RrP0duAk1loRpH8MnCZijIcqfzs4ZDcPaTRNS9lS/E+dldg2Wka9DDZgpOAhMgpi
yuJzDRqmcqkdwq/rYnj45aA8SrwfP/jKkcJLNLTWCczoc3bHKvzZcR+4hwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFGFQhbUzDzbM4xG746vp8t7QQqjgMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvWVZDRnRUTVBOc3pqRWJ2anEtbnkzdEJDcU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQALYgAAwQB
LYgCAwQAgAB3AwQAuXUXAwQAuZBkAwQAuZBmMAwDBAS50zADBAC50zIDBAK54/AD
BALBydADBAHCJGYDBALCfEAwDAMEAsNVRAMEAMNVRjANBgkqhkiG9w0BAQsFAAOC
AQEAtsXnNQTazR4parCVcWpgSkImmPUTY70VtT5nyJBgchczfWwOAsnlQ3pWsToR
DgwJnlxyFZCEjWUKQYP3ICAHroN+Q7IJzryA/qURtDMCdRWzcfR77mN+IhJUcNSG
GQKyX+vbHLnkzAVP6jis8gNMxouTkqfy1Bmnh64edOGScq9u4kCr9nURv0fAZuE2
q044UyOAM4UwfDpLCkwbXyBV9n2z8oU2jqfjNW0vuHJUvv73KAIqSDF/jcS8rSlZ
ictyASMi13nSyxBpSt/PlH6x+YZOUz1mem0PYgdN95cdCno9LtjllJKfvLg8M6+Y
//zTLrz4yLD8gClzzHxaklFyAA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:44 2025 by rpki-client