Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/y00mRMeLeDDhIsMAYw5cU9ydT_g.roa
File:                     y00mRMeLeDDhIsMAYw5cU9ydT_g.roa (raw, json)
Hash identifier:          RcBsrCEOahHDPUOy4aaVi9yPFL+/AxbXyRWWkDHgw+w=
Subject key identifier:   CB:4D:26:44:C7:8B:78:30:E1:22:C3:00:63:0E:5C:53:DC:9D:4F:F8
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       01998C56CDC09A28A5BEBA9ADDDCE2E9745E
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/y00mRMeLeDDhIsMAYw5cU9ydT_g.roa
Signing time:             Sat 27 Sep 2025 18:02:02 +0000
ROA not before:           Sat 27 Sep 2025 18:02:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64289
IP address blocks:        185.144.102.0/24 maxlen: 32
                          193.201.208.0/24 maxlen: 32
                          193.201.209.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:8c:56:cd:c0:9a:28:a5:be:ba:9a:dd:dc:e2:e9:74:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Sep 27 18:02:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb4d2644c78b7830e122c300630e5c53dc9d4ff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f0:44:73:df:94:b0:c0:71:64:ad:60:70:c3:
                    f8:22:66:20:4e:da:f3:7f:ce:6d:77:58:79:9e:c7:
                    48:6a:2e:60:c8:41:bc:de:32:21:fb:a0:82:82:17:
                    05:e2:e9:7e:fd:45:be:a7:10:88:5f:7c:cb:58:5c:
                    34:13:30:4b:55:9c:9a:a9:50:63:94:55:0f:a3:22:
                    98:f0:b1:a4:40:2a:2d:80:f3:a2:15:d8:25:ab:f1:
                    bb:64:82:3c:1c:2c:2b:0a:d1:dd:07:e0:4e:eb:f2:
                    f5:6d:87:5f:2d:ad:b4:3a:bc:5a:e9:72:98:bf:42:
                    6a:66:08:01:78:03:be:6c:15:09:32:da:13:80:b5:
                    d8:33:07:3a:f0:6d:ce:fa:07:7f:98:58:86:c7:fb:
                    0d:04:8e:85:83:90:d9:b7:55:f9:21:33:de:e8:0b:
                    8a:79:8d:01:d7:79:a3:70:8e:96:20:ba:ba:9f:4d:
                    d6:cc:d4:46:24:89:fa:92:d4:48:3d:ec:02:6f:06:
                    e4:30:6c:af:f0:42:a6:5a:6f:ab:59:43:f8:6e:1d:
                    24:93:b2:91:81:c2:2b:95:5e:b4:6f:57:31:09:bf:
                    21:28:1c:90:00:30:a0:b7:f1:b6:5b:d7:90:a6:5f:
                    0d:d2:2a:e4:65:26:3c:82:b0:04:97:c4:f8:09:1a:
                    c3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:4D:26:44:C7:8B:78:30:E1:22:C3:00:63:0E:5C:53:DC:9D:4F:F8
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/y00mRMeLeDDhIsMAYw5cU9ydT_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.102.0/24
                  193.201.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:90:7d:f3:0e:67:75:31:18:f1:90:88:36:ed:4e:fc:8b:7a:
         ec:71:fa:3f:d7:88:3b:e8:41:4b:0c:c1:4c:5b:1b:04:1b:81:
         ab:a4:b9:4d:c3:ba:97:83:1c:df:0a:68:08:9d:04:26:21:04:
         5c:85:73:8a:d0:f4:cd:39:04:89:31:d5:01:09:4c:26:37:5f:
         3a:a4:a0:04:f2:53:a1:ed:1d:91:9a:dc:e9:c1:6b:03:da:84:
         7b:55:bf:0b:fe:33:9b:b5:aa:be:29:a8:31:37:54:7e:84:25:
         c2:36:7d:1b:fe:52:c6:be:d4:2f:c6:6c:87:6a:7d:4b:5f:d5:
         4f:b1:0c:b4:0d:a1:e4:23:a4:5c:c4:87:95:f4:c1:25:b4:83:
         a3:a7:1e:e0:89:fb:aa:1c:c5:3a:69:f4:f3:12:47:bb:c1:72:
         5a:3e:52:e2:83:af:22:45:b8:0c:f4:6f:bd:54:a4:1a:25:70:
         09:e7:5b:09:f5:e4:ac:97:db:65:20:33:aa:b6:38:3f:04:06:
         83:32:46:a6:42:1d:ab:55:dc:c9:f4:f0:3c:13:b4:68:f6:14:
         07:46:72:d0:e8:f1:a0:07:83:d8:79:a1:6c:1d:5d:9f:d3:95:
         19:8d:96:9b:7f:0a:5b:45:d9:1e:32:81:f3:e6:3a:81:d7:2f:
         4d:d7:17:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmMVs3Amiilvrqa3dzi6XReMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwOTI3MTgwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjRkMjY0NGM3OGI3ODMwZTEyMmMzMDA2MzBlNWM1M2RjOWQ0ZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPBEc9+UsMBxZK1gcMP4ImYgTtrz
f85td1h5nsdIai5gyEG83jIh+6CCghcF4ul+/UW+pxCIX3zLWFw0EzBLVZyaqVBj
lFUPoyKY8LGkQCotgPOiFdglq/G7ZII8HCwrCtHdB+BO6/L1bYdfLa20Orxa6XKY
v0JqZggBeAO+bBUJMtoTgLXYMwc68G3O+gd/mFiGx/sNBI6Fg5DZt1X5ITPe6AuK
eY0B13mjcI6WILq6n03WzNRGJIn6ktRIPewCbwbkMGyv8EKmWm+rWUP4bh0kk7KR
gcIrlV60b1cxCb8hKByQADCgt/G2W9eQpl8N0irkZSY8grAEl8T4CRrDuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMtNJkTHi3gw4SLDAGMOXFPcnU/4MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEveTAwbVJNZUxlRERoSXNNQVl3NWNVOXlkVF9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZBmAwQB
wcnQMA0GCSqGSIb3DQEBCwUAA4IBAQAUkH3zDmd1MRjxkIg27U78i3rscfo/14g7
6EFLDMFMWxsEG4GrpLlNw7qXgxzfCmgInQQmIQRchXOK0PTNOQSJMdUBCUwmN186
pKAE8lOh7R2RmtzpwWsD2oR7Vb8L/jObtaq+KagxN1R+hCXCNn0b/lLGvtQvxmyH
an1LX9VPsQy0DaHkI6RcxIeV9MEltIOjpx7gifuqHMU6afTzEke7wXJaPlLig68i
RbgM9G+9VKQaJXAJ51sJ9eSsl9tlIDOqtjg/BAaDMkamQh2rVdzJ9PA8E7Ro9hQH
RnLQ6PGgB4PYeaFsHV2f05UZjZabfwpbRdkeMoHz5jqB1y9N1xdg
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:48 2025 by rpki-client