Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/YqDxs-OvuVQHWefybCF_NO3X2LQ.roa
File:                     YqDxs-OvuVQHWefybCF_NO3X2LQ.roa (raw, json)
Hash identifier:          T8m4+98qGxOiuFkFF1AHlHH+ajIR7QgNJlfbjXDXJ94=
Subject key identifier:   62:A0:F1:B3:E3:AF:B9:54:07:59:E7:F2:6C:21:7F:34:ED:D7:D8:B4
Certificate issuer:       /CN=421bae989898d9402424aadafbb47c3a6d4c25b3
Certificate serial:       0199CE67DFFF47AB302AB4B7567C371680BB
Authority key identifier: 42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/YqDxs-OvuVQHWefybCF_NO3X2LQ.roa
Signing time:             Fri 10 Oct 2025 13:55:38 +0000
ROA not before:           Fri 10 Oct 2025 13:55:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197580
IP address blocks:        46.245.136.0/21 maxlen: 21
                          83.174.148.0/23 maxlen: 23
                          83.174.151.0/24 maxlen: 24
                          83.174.152.0/23 maxlen: 23
                          83.174.154.0/24 maxlen: 24
                          83.174.156.0/22 maxlen: 22
                          185.42.208.0/24 maxlen: 24
                          185.254.216.0/23 maxlen: 23
                          185.254.219.0/24 maxlen: 24
                          2a01:6320::/32 maxlen: 32
                          2a05:dec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:67:df:ff:47:ab:30:2a:b4:b7:56:7c:37:16:80:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=421bae989898d9402424aadafbb47c3a6d4c25b3
        Validity
            Not Before: Oct 10 13:55:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62a0f1b3e3afb9540759e7f26c217f34edd7d8b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:90:8e:57:2e:b8:d1:92:f6:5c:68:16:ea:95:
                    21:f8:91:03:7a:f1:85:de:10:c4:e1:87:a3:0e:60:
                    24:72:6d:c6:0d:45:e5:05:9f:24:72:f9:f3:94:9e:
                    2f:08:b0:d5:5c:11:c4:c8:0b:11:14:52:0d:5e:4d:
                    5e:2e:9b:40:a2:a2:66:c3:d1:fe:2c:fe:f0:67:d2:
                    1a:30:1e:57:93:0c:0a:f6:fb:f1:60:35:ac:d9:a0:
                    1a:a6:f8:fd:6b:7f:cb:f0:13:f2:aa:38:46:f1:c4:
                    85:44:fb:db:30:6b:cf:80:fd:2c:b3:d9:ee:6c:6e:
                    18:ff:3f:2d:ff:7a:2e:51:d6:4b:ec:e7:92:55:d7:
                    f1:44:03:7a:ff:9d:89:86:4e:37:20:10:0c:47:46:
                    92:6e:93:3b:cc:af:0e:28:c8:5c:19:dd:fe:bf:c7:
                    f9:16:0f:0b:49:fd:37:0f:40:89:6a:cf:f6:08:d4:
                    2d:bc:b3:16:86:7d:17:d8:49:64:c2:3d:de:fb:31:
                    09:ff:95:0e:7a:b9:b5:33:69:d0:16:fd:ca:ab:ee:
                    72:1c:eb:6f:91:28:e9:41:23:5e:43:9b:83:27:e6:
                    71:fa:94:45:70:21:84:cc:b8:90:4a:81:b6:66:bb:
                    a4:74:34:1d:73:f5:39:50:19:39:dd:f6:5a:4f:c1:
                    64:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A0:F1:B3:E3:AF:B9:54:07:59:E7:F2:6C:21:7F:34:ED:D7:D8:B4
            X509v3 Authority Key Identifier:
                keyid:42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/YqDxs-OvuVQHWefybCF_NO3X2LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.245.136.0/21
                  83.174.148.0/23
                  83.174.151.0-83.174.154.255
                  83.174.156.0/22
                  185.42.208.0/24
                  185.254.216.0/23
                  185.254.219.0/24
                IPv6:
                  2a01:6320::/32
                  2a05:dec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:4a:16:f9:d5:aa:0b:b4:9c:5b:72:42:2a:9b:51:3a:04:2a:
         67:7d:76:ba:2e:7a:31:66:dd:52:15:b9:54:39:45:a6:41:39:
         6d:3e:14:d3:32:90:9a:64:88:0c:8b:f5:83:45:39:de:88:da:
         73:82:84:bb:3b:4d:7f:68:25:36:f6:25:3b:64:43:bc:55:fe:
         45:1f:2f:1e:6f:43:5c:c8:60:05:b7:b1:9c:74:28:b8:c5:de:
         f5:ca:02:6e:1e:6f:52:08:1d:78:35:e4:bb:12:c6:af:05:bf:
         ae:38:f3:12:74:0a:8d:d3:e2:21:37:d8:58:01:7b:19:0b:3d:
         69:40:58:46:39:c4:bd:59:26:43:11:b0:3d:b9:f4:c5:66:c1:
         c4:7a:3c:9d:31:52:12:40:44:c9:7d:cf:73:10:17:ef:af:ec:
         96:9b:37:9a:35:cd:10:98:79:c9:e1:ae:f3:a4:68:8c:cf:8b:
         e3:e6:16:04:58:58:71:66:be:c4:f2:04:c3:fe:c3:c4:4c:2d:
         18:1d:e7:4f:55:94:e0:90:51:e8:8c:1d:8c:8d:dc:9c:be:8c:
         e3:0c:67:e3:a5:15:0f:6d:5a:1b:59:25:2d:ac:3e:2e:5f:04:
         34:da:62:c9:54:31:a9:56:6d:6a:bc:28:5b:d8:8f:ce:ad:3a:
         19:0e:ed:8a
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZnOZ9//R6swKrS3Vnw3FoC7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMWJhZTk4OTg5OGQ5NDAyNDI0YWFkYWZiYjQ3YzNhNmQ0
YzI1YjMwHhcNMjUxMDEwMTM1NTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmEwZjFiM2UzYWZiOTU0MDc1OWU3ZjI2YzIxN2YzNGVkZDdkOGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypCOVy640ZL2XGgW6pUh+JEDevGF
3hDE4YejDmAkcm3GDUXlBZ8kcvnzlJ4vCLDVXBHEyAsRFFINXk1eLptAoqJmw9H+
LP7wZ9IaMB5XkwwK9vvxYDWs2aAapvj9a3/L8BPyqjhG8cSFRPvbMGvPgP0ss9nu
bG4Y/z8t/3ouUdZL7OeSVdfxRAN6/52Jhk43IBAMR0aSbpM7zK8OKMhcGd3+v8f5
Fg8LSf03D0CJas/2CNQtvLMWhn0X2Elkwj3e+zEJ/5UOerm1M2nQFv3Kq+5yHOtv
kSjpQSNeQ5uDJ+Zx+pRFcCGEzLiQSoG2ZrukdDQdc/U5UBk53fZaT8FkfwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFGKg8bPjr7lUB1nn8mwhfzTt19i0MB8GA1UdIwQY
MBaAFEIbrpiYmNlAJCSq2vu0fDptTCWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUt
NjdlZmNiM2Q4NmZlLzEvWXFEeHMtT3Z1VlFIV2VmeWJDRl9OTzNYMkxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUtNjdlZmNiM2Q4NmZl
LzEvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA4BAIAATAyAwQDLvWIAwQB
U66UMAwDBABTrpcDBABTrpoDBAJTrpwDBAC5KtADBAG5/tgDBAC5/tswFAQCAAIw
DgMFACoBYyADBQMqBd7AMA0GCSqGSIb3DQEBCwUAA4IBAQBwShb51aoLtJxbckIq
m1E6BCpnfXa6LnoxZt1SFblUOUWmQTltPhTTMpCaZIgMi/WDRTneiNpzgoS7O01/
aCU29iU7ZEO8Vf5FHy8eb0NcyGAFt7GcdCi4xd71ygJuHm9SCB14NeS7EsavBb+u
OPMSdAqN0+IhN9hYAXsZCz1pQFhGOcS9WSZDEbA9ufTFZsHEejydMVISQETJfc9z
EBfvr+yWmzeaNc0QmHnJ4a7zpGiMz4vj5hYEWFhxZr7E8gTD/sPETC0YHedPVZTg
kFHojB2MjdycvozjDGfjpRUPbVobWSUtrD4uXwQ02mLJVDGpVm1qvChb2I/OrToZ
Du2K
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:24:54 2025 by rpki-client