Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/kBKYk4uhNAGH1CtBwmS0AY7Gp_8.roa
File:                     kBKYk4uhNAGH1CtBwmS0AY7Gp_8.roa (raw, json)
Hash identifier:          8lmYx36kKXJB0BwydSs6lNlptu9viDlLOQYTir6X8AE=
Subject key identifier:   90:12:98:93:8B:A1:34:01:87:D4:2B:41:C2:64:B4:01:8E:C6:A7:FF
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       0199C3AB7672FB818B6C5EE34AF0713CBF65
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/kBKYk4uhNAGH1CtBwmS0AY7Gp_8.roa
Signing time:             Wed 08 Oct 2025 11:53:38 +0000
ROA not before:           Wed 08 Oct 2025 11:53:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214382
IP address blocks:        5.180.104.0/24 maxlen: 24
                          45.141.150.0/24 maxlen: 24
                          2a13:a440:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c3:ab:76:72:fb:81:8b:6c:5e:e3:4a:f0:71:3c:bf:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Oct  8 11:53:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=901298938ba1340187d42b41c264b4018ec6a7ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:cc:26:db:f1:e4:fe:c5:d6:32:b7:dc:a9:5a:
                    24:46:f0:bf:eb:3b:7f:5e:f2:75:9f:cf:f4:57:aa:
                    7e:46:d3:d1:58:ef:08:3e:9f:30:92:fd:1e:cf:e3:
                    f1:e7:00:7c:2b:b4:16:00:1c:c1:6c:0a:1e:0d:e8:
                    97:a2:08:d5:0e:a5:56:c0:ba:32:fe:cb:23:b9:4a:
                    03:a9:82:a1:a7:b5:c8:e9:71:3b:6a:0b:12:55:e1:
                    80:6d:34:6a:4b:e3:a5:75:a8:67:6b:73:98:ec:9d:
                    e0:7e:00:c9:4e:e3:16:f2:51:69:f1:93:7b:7e:00:
                    41:5e:8d:e5:fa:cc:e9:f2:b8:83:2d:61:92:4d:ba:
                    83:6f:b1:2e:9e:18:8b:91:be:5a:ba:a5:1f:b4:c7:
                    ed:0f:8b:8d:80:bf:9e:f4:38:e2:0d:59:97:f9:4f:
                    45:1b:c2:64:39:a1:80:be:5f:43:fc:ba:fd:a5:88:
                    c8:45:e7:67:08:fc:c1:7b:0c:f9:23:0a:3b:f0:9e:
                    0a:63:13:87:f2:20:68:fb:43:50:73:1a:39:19:1d:
                    18:9c:a8:af:26:6c:1f:f0:73:d5:9c:9c:ee:a4:71:
                    e4:db:37:d8:92:f1:df:e5:52:3a:5e:5d:06:09:90:
                    60:50:6f:a1:1b:bc:f5:a2:29:e6:95:cd:b4:0e:ea:
                    8a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:12:98:93:8B:A1:34:01:87:D4:2B:41:C2:64:B4:01:8E:C6:A7:FF
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/kBKYk4uhNAGH1CtBwmS0AY7Gp_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.104.0/24
                  45.141.150.0/24
                IPv6:
                  2a13:a440:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:24:2b:ee:81:cd:1a:63:1c:9b:9f:37:5f:ad:a7:e7:ad:c2:
         d7:84:c5:c2:99:e6:1c:9d:83:b8:e3:b1:3a:ef:c6:ed:c3:0d:
         ba:f7:8b:81:30:fb:28:1f:5f:8f:24:ba:78:cc:86:e3:a0:b7:
         03:88:3b:d4:4e:d7:4b:1a:4a:ed:bb:50:4c:b6:f6:b8:a4:c8:
         07:cc:88:57:1e:1d:d0:ae:e9:ef:dc:0c:a3:e0:19:51:b4:2b:
         a0:75:fd:f5:e6:79:7b:26:b5:13:77:f5:6c:8f:fa:93:ac:93:
         75:7d:b1:ad:40:9c:8e:cd:3b:68:01:42:60:7f:a3:0e:b9:d7:
         91:42:2b:10:85:4e:05:99:bd:f6:01:ab:8a:a5:ca:96:41:e4:
         cf:0b:87:fb:07:6d:f2:b2:51:7d:63:7b:10:b2:0e:2e:7b:8f:
         09:3a:21:6b:f1:6d:89:03:a2:44:19:2b:eb:54:ae:e1:85:bb:
         d0:0d:66:e8:3e:dc:e6:1c:9e:51:0f:34:df:b9:db:53:4e:36:
         b7:7b:e4:07:6e:0c:75:fb:f3:74:75:8d:ca:da:bf:f0:36:8c:
         6c:2d:6e:4a:a3:ac:84:7e:12:51:4b:3c:df:61:c5:e8:b5:bf:
         be:1c:68:13:be:8c:cb:d9:2b:e5:b3:ab:df:96:8e:fd:91:b8:
         4a:41:37:2c
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZnDq3Zy+4GLbF7jSvBxPL9lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUxMDA4MTE1MzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDEyOTg5MzhiYTEzNDAxODdkNDJiNDFjMjY0YjQwMThlYzZhN2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cwm2/Hk/sXWMrfcqVokRvC/6zt/
XvJ1n8/0V6p+RtPRWO8IPp8wkv0ez+Px5wB8K7QWABzBbAoeDeiXogjVDqVWwLoy
/ssjuUoDqYKhp7XI6XE7agsSVeGAbTRqS+Oldahna3OY7J3gfgDJTuMW8lFp8ZN7
fgBBXo3l+szp8riDLWGSTbqDb7EunhiLkb5auqUftMftD4uNgL+e9DjiDVmX+U9F
G8JkOaGAvl9D/Lr9pYjIRednCPzBewz5Iwo78J4KYxOH8iBo+0NQcxo5GR0YnKiv
Jmwf8HPVnJzupHHk2zfYkvHf5VI6Xl0GCZBgUG+hG7z1oinmlc20DuqKdwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJASmJOLoTQBh9QrQcJktAGOxqf/MB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEva0JLWWs0dWhOQUdIMUN0QndtUzBBWTdHcF84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQABbRoAwQA
LY2WMA8EAgACMAkDBwAqE6RAAAgwDQYJKoZIhvcNAQELBQADggEBAA8kK+6BzRpj
HJufN1+tp+etwteExcKZ5hydg7jjsTrvxu3DDbr3i4Ew+ygfX48kunjMhuOgtwOI
O9RO10saSu27UEy29rikyAfMiFceHdCu6e/cDKPgGVG0K6B1/fXmeXsmtRN39WyP
+pOsk3V9sa1AnI7NO2gBQmB/ow6515FCKxCFTgWZvfYBq4qlypZB5M8Lh/sHbfKy
UX1jexCyDi57jwk6IWvxbYkDokQZK+tUruGFu9ANZug+3OYcnlEPNN+521NONrd7
5AduDHX783R1jcrav/A2jGwtbkqjrIR+ElFLPN9hxei1v74caBO+jMvZK+Wzq9+W
jv2RuEpBNyw=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:28:32 2025 by rpki-client