Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/xVxmxBwyxdPVvoJBeSg8RoTQZq4.roa
File:                     xVxmxBwyxdPVvoJBeSg8RoTQZq4.roa (raw, json)
Hash identifier:          ehyf3E2QFU6W31hWkV4qD6umV0NGP3V9uq2ksIR6aeg=
Subject key identifier:   C5:5C:66:C4:1C:32:C5:D3:D5:BE:82:41:79:28:3C:46:84:D0:66:AE
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       01988314DEDE9CCFE4EF433B8DFA5372AAAD
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/xVxmxBwyxdPVvoJBeSg8RoTQZq4.roa
Signing time:             Thu 07 Aug 2025 05:50:39 +0000
ROA not before:           Thu 07 Aug 2025 05:50:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        93.152.219.0/24 maxlen: 24
                          93.152.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:83:14:de:de:9c:cf:e4:ef:43:3b:8d:fa:53:72:aa:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Aug  7 05:50:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c55c66c41c32c5d3d5be824179283c4684d066ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a7:ee:9a:a3:3f:70:69:71:1c:d7:18:2d:fb:
                    ae:ae:72:8d:8f:e3:29:31:80:43:41:27:49:3c:76:
                    f5:06:35:6d:74:04:1a:17:15:bf:c5:1a:e9:f2:db:
                    3e:5d:82:f8:fd:07:7e:8a:38:67:30:aa:82:fb:80:
                    6c:ed:5f:ff:9c:cf:df:24:a1:c4:90:68:61:e7:99:
                    c4:a1:db:15:38:a7:5b:e9:db:ee:da:34:13:03:10:
                    7f:10:78:91:9c:e9:fb:1e:c3:73:b0:d3:68:a5:c6:
                    52:35:cf:e1:fe:8d:bb:bd:18:87:58:6e:38:53:6e:
                    0d:1a:1a:b2:85:2f:b5:cc:0a:75:04:0e:0d:20:74:
                    76:70:00:8d:9a:da:c4:fa:0f:a5:3b:15:cf:12:0f:
                    cd:5c:04:0b:b9:36:97:5f:77:9f:dd:f9:04:dc:fa:
                    83:39:44:97:69:33:94:e1:b3:2e:39:c7:24:e2:b5:
                    0b:45:54:63:19:0d:bd:ac:85:c4:fa:5e:5d:9a:de:
                    f5:13:1d:4b:0b:ac:eb:f0:95:f4:67:01:72:5d:28:
                    6c:cd:b8:60:7f:14:f0:7d:55:68:36:d2:5b:8c:32:
                    f7:af:20:5f:03:9a:19:7f:47:b4:b0:ac:44:15:dc:
                    b9:c4:d7:b7:0d:45:37:d6:90:71:1a:d1:7d:26:8c:
                    d1:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:5C:66:C4:1C:32:C5:D3:D5:BE:82:41:79:28:3C:46:84:D0:66:AE
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/xVxmxBwyxdPVvoJBeSg8RoTQZq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.152.219.0/24
                  93.152.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:6f:f5:d8:81:cc:8c:fc:b6:ce:a3:68:5c:be:6d:29:c9:f8:
         35:23:1b:6e:a2:d4:57:bf:fe:62:36:f7:dc:2c:c5:61:74:17:
         82:03:f3:01:80:12:35:00:b4:72:c3:fa:a2:70:df:2e:82:4f:
         69:c8:33:1d:fb:99:ce:48:d4:e2:76:59:bd:27:17:22:35:85:
         c8:b7:e5:e7:6f:18:c7:2f:51:c0:b5:ed:11:ba:f2:06:71:97:
         d0:8b:4a:4d:9a:8f:c2:89:44:06:d1:a8:0b:2b:ed:3d:fc:0f:
         b9:f7:bb:84:70:ea:c5:1a:84:12:cc:7f:96:45:87:bf:0b:f2:
         35:f7:95:7d:bc:2f:a7:e7:4d:fa:5f:9f:7c:1e:2c:b3:ff:2f:
         39:5f:bf:b2:68:62:87:53:be:74:bb:d0:6c:7e:c2:d9:e8:ec:
         e9:32:41:b5:62:03:91:88:01:87:d8:2f:5e:f6:94:b5:9a:2c:
         d2:04:ad:3b:48:fd:99:81:fa:9e:0c:91:95:64:45:83:d0:95:
         29:bc:5f:db:3f:a4:9a:fd:cb:63:5a:f5:d0:5c:56:1a:e7:55:
         45:c0:c7:81:df:e4:0a:7c:5c:5c:ea:e2:a5:30:24:03:16:d5:
         81:98:b1:98:b4:3e:ff:4a:2c:b3:1f:7e:e3:8e:68:e4:f9:30:
         5d:32:2e:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZiDFN7enM/k70M7jfpTcqqtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjUwODA3MDU1MDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTVjNjZjNDFjMzJjNWQzZDViZTgyNDE3OTI4M2M0Njg0ZDA2NmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0afumqM/cGlxHNcYLfuurnKNj+Mp
MYBDQSdJPHb1BjVtdAQaFxW/xRrp8ts+XYL4/Qd+ijhnMKqC+4Bs7V//nM/fJKHE
kGhh55nEodsVOKdb6dvu2jQTAxB/EHiRnOn7HsNzsNNopcZSNc/h/o27vRiHWG44
U24NGhqyhS+1zAp1BA4NIHR2cACNmtrE+g+lOxXPEg/NXAQLuTaXX3ef3fkE3PqD
OUSXaTOU4bMuOcck4rULRVRjGQ29rIXE+l5dmt71Ex1LC6zr8JX0ZwFyXShszbhg
fxTwfVVoNtJbjDL3ryBfA5oZf0e0sKxEFdy5xNe3DUU31pBxGtF9JozRcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMVcZsQcMsXT1b6CQXkoPEaE0GauMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEveFZ4bXhCd3l4ZFBWdm9KQmVTZzhSb1RRWnE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXZjbAwQA
XZjhMA0GCSqGSIb3DQEBCwUAA4IBAQAcb/XYgcyM/LbOo2hcvm0pyfg1IxtuotRX
v/5iNvfcLMVhdBeCA/MBgBI1ALRyw/qicN8ugk9pyDMd+5nOSNTidlm9JxciNYXI
t+XnbxjHL1HAte0RuvIGcZfQi0pNmo/CiUQG0agLK+09/A+597uEcOrFGoQSzH+W
RYe/C/I195V9vC+n5036X598Hiyz/y85X7+yaGKHU750u9BsfsLZ6OzpMkG1YgOR
iAGH2C9e9pS1mizSBK07SP2ZgfqeDJGVZEWD0JUpvF/bP6Sa/ctjWvXQXFYa51VF
wMeB3+QKfFxc6uKlMCQDFtWBmLGYtD7/SiyzH37jjmjk+TBdMi7i
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:15:36 2025 by rpki-client