Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/Quc7mdnkYNwrbQhv4ZNnMA-i26Q.roa
File:                     Quc7mdnkYNwrbQhv4ZNnMA-i26Q.roa (raw, json)
Hash identifier:          qyyVqEo1X6QuUJgPIcFasQ0Ni+mghhtNAyF4nptRM7w=
Subject key identifier:   42:E7:3B:99:D9:E4:60:DC:2B:6D:08:6F:E1:93:67:30:0F:A2:DB:A4
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       01997308D8F4B7DE50FF7FFF294BDE02FD0E
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/Quc7mdnkYNwrbQhv4ZNnMA-i26Q.roa
Signing time:             Mon 22 Sep 2025 20:06:23 +0000
ROA not before:           Mon 22 Sep 2025 20:06:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139293
IP address blocks:        45.95.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:73:08:d8:f4:b7:de:50:ff:7f:ff:29:4b:de:02:fd:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Sep 22 20:06:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42e73b99d9e460dc2b6d086fe19367300fa2dba4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:81:7b:c9:cf:a0:8a:d5:91:2a:fb:7a:d3:28:
                    0b:6f:bc:cc:b0:fa:94:78:4e:fc:a1:d8:dc:24:15:
                    87:37:17:3b:64:4e:89:c7:37:7d:ea:7b:13:16:13:
                    e3:d4:19:d1:04:fc:88:96:bc:0e:85:d4:50:1c:e3:
                    c5:85:c0:1c:f8:38:bb:66:47:3a:61:67:3b:50:d4:
                    8a:df:7b:c4:b2:96:6e:2d:64:97:4b:ef:d8:46:1c:
                    5b:b6:be:a9:54:41:7e:de:0f:32:54:7f:44:9f:fc:
                    ff:98:dc:a5:70:20:a9:44:41:d9:44:87:3b:97:15:
                    28:c4:32:f3:f5:84:fc:ee:84:39:02:38:f3:20:c2:
                    b4:cb:de:f0:a9:19:31:a9:a7:eb:85:a9:b9:23:02:
                    93:14:ad:f6:91:ef:f5:18:a5:bc:76:13:c8:c0:6c:
                    1b:e7:74:1a:1d:90:3a:aa:87:db:4a:1c:a1:9a:96:
                    d1:13:81:36:26:c4:be:f9:cf:e3:33:64:0f:7e:5c:
                    1f:e6:b1:f0:41:6b:9b:cd:bb:07:96:92:be:04:21:
                    7a:4b:4c:47:cd:e0:fb:19:ca:81:33:cd:e6:fe:7b:
                    7e:78:a4:fd:86:5f:ea:b6:82:a9:7f:9b:e2:f3:aa:
                    ba:34:35:d5:f8:c0:68:8b:4a:39:82:78:ba:a2:d1:
                    d6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:E7:3B:99:D9:E4:60:DC:2B:6D:08:6F:E1:93:67:30:0F:A2:DB:A4
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/Quc7mdnkYNwrbQhv4ZNnMA-i26Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:2f:f7:e7:99:20:33:86:41:c9:4e:2e:c7:a8:35:f8:50:d8:
         eb:82:82:4c:07:b5:b6:16:d1:a4:49:69:85:85:8d:3b:5a:43:
         cf:9f:e5:9d:31:71:74:5c:72:5e:0e:21:e4:a1:8c:0f:1f:60:
         a7:ea:5c:c8:01:c3:de:e7:1d:13:be:96:09:8e:d0:41:bf:0a:
         59:23:98:cd:42:6a:05:b5:19:55:a7:e9:bb:a4:7f:b5:a4:fd:
         f3:22:e4:07:e8:77:ff:e3:12:9b:3e:7a:d5:e5:99:7e:a4:25:
         54:25:ce:f1:c0:83:c6:c3:2d:78:e7:cf:d9:52:ea:05:91:a6:
         9d:35:84:e5:82:e8:d4:2b:4f:83:74:d8:31:aa:7a:8f:9f:d9:
         bf:cf:b6:12:ed:1a:d1:95:76:57:ec:c6:c6:73:f1:1a:e3:e5:
         3b:ea:de:ed:4f:d7:9a:16:08:cf:ae:42:19:66:ec:bc:5e:8a:
         f5:f2:e8:a9:97:91:cf:84:b1:ea:72:5e:b5:01:a4:fa:92:ce:
         2c:a4:fe:9d:a6:ec:a2:04:17:b6:98:48:ce:5a:bb:c1:88:2c:
         93:3b:cb:b6:ae:33:ff:50:08:82:1d:25:a6:42:b6:bd:13:c0:
         60:21:cb:ed:3f:92:27:05:2c:bf:2c:20:66:81:f8:ad:33:0a:
         1b:6a:6a:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlzCNj0t95Q/3//KUveAv0OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjUwOTIyMjAwNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmU3M2I5OWQ5ZTQ2MGRjMmI2ZDA4NmZlMTkzNjczMDBmYTJkYmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYF7yc+gitWRKvt60ygLb7zMsPqU
eE78odjcJBWHNxc7ZE6Jxzd96nsTFhPj1BnRBPyIlrwOhdRQHOPFhcAc+Di7Zkc6
YWc7UNSK33vEspZuLWSXS+/YRhxbtr6pVEF+3g8yVH9En/z/mNylcCCpREHZRIc7
lxUoxDLz9YT87oQ5AjjzIMK0y97wqRkxqafrham5IwKTFK32ke/1GKW8dhPIwGwb
53QaHZA6qofbShyhmpbRE4E2JsS++c/jM2QPflwf5rHwQWubzbsHlpK+BCF6S0xH
zeD7GcqBM83m/nt+eKT9hl/qtoKpf5vi86q6NDXV+MBoi0o5gni6otHWTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFELnO5nZ5GDcK20Ib+GTZzAPotukMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvUXVjN21kbmtZTndyYlFodjRaTm5NQS1pMjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV/iMA0G
CSqGSIb3DQEBCwUAA4IBAQAXL/fnmSAzhkHJTi7HqDX4UNjrgoJMB7W2FtGkSWmF
hY07WkPPn+WdMXF0XHJeDiHkoYwPH2Cn6lzIAcPe5x0TvpYJjtBBvwpZI5jNQmoF
tRlVp+m7pH+1pP3zIuQH6Hf/4xKbPnrV5Zl+pCVUJc7xwIPGwy1458/ZUuoFkaad
NYTlgujUK0+DdNgxqnqPn9m/z7YS7RrRlXZX7MbGc/Ea4+U76t7tT9eaFgjPrkIZ
Zuy8Xor18uipl5HPhLHqcl61AaT6ks4spP6dpuyiBBe2mEjOWrvBiCyTO8u2rjP/
UAiCHSWmQra9E8BgIcvtP5InBSy/LCBmgfitMwobamoC
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:51:28 2025 by rpki-client