Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/pjH39R69sTwNHovgBG7mjRi0zDA.roa
File:                     pjH39R69sTwNHovgBG7mjRi0zDA.roa (raw, json)
Hash identifier:          ///nC0KLmONlIJKYPkTb/i0CXtnKWaQJex/id87l6FQ=
Subject key identifier:   A6:31:F7:F5:1E:BD:B1:3C:0D:1E:8B:E0:04:6E:E6:8D:18:B4:CC:30
Certificate issuer:       /CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
Certificate serial:       0199511774D84864440818ED1CFFAA0BF6E8
Authority key identifier: 09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/pjH39R69sTwNHovgBG7mjRi0zDA.roa
Signing time:             Tue 16 Sep 2025 05:55:15 +0000
ROA not before:           Tue 16 Sep 2025 05:55:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136714
IP address blocks:        178.248.112.0/21 maxlen: 21
                          178.248.112.0/22 maxlen: 24
                          178.248.112.0/23 maxlen: 23
                          178.248.114.0/23 maxlen: 23
                          178.248.116.0/22 maxlen: 22
                          178.248.116.0/23 maxlen: 23
                          178.248.116.0/24 maxlen: 24
                          178.248.117.0/24 maxlen: 24
                          178.248.118.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:51:17:74:d8:48:64:44:08:18:ed:1c:ff:aa:0b:f6:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
        Validity
            Not Before: Sep 16 05:55:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a631f7f51ebdb13c0d1e8be0046ee68d18b4cc30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c7:64:44:00:f1:e9:01:f5:7b:1a:96:34:0a:
                    a6:ae:26:3d:92:c8:c3:79:25:b6:01:e7:06:67:79:
                    25:22:ea:f0:46:b0:6f:e5:07:8a:cf:ad:ee:cd:b3:
                    f9:f7:9c:0a:00:29:f6:16:2e:15:7a:1f:72:7d:85:
                    41:c5:52:30:5b:83:8a:8b:33:83:bd:e4:6d:73:c4:
                    7f:9b:bd:a1:b1:3b:87:4f:cb:f1:4f:78:e8:05:5b:
                    fc:fd:b6:17:e5:a9:76:40:bf:08:74:6a:e1:66:2e:
                    2c:06:89:ae:53:4e:34:72:2e:cf:bb:c1:98:5d:06:
                    8f:92:a1:51:c1:65:cd:88:66:0a:7a:3f:37:4b:30:
                    0b:1b:0d:23:f5:ff:2b:14:7f:2c:ff:d8:7e:24:b1:
                    33:30:e5:66:49:b5:67:e2:ad:0f:9b:a9:8f:25:c4:
                    38:93:e3:ec:e0:d3:66:fb:2c:a9:2b:c2:27:58:1e:
                    6d:56:9b:c5:b8:ab:77:d1:ce:cd:a5:77:5c:a4:57:
                    5f:7a:9a:43:9e:9d:b4:f3:0a:96:74:bb:5a:0e:4c:
                    ce:2a:77:7d:86:71:24:b4:0b:5e:8b:21:5f:5b:39:
                    23:27:e3:59:a5:70:2f:1c:9c:42:32:d4:84:39:9a:
                    c8:59:02:de:c9:14:2a:41:42:cd:2d:d0:ae:17:e4:
                    0a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:31:F7:F5:1E:BD:B1:3C:0D:1E:8B:E0:04:6E:E6:8D:18:B4:CC:30
            X509v3 Authority Key Identifier:
                keyid:09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/pjH39R69sTwNHovgBG7mjRi0zDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.248.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6b:3b:34:dc:81:7c:ca:78:ca:3d:e7:3e:45:f4:31:3f:64:06:
         28:ed:7d:81:02:10:59:dd:4a:f0:b3:39:d5:e6:eb:47:09:92:
         b2:75:08:43:0e:a6:a0:1b:f6:80:4e:41:1f:28:11:86:ca:2e:
         64:7d:d1:83:36:61:2e:3e:d2:2b:9f:0f:ab:76:85:d6:22:f1:
         62:a2:64:2f:2b:dc:e0:21:99:95:69:a9:92:e5:65:5c:dc:ee:
         f6:13:f3:3e:12:4f:aa:a0:22:01:3f:88:a8:1b:5f:90:a2:6c:
         ee:07:13:f1:9e:b7:95:84:ed:73:37:b5:af:91:97:bf:9d:fb:
         cd:9d:b6:f9:8d:01:eb:b1:a2:1a:61:42:e1:25:ad:df:f4:73:
         66:a1:c8:79:42:0b:a3:a3:32:c0:2f:79:37:2b:61:34:e1:c0:
         7c:1b:2f:ff:ca:6d:c0:7c:bb:c9:e0:ff:4e:1b:a5:40:63:bf:
         fe:e0:be:cf:3c:f9:55:79:1e:ed:07:05:eb:1a:89:93:4a:8a:
         17:db:1d:e5:e9:4c:33:0c:a4:89:db:4f:2c:42:e3:30:6e:89:
         1d:4f:20:48:5b:e3:d2:95:5e:82:a7:aa:fc:81:bc:24:9f:aa:
         63:8e:d1:b2:ec:fb:40:90:fe:60:ba:40:fe:cd:c5:d9:70:69:
         90:9a:d5:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlRF3TYSGRECBjtHP+qC/boMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZjBkY2NlYjc0ZjExODVhY2Q5N2FlZWFhYzI1ZGRhNWU5
YjA5MzYwHhcNMjUwOTE2MDU1NTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjMxZjdmNTFlYmRiMTNjMGQxZThiZTAwNDZlZTY4ZDE4YjRjYzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8dkRADx6QH1exqWNAqmriY9ksjD
eSW2AecGZ3klIurwRrBv5QeKz63uzbP595wKACn2Fi4Veh9yfYVBxVIwW4OKizOD
veRtc8R/m72hsTuHT8vxT3joBVv8/bYX5al2QL8IdGrhZi4sBomuU040ci7Pu8GY
XQaPkqFRwWXNiGYKej83SzALGw0j9f8rFH8s/9h+JLEzMOVmSbVn4q0Pm6mPJcQ4
k+Ps4NNm+yypK8InWB5tVpvFuKt30c7NpXdcpFdfeppDnp208wqWdLtaDkzOKnd9
hnEktAteiyFfWzkjJ+NZpXAvHJxCMtSEOZrIWQLeyRQqQULNLdCuF+QKTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYx9/UevbE8DR6L4ARu5o0YtMwwMB8GA1UdIwQY
MBaAFAnw3M63TxGFrNl67qrCXdpemwk2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgt
OTk2MTg5ZjljZTE0LzEvcGpIMzlSNjlzVHdOSG92Z0JHN21qUmkwekRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgtOTk2MTg5ZjljZTE0
LzEvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsvhwMA0G
CSqGSIb3DQEBCwUAA4IBAQBrOzTcgXzKeMo95z5F9DE/ZAYo7X2BAhBZ3UrwsznV
5utHCZKydQhDDqagG/aATkEfKBGGyi5kfdGDNmEuPtIrnw+rdoXWIvFiomQvK9zg
IZmVaamS5WVc3O72E/M+Ek+qoCIBP4ioG1+QomzuBxPxnreVhO1zN7WvkZe/nfvN
nbb5jQHrsaIaYULhJa3f9HNmoch5QgujozLAL3k3K2E04cB8Gy//ym3AfLvJ4P9O
G6VAY7/+4L7PPPlVeR7tBwXrGomTSooX2x3l6UwzDKSJ208sQuMwbokdTyBIW+PS
lV6Cp6r8gbwkn6pjjtGy7PtAkP5gukD+zcXZcGmQmtWv
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:55 2025 by rpki-client