Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/183656-0dc5-4a94-ae6d-8ad1d0f80217/1/_mq-Iedkuxj7G2-f6lHJz5Cp1pY.roa
File:                     _mq-Iedkuxj7G2-f6lHJz5Cp1pY.roa (raw, json)
Hash identifier:          iMmq6hmw4oHjx4r8r/0Qs7tCaSPdyiDBIM5hIG283pc=
Subject key identifier:   FE:6A:BE:21:E7:64:BB:18:FB:1B:6F:9F:EA:51:C9:CF:90:A9:D6:96
Certificate issuer:       /CN=6904daf858b7b00b51cbb94afb28f03ea21e411d
Certificate serial:       0199165920F21AB5BB8512565EC399D6201C
Authority key identifier: 69:04:DA:F8:58:B7:B0:0B:51:CB:B9:4A:FB:28:F0:3E:A2:1E:41:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aQTa-Fi3sAtRy7lK-yjwPqIeQR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/183656-0dc5-4a94-ae6d-8ad1d0f80217/1/_mq-Iedkuxj7G2-f6lHJz5Cp1pY.roa
Signing time:             Thu 04 Sep 2025 20:09:23 +0000
ROA not before:           Thu 04 Sep 2025 20:09:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203851
IP address blocks:        185.154.50.0/24 maxlen: 24
                          185.154.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/183656-0dc5-4a94-ae6d-8ad1d0f80217/1/aQTa-Fi3sAtRy7lK-yjwPqIeQR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/183656-0dc5-4a94-ae6d-8ad1d0f80217/1/aQTa-Fi3sAtRy7lK-yjwPqIeQR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aQTa-Fi3sAtRy7lK-yjwPqIeQR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 10:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:16:59:20:f2:1a:b5:bb:85:12:56:5e:c3:99:d6:20:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6904daf858b7b00b51cbb94afb28f03ea21e411d
        Validity
            Not Before: Sep  4 20:09:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe6abe21e764bb18fb1b6f9fea51c9cf90a9d696
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fe:10:ab:70:53:65:0e:90:53:14:13:22:40:
                    ec:dc:d9:7f:f6:27:a0:2f:76:fd:b3:f6:ee:29:8e:
                    f9:85:8f:39:49:65:06:fa:ef:02:a3:fb:fb:5c:91:
                    3e:8a:b1:19:54:4a:13:da:b7:cc:f1:11:c5:aa:53:
                    8a:78:c5:5d:4f:d4:1c:74:22:eb:05:0e:a0:0d:4c:
                    a4:8e:84:1d:52:1c:67:fb:37:b7:16:91:ae:4e:a4:
                    a1:9e:33:b5:86:02:e8:8c:b3:56:52:55:02:75:94:
                    a7:bb:ec:e8:9a:02:db:a4:82:09:f0:41:72:df:19:
                    eb:b7:2c:da:0d:8f:dc:2d:bb:45:51:66:d7:5e:f2:
                    19:fa:16:c8:8f:3d:1c:f3:e2:64:a5:0b:20:2a:a3:
                    c8:91:e5:45:76:c9:91:0c:c9:b3:07:dd:b5:f6:50:
                    6b:4b:f0:14:0f:4f:1f:87:5e:44:3a:85:d0:91:97:
                    a8:12:61:b2:7d:25:75:d5:96:12:0e:f6:3c:03:82:
                    73:43:ec:13:38:94:70:dc:64:10:48:85:77:4c:c7:
                    9c:47:43:19:fa:0e:b1:89:96:b4:27:da:0f:c0:b1:
                    68:14:a5:99:d3:e7:05:5f:81:e2:6d:44:ce:62:8a:
                    60:9f:11:03:da:ff:88:37:c9:0f:fd:1e:36:20:0b:
                    33:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:6A:BE:21:E7:64:BB:18:FB:1B:6F:9F:EA:51:C9:CF:90:A9:D6:96
            X509v3 Authority Key Identifier:
                keyid:69:04:DA:F8:58:B7:B0:0B:51:CB:B9:4A:FB:28:F0:3E:A2:1E:41:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aQTa-Fi3sAtRy7lK-yjwPqIeQR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/183656-0dc5-4a94-ae6d-8ad1d0f80217/1/_mq-Iedkuxj7G2-f6lHJz5Cp1pY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/183656-0dc5-4a94-ae6d-8ad1d0f80217/1/aQTa-Fi3sAtRy7lK-yjwPqIeQR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:2d:97:5d:a8:01:7d:2b:c6:e2:0f:52:16:d8:4c:33:ce:57:
         67:2f:af:1d:a5:5e:6b:48:df:82:5e:1c:21:7b:e4:a2:21:ec:
         4d:2c:40:00:e7:8d:8d:a7:70:f6:6c:af:07:72:5c:a3:ca:61:
         a4:70:44:1e:d0:af:fe:84:8f:03:da:47:f5:be:f6:55:1f:f3:
         31:78:e9:50:94:35:80:6e:7c:9e:f3:83:5a:a9:67:47:d2:05:
         e1:ab:f6:b2:59:a9:56:09:e8:e3:27:0b:28:27:52:a5:8d:bb:
         86:06:83:72:e0:56:6f:5b:ec:54:22:fb:cb:9c:03:0a:0d:89:
         13:4d:00:36:83:43:c0:ba:3b:7b:a3:bd:00:6b:65:56:54:f8:
         57:c5:20:17:92:8e:6c:f7:0a:58:bf:c1:38:51:15:61:e5:3c:
         74:a7:f4:ac:0d:b6:8c:c8:1f:bd:2c:55:fb:ca:fc:9c:24:63:
         fe:64:e8:02:61:f1:48:12:f8:b4:94:4b:e6:5d:81:e3:96:42:
         35:86:4a:f9:ae:c5:92:7e:51:02:76:d5:53:3c:99:f0:8d:64:
         fb:0f:ce:5f:f6:b4:32:79:10:47:7c:a2:cf:a6:40:b8:40:21:
         fe:c2:90:f4:29:59:e9:70:8d:b1:45:70:e1:52:ea:43:91:e9:
         9f:65:e8:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkWWSDyGrW7hRJWXsOZ1iAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MDRkYWY4NThiN2IwMGI1MWNiYjk0YWZiMjhmMDNlYTIx
ZTQxMWQwHhcNMjUwOTA0MjAwOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTZhYmUyMWU3NjRiYjE4ZmIxYjZmOWZlYTUxYzljZjkwYTlkNjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf4Qq3BTZQ6QUxQTIkDs3Nl/9ieg
L3b9s/buKY75hY85SWUG+u8Co/v7XJE+irEZVEoT2rfM8RHFqlOKeMVdT9QcdCLr
BQ6gDUykjoQdUhxn+ze3FpGuTqShnjO1hgLojLNWUlUCdZSnu+zomgLbpIIJ8EFy
3xnrtyzaDY/cLbtFUWbXXvIZ+hbIjz0c8+JkpQsgKqPIkeVFdsmRDMmzB9219lBr
S/AUD08fh15EOoXQkZeoEmGyfSV11ZYSDvY8A4JzQ+wTOJRw3GQQSIV3TMecR0MZ
+g6xiZa0J9oPwLFoFKWZ0+cFX4HibUTOYopgnxED2v+IN8kP/R42IAszFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5qviHnZLsY+xtvn+pRyc+QqdaWMB8GA1UdIwQY
MBaAFGkE2vhYt7ALUcu5Svso8D6iHkEdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVFUYS1GaTNzQXRSeTdsSy15andQcUllUVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8xODM2NTYtMGRjNS00YTk0LWFlNmQt
OGFkMWQwZjgwMjE3LzEvX21xLUllZGt1eGo3RzItZjZsSEp6NUNwMXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8xODM2NTYtMGRjNS00YTk0LWFlNmQtOGFkMWQwZjgwMjE3
LzEvYVFUYS1GaTNzQXRSeTdsSy15andQcUllUVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZoyMA0G
CSqGSIb3DQEBCwUAA4IBAQB9LZddqAF9K8biD1IW2EwzzldnL68dpV5rSN+CXhwh
e+SiIexNLEAA542Np3D2bK8HclyjymGkcEQe0K/+hI8D2kf1vvZVH/MxeOlQlDWA
bnye84NaqWdH0gXhq/ayWalWCejjJwsoJ1KljbuGBoNy4FZvW+xUIvvLnAMKDYkT
TQA2g0PAujt7o70Aa2VWVPhXxSAXko5s9wpYv8E4URVh5Tx0p/SsDbaMyB+9LFX7
yvycJGP+ZOgCYfFIEvi0lEvmXYHjlkI1hkr5rsWSflECdtVTPJnwjWT7D85f9rQy
eRBHfKLPpkC4QCH+wpD0KVnpcI2xRXDhUupDkemfZeiu
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:56 2025 by rpki-client