Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/5ekJj6RYdmJBNmKWcQ0sEc6eWgU.roa
File:                     5ekJj6RYdmJBNmKWcQ0sEc6eWgU.roa (raw, json)
Hash identifier:          gPGy8PS0+ecmm07tEkgKLMFDWfNcEFuAsE09yhAQrNo=
Subject key identifier:   E5:E9:09:8F:A4:58:76:62:41:36:62:96:71:0D:2C:11:CE:9E:5A:05
Certificate issuer:       /CN=1904ce28eae682c97acd2d862fee2897c3b096fd
Certificate serial:       0199F0C3AA31842D8A2868B81183B533FC9B
Authority key identifier: 19:04:CE:28:EA:E6:82:C9:7A:CD:2D:86:2F:EE:28:97:C3:B0:96:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GQTOKOrmgsl6zS2GL-4ol8Owlv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/5ekJj6RYdmJBNmKWcQ0sEc6eWgU.roa
Signing time:             Fri 17 Oct 2025 06:02:58 +0000
ROA not before:           Fri 17 Oct 2025 06:02:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60258
IP address blocks:        37.114.129.0/24 maxlen: 24
                          37.114.130.0/24 maxlen: 24
                          37.114.131.0/24 maxlen: 24
                          185.91.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/GQTOKOrmgsl6zS2GL-4ol8Owlv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/GQTOKOrmgsl6zS2GL-4ol8Owlv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GQTOKOrmgsl6zS2GL-4ol8Owlv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 06:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f0:c3:aa:31:84:2d:8a:28:68:b8:11:83:b5:33:fc:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1904ce28eae682c97acd2d862fee2897c3b096fd
        Validity
            Not Before: Oct 17 06:02:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5e9098fa458766241366296710d2c11ce9e5a05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a6:c4:de:56:90:ad:7c:7d:8f:2c:83:2c:c1:
                    84:eb:ef:35:1a:9a:6b:8f:c2:15:75:56:be:43:c7:
                    0e:c9:78:3f:f2:ab:57:8d:5d:71:08:8a:5c:82:c0:
                    93:0a:9a:8a:5b:a5:fc:e9:1b:d8:aa:54:47:e3:0f:
                    55:98:a2:2c:c3:1d:ea:9b:62:f0:9b:6b:71:d3:13:
                    d3:53:b7:db:28:64:38:db:bf:36:4f:56:f6:46:a5:
                    f7:bb:64:c4:b0:d6:ee:bd:b5:23:67:d3:08:63:0f:
                    1d:74:92:f5:60:95:bd:89:22:a9:72:9f:02:c5:1b:
                    fb:49:07:f6:bd:28:d9:95:ae:7d:9a:e1:19:66:e7:
                    6f:dc:1c:65:82:9a:fa:19:7c:b6:1d:34:04:d7:22:
                    cb:95:2e:0a:12:2f:38:b1:f1:ec:78:a3:0e:dd:68:
                    a4:cd:08:c6:82:95:16:a9:d6:3e:64:88:ed:0f:93:
                    41:6a:e7:e8:b1:1f:c3:56:99:aa:a6:d2:be:b2:63:
                    f8:0f:6c:b3:9a:2b:9f:37:5a:6e:2d:2b:40:18:16:
                    6f:6d:20:13:42:a8:01:c6:9b:6a:33:ca:2d:61:f2:
                    63:88:02:a5:2f:8a:51:80:16:99:51:c8:af:ec:a2:
                    f8:eb:a3:d0:f9:ea:95:c3:98:a0:cd:a2:ce:d7:74:
                    6f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:E9:09:8F:A4:58:76:62:41:36:62:96:71:0D:2C:11:CE:9E:5A:05
            X509v3 Authority Key Identifier:
                keyid:19:04:CE:28:EA:E6:82:C9:7A:CD:2D:86:2F:EE:28:97:C3:B0:96:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GQTOKOrmgsl6zS2GL-4ol8Owlv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/5ekJj6RYdmJBNmKWcQ0sEc6eWgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/GQTOKOrmgsl6zS2GL-4ol8Owlv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.129.0-37.114.131.255
                  185.91.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:4b:98:57:47:aa:91:37:cc:bd:0f:56:a1:7f:5b:6a:b1:c3:
         00:ea:65:02:32:44:04:99:ab:79:89:64:44:88:27:82:bb:8e:
         ba:51:6b:30:05:a0:43:10:87:b6:aa:a0:fd:16:52:9b:e4:f8:
         65:79:23:df:12:04:c3:11:33:f8:b8:6d:c7:09:c1:4a:04:1a:
         bc:d8:0c:4e:4b:80:fb:29:8b:c8:c5:35:08:4f:99:66:0f:59:
         6d:dd:10:1b:60:60:b9:a3:f8:2b:b2:ff:53:0f:6c:94:25:48:
         b8:82:9d:8e:67:fe:f0:54:3e:e4:7a:95:7e:de:28:97:ab:0d:
         ec:e3:ab:ee:f1:2a:7e:f0:09:21:c2:b0:02:fd:63:76:8a:14:
         42:38:c9:04:34:46:c5:3f:ae:d1:3c:01:61:13:70:d0:79:99:
         5b:ef:ce:4f:08:de:9e:bc:b9:11:3a:80:24:61:8e:c0:81:80:
         aa:43:8b:55:c4:0c:4f:a0:8d:cf:47:60:fd:27:e3:50:99:33:
         b5:ba:fb:be:d4:e3:7d:13:11:9d:03:2c:8d:7e:e0:de:51:fd:
         6a:68:51:e6:57:b5:69:6e:75:99:5d:a9:fc:83:24:49:d5:79:
         fb:8d:f5:20:3f:13:a1:46:34:c8:27:c7:1f:b9:00:21:aa:70:
         c2:36:c9:00
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZnww6oxhC2KKGi4EYO1M/ybMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MDRjZTI4ZWFlNjgyYzk3YWNkMmQ4NjJmZWUyODk3YzNi
MDk2ZmQwHhcNMjUxMDE3MDYwMjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWU5MDk4ZmE0NTg3NjYyNDEzNjYyOTY3MTBkMmMxMWNlOWU1YTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qbE3laQrXx9jyyDLMGE6+81Gppr
j8IVdVa+Q8cOyXg/8qtXjV1xCIpcgsCTCpqKW6X86RvYqlRH4w9VmKIswx3qm2Lw
m2tx0xPTU7fbKGQ42782T1b2RqX3u2TEsNbuvbUjZ9MIYw8ddJL1YJW9iSKpcp8C
xRv7SQf2vSjZla59muEZZudv3Bxlgpr6GXy2HTQE1yLLlS4KEi84sfHseKMO3Wik
zQjGgpUWqdY+ZIjtD5NBaufosR/DVpmqptK+smP4D2yzmiufN1puLStAGBZvbSAT
QqgBxptqM8otYfJjiAKlL4pRgBaZUciv7KL466PQ+eqVw5igzaLO13RvOwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOXpCY+kWHZiQTZilnENLBHOnloFMB8GA1UdIwQY
MBaAFBkEzijq5oLJes0thi/uKJfDsJb9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1FUT0tPcm1nc2w2elMyR0wtNG9sOE93bHYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9kMDQ4ZjYtMzQxYy00YzY0LWIzZDkt
MTVkNWRlYjIyOGRkLzEvNWVrSmo2UllkbUpCTm1LV2NRMHNFYzZlV2dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9kMDQ4ZjYtMzQxYy00YzY0LWIzZDktMTVkNWRlYjIyOGRk
LzEvR1FUT0tPcm1nc2w2elMyR0wtNG9sOE93bHYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAlcoED
BAIlcoADBAK5W9AwDQYJKoZIhvcNAQELBQADggEBAHBLmFdHqpE3zL0PVqF/W2qx
wwDqZQIyRASZq3mJZESIJ4K7jrpRazAFoEMQh7aqoP0WUpvk+GV5I98SBMMRM/i4
bccJwUoEGrzYDE5LgPspi8jFNQhPmWYPWW3dEBtgYLmj+Cuy/1MPbJQlSLiCnY5n
/vBUPuR6lX7eKJerDezjq+7xKn7wCSHCsAL9Y3aKFEI4yQQ0RsU/rtE8AWETcNB5
mVvvzk8I3p68uRE6gCRhjsCBgKpDi1XEDE+gjc9HYP0n41CZM7W6+77U430TEZ0D
LI1+4N5R/WpoUeZXtWludZldqfyDJEnVefuN9SA/E6FGNMgnxx+5ACGqcMI2yQA=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:51:26 2025 by rpki-client