Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/BnzM-Af6kikic6hMxTpqiL3xMBM.roa
File:                     BnzM-Af6kikic6hMxTpqiL3xMBM.roa (raw, json)
Hash identifier:          nepn7kd8TqWc0UAANR+HVxeVV0g1zZC6w2h2yoY+SGo=
Subject key identifier:   06:7C:CC:F8:07:FA:92:29:22:73:A8:4C:C5:3A:6A:88:BD:F1:30:13
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0199CF20F9A295C376D5D088DBC59AB43FDF
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/BnzM-Af6kikic6hMxTpqiL3xMBM.roa
Signing time:             Fri 10 Oct 2025 17:17:48 +0000
ROA not before:           Fri 10 Oct 2025 17:17:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        77.111.103.0/24 maxlen: 24
                          89.106.26.0/24 maxlen: 24
                          94.229.215.0/24 maxlen: 24
                          194.36.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cf:20:f9:a2:95:c3:76:d5:d0:88:db:c5:9a:b4:3f:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 10 17:17:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=067cccf807fa92292273a84cc53a6a88bdf13013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:08:7e:bb:cf:58:a8:03:2e:92:55:79:1e:5b:
                    de:3e:99:a8:b3:7d:86:e6:a8:89:d4:fe:c5:a9:63:
                    13:50:25:f1:0a:e7:1c:7b:2b:23:8f:b8:26:be:c6:
                    ba:71:8f:98:89:b8:4c:17:22:b4:83:52:d9:2e:57:
                    d9:e8:3b:b0:04:6a:09:52:aa:5e:e5:bf:67:2c:b5:
                    f5:f7:ab:76:68:1a:fe:25:ae:52:39:be:75:ab:7c:
                    37:f3:ba:35:72:34:78:68:dc:83:cf:7e:80:bb:a7:
                    d6:85:c7:79:95:17:24:73:a1:97:88:ea:bc:a0:f3:
                    28:c6:9c:5d:ab:15:01:16:e3:6c:d7:e8:cb:40:86:
                    a8:8d:bc:a8:cd:6e:9d:89:4e:56:c0:d8:80:3b:d7:
                    09:fe:2e:22:88:7b:aa:7b:41:7b:02:61:dd:c7:37:
                    39:c9:9a:d3:35:f8:45:c1:7d:2e:01:69:25:de:eb:
                    64:f8:a1:8d:73:c8:d7:36:09:be:25:43:5d:e8:5d:
                    59:69:0c:39:08:25:ff:9b:eb:3d:a6:40:ec:66:4a:
                    23:c0:e7:4c:8b:dc:90:d3:1c:6c:9f:85:a5:41:ba:
                    6a:0d:e0:65:45:ac:dd:82:e6:5d:5b:d5:77:58:9a:
                    2c:19:d9:fe:c0:68:c7:ac:65:cd:4a:76:49:cf:43:
                    e8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:7C:CC:F8:07:FA:92:29:22:73:A8:4C:C5:3A:6A:88:BD:F1:30:13
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/BnzM-Af6kikic6hMxTpqiL3xMBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.103.0/24
                  89.106.26.0/24
                  94.229.215.0/24
                  194.36.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:9f:4a:e0:cd:9a:77:a4:6d:9c:2e:1f:cc:f4:97:fc:ce:7b:
         ea:57:b4:82:f5:a6:35:04:96:e7:1d:db:fe:b7:2c:11:f7:68:
         4c:6a:70:aa:79:11:2c:a5:78:73:e3:75:00:5a:68:b3:07:87:
         43:a2:c8:44:11:93:11:5f:8e:e0:d8:70:de:6d:ec:85:26:c7:
         a3:73:e6:64:59:21:29:ed:3f:ee:cd:1d:fb:6a:0c:16:4c:1a:
         09:0a:07:47:3b:0f:b2:c9:89:a9:b9:c4:f7:f1:ec:ee:e1:03:
         54:e1:bd:48:c5:34:49:cb:02:ec:4a:59:9e:6a:18:ea:06:6a:
         3a:be:f9:a8:ac:28:27:59:96:b0:41:fd:94:fe:07:da:b8:6e:
         26:a7:3e:4d:d3:28:f6:2a:aa:fb:1e:13:16:d6:97:c6:66:2b:
         c7:9c:55:10:7a:d0:07:d8:d5:c4:37:3d:8e:7b:db:fc:16:4c:
         1b:84:a3:77:cf:fc:2b:c3:6d:c8:25:2b:20:f8:a8:7d:a3:6a:
         b6:ee:cf:77:e2:b8:4a:2e:8a:67:6f:eb:79:3e:45:f0:f5:b6:
         3a:89:db:09:bc:72:eb:65:18:28:33:7c:1c:5c:8c:b2:46:aa:
         e4:af:7d:0b:82:3b:9e:16:e5:4d:59:50:1a:3e:42:b2:fa:8e:
         08:dc:73:e5
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZnPIPmilcN21dCI28WatD/fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUxMDEwMTcxNzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjdjY2NmODA3ZmE5MjI5MjI3M2E4NGNjNTNhNmE4OGJkZjEzMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQh+u89YqAMuklV5HlvePpmos32G
5qiJ1P7FqWMTUCXxCucceysjj7gmvsa6cY+YibhMFyK0g1LZLlfZ6DuwBGoJUqpe
5b9nLLX196t2aBr+Ja5SOb51q3w387o1cjR4aNyDz36Au6fWhcd5lRckc6GXiOq8
oPMoxpxdqxUBFuNs1+jLQIaojbyozW6diU5WwNiAO9cJ/i4iiHuqe0F7AmHdxzc5
yZrTNfhFwX0uAWkl3utk+KGNc8jXNgm+JUNd6F1ZaQw5CCX/m+s9pkDsZkojwOdM
i9yQ0xxsn4WlQbpqDeBlRazdguZdW9V3WJosGdn+wGjHrGXNSnZJz0PoYQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAZ8zPgH+pIpInOoTMU6aoi98TATMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQm56TS1BZjZraWtpYzZoTXhUcHFpTDN4TUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQATW9nAwQA
WWoaAwQAXuXXAwQAwiQjMA0GCSqGSIb3DQEBCwUAA4IBAQCfn0rgzZp3pG2cLh/M
9Jf8znvqV7SC9aY1BJbnHdv+tywR92hManCqeREspXhz43UAWmizB4dDoshEEZMR
X47g2HDebeyFJsejc+ZkWSEp7T/uzR37agwWTBoJCgdHOw+yyYmpucT38ezu4QNU
4b1IxTRJywLsSlmeahjqBmo6vvmorCgnWZawQf2U/gfauG4mpz5N0yj2Kqr7HhMW
1pfGZivHnFUQetAH2NXENz2Oe9v8FkwbhKN3z/wrw23IJSsg+Kh9o2q27s934rhK
Lopnb+t5PkXw9bY6idsJvHLrZRgoM3wcXIyyRqrkr30LgjueFuVNWVAaPkKy+o4I
3HPl
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:11:13 2025 by rpki-client