Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/769596-2c4a-4ad8-86cf-b309112d2eec/1/VAzYkQRTgwiJaHwxuivv8ZFztSM.roa
File:                     VAzYkQRTgwiJaHwxuivv8ZFztSM.roa (raw, json)
Hash identifier:          JX1t8tGMn8nyq5oj+S/xubK6nVg6WbHVtaOCdwSyvtE=
Subject key identifier:   54:0C:D8:91:04:53:83:08:89:68:7C:31:BA:2B:EF:F1:91:73:B5:23
Certificate issuer:       /CN=6020bdba46ce50c0aa0c41f0b1b49fa7ed6810cb
Certificate serial:       0199BFFAA36A53E5871FC99B5A0A84E564F5
Authority key identifier: 60:20:BD:BA:46:CE:50:C0:AA:0C:41:F0:B1:B4:9F:A7:ED:68:10:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YCC9ukbOUMCqDEHwsbSfp-1oEMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/769596-2c4a-4ad8-86cf-b309112d2eec/1/VAzYkQRTgwiJaHwxuivv8ZFztSM.roa
Signing time:             Tue 07 Oct 2025 18:41:38 +0000
ROA not before:           Tue 07 Oct 2025 18:41:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        193.148.40.0/24 maxlen: 24
                          193.148.41.0/24 maxlen: 24
                          193.148.42.0/24 maxlen: 24
                          193.148.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/769596-2c4a-4ad8-86cf-b309112d2eec/1/YCC9ukbOUMCqDEHwsbSfp-1oEMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/769596-2c4a-4ad8-86cf-b309112d2eec/1/YCC9ukbOUMCqDEHwsbSfp-1oEMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YCC9ukbOUMCqDEHwsbSfp-1oEMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bf:fa:a3:6a:53:e5:87:1f:c9:9b:5a:0a:84:e5:64:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6020bdba46ce50c0aa0c41f0b1b49fa7ed6810cb
        Validity
            Not Before: Oct  7 18:41:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=540cd8910453830889687c31ba2beff19173b523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ec:a5:96:c7:bc:fd:19:2a:3d:51:ca:ba:a2:
                    94:87:87:8d:0e:66:26:0a:94:4c:f4:86:96:31:09:
                    60:ba:f0:db:1f:68:7a:35:77:c5:17:d8:f2:22:d2:
                    ec:21:60:8b:bf:3e:5b:9d:32:64:72:d9:1a:58:15:
                    a4:93:ad:73:02:10:eb:14:b7:7e:27:d0:cc:a7:da:
                    5a:f3:f2:98:1d:20:71:58:9c:ec:70:e3:6d:9b:97:
                    eb:07:a1:e8:3a:fc:e3:21:0f:c0:c4:75:c3:c9:00:
                    3d:e7:0a:81:ae:01:da:02:4a:40:9d:6d:23:e5:6a:
                    d6:85:0a:26:4c:05:3f:04:94:2d:5f:89:9a:dc:1f:
                    d6:e6:02:90:c1:9a:ec:47:97:2a:7e:97:ff:e0:f1:
                    e3:a9:f4:ab:10:6b:d4:1c:7e:2f:96:cf:0f:a9:24:
                    86:8f:13:0e:a6:68:56:9c:d5:13:21:66:e8:e5:0d:
                    f9:47:8f:18:ae:43:37:c2:08:95:cc:21:3d:72:7d:
                    1a:b2:5f:89:55:15:4f:c5:39:34:d7:80:02:2c:66:
                    4d:70:cf:64:19:f9:4e:75:58:e2:a8:b1:86:6c:b2:
                    b8:c0:82:43:ab:fc:2a:51:83:7c:6f:a8:e5:ff:25:
                    78:81:3d:02:5f:c5:a0:54:b5:a0:44:c9:0e:af:c4:
                    de:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:0C:D8:91:04:53:83:08:89:68:7C:31:BA:2B:EF:F1:91:73:B5:23
            X509v3 Authority Key Identifier:
                keyid:60:20:BD:BA:46:CE:50:C0:AA:0C:41:F0:B1:B4:9F:A7:ED:68:10:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YCC9ukbOUMCqDEHwsbSfp-1oEMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/769596-2c4a-4ad8-86cf-b309112d2eec/1/VAzYkQRTgwiJaHwxuivv8ZFztSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/769596-2c4a-4ad8-86cf-b309112d2eec/1/YCC9ukbOUMCqDEHwsbSfp-1oEMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:fb:02:9a:97:8a:ec:d4:19:76:ed:6f:d4:7c:e3:32:c7:91:
         b2:0d:cc:ca:cd:87:b2:66:85:ca:48:6f:8b:1e:a8:e2:f2:62:
         d8:d7:7e:29:b9:ec:20:6f:92:99:a5:18:a4:29:5a:bb:dd:de:
         f3:d2:31:8f:95:c6:e2:d7:6a:08:44:87:bd:c4:1f:a0:ce:c6:
         9d:57:27:23:27:db:8c:08:1e:e7:b5:d4:c6:51:c2:42:d4:9b:
         ce:16:fe:3a:d0:37:f4:1a:b0:b1:70:23:94:d3:12:00:14:4c:
         02:a2:72:d5:a4:46:c7:fd:d0:e6:c0:00:cb:4d:a6:35:66:1f:
         bb:55:6c:26:f4:48:06:7c:b5:c1:18:cb:85:88:0a:47:38:86:
         d0:a5:37:ce:f4:42:ff:5b:3f:bc:fb:0d:07:0e:10:34:4f:5a:
         29:4c:29:82:2e:57:09:ef:c3:da:dd:92:93:0f:d2:55:20:77:
         9e:90:96:17:fb:87:97:41:00:1b:79:ba:e4:67:5e:38:a0:91:
         d7:c5:92:68:1e:fd:41:7e:e3:be:f5:00:64:9d:bb:dd:89:0a:
         99:d2:82:df:8b:02:6b:57:47:0f:e2:05:ab:52:59:46:4c:75:
         d1:da:a6:6c:f7:d5:d8:fa:0b:1e:78:f1:6f:8d:80:03:b6:7d:
         8d:1e:03:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm/+qNqU+WHH8mbWgqE5WT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMjBiZGJhNDZjZTUwYzBhYTBjNDFmMGIxYjQ5ZmE3ZWQ2
ODEwY2IwHhcNMjUxMDA3MTg0MTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDBjZDg5MTA0NTM4MzA4ODk2ODdjMzFiYTJiZWZmMTkxNzNiNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeyllse8/RkqPVHKuqKUh4eNDmYm
CpRM9IaWMQlguvDbH2h6NXfFF9jyItLsIWCLvz5bnTJkctkaWBWkk61zAhDrFLd+
J9DMp9pa8/KYHSBxWJzscONtm5frB6HoOvzjIQ/AxHXDyQA95wqBrgHaAkpAnW0j
5WrWhQomTAU/BJQtX4ma3B/W5gKQwZrsR5cqfpf/4PHjqfSrEGvUHH4vls8PqSSG
jxMOpmhWnNUTIWbo5Q35R48YrkM3wgiVzCE9cn0asl+JVRVPxTk014ACLGZNcM9k
GflOdVjiqLGGbLK4wIJDq/wqUYN8b6jl/yV4gT0CX8WgVLWgRMkOr8TeyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQM2JEEU4MIiWh8Mbor7/GRc7UjMB8GA1UdIwQY
MBaAFGAgvbpGzlDAqgxB8LG0n6ftaBDLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUNDOXVrYk9VTUNxREVId3NiU2ZwLTFvRU1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi83Njk1OTYtMmM0YS00YWQ4LTg2Y2Yt
YjMwOTExMmQyZWVjLzEvVkF6WWtRUlRnd2lKYUh3eHVpdnY4WkZ6dFNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi83Njk1OTYtMmM0YS00YWQ4LTg2Y2YtYjMwOTExMmQyZWVj
LzEvWUNDOXVrYk9VTUNxREVId3NiU2ZwLTFvRU1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwZQoMA0G
CSqGSIb3DQEBCwUAA4IBAQBd+wKal4rs1Bl27W/UfOMyx5GyDczKzYeyZoXKSG+L
Hqji8mLY134puewgb5KZpRikKVq73d7z0jGPlcbi12oIRIe9xB+gzsadVycjJ9uM
CB7ntdTGUcJC1JvOFv460Df0GrCxcCOU0xIAFEwConLVpEbH/dDmwADLTaY1Zh+7
VWwm9EgGfLXBGMuFiApHOIbQpTfO9EL/Wz+8+w0HDhA0T1opTCmCLlcJ78Pa3ZKT
D9JVIHeekJYX+4eXQQAbebrkZ144oJHXxZJoHv1BfuO+9QBknbvdiQqZ0oLfiwJr
V0cP4gWrUllGTHXR2qZs99XY+gseePFvjYADtn2NHgMX
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:53 2025 by rpki-client