Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/1gMhaWTt9SatCtzXb2x3evmqFAM.roa
File:                     1gMhaWTt9SatCtzXb2x3evmqFAM.roa (raw, json)
Hash identifier:          6Y9a57NqqkLkQqCohM5S0/g04HJqvciLd/hsGJkposA=
Subject key identifier:   D6:03:21:69:64:ED:F5:26:AD:0A:DC:D7:6F:6C:77:7A:F9:AA:14:03
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       019963CADEC9DF9FDA3D51887EB979E96597
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/1gMhaWTt9SatCtzXb2x3evmqFAM.roa
Signing time:             Fri 19 Sep 2025 21:04:23 +0000
ROA not before:           Fri 19 Sep 2025 21:04:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33659
IP address blocks:        95.164.193.0/24 maxlen: 24
                          95.164.224.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 04:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:63:ca:de:c9:df:9f:da:3d:51:88:7e:b9:79:e9:65:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Sep 19 21:04:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d603216964edf526ad0adcd76f6c777af9aa1403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2d:03:d2:5c:eb:59:04:a4:72:65:d0:8e:fb:
                    44:62:57:0a:fa:c8:c7:e4:eb:41:bd:55:3f:28:97:
                    70:b1:47:95:fe:03:75:be:66:ac:3c:17:a5:e2:ee:
                    e5:e1:47:63:48:d8:03:94:c3:ef:c0:d6:85:5c:07:
                    00:35:e2:33:84:33:f6:bd:e5:ad:a4:08:e7:f7:2e:
                    31:5b:e9:83:f8:05:86:f9:de:bb:69:ae:4f:d4:ca:
                    bd:d3:03:17:0e:9c:a4:e0:52:5c:de:fb:47:83:8d:
                    41:0c:f6:5f:79:6c:b3:6c:a5:e9:54:68:84:c5:c5:
                    f2:ac:ba:53:25:1c:83:39:a0:e3:65:b2:90:71:3d:
                    a7:cb:13:3b:7b:a3:da:39:67:fa:8b:42:ab:00:f0:
                    06:c5:4c:45:d1:4b:b3:b9:00:7c:d1:36:7b:be:32:
                    83:07:34:c0:fe:3a:0d:13:04:22:4d:be:99:9a:3e:
                    1f:b8:14:23:c2:52:d4:96:68:63:47:52:51:ba:ea:
                    d6:a0:c1:5e:4a:28:94:ce:f4:af:20:09:39:57:0f:
                    59:ca:f9:e0:05:8a:76:7e:fb:75:30:7d:2d:53:c6:
                    41:fc:74:fb:61:ae:ff:00:11:25:e3:f0:40:dd:3f:
                    66:42:4d:d0:ed:c1:cd:c5:ac:19:b4:bf:58:32:01:
                    66:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:03:21:69:64:ED:F5:26:AD:0A:DC:D7:6F:6C:77:7A:F9:AA:14:03
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/1gMhaWTt9SatCtzXb2x3evmqFAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.193.0/24
                  95.164.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:d8:e3:4c:85:df:7c:2e:56:36:4c:3b:a8:06:8a:b2:11:cf:
         0b:54:88:d6:30:57:d0:0e:c0:76:f0:7f:ec:e3:52:2d:e6:a8:
         95:cb:00:ac:ad:ca:9b:c4:91:49:79:1f:73:8a:52:d9:bf:b6:
         e7:07:bf:13:5c:0c:f2:20:88:ea:98:7c:16:81:fb:88:49:76:
         92:ac:c1:22:5b:16:b8:79:f8:7e:2d:d1:f8:3a:f7:09:53:cf:
         e2:6b:17:bd:db:5a:79:f5:75:45:8a:bc:68:b3:7e:a5:cf:7d:
         c3:7c:05:f2:41:43:9d:72:f7:54:04:81:5e:26:15:5a:28:63:
         81:e4:da:20:0b:82:9c:b6:fb:27:5d:0c:61:0d:98:d0:6a:a7:
         ba:78:cf:4d:64:16:58:ac:b4:b7:e0:48:ed:a0:29:53:cb:08:
         c9:4b:8c:2d:e6:cd:01:cc:73:5c:e7:75:bb:a9:89:95:49:9e:
         87:aa:61:2f:97:ac:be:91:2b:e8:1e:d9:99:1b:cc:4d:29:68:
         0d:56:d6:83:59:69:f2:ee:a8:0a:e4:5e:b5:10:da:30:6f:b5:
         f6:e8:2e:7c:73:ce:8d:55:fb:d0:aa:b7:b5:67:fa:7d:d7:5c:
         d9:06:1b:66:7f:22:b5:c4:6e:8d:92:82:e7:3a:c6:45:76:af:
         18:f8:98:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZljyt7J35/aPVGIfrl56WWXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwOTE5MjEwNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjAzMjE2OTY0ZWRmNTI2YWQwYWRjZDc2ZjZjNzc3YWY5YWExNDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyS0D0lzrWQSkcmXQjvtEYlcK+sjH
5OtBvVU/KJdwsUeV/gN1vmasPBel4u7l4UdjSNgDlMPvwNaFXAcANeIzhDP2veWt
pAjn9y4xW+mD+AWG+d67aa5P1Mq90wMXDpyk4FJc3vtHg41BDPZfeWyzbKXpVGiE
xcXyrLpTJRyDOaDjZbKQcT2nyxM7e6PaOWf6i0KrAPAGxUxF0UuzuQB80TZ7vjKD
BzTA/joNEwQiTb6Zmj4fuBQjwlLUlmhjR1JRuurWoMFeSiiUzvSvIAk5Vw9Zyvng
BYp2fvt1MH0tU8ZB/HT7Ya7/ABEl4/BA3T9mQk3Q7cHNxawZtL9YMgFmDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNYDIWlk7fUmrQrc129sd3r5qhQDMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvMWdNaGFXVHQ5U2F0Q3R6WGIyeDNldm1xRkFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX6TBAwQC
X6TgMA0GCSqGSIb3DQEBCwUAA4IBAQAp2ONMhd98LlY2TDuoBoqyEc8LVIjWMFfQ
DsB28H/s41It5qiVywCsrcqbxJFJeR9zilLZv7bnB78TXAzyIIjqmHwWgfuISXaS
rMEiWxa4efh+LdH4OvcJU8/iaxe921p59XVFirxos36lz33DfAXyQUOdcvdUBIFe
JhVaKGOB5NogC4KctvsnXQxhDZjQaqe6eM9NZBZYrLS34EjtoClTywjJS4wt5s0B
zHNc53W7qYmVSZ6HqmEvl6y+kSvoHtmZG8xNKWgNVtaDWWny7qgK5F61ENowb7X2
6C58c86NVfvQqre1Z/p911zZBhtmfyK1xG6NkoLnOsZFdq8Y+Jik
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:28:40 2025 by rpki-client