Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/TvRgaW9-CsNjYomAsfORBTmW3OU.roa
File:                     TvRgaW9-CsNjYomAsfORBTmW3OU.roa (raw, json)
Hash identifier:          E1pW1tBEDD4gp+efpV/wAMGMYES5LCvHxLW4UcIoHuI=
Subject key identifier:   4E:F4:60:69:6F:7E:0A:C3:63:62:89:80:B1:F3:91:05:39:96:DC:E5
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       01999ADDADABB21C861FE3C974A30B3ACD14
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/TvRgaW9-CsNjYomAsfORBTmW3OU.roa
Signing time:             Tue 30 Sep 2025 13:44:03 +0000
ROA not before:           Tue 30 Sep 2025 13:44:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     266827
IP address blocks:        95.164.8.0/24 maxlen: 24
                          95.164.33.0/24 maxlen: 24
                          95.164.51.0/24 maxlen: 24
                          95.164.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 04:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:dd:ad:ab:b2:1c:86:1f:e3:c9:74:a3:0b:3a:cd:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Sep 30 13:44:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ef460696f7e0ac363628980b1f391053996dce5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:80:d5:62:d6:37:43:02:da:86:ee:89:72:42:
                    7a:60:ab:c8:20:08:d4:72:c9:a3:c7:e2:ba:86:f8:
                    e3:46:9f:2b:8c:e6:1d:51:9f:5d:8e:39:2a:46:f6:
                    2f:44:bc:38:d8:ba:0c:00:94:83:f4:49:18:a8:bd:
                    b8:d6:81:d1:58:fb:e1:f4:bd:fc:c8:cc:46:88:14:
                    dc:9f:a3:70:93:67:c0:32:e0:1c:84:74:47:04:26:
                    61:16:24:38:09:1b:04:e7:ec:61:21:6b:2b:0d:6e:
                    47:f3:33:26:e5:0f:30:ff:8b:cd:ad:d7:eb:0c:72:
                    58:11:d9:77:a0:7b:d7:1d:66:ac:e1:7d:5a:e2:9f:
                    cf:69:84:c0:b6:50:5a:62:b0:91:ec:3c:0b:f0:4f:
                    a7:c4:44:0a:22:75:ee:72:4e:6e:b9:28:2b:39:de:
                    c3:1e:8e:cd:a7:2b:af:88:62:f2:84:03:bf:4f:64:
                    0e:93:2f:79:c8:6c:13:52:29:eb:0e:b8:0f:9f:25:
                    2c:64:cc:31:55:95:45:0b:93:a8:c6:5f:12:c1:56:
                    f7:1c:84:ec:a0:61:49:5d:e6:50:a0:5c:28:0b:12:
                    a4:df:57:68:82:c2:67:42:c3:e1:f5:26:a1:2f:7c:
                    cc:6a:7e:63:29:72:66:bb:5a:eb:eb:91:99:3e:13:
                    9f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:F4:60:69:6F:7E:0A:C3:63:62:89:80:B1:F3:91:05:39:96:DC:E5
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/TvRgaW9-CsNjYomAsfORBTmW3OU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.8.0/24
                  95.164.33.0/24
                  95.164.51.0/24
                  95.164.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:b9:3b:e2:d2:6c:6d:a3:05:dc:2f:d2:5a:d5:6c:cd:44:5c:
         2e:5b:b7:4c:eb:b6:08:a6:62:55:42:a1:e7:21:06:f1:45:a3:
         4e:4d:3a:89:20:d6:35:c4:e7:20:78:cb:37:9f:09:50:51:bd:
         eb:c4:e0:51:b8:51:52:61:a9:f6:92:e2:e5:03:78:6b:3a:3c:
         ee:09:3a:1e:49:60:f0:d4:29:ea:53:58:7f:6c:5b:f9:71:20:
         33:34:15:fe:0f:19:98:c1:b3:12:54:2f:af:4b:37:98:e9:41:
         6b:41:4b:1e:10:92:5b:67:e2:2c:44:ef:d0:82:90:81:9d:ad:
         3a:1f:18:12:b0:c7:b6:d5:c2:41:05:d4:39:fe:a8:37:b4:78:
         b2:70:be:2b:3f:23:07:ac:8c:ed:b5:8f:e8:e0:0b:1e:dc:e0:
         00:76:3a:ea:ba:3c:9c:20:bc:17:1d:54:9e:84:8c:02:76:6e:
         8d:4b:ce:70:3d:e7:7f:b5:ad:e8:22:ba:a9:40:53:9d:7a:6f:
         82:e3:24:93:33:4a:93:4e:d9:4c:8e:43:32:20:42:d1:70:9f:
         a1:be:dc:73:5f:a2:15:26:19:44:f8:ca:f3:39:42:dc:06:62:
         eb:77:c6:9e:12:c8:7a:0a:b6:dd:e5:63:13:8d:aa:ac:ce:ce:
         68:d3:ce:08
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZma3a2rshyGH+PJdKMLOs0UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwOTMwMTM0NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWY0NjA2OTZmN2UwYWMzNjM2Mjg5ODBiMWYzOTEwNTM5OTZkY2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4DVYtY3QwLahu6JckJ6YKvIIAjU
csmjx+K6hvjjRp8rjOYdUZ9djjkqRvYvRLw42LoMAJSD9EkYqL241oHRWPvh9L38
yMxGiBTcn6Nwk2fAMuAchHRHBCZhFiQ4CRsE5+xhIWsrDW5H8zMm5Q8w/4vNrdfr
DHJYEdl3oHvXHWas4X1a4p/PaYTAtlBaYrCR7DwL8E+nxEQKInXuck5uuSgrOd7D
Ho7NpyuviGLyhAO/T2QOky95yGwTUinrDrgPnyUsZMwxVZVFC5Ooxl8SwVb3HITs
oGFJXeZQoFwoCxKk31dogsJnQsPh9SahL3zMan5jKXJmu1rr65GZPhOfIwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFE70YGlvfgrDY2KJgLHzkQU5ltzlMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvVHZSZ2FXOS1Dc05qWW9tQXNmT1JCVG1XM09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAX6QIAwQA
X6QhAwQAX6QzAwQAX6SVMA0GCSqGSIb3DQEBCwUAA4IBAQBZuTvi0mxtowXcL9Ja
1WzNRFwuW7dM67YIpmJVQqHnIQbxRaNOTTqJINY1xOcgeMs3nwlQUb3rxOBRuFFS
Yan2kuLlA3hrOjzuCToeSWDw1CnqU1h/bFv5cSAzNBX+DxmYwbMSVC+vSzeY6UFr
QUseEJJbZ+IsRO/QgpCBna06HxgSsMe21cJBBdQ5/qg3tHiycL4rPyMHrIzttY/o
4Ase3OAAdjrqujycILwXHVSehIwCdm6NS85wPed/ta3oIrqpQFOdem+C4ySTM0qT
TtlMjkMyIELRcJ+hvtxzX6IVJhlE+MrzOULcBmLrd8aeEsh6Crbd5WMTjaqszs5o
084I
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:28:47 2025 by rpki-client