Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/PYtBwXCIX2JfibgH-eH6y28_VrI.roa
File:                     PYtBwXCIX2JfibgH-eH6y28_VrI.roa (raw, json)
Hash identifier:          HiHxBEZ/k5oJMJ4flD5NHFntvssSaUpL19eBPcUrz0Y=
Subject key identifier:   3D:8B:41:C1:70:88:5F:62:5F:89:B8:07:F9:E1:FA:CB:6F:3F:56:B2
Certificate issuer:       /CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
Certificate serial:       0198CBEA0E7011528030E1302918BDFD7004
Authority key identifier: 49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/PYtBwXCIX2JfibgH-eH6y28_VrI.roa
Signing time:             Thu 21 Aug 2025 09:16:10 +0000
ROA not before:           Thu 21 Aug 2025 09:16:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        93.94.51.0/24 maxlen: 24
                          93.94.52.0/24 maxlen: 24
                          178.17.53.0/24 maxlen: 24
                          178.17.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cb:ea:0e:70:11:52:80:30:e1:30:29:18:bd:fd:70:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
        Validity
            Not Before: Aug 21 09:16:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d8b41c170885f625f89b807f9e1facb6f3f56b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:26:88:55:0a:25:71:30:40:c7:ea:f8:71:46:
                    5e:3f:63:79:89:a3:38:d5:e8:2d:51:59:d6:17:86:
                    95:b0:67:14:7a:31:4c:d3:87:57:4d:c4:f5:d4:01:
                    56:1a:85:f3:5b:2a:b7:88:86:a3:53:18:7f:39:d8:
                    a9:88:e1:e4:f7:11:aa:df:24:dd:3d:f4:80:dd:42:
                    ac:cf:7c:4d:10:94:af:ba:05:78:c6:07:2d:94:62:
                    53:74:c0:a9:ed:5c:97:c5:2b:04:a0:42:20:4c:24:
                    d6:9b:af:9a:eb:5a:67:9a:7e:dd:69:4d:2c:18:75:
                    1b:01:58:ec:5a:fe:a3:ac:a0:91:45:80:1b:9b:cc:
                    52:1d:c8:f0:e0:2b:60:1f:e1:bb:92:9f:34:9d:4a:
                    5d:26:c8:bf:0f:29:8d:95:62:6a:72:53:37:20:29:
                    1b:9b:b4:7d:3b:9f:bf:49:bb:8e:94:f5:a4:3a:5e:
                    f8:67:08:b3:42:ad:72:58:96:68:7b:5b:b9:01:3f:
                    fa:ca:75:b4:a7:eb:0e:f5:56:8f:07:fb:36:65:85:
                    7e:a4:5c:b3:09:db:c2:a6:cf:c2:0a:ac:a4:70:60:
                    12:0f:0c:17:c6:9a:16:93:04:7f:4f:5c:8b:47:16:
                    67:d0:3d:e5:78:f0:dc:82:b5:3f:f5:33:d2:d0:94:
                    46:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:8B:41:C1:70:88:5F:62:5F:89:B8:07:F9:E1:FA:CB:6F:3F:56:B2
            X509v3 Authority Key Identifier:
                keyid:49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/PYtBwXCIX2JfibgH-eH6y28_VrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.51.0-93.94.52.255
                  178.17.53.0/24
                  178.17.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:31:72:ee:54:1a:80:40:11:bd:0f:da:dd:56:57:c9:70:70:
         67:6c:c1:1d:79:0d:0e:57:8c:85:26:7c:c9:4f:a3:94:d4:f9:
         44:39:46:9d:a0:cf:ee:b3:19:03:ac:5d:ff:d6:50:ff:2b:61:
         63:ca:bc:2e:1a:af:57:39:d9:f9:3a:7c:e4:92:0d:d4:12:c0:
         d3:08:f8:43:4d:d6:61:e9:39:8f:7f:58:38:55:1d:70:43:95:
         eb:a7:1c:6d:36:f6:98:fa:dc:e6:89:39:79:f4:47:83:93:10:
         27:15:ea:10:f4:d2:0a:68:dc:b7:96:13:a1:c9:dc:d7:c5:3d:
         44:e6:4d:03:39:33:97:7a:38:4d:d5:bd:2b:b0:8f:3d:e6:ac:
         82:68:2f:28:dd:0e:73:6d:c2:e7:0c:ab:95:e6:51:94:8d:b3:
         e6:d4:c2:46:5e:1e:f7:3b:23:cf:11:2f:ca:b0:c0:67:ea:e4:
         17:5f:88:4c:9c:60:b6:72:62:69:54:d8:f3:0a:75:26:63:f4:
         15:5e:1c:26:c4:b0:ab:a2:0e:ad:b5:84:c3:a4:dc:e6:50:a1:
         0c:d6:2d:80:e8:19:9a:66:fa:a5:fe:6b:e6:11:f3:23:7a:c3:
         6a:e3:6c:d0:b0:a5:05:28:6d:67:88:04:d4:8b:88:29:e3:e5:
         3e:df:b1:9b
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZjL6g5wEVKAMOEwKRi9/XAEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjE2ZjVjMTY1YjgyN2E3ZmQ3M2Q4MTA3YWViZDJmNjNj
NjNlMjQwHhcNMjUwODIxMDkxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDhiNDFjMTcwODg1ZjYyNWY4OWI4MDdmOWUxZmFjYjZmM2Y1NmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiaIVQolcTBAx+r4cUZeP2N5iaM4
1egtUVnWF4aVsGcUejFM04dXTcT11AFWGoXzWyq3iIajUxh/OdipiOHk9xGq3yTd
PfSA3UKsz3xNEJSvugV4xgctlGJTdMCp7VyXxSsEoEIgTCTWm6+a61pnmn7daU0s
GHUbAVjsWv6jrKCRRYAbm8xSHcjw4CtgH+G7kp80nUpdJsi/DymNlWJqclM3ICkb
m7R9O5+/SbuOlPWkOl74ZwizQq1yWJZoe1u5AT/6ynW0p+sO9VaPB/s2ZYV+pFyz
CdvCps/CCqykcGASDwwXxpoWkwR/T1yLRxZn0D3lePDcgrU/9TPS0JRGOwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFD2LQcFwiF9iX4m4B/nh+stvP1ayMB8GA1UdIwQY
MBaAFEkhb1wWW4J6f9c9gQeuvS9jxj4kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQt
MGRiYmMyNDllNjU3LzEvUFl0QndYQ0lYMkpmaWJnSC1lSDZ5MjhfVnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQtMGRiYmMyNDllNjU3
LzEvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBABdXjMD
BABdXjQDBACyETUDBACyETowDQYJKoZIhvcNAQELBQADggEBAB4xcu5UGoBAEb0P
2t1WV8lwcGdswR15DQ5XjIUmfMlPo5TU+UQ5Rp2gz+6zGQOsXf/WUP8rYWPKvC4a
r1c52fk6fOSSDdQSwNMI+ENN1mHpOY9/WDhVHXBDleunHG029pj63OaJOXn0R4OT
ECcV6hD00gpo3LeWE6HJ3NfFPUTmTQM5M5d6OE3VvSuwjz3mrIJoLyjdDnNtwucM
q5XmUZSNs+bUwkZeHvc7I88RL8qwwGfq5BdfiEycYLZyYmlU2PMKdSZj9BVeHCbE
sKuiDq21hMOk3OZQoQzWLYDoGZpm+qX+a+YR8yN6w2rjbNCwpQUobWeIBNSLiCnj
5T7fsZs=
-----END CERTIFICATE-----
Generated at Sat Aug 23 19:49:53 2025 by rpki-client