Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/UhdjQtj-FfDyuU6V5WnFSOKYjmk.roa
File:                     UhdjQtj-FfDyuU6V5WnFSOKYjmk.roa (raw, json)
Hash identifier:          QbBqfb3nWseUxtS3InHqu29EzpheC2v8vhkaoLoZ0FY=
Subject key identifier:   52:17:63:42:D8:FE:15:F0:F2:B9:4E:95:E5:69:C5:48:E2:98:8E:69
Certificate issuer:       /CN=fb061a39f0a037923113d6b8bb9b5bdab5b2f466
Certificate serial:       01992D8EE72E36EC0D3028835681C399BB24
Authority key identifier: FB:06:1A:39:F0:A0:37:92:31:13:D6:B8:BB:9B:5B:DA:B5:B2:F4:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/UhdjQtj-FfDyuU6V5WnFSOKYjmk.roa
Signing time:             Tue 09 Sep 2025 08:19:24 +0000
ROA not before:           Tue 09 Sep 2025 08:19:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212525
IP address blocks:        78.109.224.0/24 maxlen: 24
                          78.109.233.0/24 maxlen: 24
                          78.109.234.0/24 maxlen: 24
                          78.109.235.0/24 maxlen: 24
                          78.109.238.0/24 maxlen: 24
                          185.52.101.0/24 maxlen: 24
                          185.52.102.0/24 maxlen: 24
                          185.52.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 08:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2d:8e:e7:2e:36:ec:0d:30:28:83:56:81:c3:99:bb:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb061a39f0a037923113d6b8bb9b5bdab5b2f466
        Validity
            Not Before: Sep  9 08:19:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52176342d8fe15f0f2b94e95e569c548e2988e69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:52:67:f6:89:c3:cb:54:1c:d6:97:76:20:1f:
                    f3:3c:5c:bd:3e:6c:86:8b:71:c8:b9:b1:c0:93:70:
                    88:65:b6:96:a1:ed:e9:01:eb:ac:22:36:98:82:71:
                    78:78:25:54:da:9a:12:fc:01:71:92:5d:f2:f1:98:
                    3d:44:50:87:29:1f:fd:77:6b:7a:4b:07:46:27:bc:
                    a7:da:5b:30:3e:8d:6b:2f:62:eb:d6:c6:9b:4f:0f:
                    cc:54:93:fb:a2:28:98:e0:14:f0:34:1f:d0:41:94:
                    ab:33:39:e5:a4:13:14:16:ec:21:0f:7c:66:06:c3:
                    d4:8d:f3:9c:d7:c7:6c:48:bb:0a:fa:d3:1a:f0:d5:
                    46:54:70:66:9e:01:bd:75:95:d8:2c:84:ae:83:8b:
                    ae:13:03:9e:27:b7:cc:00:c8:6e:5c:fc:84:a3:c3:
                    b8:ab:46:f7:6f:ca:00:dd:68:89:55:36:09:87:f0:
                    8c:8b:9c:e8:22:42:e6:c1:61:cd:09:42:c0:23:ac:
                    9c:37:10:98:b0:77:1e:f1:d9:68:89:18:af:ed:8d:
                    09:3c:87:7a:9d:da:d0:da:b7:db:40:d1:f8:94:8f:
                    42:6d:27:9b:8d:b7:df:5d:7f:61:9e:e1:d0:78:04:
                    fb:b5:82:5d:b9:9c:bb:59:e6:26:c0:f8:37:63:c6:
                    cd:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:17:63:42:D8:FE:15:F0:F2:B9:4E:95:E5:69:C5:48:E2:98:8E:69
            X509v3 Authority Key Identifier:
                keyid:FB:06:1A:39:F0:A0:37:92:31:13:D6:B8:BB:9B:5B:DA:B5:B2:F4:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/UhdjQtj-FfDyuU6V5WnFSOKYjmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/a3294b-d478-4dbd-aae5-fd167ad92a9d/1/1-wYaOfCgN5IxE9a4u5tb2rWy9GY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.109.224.0/24
                  78.109.233.0-78.109.235.255
                  78.109.238.0/24
                  185.52.101.0-185.52.103.255

    Signature Algorithm: sha256WithRSAEncryption
         4d:9c:7d:7f:f2:2e:65:33:34:e4:76:50:60:bc:ea:98:97:45:
         9c:63:ef:42:21:be:93:fa:de:47:ff:f7:51:e0:69:bb:c7:44:
         fd:c5:cb:57:9f:3b:f6:43:48:71:5c:ce:f1:42:77:e5:13:de:
         71:cd:52:a1:e5:01:83:f4:d4:f8:04:d0:61:14:e6:6f:af:8a:
         6f:ac:56:0f:9b:96:39:48:bc:8c:99:c9:e8:c2:5f:0d:18:5a:
         05:2d:11:cd:e0:85:ce:ce:3d:a0:bf:77:7b:d7:09:6b:f6:d9:
         c1:e7:68:02:d4:4e:9c:79:1a:b5:2c:79:4d:8c:eb:2b:bc:72:
         e8:31:2c:47:1b:06:f6:8e:c2:0d:bb:de:7c:f8:dc:6d:d0:91:
         c4:9e:1f:50:72:b5:3c:72:ea:be:1e:0a:73:1d:56:a6:ad:4d:
         ed:6c:d2:15:15:b4:38:5e:63:c6:bf:d9:3b:60:02:f5:d2:5b:
         9b:5c:26:f0:45:ec:8a:ce:ce:4d:3e:e9:1c:37:20:19:7a:12:
         9c:cf:d3:dc:2f:a5:cd:c1:cd:37:e3:5e:21:86:68:02:22:f6:
         2e:11:d8:40:b6:c3:5b:7b:80:15:9b:12:14:e3:38:51:09:b0:
         c5:83:b5:38:5f:00:80:e3:70:76:9b:4e:a1:4b:73:e0:ee:c1:
         79:3f:dc:6b
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZktjucuNuwNMCiDVoHDmbskMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMDYxYTM5ZjBhMDM3OTIzMTEzZDZiOGJiOWI1YmRhYjVi
MmY0NjYwHhcNMjUwOTA5MDgxOTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjE3NjM0MmQ4ZmUxNWYwZjJiOTRlOTVlNTY5YzU0OGUyOTg4ZTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFJn9onDy1Qc1pd2IB/zPFy9PmyG
i3HIubHAk3CIZbaWoe3pAeusIjaYgnF4eCVU2poS/AFxkl3y8Zg9RFCHKR/9d2t6
SwdGJ7yn2lswPo1rL2Lr1sabTw/MVJP7oiiY4BTwNB/QQZSrMznlpBMUFuwhD3xm
BsPUjfOc18dsSLsK+tMa8NVGVHBmngG9dZXYLISug4uuEwOeJ7fMAMhuXPyEo8O4
q0b3b8oA3WiJVTYJh/CMi5zoIkLmwWHNCULAI6ycNxCYsHce8dloiRiv7Y0JPId6
ndrQ2rfbQNH4lI9CbSebjbffXX9hnuHQeAT7tYJduZy7WeYmwPg3Y8bNiwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFFIXY0LY/hXw8rlOleVpxUjimI5pMB8GA1UdIwQY
MBaAFPsGGjnwoDeSMRPWuLubW9q1svRmMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS13WWFPZkNnTjVJeEU5YTR1NXRiMnJXeTlHWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjMvYTMyOTRiLWQ0NzgtNGRiZC1hYWU1
LWZkMTY3YWQ5MmE5ZC8xL1VoZGpRdGotRmZEeXVVNlY1V25GU09LWWptay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjMvYTMyOTRiLWQ0NzgtNGRiZC1hYWU1LWZkMTY3YWQ5MmE5
ZC8xLzEtd1lhT2ZDZ041SXhFOWE0dTV0YjJyV3k5R1kuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwQQYIKwYBBQUHAQcBAf8EMjAwMC4EAgABMCgDBABObeAw
DAMEAE5t6QMEAk5t6AMEAE5t7jAMAwQAuTRlAwQDuTRgMA0GCSqGSIb3DQEBCwUA
A4IBAQBNnH1/8i5lMzTkdlBgvOqYl0WcY+9CIb6T+t5H//dR4Gm7x0T9xctXnzv2
Q0hxXM7xQnflE95xzVKh5QGD9NT4BNBhFOZvr4pvrFYPm5Y5SLyMmcnowl8NGFoF
LRHN4IXOzj2gv3d71wlr9tnB52gC1E6ceRq1LHlNjOsrvHLoMSxHGwb2jsINu958
+Nxt0JHEnh9QcrU8cuq+HgpzHVamrU3tbNIVFbQ4XmPGv9k7YAL10lubXCbwReyK
zs5NPukcNyAZehKcz9PcL6XNwc03414hhmgCIvYuEdhAtsNbe4AVmxIU4zhRCbDF
g7U4XwCA43B2m06hS3Pg7sF5P9xr
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:29:15 2025 by rpki-client