Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/880df4-e334-4a77-8f4a-7dfde8b12e2c/1/LstQmx0npx1wBzXFQnWiCMni4rU.roa
File:                     LstQmx0npx1wBzXFQnWiCMni4rU.roa (raw, json)
Hash identifier:          P0DAqw5mgnz/NGIMrf6y81li0lGZ6anTPEV88CrVJ8o=
Subject key identifier:   2E:CB:50:9B:1D:27:A7:1D:70:07:35:C5:42:75:A2:08:C9:E2:E2:B5
Certificate issuer:       /CN=810e50f8be21e6556a2a3b5e60e1de765ae02d4e
Certificate serial:       01994CD336929AD41E4B5FCECDFF280F2DA4
Authority key identifier: 81:0E:50:F8:BE:21:E6:55:6A:2A:3B:5E:60:E1:DE:76:5A:E0:2D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQ5Q-L4h5lVqKjteYOHedlrgLU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/880df4-e334-4a77-8f4a-7dfde8b12e2c/1/LstQmx0npx1wBzXFQnWiCMni4rU.roa
Signing time:             Mon 15 Sep 2025 10:02:14 +0000
ROA not before:           Mon 15 Sep 2025 10:02:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        185.87.134.0/24 maxlen: 24
                          185.87.135.0/24 maxlen: 24
                          2a05:c341::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/880df4-e334-4a77-8f4a-7dfde8b12e2c/1/gQ5Q-L4h5lVqKjteYOHedlrgLU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/880df4-e334-4a77-8f4a-7dfde8b12e2c/1/gQ5Q-L4h5lVqKjteYOHedlrgLU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQ5Q-L4h5lVqKjteYOHedlrgLU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4c:d3:36:92:9a:d4:1e:4b:5f:ce:cd:ff:28:0f:2d:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=810e50f8be21e6556a2a3b5e60e1de765ae02d4e
        Validity
            Not Before: Sep 15 10:02:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ecb509b1d27a71d700735c54275a208c9e2e2b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:9f:52:92:4c:33:e4:66:21:32:cc:94:5b:5e:
                    fa:be:7d:b3:15:50:13:89:b4:e9:93:6b:77:66:32:
                    54:9d:59:fa:3d:28:62:b5:8a:19:dc:4a:8a:00:08:
                    c4:f7:16:d9:81:d8:86:c7:d0:c9:b8:5c:7d:e6:ac:
                    da:54:04:fb:22:e3:f1:16:84:72:60:c3:5a:2c:57:
                    f0:db:14:80:b2:d8:d0:11:c6:9e:a1:f0:b8:91:c1:
                    14:d3:c3:3a:bd:59:d3:cb:9f:2e:f8:44:75:e9:e3:
                    27:b6:54:e9:3c:cc:bf:4d:d7:c3:d6:ff:69:37:24:
                    b5:e0:5e:a0:e0:8c:fc:db:7a:d6:3e:3b:31:ce:a2:
                    cc:51:13:c2:96:a3:d5:f2:24:1c:59:49:e3:a0:23:
                    68:0c:28:ca:d0:3c:15:43:00:bc:4d:42:e9:77:a6:
                    a3:fa:0b:09:57:1a:b1:1e:ba:2b:74:25:69:ff:0f:
                    20:8f:13:40:b2:2a:ec:6d:9d:67:f4:f9:f4:ee:c8:
                    5a:e3:5c:97:e6:0f:ea:b4:63:25:a4:64:b3:1d:4e:
                    ae:d1:62:5b:95:94:28:d6:79:d5:83:c7:f7:a6:15:
                    d4:9e:3f:13:3a:14:cc:93:9b:d1:36:36:6a:db:cb:
                    a1:e5:06:89:78:ca:96:83:f1:49:20:ac:3e:bd:7d:
                    e1:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:CB:50:9B:1D:27:A7:1D:70:07:35:C5:42:75:A2:08:C9:E2:E2:B5
            X509v3 Authority Key Identifier:
                keyid:81:0E:50:F8:BE:21:E6:55:6A:2A:3B:5E:60:E1:DE:76:5A:E0:2D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQ5Q-L4h5lVqKjteYOHedlrgLU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/880df4-e334-4a77-8f4a-7dfde8b12e2c/1/LstQmx0npx1wBzXFQnWiCMni4rU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/880df4-e334-4a77-8f4a-7dfde8b12e2c/1/gQ5Q-L4h5lVqKjteYOHedlrgLU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.134.0/23
                IPv6:
                  2a05:c341::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:8d:5d:95:ad:dd:36:ae:25:9d:bd:06:83:f7:ee:70:60:21:
         39:5b:fb:6a:d1:15:eb:d2:e1:b9:0a:8c:de:aa:2f:7f:5a:61:
         c6:25:22:7f:69:a1:9c:3d:51:c4:35:2e:9c:6c:42:95:fe:1a:
         3c:3c:ca:52:b0:87:eb:a8:c3:47:8c:44:e8:be:b0:20:a9:8f:
         ea:9f:aa:99:88:f4:c2:a4:63:19:2d:74:85:be:ae:5d:f4:76:
         fc:34:db:08:76:70:ac:bd:bc:93:43:07:3d:46:51:55:03:bc:
         46:67:4f:2b:a7:fe:53:bc:3d:77:fe:a8:ed:3d:95:81:01:f8:
         33:ee:05:0e:42:1a:86:5c:1a:7b:59:bc:d4:58:19:7b:3c:7c:
         35:74:bb:77:94:c2:af:ba:45:8f:1a:48:a5:73:a3:15:4c:e7:
         02:ea:5b:cf:62:39:88:07:d6:e4:20:05:5b:a8:ac:ce:43:c1:
         65:bd:ce:3a:db:9c:3d:bd:89:26:62:7c:a2:3f:75:f0:6f:93:
         fd:8c:b3:29:ba:8a:57:c9:3b:87:fe:5d:3a:4d:45:c8:d4:9d:
         6b:90:dc:c6:22:20:32:03:7c:b8:30:be:2f:05:b4:3b:f6:62:
         28:41:18:f1:22:7b:b8:83:74:ac:1e:11:1e:4e:e6:2c:38:02:
         4a:57:5e:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZlM0zaSmtQeS1/Ozf8oDy2kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMGU1MGY4YmUyMWU2NTU2YTJhM2I1ZTYwZTFkZTc2NWFl
MDJkNGUwHhcNMjUwOTE1MTAwMjE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWNiNTA5YjFkMjdhNzFkNzAwNzM1YzU0Mjc1YTIwOGM5ZTJlMmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx59Skkwz5GYhMsyUW176vn2zFVAT
ibTpk2t3ZjJUnVn6PShitYoZ3EqKAAjE9xbZgdiGx9DJuFx95qzaVAT7IuPxFoRy
YMNaLFfw2xSAstjQEcaeofC4kcEU08M6vVnTy58u+ER16eMntlTpPMy/TdfD1v9p
NyS14F6g4Iz823rWPjsxzqLMURPClqPV8iQcWUnjoCNoDCjK0DwVQwC8TULpd6aj
+gsJVxqxHrordCVp/w8gjxNAsirsbZ1n9Pn07sha41yX5g/qtGMlpGSzHU6u0WJb
lZQo1nnVg8f3phXUnj8TOhTMk5vRNjZq28uh5QaJeMqWg/FJIKw+vX3hnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC7LUJsdJ6cdcAc1xUJ1ogjJ4uK1MB8GA1UdIwQY
MBaAFIEOUPi+IeZVaio7XmDh3nZa4C1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1E1US1MNGg1bFZxS2p0ZVlPSGVkbHJnTFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84ODBkZjQtZTMzNC00YTc3LThmNGEt
N2RmZGU4YjEyZTJjLzEvTHN0UW14MG5weDF3QnpYRlFuV2lDTW5pNHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84ODBkZjQtZTMzNC00YTc3LThmNGEtN2RmZGU4YjEyZTJj
LzEvZ1E1US1MNGg1bFZxS2p0ZVlPSGVkbHJnTFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuVeGMA8E
AgACMAkDBwAqBcNBAAAwDQYJKoZIhvcNAQELBQADggEBAHeNXZWt3TauJZ29BoP3
7nBgITlb+2rRFevS4bkKjN6qL39aYcYlIn9poZw9UcQ1LpxsQpX+Gjw8ylKwh+uo
w0eMROi+sCCpj+qfqpmI9MKkYxktdIW+rl30dvw02wh2cKy9vJNDBz1GUVUDvEZn
Tyun/lO8PXf+qO09lYEB+DPuBQ5CGoZcGntZvNRYGXs8fDV0u3eUwq+6RY8aSKVz
oxVM5wLqW89iOYgH1uQgBVuorM5DwWW9zjrbnD29iSZifKI/dfBvk/2Msym6ilfJ
O4f+XTpNRcjUnWuQ3MYiIDIDfLgwvi8FtDv2YihBGPEie7iDdKweER5O5iw4AkpX
Xh0=
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:47 2025 by rpki-client