Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/8db67a-c4fc-4c2c-9978-a7be5fa0ff65/1/YmmMQQPClm4aJNcHY4nqMmKzxKo.roa
File:                     YmmMQQPClm4aJNcHY4nqMmKzxKo.roa (raw, json)
Hash identifier:          t9N6GySKPe1l1d/1ycrJCeRhS1dtKqOZa7fj5PMZRB8=
Subject key identifier:   62:69:8C:41:03:C2:96:6E:1A:24:D7:07:63:89:EA:32:62:B3:C4:AA
Certificate issuer:       /CN=ed624c590027a5a8c9eeb369726e4a630cdf414c
Certificate serial:       01990A3A99174343FECF9D8D9C4F3998E259
Authority key identifier: ED:62:4C:59:00:27:A5:A8:C9:EE:B3:69:72:6E:4A:63:0C:DF:41:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7WJMWQAnpajJ7rNpcm5KYwzfQUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/8db67a-c4fc-4c2c-9978-a7be5fa0ff65/1/YmmMQQPClm4aJNcHY4nqMmKzxKo.roa
Signing time:             Tue 02 Sep 2025 11:40:36 +0000
ROA not before:           Tue 02 Sep 2025 11:40:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.89.128.0/22 maxlen: 22
                          2a0b:a200::/48 maxlen: 48
                          2a0b:a200:1::/48 maxlen: 48
                          2a0b:a200:2::/48 maxlen: 48
                          2a0b:a200:3::/48 maxlen: 48
                          2a0b:a200:4::/48 maxlen: 48
                          2a0b:a200:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/8db67a-c4fc-4c2c-9978-a7be5fa0ff65/1/7WJMWQAnpajJ7rNpcm5KYwzfQUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/8db67a-c4fc-4c2c-9978-a7be5fa0ff65/1/7WJMWQAnpajJ7rNpcm5KYwzfQUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7WJMWQAnpajJ7rNpcm5KYwzfQUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:3a:99:17:43:43:fe:cf:9d:8d:9c:4f:39:98:e2:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed624c590027a5a8c9eeb369726e4a630cdf414c
        Validity
            Not Before: Sep  2 11:40:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62698c4103c2966e1a24d7076389ea3262b3c4aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c8:2b:4c:48:7a:21:21:24:1a:0c:1f:5f:e8:
                    1a:f1:3d:38:07:18:53:ae:b5:7a:9d:8f:6c:03:83:
                    6d:05:ec:26:05:6d:ed:83:27:42:1b:a7:ee:85:5b:
                    cc:de:08:a0:5e:52:5d:15:00:97:e9:a6:2a:76:94:
                    22:be:72:66:4b:0e:ad:02:32:1e:cb:84:1c:9a:dd:
                    77:ab:60:b4:e8:00:a7:0c:5a:51:b8:5e:29:81:6a:
                    3f:8a:43:de:6d:1a:7a:67:0e:c7:8e:19:f6:2b:2d:
                    2d:58:6c:0d:2d:b2:c9:72:31:99:cc:ef:49:3a:21:
                    82:5e:0f:87:50:fa:4e:73:8c:a2:00:71:c7:ef:9f:
                    50:c5:32:20:6e:dd:fd:a1:b8:dd:39:b3:7d:0b:9f:
                    f0:74:86:82:3b:6e:db:12:b6:e2:4d:13:fc:9a:7f:
                    19:cf:74:00:f2:52:29:6b:9f:dd:83:77:ab:34:c9:
                    47:df:5c:a6:e3:6c:ff:c4:0a:68:ac:34:88:da:ef:
                    96:0c:df:4d:4a:e7:1e:80:81:8f:f3:cc:c2:78:b2:
                    1d:fb:2d:5d:69:55:4e:ac:da:4b:5d:fe:67:fe:b8:
                    a0:ff:a5:2c:52:32:52:e8:68:48:5b:6f:bf:f7:45:
                    25:2c:0a:53:8f:c1:bd:d2:b2:bd:21:4a:f4:ec:e8:
                    5c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:69:8C:41:03:C2:96:6E:1A:24:D7:07:63:89:EA:32:62:B3:C4:AA
            X509v3 Authority Key Identifier:
                keyid:ED:62:4C:59:00:27:A5:A8:C9:EE:B3:69:72:6E:4A:63:0C:DF:41:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7WJMWQAnpajJ7rNpcm5KYwzfQUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/8db67a-c4fc-4c2c-9978-a7be5fa0ff65/1/YmmMQQPClm4aJNcHY4nqMmKzxKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/8db67a-c4fc-4c2c-9978-a7be5fa0ff65/1/7WJMWQAnpajJ7rNpcm5KYwzfQUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.128.0/22
                IPv6:
                  2a0b:a200::-2a0b:a200:5:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         53:58:84:4b:fc:ac:7b:a6:ea:bb:85:29:e9:6c:a4:0a:02:b0:
         05:b3:e2:a3:87:b1:ce:89:ee:96:99:44:35:25:d2:71:26:0a:
         b0:42:c6:b4:da:69:30:3f:82:d8:74:bf:16:b5:5d:ba:2c:2a:
         5f:f8:d7:b6:ee:39:f9:a1:1f:aa:4e:6f:5c:35:83:00:ff:57:
         dd:ca:34:32:df:f7:70:d6:1b:98:5c:4a:e9:69:b3:e7:dd:cf:
         7e:6e:da:0c:27:4f:59:de:46:58:18:fa:4c:c4:2d:87:6e:5c:
         b8:d4:6a:e3:8d:aa:d5:16:e9:db:b6:9c:72:3e:72:ba:5f:3b:
         5b:6d:13:8e:a0:ac:da:62:75:76:5a:02:8b:fe:56:72:cb:ad:
         73:e7:a2:4f:9c:06:dc:93:ca:08:f4:81:ce:6a:bb:da:f6:e3:
         e9:59:b6:95:c5:ba:b3:1b:13:6b:73:b3:8c:90:78:4d:20:36:
         b3:3c:78:df:84:e6:ce:e0:24:31:9d:fd:c9:6e:b7:f4:7c:cf:
         85:25:82:3e:ec:97:1f:a7:be:5b:95:0d:0b:f7:85:80:11:92:
         5f:bc:24:5c:2b:bd:4a:5a:dd:eb:a1:70:b3:dc:f8:17:aa:c6:
         e1:11:11:89:69:a8:e7:08:66:15:87:f8:4b:c9:44:34:80:da:
         77:50:87:38
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZkKOpkXQ0P+z52NnE85mOJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNjI0YzU5MDAyN2E1YThjOWVlYjM2OTcyNmU0YTYzMGNk
ZjQxNGMwHhcNMjUwOTAyMTE0MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjY5OGM0MTAzYzI5NjZlMWEyNGQ3MDc2Mzg5ZWEzMjYyYjNjNGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsgrTEh6ISEkGgwfX+ga8T04BxhT
rrV6nY9sA4NtBewmBW3tgydCG6fuhVvM3gigXlJdFQCX6aYqdpQivnJmSw6tAjIe
y4Qcmt13q2C06ACnDFpRuF4pgWo/ikPebRp6Zw7Hjhn2Ky0tWGwNLbLJcjGZzO9J
OiGCXg+HUPpOc4yiAHHH759QxTIgbt39objdObN9C5/wdIaCO27bErbiTRP8mn8Z
z3QA8lIpa5/dg3erNMlH31ym42z/xAporDSI2u+WDN9NSucegIGP88zCeLId+y1d
aVVOrNpLXf5n/rig/6UsUjJS6GhIW2+/90UlLApTj8G90rK9IUr07OhclwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGJpjEEDwpZuGiTXB2OJ6jJis8SqMB8GA1UdIwQY
MBaAFO1iTFkAJ6Woye6zaXJuSmMM30FMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1dKTVdRQW5wYWpKN3JOcGNtNUtZd3pmUVV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy84ZGI2N2EtYzRmYy00YzJjLTk5Nzgt
YTdiZTVmYTBmZjY1LzEvWW1tTVFRUENsbTRhSk5jSFk0bnFNbUt6eEtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy84ZGI2N2EtYzRmYy00YzJjLTk5NzgtYTdiZTVmYTBmZjY1
LzEvN1dKTVdRQW5wYWpKN3JOcGNtNUtZd3pmUVV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAMBAIAATAGAwQCLVmAMBcE
AgACMBEwDwMEASoLogMHASoLogAABDANBgkqhkiG9w0BAQsFAAOCAQEAU1iES/ys
e6bqu4Up6WykCgKwBbPio4exzonulplENSXScSYKsELGtNppMD+C2HS/FrVduiwq
X/jXtu45+aEfqk5vXDWDAP9X3co0Mt/3cNYbmFxK6Wmz593Pfm7aDCdPWd5GWBj6
TMQth25cuNRq442q1Rbp27accj5yul87W20TjqCs2mJ1dloCi/5Wcsutc+eiT5wG
3JPKCPSBzmq72vbj6Vm2lcW6sxsTa3OzjJB4TSA2szx434TmzuAkMZ39yW639HzP
hSWCPuyXH6e+W5UNC/eFgBGSX7wkXCu9Slrd66Fws9z4F6rG4RERiWmo5whmFYf4
S8lENIDad1CHOA==
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:52 2025 by rpki-client