Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/oRX7Y6Pj914WAp7rnqodS5u2ca8.roa
File:                     oRX7Y6Pj914WAp7rnqodS5u2ca8.roa (raw, json)
Hash identifier:          oe6rATV3dmst397dzzXrIt+aYf/37RibyDHjgXpGCSU=
Subject key identifier:   A1:15:FB:63:A3:E3:F7:5E:16:02:9E:EB:9E:AA:1D:4B:9B:B6:71:AF
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       0198CE61ACEBA71F13579B0A84EC33F636CE
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/oRX7Y6Pj914WAp7rnqodS5u2ca8.roa
Signing time:             Thu 21 Aug 2025 20:46:04 +0000
ROA not before:           Thu 21 Aug 2025 20:46:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        146.247.106.0/24 maxlen: 24
                          146.247.108.0/24 maxlen: 24
                          146.247.111.0/24 maxlen: 24
                          146.247.112.0/23 maxlen: 23
                          146.247.114.0/24 maxlen: 24
                          146.247.115.0/24 maxlen: 24
                          146.247.116.0/24 maxlen: 24
                          146.247.117.0/24 maxlen: 24
                          146.247.118.0/24 maxlen: 24
                          146.247.120.0/24 maxlen: 24
                          146.247.121.0/24 maxlen: 24
                          146.247.122.0/24 maxlen: 24
                          146.247.126.0/24 maxlen: 24
                          146.247.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 23:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ce:61:ac:eb:a7:1f:13:57:9b:0a:84:ec:33:f6:36:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Aug 21 20:46:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a115fb63a3e3f75e16029eeb9eaa1d4b9bb671af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:35:be:2c:18:bf:44:7d:38:92:d6:33:a2:f0:
                    7c:02:2d:fc:96:6a:bf:04:16:ad:84:61:ac:cc:61:
                    34:25:55:d7:3a:8a:46:b6:df:22:75:e9:bc:11:20:
                    27:67:68:88:40:55:37:3e:bd:c6:d9:3d:60:be:68:
                    e9:5d:a3:6c:38:c0:ec:31:96:31:ff:5c:ce:15:40:
                    44:11:74:d3:cf:1f:24:5a:4b:5b:4e:a6:3d:56:21:
                    9d:59:c1:f2:d5:9e:99:01:38:91:4f:7a:18:cf:87:
                    31:13:4d:1a:da:e9:cb:c9:f8:b7:ca:e2:a6:a8:32:
                    77:4f:44:1f:70:13:37:62:6d:70:57:57:62:c3:c0:
                    07:da:ef:a7:7f:a1:12:72:c3:62:2b:16:59:c8:d6:
                    fc:c4:3e:be:1d:fc:d4:cf:3d:6d:fc:49:8e:d5:80:
                    ee:81:ff:d1:f0:d8:42:5b:12:17:ab:c0:0c:9a:fc:
                    74:ad:45:35:4a:db:c4:b9:e1:5e:cd:0c:d0:27:aa:
                    3b:18:55:51:01:f6:d1:75:16:63:93:02:b2:8d:d5:
                    82:5e:75:30:90:c5:62:30:af:8a:5d:50:04:41:12:
                    35:af:e0:a6:bf:86:f9:53:36:25:d9:91:e5:a2:c0:
                    7b:1d:35:e4:ef:f4:32:94:2a:de:8d:2c:6d:d6:19:
                    87:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:15:FB:63:A3:E3:F7:5E:16:02:9E:EB:9E:AA:1D:4B:9B:B6:71:AF
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/oRX7Y6Pj914WAp7rnqodS5u2ca8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.106.0/24
                  146.247.108.0/24
                  146.247.111.0-146.247.118.255
                  146.247.120.0-146.247.122.255
                  146.247.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:33:b8:b4:34:e9:a1:e6:04:ef:d0:44:5a:c0:ed:a3:2f:03:
         05:39:35:33:61:59:19:27:79:c6:bf:e6:f5:1c:11:99:9a:a2:
         6b:5f:9f:38:3a:fa:da:af:f1:ca:47:16:62:89:ff:66:e6:7d:
         38:62:11:d3:87:54:cd:1d:b6:8b:e1:50:a2:51:d8:a0:5e:0a:
         ba:85:08:b2:7e:ab:d0:73:04:a4:40:9d:07:7c:68:8e:40:ae:
         cf:4d:ec:53:b3:fa:9e:97:5a:84:5c:8a:c7:d8:34:33:76:ca:
         81:f7:2e:d0:df:45:07:2f:78:3c:19:07:a4:4d:f3:30:24:45:
         b3:d0:c7:85:1a:7a:8a:78:fd:bc:ed:38:13:16:62:f1:39:96:
         b2:30:f4:a8:e6:24:bc:e8:be:15:c0:d5:cf:a2:80:f5:14:0d:
         23:29:5d:56:c4:3f:ad:db:4c:63:42:45:06:6e:a6:91:78:fe:
         62:c3:9a:39:fc:e1:e0:29:23:95:27:d8:6f:4d:43:2b:8c:ad:
         0b:4d:6c:84:07:01:c9:e1:05:32:d9:bd:8e:bf:df:1c:3a:e1:
         46:ef:7d:70:fa:fa:d1:b3:7e:ca:c8:53:58:d8:2d:6c:6e:57:
         d6:f9:89:c0:bf:ba:c4:06:46:27:b0:80:e7:c9:93:1a:df:4a:
         cf:31:f7:c9
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZjOYazrpx8TV5sKhOwz9jbOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjUwODIxMjA0NjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTE1ZmI2M2EzZTNmNzVlMTYwMjllZWI5ZWFhMWQ0YjliYjY3MWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjW+LBi/RH04ktYzovB8Ai38lmq/
BBathGGszGE0JVXXOopGtt8idem8ESAnZ2iIQFU3Pr3G2T1gvmjpXaNsOMDsMZYx
/1zOFUBEEXTTzx8kWktbTqY9ViGdWcHy1Z6ZATiRT3oYz4cxE00a2unLyfi3yuKm
qDJ3T0QfcBM3Ym1wV1diw8AH2u+nf6EScsNiKxZZyNb8xD6+HfzUzz1t/EmO1YDu
gf/R8NhCWxIXq8AMmvx0rUU1StvEueFezQzQJ6o7GFVRAfbRdRZjkwKyjdWCXnUw
kMViMK+KXVAEQRI1r+Cmv4b5UzYl2ZHlosB7HTXk7/QylCrejSxt1hmHwwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFKEV+2Oj4/deFgKe656qHUubtnGvMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvb1JYN1k2UGo5MTRXQXA3cm5xb2RTNXUyY2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQAkvdqAwQA
kvdsMAwDBACS928DBACS93YwDAMEA5L3eAMEAJL3egMEAZL3fjANBgkqhkiG9w0B
AQsFAAOCAQEAkzO4tDTpoeYE79BEWsDtoy8DBTk1M2FZGSd5xr/m9RwRmZqia1+f
ODr62q/xykcWYon/ZuZ9OGIR04dUzR22i+FQolHYoF4KuoUIsn6r0HMEpECdB3xo
jkCuz03sU7P6npdahFyKx9g0M3bKgfcu0N9FBy94PBkHpE3zMCRFs9DHhRp6inj9
vO04ExZi8TmWsjD0qOYkvOi+FcDVz6KA9RQNIyldVsQ/rdtMY0JFBm6mkXj+YsOa
Ofzh4CkjlSfYb01DK4ytC01shAcByeEFMtm9jr/fHDrhRu99cPr60bN+yshTWNgt
bG5X1vmJwL+6xAZGJ7CA58mTGt9KzzH3yQ==
-----END CERTIFICATE-----
Generated at Sat Aug 23 08:05:35 2025 by rpki-client