Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/08949f-c79a-46ca-b50b-0fc9bfcd74a6/1/7nuD8elhlIUxcTnbEPvLA6ZLn5I.roa
File:                     7nuD8elhlIUxcTnbEPvLA6ZLn5I.roa (raw, json)
Hash identifier:          90o2vgvA2ZcVDu1EqRM6Q9Z2wROKMEItuuXmbaFjrpw=
Subject key identifier:   EE:7B:83:F1:E9:61:94:85:31:71:39:DB:10:FB:CB:03:A6:4B:9F:92
Certificate issuer:       /CN=54a6c46d7d90feb4a728af0f8ae11bfa0d4f8cb1
Certificate serial:       01999BFE100BD97CDEF057DAB2C54808FDB1
Authority key identifier: 54:A6:C4:6D:7D:90:FE:B4:A7:28:AF:0F:8A:E1:1B:FA:0D:4F:8C:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VKbEbX2Q_rSnKK8PiuEb-g1PjLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/08949f-c79a-46ca-b50b-0fc9bfcd74a6/1/7nuD8elhlIUxcTnbEPvLA6ZLn5I.roa
Signing time:             Tue 30 Sep 2025 18:59:02 +0000
ROA not before:           Tue 30 Sep 2025 18:59:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50716
IP address blocks:        87.76.0.0/20 maxlen: 22
                          91.239.16.0/22 maxlen: 22
                          109.197.192.0/21 maxlen: 22
                          176.116.136.0/21 maxlen: 22
                          176.116.140.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/08949f-c79a-46ca-b50b-0fc9bfcd74a6/1/VKbEbX2Q_rSnKK8PiuEb-g1PjLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/08949f-c79a-46ca-b50b-0fc9bfcd74a6/1/VKbEbX2Q_rSnKK8PiuEb-g1PjLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VKbEbX2Q_rSnKK8PiuEb-g1PjLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9b:fe:10:0b:d9:7c:de:f0:57:da:b2:c5:48:08:fd:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54a6c46d7d90feb4a728af0f8ae11bfa0d4f8cb1
        Validity
            Not Before: Sep 30 18:59:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee7b83f1e9619485317139db10fbcb03a64b9f92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d8:db:51:ef:c3:3b:a5:e7:2c:b3:81:56:60:
                    68:85:d3:32:25:c3:23:11:33:c9:f4:1c:96:08:39:
                    d0:16:3b:68:c5:d8:a8:69:a7:5b:db:87:40:7d:d0:
                    6c:b7:a5:54:39:cb:93:61:e0:d4:19:15:a8:30:9c:
                    ec:18:8d:e8:13:67:c4:51:63:c7:08:70:3f:48:23:
                    ec:1a:88:96:19:f1:19:5a:d9:e5:07:7d:a7:0e:bf:
                    f9:42:cf:08:94:fc:76:7a:4c:8f:6d:3b:bb:e0:27:
                    1f:25:ab:aa:ac:c6:ec:ea:42:aa:2e:ea:a4:62:d6:
                    14:55:54:9b:f7:13:ca:21:8d:f4:64:4f:c2:92:29:
                    e1:6b:30:94:c3:e5:59:d0:15:6e:ce:7b:9e:69:71:
                    89:14:20:6f:a1:77:07:63:22:52:8e:a2:e8:8a:4d:
                    a2:2a:e3:6f:8d:dc:c4:83:46:42:65:1c:f7:b2:8e:
                    2d:e8:86:dc:eb:b9:8c:71:61:35:c7:33:2b:94:ff:
                    e1:f2:d8:38:ff:e4:18:0a:c1:13:3f:60:ce:f2:c5:
                    c9:50:44:18:93:ae:9a:eb:56:07:62:2f:ef:19:40:
                    c1:46:81:4a:f2:43:b5:bd:fe:fb:97:77:34:f1:bd:
                    e1:3c:76:19:b1:ce:34:3c:9f:69:d7:c9:42:fb:e3:
                    f4:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:7B:83:F1:E9:61:94:85:31:71:39:DB:10:FB:CB:03:A6:4B:9F:92
            X509v3 Authority Key Identifier:
                keyid:54:A6:C4:6D:7D:90:FE:B4:A7:28:AF:0F:8A:E1:1B:FA:0D:4F:8C:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VKbEbX2Q_rSnKK8PiuEb-g1PjLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/08949f-c79a-46ca-b50b-0fc9bfcd74a6/1/7nuD8elhlIUxcTnbEPvLA6ZLn5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/08949f-c79a-46ca-b50b-0fc9bfcd74a6/1/VKbEbX2Q_rSnKK8PiuEb-g1PjLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.76.0.0/20
                  91.239.16.0/22
                  109.197.192.0/21
                  176.116.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5b:5f:96:38:61:35:04:e5:1b:c4:51:72:b8:98:40:07:17:a7:
         41:57:2f:90:9a:fa:e9:5e:f1:40:df:32:bc:24:21:95:94:cd:
         42:44:32:9c:ed:85:60:87:54:ec:00:16:2e:77:af:f1:d3:c6:
         a8:89:b6:3d:e3:73:ca:a4:b3:48:74:84:3c:e6:c0:c9:d2:31:
         83:88:7f:85:e4:d4:d0:22:09:f2:b6:d7:16:ff:70:a2:04:66:
         cb:e9:46:47:5c:2b:01:71:0f:23:dd:fa:86:73:c4:b3:8b:57:
         67:14:19:7f:58:ab:4e:9c:fe:08:74:cf:e4:4c:91:93:60:b3:
         20:b0:c0:d6:3c:bd:06:70:67:dc:29:ad:04:67:2c:3d:ba:9c:
         cd:44:b2:65:aa:79:94:5f:52:c5:b2:b2:11:7a:18:a6:02:0b:
         c4:a4:fe:57:33:d1:9d:5f:15:0b:bd:f6:e2:23:df:93:40:01:
         b4:5a:31:5f:d2:75:47:46:f4:2c:6d:1e:8b:48:32:7e:ec:f9:
         bd:23:e5:45:8a:cb:d6:7a:0c:75:dc:91:14:94:84:a0:04:87:
         94:c1:a4:2e:d2:50:6c:81:e5:76:11:98:06:c6:81:4a:30:fb:
         1f:fa:72:ac:e0:3b:ce:95:f4:04:65:d5:d2:ba:b6:f1:c4:a6:
         60:1c:d0:78
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZmb/hAL2Xze8FfassVICP2xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YTZjNDZkN2Q5MGZlYjRhNzI4YWYwZjhhZTExYmZhMGQ0
ZjhjYjEwHhcNMjUwOTMwMTg1OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTdiODNmMWU5NjE5NDg1MzE3MTM5ZGIxMGZiY2IwM2E2NGI5ZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9jbUe/DO6XnLLOBVmBohdMyJcMj
ETPJ9ByWCDnQFjtoxdioaadb24dAfdBst6VUOcuTYeDUGRWoMJzsGI3oE2fEUWPH
CHA/SCPsGoiWGfEZWtnlB32nDr/5Qs8IlPx2ekyPbTu74CcfJauqrMbs6kKqLuqk
YtYUVVSb9xPKIY30ZE/CkinhazCUw+VZ0BVuznueaXGJFCBvoXcHYyJSjqLoik2i
KuNvjdzEg0ZCZRz3so4t6Ibc67mMcWE1xzMrlP/h8tg4/+QYCsETP2DO8sXJUEQY
k66a61YHYi/vGUDBRoFK8kO1vf77l3c08b3hPHYZsc40PJ9p18lC++P0zQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFO57g/HpYZSFMXE52xD7ywOmS5+SMB8GA1UdIwQY
MBaAFFSmxG19kP60pyivD4rhG/oNT4yxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVktiRWJYMlFfclNuS0s4UGl1RWItZzFQakxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8wODk0OWYtYzc5YS00NmNhLWI1MGIt
MGZjOWJmY2Q3NGE2LzEvN251RDhlbGhsSVV4Y1RuYkVQdkxBNlpMbjVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8wODk0OWYtYzc5YS00NmNhLWI1MGItMGZjOWJmY2Q3NGE2
LzEvVktiRWJYMlFfclNuS0s4UGl1RWItZzFQakxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQEV0wAAwQC
W+8QAwQDbcXAAwQDsHSIMA0GCSqGSIb3DQEBCwUAA4IBAQBbX5Y4YTUE5RvEUXK4
mEAHF6dBVy+QmvrpXvFA3zK8JCGVlM1CRDKc7YVgh1TsABYud6/x08aoibY943PK
pLNIdIQ85sDJ0jGDiH+F5NTQIgnyttcW/3CiBGbL6UZHXCsBcQ8j3fqGc8Szi1dn
FBl/WKtOnP4IdM/kTJGTYLMgsMDWPL0GcGfcKa0EZyw9upzNRLJlqnmUX1LFsrIR
ehimAgvEpP5XM9GdXxULvfbiI9+TQAG0WjFf0nVHRvQsbR6LSDJ+7Pm9I+VFisvW
egx13JEUlISgBIeUwaQu0lBsgeV2EZgGxoFKMPsf+nKs4DvOlfQEZdXSurbxxKZg
HNB4
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:58 2025 by rpki-client