Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/mfVSR44fIY6bkhiOSueC1ITxv6w.roa
File:                     mfVSR44fIY6bkhiOSueC1ITxv6w.roa (raw, json)
Hash identifier:          xZqOi81DoSglCV29EBbiUSqFQDxJr7C1mJvYXhv2Pug=
Subject key identifier:   99:F5:52:47:8E:1F:21:8E:9B:92:18:8E:4A:E7:82:D4:84:F1:BF:AC
Certificate issuer:       /CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
Certificate serial:       019934C0D023BC959A61DD79812D5006E22D
Authority key identifier: F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/mfVSR44fIY6bkhiOSueC1ITxv6w.roa
Signing time:             Wed 10 Sep 2025 17:51:15 +0000
ROA not before:           Wed 10 Sep 2025 17:51:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.143.16.0/23 maxlen: 24
                          2a14:b000::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 08:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:34:c0:d0:23:bc:95:9a:61:dd:79:81:2d:50:06:e2:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
        Validity
            Not Before: Sep 10 17:51:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99f552478e1f218e9b92188e4ae782d484f1bfac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:fb:8b:ee:e8:c5:df:9f:be:d7:c7:f4:62:03:
                    8c:8d:84:db:09:6f:8e:ec:61:40:f6:f2:77:7a:cf:
                    3c:7b:6b:7d:9c:86:df:3b:3a:46:32:8a:02:08:e4:
                    3c:0f:90:01:a5:0b:15:cc:9f:77:21:ff:54:fc:8c:
                    ed:63:29:9d:8f:20:05:e7:54:14:b5:e8:c2:89:55:
                    83:46:ef:92:28:aa:c1:ff:43:df:92:b5:d0:6e:02:
                    8f:a7:45:de:1e:7c:9a:52:72:00:32:38:61:84:a9:
                    22:06:49:c6:0b:4b:32:ee:5a:9b:ac:0d:3c:29:b2:
                    0d:1a:f4:bb:18:9c:b3:96:6e:4f:c0:43:07:64:8b:
                    1e:c4:1f:a7:d6:48:62:60:e1:fa:29:6f:30:ec:1d:
                    d5:04:78:49:82:68:58:21:a9:83:9c:11:58:50:c0:
                    c2:e7:1e:ae:5b:b1:57:a7:44:dc:fe:ed:b8:75:22:
                    96:85:44:f2:3c:1d:f7:bf:12:fc:07:6a:81:75:78:
                    30:4e:1d:64:db:56:d2:f1:7f:85:a0:f4:14:d4:4f:
                    b9:18:ed:41:5a:92:b8:cd:39:6e:24:a3:af:1c:f3:
                    eb:08:61:ca:b0:94:74:c9:a9:fa:ab:a3:34:5a:71:
                    34:fc:85:47:3a:91:b0:6a:58:6c:66:20:e3:28:ef:
                    03:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F5:52:47:8E:1F:21:8E:9B:92:18:8E:4A:E7:82:D4:84:F1:BF:AC
            X509v3 Authority Key Identifier:
                keyid:F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/mfVSR44fIY6bkhiOSueC1ITxv6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.143.16.0/23
                IPv6:
                  2a14:b000::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:9e:1c:a0:36:b7:1d:ff:99:d2:d3:c2:d4:60:63:ea:2b:32:
         37:c7:92:f5:76:bd:a7:fd:3e:07:11:ff:c8:c1:aa:7f:9a:23:
         4c:43:0e:ad:68:06:b9:58:22:1c:93:84:b6:94:8a:32:cd:fd:
         c4:09:03:52:32:9d:f1:63:71:7a:ff:32:03:21:7c:12:cc:d1:
         90:a5:2a:dc:45:07:a8:5f:0a:12:35:17:30:8a:63:5d:0f:f5:
         de:ae:6c:3e:29:73:b0:79:a5:3e:79:7f:22:01:b2:ad:dd:c3:
         ff:85:ee:3a:b1:a4:f0:3c:4c:d9:f6:04:4a:3c:9e:ef:73:8f:
         8a:4f:8d:2e:74:26:85:7b:7d:b0:43:54:bf:cb:68:ad:b6:71:
         2c:35:23:fa:05:20:0e:a5:b3:8a:b4:f4:4e:f2:ce:4d:3c:74:
         53:8d:f1:9f:3a:44:54:89:ec:90:98:0a:ea:e9:2a:fa:b4:8f:
         23:d8:eb:d7:d6:ca:59:2d:69:65:d9:e3:5d:9f:b6:14:74:58:
         21:5e:39:ac:97:fc:ea:06:40:98:e9:b1:73:37:0a:74:25:e4:
         eb:6a:9e:ac:da:00:75:1d:18:b2:3f:3b:97:0d:6f:7e:68:6c:
         bd:7b:ea:d6:1e:12:1e:a1:bb:c1:10:d0:46:37:71:a7:8f:fe:
         85:14:cb:25
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZk0wNAjvJWaYd15gS1QBuItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OGUwYzNiOTMzM2NiNmZkNDEzOWU0NTVhNWFiYmFmZDU2
OTUzMmEwHhcNMjUwOTEwMTc1MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWY1NTI0NzhlMWYyMThlOWI5MjE4OGU0YWU3ODJkNDg0ZjFiZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/uL7ujF35++18f0YgOMjYTbCW+O
7GFA9vJ3es88e2t9nIbfOzpGMooCCOQ8D5ABpQsVzJ93If9U/IztYymdjyAF51QU
tejCiVWDRu+SKKrB/0PfkrXQbgKPp0XeHnyaUnIAMjhhhKkiBknGC0sy7lqbrA08
KbINGvS7GJyzlm5PwEMHZIsexB+n1khiYOH6KW8w7B3VBHhJgmhYIamDnBFYUMDC
5x6uW7FXp0Tc/u24dSKWhUTyPB33vxL8B2qBdXgwTh1k21bS8X+FoPQU1E+5GO1B
WpK4zTluJKOvHPPrCGHKsJR0yan6q6M0WnE0/IVHOpGwalhsZiDjKO8DewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJn1UkeOHyGOm5IYjkrngtSE8b+sMB8GA1UdIwQY
MBaAFPWODDuTM8tv1BOeRVpau6/VaVMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQt
MmJjMWFlM2RiZGJlLzEvbWZWU1I0NGZJWTZia2hpT1N1ZUMxSVR4djZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQtMmJjMWFlM2RiZGJl
LzEvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwY8QMA0E
AgACMAcDBQMqFLAAMA0GCSqGSIb3DQEBCwUAA4IBAQBdnhygNrcd/5nS08LUYGPq
KzI3x5L1dr2n/T4HEf/Iwap/miNMQw6taAa5WCIck4S2lIoyzf3ECQNSMp3xY3F6
/zIDIXwSzNGQpSrcRQeoXwoSNRcwimNdD/Xermw+KXOweaU+eX8iAbKt3cP/he46
saTwPEzZ9gRKPJ7vc4+KT40udCaFe32wQ1S/y2ittnEsNSP6BSAOpbOKtPRO8s5N
PHRTjfGfOkRUieyQmArq6Sr6tI8j2OvX1spZLWll2eNdn7YUdFghXjmsl/zqBkCY
6bFzNwp0JeTrap6s2gB1HRiyPzuXDW9+aGy9e+rWHhIeobvBENBGN3Gnj/6FFMsl
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:50:52 2025 by rpki-client