Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e0cb06-deca-495d-acc0-7bafd43e7862/1/rVvEPxI-l2KV5RW4qoRYscyYDw4.roa
File:                     rVvEPxI-l2KV5RW4qoRYscyYDw4.roa (raw, json)
Hash identifier:          0O6ssmxEK7LDtpVncPYWugPc3GeZirxznz/PZThAqb0=
Subject key identifier:   AD:5B:C4:3F:12:3E:97:62:95:E5:15:B8:AA:84:58:B1:CC:98:0F:0E
Certificate issuer:       /CN=f457c020cdc22b68da26a469f6ffa6b448370d1d
Certificate serial:       019932B05591A77D2278A4636D4EE49195AF
Authority key identifier: F4:57:C0:20:CD:C2:2B:68:DA:26:A4:69:F6:FF:A6:B4:48:37:0D:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9FfAIM3CK2jaJqRp9v-mtEg3DR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e0cb06-deca-495d-acc0-7bafd43e7862/1/rVvEPxI-l2KV5RW4qoRYscyYDw4.roa
Signing time:             Wed 10 Sep 2025 08:14:01 +0000
ROA not before:           Wed 10 Sep 2025 08:14:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205051
IP address blocks:        45.142.168.0/22 maxlen: 24
                          91.205.80.0/22 maxlen: 24
                          185.25.232.0/24 maxlen: 24
                          185.231.208.0/22 maxlen: 24
                          2a0c:8100::/29 maxlen: 32
                          2a0e:dac0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e0cb06-deca-495d-acc0-7bafd43e7862/1/9FfAIM3CK2jaJqRp9v-mtEg3DR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e0cb06-deca-495d-acc0-7bafd43e7862/1/9FfAIM3CK2jaJqRp9v-mtEg3DR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9FfAIM3CK2jaJqRp9v-mtEg3DR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 08:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:32:b0:55:91:a7:7d:22:78:a4:63:6d:4e:e4:91:95:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f457c020cdc22b68da26a469f6ffa6b448370d1d
        Validity
            Not Before: Sep 10 08:14:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad5bc43f123e976295e515b8aa8458b1cc980f0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:28:8c:b2:20:0b:01:ee:15:2b:5b:4c:33:de:
                    50:c1:10:48:3b:76:90:d5:1d:cb:19:b1:94:40:68:
                    39:7a:3b:33:d0:b3:b5:78:bc:c7:91:71:a1:38:e6:
                    95:fe:11:bf:11:1b:1c:2f:52:98:00:6f:03:e6:89:
                    32:ed:3c:bd:45:04:48:69:3b:dc:bf:71:89:60:ed:
                    9c:a7:f3:7f:67:3d:54:d9:48:52:44:76:a7:16:53:
                    a2:6e:9a:b9:d2:fc:3e:f5:ed:fe:8c:47:b5:52:ad:
                    4b:5a:b1:3c:54:12:7c:26:57:92:8e:1b:ed:b2:98:
                    28:67:55:03:62:c8:84:2c:7d:a5:5c:09:a3:1e:a8:
                    44:86:c8:c3:5c:c6:f0:37:08:ba:a8:ac:c0:40:44:
                    a3:9c:99:3b:ad:ec:a5:6e:c0:61:71:12:50:ea:11:
                    09:80:39:d8:c2:3a:de:64:db:4a:4b:70:94:0b:90:
                    ff:6e:a9:ef:24:76:6d:20:ad:c2:a9:b2:94:ec:e7:
                    c7:32:60:97:a7:de:ad:ec:c0:e2:40:c4:2b:47:94:
                    68:10:81:9a:52:61:0a:0a:a4:b4:55:ce:e4:4a:9f:
                    cf:c2:99:4b:d3:f7:76:f6:84:72:71:4f:87:00:67:
                    10:b6:84:97:56:78:ed:82:ba:5a:ee:96:8d:86:3e:
                    d0:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:5B:C4:3F:12:3E:97:62:95:E5:15:B8:AA:84:58:B1:CC:98:0F:0E
            X509v3 Authority Key Identifier:
                keyid:F4:57:C0:20:CD:C2:2B:68:DA:26:A4:69:F6:FF:A6:B4:48:37:0D:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9FfAIM3CK2jaJqRp9v-mtEg3DR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e0cb06-deca-495d-acc0-7bafd43e7862/1/rVvEPxI-l2KV5RW4qoRYscyYDw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e0cb06-deca-495d-acc0-7bafd43e7862/1/9FfAIM3CK2jaJqRp9v-mtEg3DR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.168.0/22
                  91.205.80.0/22
                  185.25.232.0/24
                  185.231.208.0/22
                IPv6:
                  2a0c:8100::/29
                  2a0e:dac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9d:b2:88:2c:6d:4f:1e:b1:fa:a0:bf:e6:bb:aa:49:f8:88:3c:
         47:6f:11:42:03:fb:83:6b:3d:4d:fe:0e:98:e0:c3:bf:9b:3d:
         b7:dc:16:f5:1f:16:73:42:a3:ba:31:4d:e6:77:c0:eb:59:b1:
         b0:40:03:f3:51:92:2d:04:92:28:c5:11:8c:44:f6:76:5f:9c:
         5a:f5:a2:16:58:19:6f:a3:79:1d:16:9d:48:3b:97:e9:05:c0:
         79:be:41:c6:09:d5:a1:5b:f5:c5:f4:b6:fa:e4:a9:ba:80:c7:
         72:ea:40:aa:e5:84:eb:ba:f0:26:f4:b8:3e:1f:2d:fe:da:a0:
         cf:52:90:3d:4d:55:b8:4b:93:8f:82:0f:06:6b:a8:0a:71:22:
         d4:2f:dd:a0:c5:39:b4:df:85:d7:4b:7d:e9:b1:77:24:cd:de:
         df:5b:bf:f0:01:2e:d2:b9:02:53:f7:a1:c2:ee:05:5f:b0:97:
         7e:18:9e:43:b6:7c:85:d2:7e:7e:ad:a9:ed:13:1e:07:48:6e:
         94:83:18:4b:8f:01:1b:f2:65:13:60:1d:38:14:7c:6b:c2:7f:
         d5:9d:94:8c:a4:72:13:8c:98:45:8c:fa:34:ac:10:4a:fc:7c:
         5a:21:55:91:39:4a:3e:13:24:68:c2:7f:58:e0:dd:2d:50:02:
         51:a3:4e:2a
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZkysFWRp30ieKRjbU7kkZWvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0NTdjMDIwY2RjMjJiNjhkYTI2YTQ2OWY2ZmZhNmI0NDgz
NzBkMWQwHhcNMjUwOTEwMDgxNDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDViYzQzZjEyM2U5NzYyOTVlNTE1YjhhYTg0NThiMWNjOTgwZjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiiMsiALAe4VK1tMM95QwRBIO3aQ
1R3LGbGUQGg5ejsz0LO1eLzHkXGhOOaV/hG/ERscL1KYAG8D5oky7Ty9RQRIaTvc
v3GJYO2cp/N/Zz1U2UhSRHanFlOibpq50vw+9e3+jEe1Uq1LWrE8VBJ8JleSjhvt
spgoZ1UDYsiELH2lXAmjHqhEhsjDXMbwNwi6qKzAQESjnJk7reylbsBhcRJQ6hEJ
gDnYwjreZNtKS3CUC5D/bqnvJHZtIK3CqbKU7OfHMmCXp96t7MDiQMQrR5RoEIGa
UmEKCqS0Vc7kSp/PwplL0/d29oRycU+HAGcQtoSXVnjtgrpa7paNhj7QswIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFK1bxD8SPpdileUVuKqEWLHMmA8OMB8GA1UdIwQY
MBaAFPRXwCDNwito2iakafb/prRINw0dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUZmQUlNM0NLMmphSnFScDl2LW10RWczRFIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lMGNiMDYtZGVjYS00OTVkLWFjYzAt
N2JhZmQ0M2U3ODYyLzEvclZ2RVB4SS1sMktWNVJXNHFvUllzY3lZRHc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lMGNiMDYtZGVjYS00OTVkLWFjYzAtN2JhZmQ0M2U3ODYy
LzEvOUZmQUlNM0NLMmphSnFScDl2LW10RWczRFIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQCLY6oAwQC
W81QAwQAuRnoAwQCuefQMBQEAgACMA4DBQMqDIEAAwUDKg7awDANBgkqhkiG9w0B
AQsFAAOCAQEAnbKILG1PHrH6oL/mu6pJ+Ig8R28RQgP7g2s9Tf4OmODDv5s9t9wW
9R8Wc0KjujFN5nfA61mxsEAD81GSLQSSKMURjET2dl+cWvWiFlgZb6N5HRadSDuX
6QXAeb5BxgnVoVv1xfS2+uSpuoDHcupAquWE67rwJvS4Ph8t/tqgz1KQPU1VuEuT
j4IPBmuoCnEi1C/doMU5tN+F10t96bF3JM3e31u/8AEu0rkCU/ehwu4FX7CXfhie
Q7Z8hdJ+fq2p7RMeB0hulIMYS48BG/JlE2AdOBR8a8J/1Z2UjKRyE4yYRYz6NKwQ
Svx8WiFVkTlKPhMkaMJ/WODdLVACUaNOKg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:38 2025 by rpki-client