Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/1TRtZnjq7TTtmFmMwtPs4KbKu44.roa
File:                     1TRtZnjq7TTtmFmMwtPs4KbKu44.roa (raw, json)
Hash identifier:          wIEdMzzW9jRKXoj00OQHzkUyKOO3GqmvJI2wEWN8eV8=
Subject key identifier:   D5:34:6D:66:78:EA:ED:34:ED:98:59:8C:C2:D3:EC:E0:A6:CA:BB:8E
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       01981EDEAA6B28F5688F6E2A231B6B148815
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/1TRtZnjq7TTtmFmMwtPs4KbKu44.roa
Signing time:             Fri 18 Jul 2025 18:49:25 +0000
ROA not before:           Fri 18 Jul 2025 18:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206873
IP address blocks:        2a11:1484::/32 maxlen: 32
                          2a11:1f04::/32 maxlen: 32
                          2a11:6303::/32 maxlen: 32
                          2a11:9381::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 03:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1e:de:aa:6b:28:f5:68:8f:6e:2a:23:1b:6b:14:88:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Jul 18 18:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5346d6678eaed34ed98598cc2d3ece0a6cabb8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:89:b6:ad:82:2c:51:00:b0:1f:f1:86:cf:0a:
                    86:0f:0f:7c:33:71:ec:0c:49:51:db:b2:83:a7:79:
                    92:b0:97:8d:a1:9c:e1:8b:28:fb:e6:0d:7a:a0:2b:
                    81:3e:de:67:7f:0c:08:2c:c8:55:10:71:f0:8c:c3:
                    2f:8f:ac:93:25:a2:fb:5b:e3:6d:8d:6d:95:a5:0d:
                    46:3f:69:51:78:bb:39:18:35:67:27:78:0e:60:18:
                    51:6e:33:5c:df:ee:5b:99:9d:85:18:54:74:ca:b0:
                    e3:c4:c8:74:ee:ba:16:69:8c:c8:58:09:c5:7f:f2:
                    60:f4:d6:ac:79:f4:1d:d6:38:cc:88:d1:4e:98:fe:
                    c0:73:90:04:2b:51:9e:96:a7:52:2e:fd:f3:8f:13:
                    c6:7b:5c:e2:a9:a3:47:71:e2:e2:90:5a:b4:95:a5:
                    29:5d:b0:85:10:eb:f6:b2:20:6e:d1:93:04:15:0b:
                    43:65:77:d9:12:ec:91:96:fa:67:9a:f6:9a:3e:32:
                    aa:cb:9e:d6:7e:90:63:06:71:b0:e3:71:f9:f1:7f:
                    6f:1f:7e:48:c0:d0:99:53:ff:07:93:85:66:e5:7d:
                    91:74:85:9f:fd:d2:56:e5:90:bb:48:3b:33:08:d8:
                    76:77:c4:84:e4:42:82:9c:4a:a2:0a:d0:d2:78:5c:
                    b9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:34:6D:66:78:EA:ED:34:ED:98:59:8C:C2:D3:EC:E0:A6:CA:BB:8E
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/1TRtZnjq7TTtmFmMwtPs4KbKu44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1484::/32
                  2a11:1f04::/32
                  2a11:6303::/32
                  2a11:9381::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:ce:b0:af:e2:d1:21:85:f5:99:a8:da:56:85:28:bb:a6:e8:
         84:0e:6e:5f:8a:aa:6f:d3:cb:cf:60:5b:0e:26:86:fc:6d:4d:
         1b:12:4b:b5:c2:dc:9b:4a:ec:37:84:56:8d:0d:e2:f7:32:34:
         fa:72:c2:d4:8a:29:92:40:cf:1d:d0:c8:2e:4a:76:99:3c:ad:
         75:4d:c3:1b:f0:2b:39:43:81:eb:7a:25:5d:9b:f1:7d:c1:17:
         2d:44:fb:39:6a:73:4d:fa:86:55:4b:5a:40:df:4f:06:53:48:
         77:09:53:d8:04:8f:00:ce:35:f7:7a:8d:a7:b6:02:e3:3b:b1:
         aa:a4:a2:03:b8:ad:83:75:3e:17:0d:87:64:67:12:29:24:b4:
         70:32:87:77:dc:05:20:27:0c:ed:ea:e5:bb:8e:b6:f3:5f:ba:
         62:55:75:9f:00:28:ff:32:2c:d5:e7:bb:55:bf:97:db:6b:73:
         f2:41:67:95:61:43:66:a9:29:a3:d8:66:b6:7a:6d:fa:0d:f9:
         f4:89:dc:fc:97:1b:9b:e1:65:b7:a9:1b:72:e4:50:37:ee:d9:
         1a:da:53:70:d9:ba:5a:a1:3f:b9:03:9d:07:22:d7:18:cb:04:
         5f:34:95:95:fe:f3:5d:d5:35:6a:56:97:d5:3c:58:fb:13:e1:
         09:fa:a3:ec
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZge3qprKPVoj24qIxtrFIgVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwNzE4MTg0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTM0NmQ2Njc4ZWFlZDM0ZWQ5ODU5OGNjMmQzZWNlMGE2Y2FiYjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4m2rYIsUQCwH/GGzwqGDw98M3Hs
DElR27KDp3mSsJeNoZzhiyj75g16oCuBPt5nfwwILMhVEHHwjMMvj6yTJaL7W+Nt
jW2VpQ1GP2lReLs5GDVnJ3gOYBhRbjNc3+5bmZ2FGFR0yrDjxMh07roWaYzIWAnF
f/Jg9NasefQd1jjMiNFOmP7Ac5AEK1GelqdSLv3zjxPGe1ziqaNHceLikFq0laUp
XbCFEOv2siBu0ZMEFQtDZXfZEuyRlvpnmvaaPjKqy57WfpBjBnGw43H58X9vH35I
wNCZU/8Hk4Vm5X2RdIWf/dJW5ZC7SDszCNh2d8SE5EKCnEqiCtDSeFy5dwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFNU0bWZ46u007ZhZjMLT7OCmyruOMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvMVRSdFpuanE3VFR0bUZtTXd0UHM0S2JLdTQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUAKhEUhAMF
ACoRHwQDBQAqEWMDAwUAKhGTgTANBgkqhkiG9w0BAQsFAAOCAQEAFM6wr+LRIYX1
majaVoUou6bohA5uX4qqb9PLz2BbDiaG/G1NGxJLtcLcm0rsN4RWjQ3i9zI0+nLC
1IopkkDPHdDILkp2mTytdU3DG/ArOUOB63olXZvxfcEXLUT7OWpzTfqGVUtaQN9P
BlNIdwlT2ASPAM4193qNp7YC4zuxqqSiA7itg3U+Fw2HZGcSKSS0cDKHd9wFICcM
7erlu46281+6YlV1nwAo/zIs1ee7Vb+X22tz8kFnlWFDZqkpo9hmtnpt+g359Inc
/Jcbm+Flt6kbcuRQN+7ZGtpTcNm6WqE/uQOdByLXGMsEXzSVlf7zXdU1alaX1TxY
+xPhCfqj7A==
-----END CERTIFICATE-----
Generated at Fri Jul 25 11:07:52 2025 by rpki-client