Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/rDdl4wb7d9_eC22yvGjUcZm-ZF0.roa
File:                     rDdl4wb7d9_eC22yvGjUcZm-ZF0.roa (raw, json)
Hash identifier:          IxVCz/Sbbi4L+BIjve8uTsWyEfGjkV7LQaO0qi7hXQI=
Subject key identifier:   AC:37:65:E3:06:FB:77:DF:DE:0B:6D:B2:BC:68:D4:71:99:BE:64:5D
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019812726B24B8F1438CEFC5288D06DC2357
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/rDdl4wb7d9_eC22yvGjUcZm-ZF0.roa
Signing time:             Wed 16 Jul 2025 08:55:45 +0000
ROA not before:           Wed 16 Jul 2025 08:55:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        79.121.148.0/23 maxlen: 24
                          79.121.154.0/23 maxlen: 24
                          79.121.162.0/23 maxlen: 24
                          79.121.164.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:12:72:6b:24:b8:f1:43:8c:ef:c5:28:8d:06:dc:23:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jul 16 08:55:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac3765e306fb77dfde0b6db2bc68d47199be645d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:26:8b:78:62:5e:e0:e0:d9:5b:10:6c:c5:f3:
                    ae:e3:54:fd:ac:fa:27:68:a7:89:99:e9:5a:ef:23:
                    64:a6:79:9e:28:23:d6:4c:52:d3:e9:99:a1:b2:74:
                    1e:ac:93:08:ff:04:f8:a5:38:6c:1d:f9:5a:82:1d:
                    b6:d2:c4:b5:8a:13:f8:17:50:00:80:d7:5f:08:fc:
                    32:fd:c1:d2:39:38:e8:6a:a4:a6:81:74:af:32:7f:
                    b7:73:73:1f:88:77:2f:45:8b:90:e8:d3:d8:18:37:
                    c4:fe:1c:43:85:52:d1:15:58:67:64:f1:18:e5:c1:
                    60:2e:20:c7:03:40:3c:6a:a8:e9:50:b6:12:df:a9:
                    39:1a:6e:b1:c9:57:f7:b5:55:ce:04:06:fe:1f:75:
                    4b:f6:76:4e:a2:0f:69:5c:7a:9b:25:ba:b8:75:1d:
                    36:46:33:d4:bf:20:30:04:f4:c7:1e:92:fe:97:38:
                    d1:05:13:76:f2:c5:94:84:21:9d:d7:ca:2d:71:f3:
                    67:25:3e:6b:1e:36:48:9c:c9:28:fa:10:10:43:35:
                    4d:21:95:b4:b8:69:9a:ea:8f:c1:69:55:d7:d6:55:
                    08:c6:07:91:f2:2b:1a:8c:1b:12:ff:76:2a:2a:05:
                    a2:d3:e4:d8:7c:cf:c3:10:45:c5:74:e4:9d:9f:ea:
                    1d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:37:65:E3:06:FB:77:DF:DE:0B:6D:B2:BC:68:D4:71:99:BE:64:5D
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/rDdl4wb7d9_eC22yvGjUcZm-ZF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.121.148.0/23
                  79.121.154.0/23
                  79.121.162.0-79.121.165.255

    Signature Algorithm: sha256WithRSAEncryption
         6f:a9:04:ce:e2:0b:79:d5:de:1e:16:f3:24:28:8c:fc:96:66:
         f8:94:e8:df:a8:03:93:4a:92:d1:2f:8e:da:9c:96:e0:4c:6d:
         08:41:de:76:92:28:f5:10:0b:4c:8a:c4:e4:b2:ee:03:e8:e9:
         5d:cd:15:96:48:58:63:0a:69:84:b3:32:ea:47:ea:25:cd:53:
         0f:36:60:24:53:28:e5:8e:07:ce:63:2d:5f:20:ac:fd:14:0e:
         72:56:36:52:2c:b3:30:2e:eb:51:e3:57:99:36:d8:25:19:0b:
         b2:13:2a:b2:b8:97:6f:e4:46:b7:6c:56:f8:88:35:5a:ca:bf:
         65:7f:00:c6:bd:56:2a:75:b2:31:8f:c5:17:24:26:4b:8e:ac:
         1b:b4:3c:34:ce:79:3f:bf:23:e6:a6:69:9e:a6:0f:3b:ad:21:
         1a:4a:8a:de:2f:85:3c:ba:b9:5a:1d:b5:0e:6a:c4:92:d4:70:
         37:ea:6e:08:6c:a4:92:7b:e1:95:06:5a:e0:6e:97:d3:d6:5d:
         4a:70:eb:c4:e3:55:84:3e:27:43:90:55:41:6e:a7:9d:a0:73:
         f1:6f:65:df:03:6f:15:42:af:8e:d4:52:a7:d4:43:47:3a:36:
         c5:e2:ed:15:34:30:2a:a5:fc:c1:ec:84:f1:b5:b3:db:81:f1:
         11:5a:d3:61
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZgScmskuPFDjO/FKI0G3CNXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUwNzE2MDg1NTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzM3NjVlMzA2ZmI3N2RmZGUwYjZkYjJiYzY4ZDQ3MTk5YmU2NDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiaLeGJe4ODZWxBsxfOu41T9rPon
aKeJmela7yNkpnmeKCPWTFLT6ZmhsnQerJMI/wT4pThsHflagh220sS1ihP4F1AA
gNdfCPwy/cHSOTjoaqSmgXSvMn+3c3MfiHcvRYuQ6NPYGDfE/hxDhVLRFVhnZPEY
5cFgLiDHA0A8aqjpULYS36k5Gm6xyVf3tVXOBAb+H3VL9nZOog9pXHqbJbq4dR02
RjPUvyAwBPTHHpL+lzjRBRN28sWUhCGd18otcfNnJT5rHjZInMko+hAQQzVNIZW0
uGma6o/BaVXX1lUIxgeR8isajBsS/3YqKgWi0+TYfM/DEEXFdOSdn+od5QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKw3ZeMG+3ff3gttsrxo1HGZvmRdMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvckRkbDR3YjdkOV9lQzIyeXZHalVjWm0tWkYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQBT3mUAwQB
T3maMAwDBAFPeaIDBAFPeaQwDQYJKoZIhvcNAQELBQADggEBAG+pBM7iC3nV3h4W
8yQojPyWZviU6N+oA5NKktEvjtqcluBMbQhB3naSKPUQC0yKxOSy7gPo6V3NFZZI
WGMKaYSzMupH6iXNUw82YCRTKOWOB85jLV8grP0UDnJWNlIsszAu61HjV5k22CUZ
C7ITKrK4l2/kRrdsVviINVrKv2V/AMa9Vip1sjGPxRckJkuOrBu0PDTOeT+/I+am
aZ6mDzutIRpKit4vhTy6uVodtQ5qxJLUcDfqbghspJJ74ZUGWuBul9PWXUpw68Tj
VYQ+J0OQVUFup52gc/FvZd8DbxVCr47UUqfUQ0c6NsXi7RU0MCql/MHshPG1s9uB
8RFa02E=
-----END CERTIFICATE-----
Generated at Tue Jul 22 12:29:36 2025 by rpki-client