Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/dbsf5J4Sz5N_As6Cinl9Y7weUls.roa
File:                     dbsf5J4Sz5N_As6Cinl9Y7weUls.roa (raw, json)
Hash identifier:          Ekt7gkuP6CeL8dauIPj5TeRmDc0cMc8TCvKmJ1paA+k=
Subject key identifier:   75:BB:1F:E4:9E:12:CF:93:7F:02:CE:82:8A:79:7D:63:BC:1E:52:5B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0197F3E659262CD4ACE2D5A5EBC30DDFF147
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/dbsf5J4Sz5N_As6Cinl9Y7weUls.roa
Signing time:             Thu 10 Jul 2025 10:34:08 +0000
ROA not before:           Thu 10 Jul 2025 10:34:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205544
IP address blocks:        2a09:17c0:b19a::/48 maxlen: 48
                          2a0e:1a83:88::/48 maxlen: 48
                          2a0f:1206:77::/48 maxlen: 48
                          2a0f:1540::/29 maxlen: 29
                          2a0f:1640::/29 maxlen: 29
                          2a0f:1940::/29 maxlen: 29
                          2a0f:2840::/29 maxlen: 29
                          2a0f:2940::/29 maxlen: 29
                          2a0f:2a40::/29 maxlen: 29
                          2a0f:2dc0::/29 maxlen: 29
                          2a0f:2e40::/29 maxlen: 29
                          2a0f:30c0::/29 maxlen: 29
                          2a0f:3140::/29 maxlen: 29
                          2a0f:3540::/29 maxlen: 29
                          2a0f:3740::/29 maxlen: 29
                          2a0f:bc02::/32 maxlen: 32
                          2a0f:e1c0:3::/48 maxlen: 48
                          2a0f:e1c7:100::/48 maxlen: 48
                          2a0f:e200:5::/48 maxlen: 48
                          2a0f:e202:97::/48 maxlen: 48
                          2a0f:e440::/29 maxlen: 29
                          2a0f:ea40:8::/48 maxlen: 48
                          2a0f:ea44:88::/48 maxlen: 48
                          2a0f:ea47:ff49::/48 maxlen: 48
                          2a10:3440::/29 maxlen: 29
                          2a10:3840::/29 maxlen: 29
                          2a11:3240::/29 maxlen: 29
                          2a11:4800::/29 maxlen: 29
                          2a11:8700::/29 maxlen: 29
                          2a11:e580::/29 maxlen: 29
                          2a11:efc0::/29 maxlen: 29
                          2a12:2c80::/29 maxlen: 29
                          2a12:3f00::/29 maxlen: 29
                          2a12:4b00::/29 maxlen: 29
                          2a12:5900::/29 maxlen: 29
                          2a12:5e00::/29 maxlen: 29
                          2a12:cd00::/29 maxlen: 29
                          2a12:dc00::/29 maxlen: 29
                          2a12:ecc0:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 20:44:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:e6:59:26:2c:d4:ac:e2:d5:a5:eb:c3:0d:df:f1:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jul 10 10:34:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75bb1fe49e12cf937f02ce828a797d63bc1e525b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:29:3a:87:e2:99:cf:c4:f8:7c:92:89:30:2c:
                    e4:52:be:43:23:02:c7:f3:3c:f5:b5:ed:69:9e:ef:
                    5a:02:d9:a1:15:ea:79:24:4d:bb:c5:f7:46:a7:f1:
                    4d:56:55:1b:ac:7a:a2:c5:f6:2f:cb:4c:df:37:de:
                    d6:61:5d:b2:51:4c:3d:f1:7b:7f:6b:ec:98:a1:36:
                    ba:27:a6:52:80:d4:dc:09:b6:d4:cf:66:70:e8:8b:
                    20:ce:7c:f0:99:97:fa:a0:1b:7b:72:0e:52:85:13:
                    df:ef:5e:8e:5b:79:5f:8c:8d:65:a2:2e:82:c2:09:
                    88:a2:06:90:c6:93:a5:bf:40:05:38:43:36:81:6b:
                    fd:00:ad:dd:98:1f:01:02:20:60:96:9c:7e:e6:c1:
                    7f:f0:bb:19:23:5b:9f:0b:9c:d0:64:6a:71:85:e5:
                    4d:aa:97:6e:a8:82:7e:03:f5:66:e5:bb:75:f4:c0:
                    71:3e:5f:e4:26:b9:df:a7:76:f3:a3:83:e3:83:33:
                    8d:5d:6d:45:50:11:8d:95:b9:f9:e0:4a:49:af:37:
                    ee:f5:94:f6:b9:18:01:fc:39:95:7d:31:48:49:07:
                    f5:3e:66:52:21:af:47:47:c3:3b:66:15:50:98:b6:
                    6b:0d:e6:00:eb:9b:f3:e7:21:0c:3b:1d:dd:2c:64:
                    3b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:BB:1F:E4:9E:12:CF:93:7F:02:CE:82:8A:79:7D:63:BC:1E:52:5B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/dbsf5J4Sz5N_As6Cinl9Y7weUls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:17c0:b19a::/48
                  2a0e:1a83:88::/48
                  2a0f:1206:77::/48
                  2a0f:1540::/29
                  2a0f:1640::/29
                  2a0f:1940::/29
                  2a0f:2840::/29
                  2a0f:2940::/29
                  2a0f:2a40::/29
                  2a0f:2dc0::/29
                  2a0f:2e40::/29
                  2a0f:30c0::/29
                  2a0f:3140::/29
                  2a0f:3540::/29
                  2a0f:3740::/29
                  2a0f:bc02::/32
                  2a0f:e1c0:3::/48
                  2a0f:e1c7:100::/48
                  2a0f:e200:5::/48
                  2a0f:e202:97::/48
                  2a0f:e440::/29
                  2a0f:ea40:8::/48
                  2a0f:ea44:88::/48
                  2a0f:ea47:ff49::/48
                  2a10:3440::/29
                  2a10:3840::/29
                  2a11:3240::/29
                  2a11:4800::/29
                  2a11:8700::/29
                  2a11:e580::/29
                  2a11:efc0::/29
                  2a12:2c80::/29
                  2a12:3f00::/29
                  2a12:4b00::/29
                  2a12:5900::/29
                  2a12:5e00::/29
                  2a12:cd00::/29
                  2a12:dc00::/29
                  2a12:ecc0:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:7e:82:85:75:29:63:c0:49:c0:67:65:25:88:23:4c:a1:a3:
         11:cc:77:54:52:5a:c9:7b:b4:f1:18:ad:4c:ce:55:98:02:20:
         ee:58:9d:de:23:a5:4c:e0:f1:35:20:fb:1e:8e:d8:9f:b4:f8:
         5e:be:b5:18:68:b1:f1:0b:ab:46:98:6f:5c:38:0f:3a:58:73:
         01:09:48:b7:f7:39:c0:9d:dc:cc:fd:5c:7b:a1:67:e9:1d:ad:
         76:8e:25:65:d3:74:dd:f9:6b:48:00:98:26:a1:4d:92:df:a2:
         98:f1:40:c9:ee:f4:c8:c0:e2:ca:87:f3:53:c3:11:1f:4a:5e:
         2f:0c:85:12:17:0c:17:d5:a1:2d:6d:05:50:ab:eb:67:71:db:
         28:d6:ad:88:29:d9:21:c3:5f:6e:91:e3:f1:df:87:af:e0:3c:
         a7:19:37:2d:87:e6:16:1d:1b:f6:df:8b:e8:f5:32:ac:c3:74:
         06:9a:8d:dc:fc:0a:d2:28:33:e7:86:ed:b9:21:0b:9f:69:05:
         3b:34:c9:cd:1b:47:95:f1:29:be:48:6e:1f:f5:3c:f0:76:de:
         1d:a6:89:ed:34:d4:8e:44:24:c4:55:58:85:79:ee:66:1a:e7:
         cb:7b:c6:d6:72:fc:e1:43:48:49:1e:a9:aa:e5:88:aa:40:c0:
         c8:7a:39:36
-----BEGIN CERTIFICATE-----
MIIGKDCCBRCgAwIBAgISAZfz5lkmLNSs4tWl68MN3/FHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNzEwMTAzNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWJiMWZlNDllMTJjZjkzN2YwMmNlODI4YTc5N2Q2M2JjMWU1MjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSk6h+KZz8T4fJKJMCzkUr5DIwLH
8zz1te1pnu9aAtmhFep5JE27xfdGp/FNVlUbrHqixfYvy0zfN97WYV2yUUw98Xt/
a+yYoTa6J6ZSgNTcCbbUz2Zw6IsgznzwmZf6oBt7cg5ShRPf716OW3lfjI1loi6C
wgmIogaQxpOlv0AFOEM2gWv9AK3dmB8BAiBglpx+5sF/8LsZI1ufC5zQZGpxheVN
qpduqIJ+A/Vm5bt19MBxPl/kJrnfp3bzo4PjgzONXW1FUBGNlbn54EpJrzfu9ZT2
uRgB/DmVfTFISQf1PmZSIa9HR8M7ZhVQmLZrDeYA65vz5yEMOx3dLGQ7zwIDAQAB
o4IDNDCCAzAwHQYDVR0OBBYEFHW7H+SeEs+TfwLOgop5fWO8HlJbMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZGJzZjVKNFN6NU5fQXM2Q2lubDlZN3dlVWxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBSAYIKwYBBQUHAQcBAf8EggE3MIIBMzCCAS8EAgACMIIB
JwMHACoJF8CxmgMHACoOGoMAiAMHACoPEgYAdwMFAyoPFUADBQMqDxZAAwUDKg8Z
QAMFAyoPKEADBQMqDylAAwUDKg8qQAMFAyoPLcADBQMqDy5AAwUDKg8wwAMFAyoP
MUADBQMqDzVAAwUDKg83QAMFACoPvAIDBwAqD+HAAAMDBwAqD+HHAQADBwAqD+IA
AAUDBwAqD+ICAJcDBQMqD+RAAwcAKg/qQAAIAwcAKg/qRACIAwcAKg/qR/9JAwUD
KhA0QAMFAyoQOEADBQMqETJAAwUDKhFIAAMFAyoRhwADBQMqEeWAAwUDKhHvwAMF
AyoSLIADBQMqEj8AAwUDKhJLAAMFAyoSWQADBQMqEl4AAwUDKhLNAAMFAyoS3AAD
BwAqEuzAAAMwDQYJKoZIhvcNAQELBQADggEBALF+goV1KWPAScBnZSWII0yhoxHM
d1RSWsl7tPEYrUzOVZgCIO5Ynd4jpUzg8TUg+x6O2J+0+F6+tRhosfELq0aYb1w4
DzpYcwEJSLf3OcCd3Mz9XHuhZ+kdrXaOJWXTdN35a0gAmCahTZLfopjxQMnu9MjA
4sqH81PDER9KXi8MhRIXDBfVoS1tBVCr62dx2yjWrYgp2SHDX26R4/Hfh6/gPKcZ
Ny2H5hYdG/bfi+j1MqzDdAaajdz8CtIoM+eG7bkhC59pBTs0yc0bR5XxKb5Ibh/1
PPB23h2mie001I5EJMRVWIV57mYa58t7xtZy/OFDSEkeqarliKpAwMh6OTY=
-----END CERTIFICATE-----
Generated at Wed Jul 23 01:57:23 2025 by rpki-client