Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/H1EL1U-GIPFFr0f1Q-aFy7Wb8e4.roa
File:                     H1EL1U-GIPFFr0f1Q-aFy7Wb8e4.roa (raw, json)
Hash identifier:          iqzV8mEdZbkZ5VJezg/UaqQeyUszupnBM56S/6XnGcM=
Subject key identifier:   1F:51:0B:D5:4F:86:20:F1:45:AF:47:F5:43:E6:85:CB:B5:9B:F1:EE
Certificate issuer:       /CN=712f2269d15633bdbc71d8cd3f458cbd03fe031f
Certificate serial:       0197BFD2F412FCFB02034012ECA6AABE6E05
Authority key identifier: 71:2F:22:69:D1:56:33:BD:BC:71:D8:CD:3F:45:8C:BD:03:FE:03:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/H1EL1U-GIPFFr0f1Q-aFy7Wb8e4.roa
Signing time:             Mon 30 Jun 2025 07:52:42 +0000
ROA not before:           Mon 30 Jun 2025 07:52:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207588
IP address blocks:        2a07:5680:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bf:d2:f4:12:fc:fb:02:03:40:12:ec:a6:aa:be:6e:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=712f2269d15633bdbc71d8cd3f458cbd03fe031f
        Validity
            Not Before: Jun 30 07:52:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f510bd54f8620f145af47f543e685cbb59bf1ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3d:07:d5:f2:fe:fe:ac:6f:7f:39:70:93:34:
                    ae:3e:43:e0:ce:e5:58:ee:32:63:c0:07:03:98:81:
                    79:20:67:c5:05:ce:70:2e:0f:dd:2a:ac:ec:2e:d3:
                    73:0e:87:bf:4d:0a:b1:5a:74:2e:13:70:72:26:6d:
                    5d:c2:0c:9e:66:c2:ba:60:3e:d3:dd:1a:b0:52:60:
                    fb:97:90:aa:88:e4:af:f0:e2:df:d9:19:0c:e5:c2:
                    c2:4a:57:15:ee:8d:b6:b4:79:cc:d6:0c:d8:e9:3e:
                    b4:1e:80:42:fd:40:cd:e0:ad:1b:4b:66:54:bc:70:
                    d4:84:82:a0:bb:72:0e:47:78:5b:2f:65:6d:29:4a:
                    d7:e1:a7:06:01:74:f6:08:3e:bf:67:b8:3f:e1:17:
                    d9:0d:3d:8a:d1:be:f3:82:44:f8:44:81:92:00:77:
                    c3:54:80:2b:59:d7:91:b5:cb:16:a6:0e:93:af:88:
                    69:27:1d:ce:ea:12:98:39:e8:e5:7d:c2:35:dc:25:
                    11:58:c4:ae:ea:7d:77:84:a6:09:8b:a8:ef:29:c5:
                    e8:2b:d5:68:39:32:f4:d6:84:ef:6d:24:1f:21:ce:
                    47:f3:65:7a:a1:67:1a:32:fc:5f:73:85:76:b4:11:
                    be:a6:61:23:7f:1b:8b:04:a5:1f:1b:bc:36:fa:aa:
                    4a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:51:0B:D5:4F:86:20:F1:45:AF:47:F5:43:E6:85:CB:B5:9B:F1:EE
            X509v3 Authority Key Identifier:
                keyid:71:2F:22:69:D1:56:33:BD:BC:71:D8:CD:3F:45:8C:BD:03:FE:03:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cS8iadFWM728cdjNP0WMvQP-Ax8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/H1EL1U-GIPFFr0f1Q-aFy7Wb8e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/e6373c-53cd-4fd5-a435-d18bab9515bf/1/cS8iadFWM728cdjNP0WMvQP-Ax8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:5680:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:32:ca:37:09:68:44:2f:87:b1:65:68:d1:f8:90:1b:9c:6e:
         00:09:cb:22:25:7f:46:ee:99:d7:7d:b6:bc:d1:55:26:bb:ce:
         ef:c5:b2:5f:5f:69:6b:6f:ed:c2:b6:e8:a5:0a:fd:76:2c:d3:
         81:5b:9e:a2:f8:40:3f:5d:59:2e:bd:0c:aa:98:6f:ab:bd:c2:
         71:61:e0:3b:f8:03:90:fc:66:9c:17:ed:12:0b:bb:d5:69:17:
         c0:36:80:7b:c7:a5:1d:e3:2e:86:c2:53:8d:91:89:98:22:74:
         51:61:f9:ea:0a:bb:0d:e0:65:c9:85:ae:20:89:b0:2e:59:d6:
         63:68:a2:a5:6c:8a:7b:26:2b:98:7d:91:a1:d7:0a:99:6c:9c:
         20:a7:bd:4a:e7:0e:58:2c:ee:90:2f:66:55:6c:ef:7d:94:b0:
         34:ef:6f:be:f3:c1:e0:2d:82:79:5d:73:88:ce:6d:c1:26:9a:
         2d:ba:6a:21:7f:a4:73:75:c9:3b:d2:ff:c0:c7:49:bd:ad:7b:
         4d:f0:ae:7c:d3:78:fe:13:17:ea:5b:e3:7a:5f:ef:4f:af:b3:
         86:e7:06:d2:73:6a:cf:5f:1d:7d:19:8f:9b:c6:7b:92:fc:7a:
         61:cd:f4:60:9a:46:87:49:81:23:f3:b4:8e:48:14:5f:1f:09:
         b3:10:ca:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZe/0vQS/PsCA0AS7Kaqvm4FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMmYyMjY5ZDE1NjMzYmRiYzcxZDhjZDNmNDU4Y2JkMDNm
ZTAzMWYwHhcNMjUwNjMwMDc1MjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjUxMGJkNTRmODYyMGYxNDVhZjQ3ZjU0M2U2ODVjYmI1OWJmMWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1D0H1fL+/qxvfzlwkzSuPkPgzuVY
7jJjwAcDmIF5IGfFBc5wLg/dKqzsLtNzDoe/TQqxWnQuE3ByJm1dwgyeZsK6YD7T
3RqwUmD7l5CqiOSv8OLf2RkM5cLCSlcV7o22tHnM1gzY6T60HoBC/UDN4K0bS2ZU
vHDUhIKgu3IOR3hbL2VtKUrX4acGAXT2CD6/Z7g/4RfZDT2K0b7zgkT4RIGSAHfD
VIArWdeRtcsWpg6Tr4hpJx3O6hKYOejlfcI13CURWMSu6n13hKYJi6jvKcXoK9Vo
OTL01oTvbSQfIc5H82V6oWcaMvxfc4V2tBG+pmEjfxuLBKUfG7w2+qpKfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB9RC9VPhiDxRa9H9UPmhcu1m/HuMB8GA1UdIwQY
MBaAFHEvImnRVjO9vHHYzT9FjL0D/gMfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1M4aWFkRldNNzI4Y2RqTlAwV012UVAtQXg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9lNjM3M2MtNTNjZC00ZmQ1LWE0MzUt
ZDE4YmFiOTUxNWJmLzEvSDFFTDFVLUdJUEZGcjBmMVEtYUZ5N1diOGU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9lNjM3M2MtNTNjZC00ZmQ1LWE0MzUtZDE4YmFiOTUxNWJm
LzEvY1M4aWFkRldNNzI4Y2RqTlAwV012UVAtQXg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgdWgAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQB9Mso3CWhEL4exZWjR+JAbnG4ACcsiJX9G7pnX
fba80VUmu87vxbJfX2lrb+3CtuilCv12LNOBW56i+EA/XVkuvQyqmG+rvcJxYeA7
+AOQ/GacF+0SC7vVaRfANoB7x6Ud4y6GwlONkYmYInRRYfnqCrsN4GXJha4gibAu
WdZjaKKlbIp7JiuYfZGh1wqZbJwgp71K5w5YLO6QL2ZVbO99lLA072++88HgLYJ5
XXOIzm3BJpotumohf6Rzdck70v/Ax0m9rXtN8K5803j+ExfqW+N6X+9Pr7OG5wbS
c2rPXx19GY+bxnuS/HphzfRgmkaHSYEj87SOSBRfHwmzEMqF
-----END CERTIFICATE-----
Generated at Sat Jul 26 18:27:27 2025 by rpki-client