Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/5dFgSm2E_DKsRiD_XGZe1X7NCls.roa
File:                     5dFgSm2E_DKsRiD_XGZe1X7NCls.roa (raw, json)
Hash identifier:          HPaAjfyGSxNX+CH6UTKKbuPWK2HgLvvsMws7fKTqeLg=
Subject key identifier:   E5:D1:60:4A:6D:84:FC:32:AC:46:20:FF:5C:66:5E:D5:7E:CD:0A:5B
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019809336703D4B959B14B974E12C929EBBE
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/5dFgSm2E_DKsRiD_XGZe1X7NCls.roa
Signing time:             Mon 14 Jul 2025 13:50:20 +0000
ROA not before:           Mon 14 Jul 2025 13:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35196
IP address blocks:        2a09:5302:ffff::/48 maxlen: 48
                          2a0a:9300:1000::/48 maxlen: 48
                          2a0a:9301::/48 maxlen: 48
                          2a0a:9301:1::/48 maxlen: 48
                          2a0a:9301:2::/48 maxlen: 48
                          2a0a:9302::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:33:67:03:d4:b9:59:b1:4b:97:4e:12:c9:29:eb:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 14 13:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5d1604a6d84fc32ac4620ff5c665ed57ecd0a5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c2:d7:d7:fd:ef:be:7d:16:d2:89:f8:b8:d1:
                    6a:93:b2:75:a3:cf:ba:11:88:eb:f7:3e:61:49:f4:
                    65:a0:cd:3e:f6:31:1b:f9:e2:08:77:ab:b9:a7:3b:
                    cc:72:6f:ea:6d:72:54:df:00:ad:f4:a2:43:ce:43:
                    f1:3f:45:90:d3:57:12:fa:cb:1d:35:a7:16:b6:a7:
                    d0:5f:7b:5c:15:26:5f:2c:72:19:df:31:91:f8:ab:
                    a6:98:18:e1:2a:d7:22:07:67:6a:f1:f8:15:7f:b2:
                    04:ba:6d:0a:17:12:55:89:68:3b:c0:9e:73:f6:02:
                    00:10:a1:8c:f3:c1:bb:68:c0:65:28:91:4e:ce:48:
                    ac:c7:95:68:48:20:38:5d:8f:db:5d:c8:ee:98:7f:
                    38:1e:d2:87:2a:8f:35:2a:9e:3b:cf:f1:6f:0d:88:
                    bc:e3:8f:1c:62:a1:3a:47:dd:84:01:45:22:64:7f:
                    80:3a:7c:ea:dd:a5:b3:0c:e6:02:75:12:ca:97:f5:
                    bf:9a:e7:8c:86:11:d0:a6:14:9a:f4:73:4f:59:b5:
                    e4:0b:56:2c:22:db:c8:b8:bf:3c:6f:88:4e:36:f4:
                    14:3a:ef:48:d8:1b:aa:5f:f7:38:1e:4d:a3:eb:e2:
                    ac:37:8a:4f:b4:e2:29:62:13:1e:6e:70:2c:ba:11:
                    67:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:D1:60:4A:6D:84:FC:32:AC:46:20:FF:5C:66:5E:D5:7E:CD:0A:5B
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/5dFgSm2E_DKsRiD_XGZe1X7NCls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:5302:ffff::/48
                  2a0a:9300:1000::/48
                  2a0a:9301::-2a0a:9301:2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9302::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:41:e7:f4:50:d6:91:4a:bc:9a:4d:bf:46:19:77:c6:5d:bc:
         a1:e2:ac:74:96:11:6e:05:15:87:38:01:2c:d1:30:8f:30:3f:
         4b:db:86:60:ae:b7:07:55:3d:3b:90:fb:f9:13:03:d7:8e:dd:
         9d:5c:61:11:6c:eb:55:fd:cd:60:b1:84:51:12:69:8e:81:f4:
         ec:4f:1c:c5:3a:a1:8e:88:37:83:39:74:f4:37:55:04:21:54:
         26:ae:aa:eb:22:bd:a4:60:c5:d7:db:8e:6c:08:51:57:a9:0c:
         13:87:98:00:5d:b7:8c:06:30:fa:06:26:2d:d9:ad:a8:13:7f:
         5e:d9:dc:67:ca:2c:4e:4c:39:00:9d:ac:70:29:65:4a:70:8b:
         40:07:16:b4:d3:cb:1f:74:8b:a4:fb:89:4a:81:dc:78:b9:24:
         2e:dc:a3:4e:fe:d1:87:31:69:c0:80:b8:12:90:d6:85:80:6a:
         e4:38:cc:c0:8c:8c:e7:6b:ad:bb:ba:72:ac:50:19:03:f5:7a:
         65:29:f8:a1:52:09:28:9d:fb:36:96:cd:df:10:30:56:b7:2e:
         5e:d7:fc:50:44:01:7e:2c:fc:a9:a2:fa:61:72:7a:73:0b:2e:
         37:84:28:73:18:60:c7:ab:39:aa:d6:53:23:ed:18:02:8d:ce:
         9d:7f:03:fb
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZgJM2cD1LlZsUuXThLJKeu+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNzE0MTM1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWQxNjA0YTZkODRmYzMyYWM0NjIwZmY1YzY2NWVkNTdlY2QwYTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMLX1/3vvn0W0on4uNFqk7J1o8+6
EYjr9z5hSfRloM0+9jEb+eIId6u5pzvMcm/qbXJU3wCt9KJDzkPxP0WQ01cS+ssd
NacWtqfQX3tcFSZfLHIZ3zGR+KummBjhKtciB2dq8fgVf7IEum0KFxJViWg7wJ5z
9gIAEKGM88G7aMBlKJFOzkisx5VoSCA4XY/bXcjumH84HtKHKo81Kp47z/FvDYi8
448cYqE6R92EAUUiZH+AOnzq3aWzDOYCdRLKl/W/mueMhhHQphSa9HNPWbXkC1Ys
ItvIuL88b4hONvQUOu9I2BuqX/c4Hk2j6+KsN4pPtOIpYhMebnAsuhFnHwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFOXRYEpthPwyrEYg/1xmXtV+zQpbMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvNWRGZ1NtMkVfREtzUmlEX1hHWmUxWDdOQ2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAxBAIAAjArAwcAKglTAv//
AwcAKgqTABAAMBADBQAqCpMBAwcAKgqTAQACAwUAKgqTAjANBgkqhkiG9w0BAQsF
AAOCAQEAqUHn9FDWkUq8mk2/Rhl3xl28oeKsdJYRbgUVhzgBLNEwjzA/S9uGYK63
B1U9O5D7+RMD147dnVxhEWzrVf3NYLGEURJpjoH07E8cxTqhjog3gzl09DdVBCFU
Jq6q6yK9pGDF19uObAhRV6kME4eYAF23jAYw+gYmLdmtqBN/XtncZ8osTkw5AJ2s
cCllSnCLQAcWtNPLH3SLpPuJSoHceLkkLtyjTv7RhzFpwIC4EpDWhYBq5DjMwIyM
52utu7pyrFAZA/V6ZSn4oVIJKJ37NpbN3xAwVrcuXtf8UEQBfiz8qaL6YXJ6cwsu
N4Qocxhgx6s5qtZTI+0YAo3OnX8D+w==
-----END CERTIFICATE-----
Generated at Sun Jul 20 18:01:21 2025 by rpki-client