Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/4uRgRpGbLoXPg7toWaPiH-1C8Hg.roa
File:                     4uRgRpGbLoXPg7toWaPiH-1C8Hg.roa (raw, json)
Hash identifier:          RWW+PTSZT30qqVVeyDtR8WjZoVYE1N5EjQjj6pbH+Iw=
Subject key identifier:   E2:E4:60:46:91:9B:2E:85:CF:83:BB:68:59:A3:E2:1F:ED:42:F0:78
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       019809E4D6F57E94AFB858CF2646E7ED3AB3
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/4uRgRpGbLoXPg7toWaPiH-1C8Hg.roa
Signing time:             Mon 14 Jul 2025 17:04:08 +0000
ROA not before:           Mon 14 Jul 2025 17:04:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211009
IP address blocks:        2a0a:c380::/32 maxlen: 32
                          2a11:be83::/32 maxlen: 32
                          2a12:10c0::/29 maxlen: 29
                          2a12:15c0::/29 maxlen: 29
                          2a12:1947::/32 maxlen: 32
                          2a12:25c0::/29 maxlen: 29
                          2a12:34c0::/29 maxlen: 29
                          2a12:4240::/29 maxlen: 29
                          2a12:7980::/29 maxlen: 29
                          2a12:c180::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:e4:d6:f5:7e:94:af:b8:58:cf:26:46:e7:ed:3a:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Jul 14 17:04:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2e46046919b2e85cf83bb6859a3e21fed42f078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c1:ca:4b:cd:bf:72:7f:8d:4e:04:0a:d0:6d:
                    80:de:8c:e9:b0:96:2c:7f:f5:87:c6:08:09:86:d8:
                    96:49:53:f4:a6:ad:a6:9e:c0:a6:0c:9b:c7:41:0e:
                    bc:22:97:60:da:97:f2:4c:81:29:30:80:09:96:0b:
                    cb:66:b2:2c:55:2e:fb:5c:9c:5a:48:85:15:7c:9f:
                    fb:b4:22:cc:e5:36:84:f9:11:83:e2:31:c2:f9:80:
                    a8:b4:c5:fe:87:43:9c:9e:1b:1e:ba:51:9e:98:13:
                    2f:64:f4:de:e3:3a:8c:4d:c2:30:a5:2c:36:de:38:
                    04:64:33:b2:85:3c:9b:c0:3d:a6:d6:5e:16:88:8e:
                    2d:e9:d9:85:11:5f:56:11:f0:7e:06:d2:8c:f4:2b:
                    48:7e:7c:de:80:62:6b:ed:79:bf:ff:9a:88:d0:61:
                    c4:04:15:a0:6e:ca:58:e2:c4:6e:a0:14:04:34:51:
                    e2:fd:17:1c:b8:1c:66:24:e4:9d:b8:f6:99:6d:44:
                    16:88:bd:f8:47:bd:16:39:4d:d1:2f:d8:0c:ee:48:
                    9c:51:2e:1b:24:39:59:a8:2e:41:64:1b:6b:28:b5:
                    ba:21:20:e6:74:d9:ae:8b:ca:cd:2d:8b:ef:95:59:
                    2d:b9:9c:01:00:b6:49:32:f2:7a:62:f5:f1:58:23:
                    82:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:E4:60:46:91:9B:2E:85:CF:83:BB:68:59:A3:E2:1F:ED:42:F0:78
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/4uRgRpGbLoXPg7toWaPiH-1C8Hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:c380::/32
                  2a11:be83::/32
                  2a12:10c0::/29
                  2a12:15c0::/29
                  2a12:1947::/32
                  2a12:25c0::/29
                  2a12:34c0::/29
                  2a12:4240::/29
                  2a12:7980::/29
                  2a12:c180::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:58:c7:1b:35:d3:6a:a0:93:04:0e:7b:39:e4:2d:41:6e:d7:
         73:b9:19:00:7c:0c:3c:3a:f5:86:98:61:b9:78:c8:23:24:ae:
         6f:ca:ca:f6:77:76:cd:f6:a0:83:76:93:df:be:1d:4e:f2:8f:
         ad:67:d9:59:9d:67:94:93:92:67:60:aa:80:0a:6f:e7:b2:10:
         7b:e0:16:a9:0e:74:13:89:a0:66:6d:40:fa:49:7d:9d:36:c4:
         6a:ab:c4:47:1c:44:13:7c:ff:f4:01:94:23:99:2b:2d:64:aa:
         03:73:64:15:a8:dd:44:7a:42:9e:e5:93:7b:1a:ce:38:ea:64:
         8f:b1:0b:b4:bb:3b:e3:0c:3b:93:1b:cc:73:0f:0f:25:fc:5b:
         7e:cb:99:f9:c4:3f:91:36:95:fd:de:ca:25:18:dc:b1:a6:b8:
         d2:7e:05:11:d5:db:a1:f7:2a:81:bf:57:1b:3b:14:f1:10:b5:
         69:70:a8:61:12:8b:c6:75:92:a4:6d:a3:c7:73:38:b0:c5:27:
         3d:b4:98:35:5c:5d:30:e8:da:59:8c:ca:a8:3b:97:cb:10:28:
         f2:68:3e:fb:89:69:e9:74:24:48:4f:57:6c:b7:c9:fb:08:84:
         59:70:30:7c:f8:d8:46:5c:e7:d4:7e:54:51:db:42:41:9d:5a:
         25:d0:05:e4
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZgJ5Nb1fpSvuFjPJkbn7TqzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNzE0MTcwNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmU0NjA0NjkxOWIyZTg1Y2Y4M2JiNjg1OWEzZTIxZmVkNDJmMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsHKS82/cn+NTgQK0G2A3ozpsJYs
f/WHxggJhtiWSVP0pq2mnsCmDJvHQQ68Ipdg2pfyTIEpMIAJlgvLZrIsVS77XJxa
SIUVfJ/7tCLM5TaE+RGD4jHC+YCotMX+h0OcnhseulGemBMvZPTe4zqMTcIwpSw2
3jgEZDOyhTybwD2m1l4WiI4t6dmFEV9WEfB+BtKM9CtIfnzegGJr7Xm//5qI0GHE
BBWgbspY4sRuoBQENFHi/RccuBxmJOSduPaZbUQWiL34R70WOU3RL9gM7kicUS4b
JDlZqC5BZBtrKLW6ISDmdNmui8rNLYvvlVktuZwBALZJMvJ6YvXxWCOCjwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFOLkYEaRmy6Fz4O7aFmj4h/tQvB4MB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvNHVSZ1JwR2JMb1hQZzd0b1dhUGlILTFDOEhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUAKgrDgAMF
ACoRvoMDBQMqEhDAAwUDKhIVwAMFACoSGUcDBQMqEiXAAwUDKhI0wAMFAyoSQkAD
BQMqEnmAAwUDKhLBgDANBgkqhkiG9w0BAQsFAAOCAQEAj1jHGzXTaqCTBA57OeQt
QW7Xc7kZAHwMPDr1hphhuXjIIySub8rK9nd2zfagg3aT374dTvKPrWfZWZ1nlJOS
Z2CqgApv57IQe+AWqQ50E4mgZm1A+kl9nTbEaqvERxxEE3z/9AGUI5krLWSqA3Nk
FajdRHpCnuWTexrOOOpkj7ELtLs74ww7kxvMcw8PJfxbfsuZ+cQ/kTaV/d7KJRjc
saa40n4FEdXbofcqgb9XGzsU8RC1aXCoYRKLxnWSpG2jx3M4sMUnPbSYNVxdMOja
WYzKqDuXyxAo8mg++4lp6XQkSE9XbLfJ+wiEWXAwfPjYRlzn1H5UUdtCQZ1aJdAF
5A==
-----END CERTIFICATE-----
Generated at Fri Jul 25 01:04:44 2025 by rpki-client