Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/BA5KV0qch7eRwK8iNS7Ginv7mPo.roa
File:                     BA5KV0qch7eRwK8iNS7Ginv7mPo.roa (raw, json)
Hash identifier:          g51hA9Af6Sjh5mXBBikwTAuq5cVrwKqU5G3PZcvqOEg=
Subject key identifier:   04:0E:4A:57:4A:9C:87:B7:91:C0:AF:22:35:2E:C6:8A:7B:FB:98:FA
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       019833AF0899824BF76E96872BCAAED5034C
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/BA5KV0qch7eRwK8iNS7Ginv7mPo.roa
Signing time:             Tue 22 Jul 2025 19:49:25 +0000
ROA not before:           Tue 22 Jul 2025 19:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204490
IP address blocks:        2a11:6506::/32 maxlen: 32
                          2a11:7685::/32 maxlen: 32
                          2a11:8300::/32 maxlen: 32
                          2a11:b783::/32 maxlen: 32
                          2a11:c106::/32 maxlen: 32
                          2a11:cd00::/32 maxlen: 32
                          2a11:d084::/32 maxlen: 32
                          2a12:3b40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:33:af:08:99:82:4b:f7:6e:96:87:2b:ca:ae:d5:03:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Jul 22 19:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=040e4a574a9c87b791c0af22352ec68a7bfb98fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:41:d9:78:bb:6e:08:3e:ea:7e:41:58:db:d6:
                    7c:53:64:46:dd:da:ed:3b:2b:55:48:c7:c7:64:dc:
                    0e:0d:5c:24:d9:68:ec:f0:ae:49:db:11:7b:19:d3:
                    86:c4:2f:ca:46:41:17:e0:b0:4e:a6:27:82:1f:95:
                    2f:f1:61:03:18:89:eb:22:9b:97:ab:56:0d:4b:72:
                    00:1b:4b:31:f0:c4:dd:6e:64:90:9c:27:ea:45:68:
                    c9:6c:03:f8:c6:0f:3f:e3:9f:c9:f1:50:91:9e:41:
                    86:a0:8d:85:e2:1e:e6:0b:3e:e9:66:c2:fd:19:36:
                    cf:7c:d8:eb:dd:ed:37:99:f0:65:e2:51:c2:d6:bc:
                    d7:4a:7f:23:d9:56:f3:12:1d:5e:df:76:7d:28:19:
                    b6:67:c0:06:f7:b1:91:ad:aa:e5:da:e4:94:42:6d:
                    ab:bb:bb:51:fd:0b:33:36:1a:1a:ff:23:8b:30:75:
                    82:9f:36:66:e6:ae:41:06:06:a1:34:ee:ed:b9:88:
                    e4:14:55:f7:e1:aa:a9:fc:c3:51:9f:79:dd:d0:0f:
                    db:dc:34:08:b8:0b:b6:a9:8f:7f:5b:e5:b1:4d:92:
                    36:67:bc:32:7e:ee:49:58:ea:3e:de:a1:18:c2:16:
                    0c:8e:c5:3d:8f:76:6a:2d:e2:8b:2a:a7:74:4b:1d:
                    2a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:0E:4A:57:4A:9C:87:B7:91:C0:AF:22:35:2E:C6:8A:7B:FB:98:FA
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/BA5KV0qch7eRwK8iNS7Ginv7mPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:6506::/32
                  2a11:7685::/32
                  2a11:8300::/32
                  2a11:b783::/32
                  2a11:c106::/32
                  2a11:cd00::/32
                  2a11:d084::/32
                  2a12:3b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:81:96:fc:ef:90:49:74:12:d9:57:bc:fb:64:d8:c7:87:be:
         8e:f9:e1:b3:e0:06:13:59:4b:c1:ba:28:aa:91:52:d2:16:9e:
         01:25:cd:9b:aa:b2:65:51:bd:3e:8d:b2:bb:92:1a:40:29:0c:
         07:06:cb:dc:c3:37:40:72:e6:4c:3d:4a:aa:17:f9:ed:96:65:
         e8:5b:d9:3b:d9:e1:87:fc:34:b7:1e:06:2b:5c:93:37:5b:a9:
         5f:56:eb:ad:5e:c4:ca:0c:1a:53:9a:81:b8:05:22:cb:7c:ba:
         fe:e9:2e:76:d2:ca:f7:21:88:2b:b3:36:33:f3:7e:2a:ec:e3:
         43:86:39:67:b3:af:d7:c3:43:6a:59:29:4d:25:a5:d2:ea:bc:
         6c:55:af:d8:cc:2a:2b:94:73:25:99:9d:e3:58:2f:81:85:95:
         fc:d8:d4:7a:64:84:9f:2b:ad:5d:02:bb:41:48:48:e5:03:56:
         63:fd:70:7c:46:03:e7:cf:e8:3d:8d:20:60:07:db:ba:ea:15:
         ae:67:63:a5:cc:97:c3:d5:ec:80:25:24:06:12:84:85:34:75:
         07:56:60:f9:bf:3f:27:0f:48:ab:6d:52:57:b3:e1:d0:53:7c:
         19:6c:9a:60:a9:dd:13:2f:53:e6:a2:d1:ca:cf:99:38:17:09:
         63:24:76:ea
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZgzrwiZgkv3bpaHK8qu1QNMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNzIyMTk0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDBlNGE1NzRhOWM4N2I3OTFjMGFmMjIzNTJlYzY4YTdiZmI5OGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkHZeLtuCD7qfkFY29Z8U2RG3drt
OytVSMfHZNwODVwk2Wjs8K5J2xF7GdOGxC/KRkEX4LBOpieCH5Uv8WEDGInrIpuX
q1YNS3IAG0sx8MTdbmSQnCfqRWjJbAP4xg8/45/J8VCRnkGGoI2F4h7mCz7pZsL9
GTbPfNjr3e03mfBl4lHC1rzXSn8j2VbzEh1e33Z9KBm2Z8AG97GRrarl2uSUQm2r
u7tR/QszNhoa/yOLMHWCnzZm5q5BBgahNO7tuYjkFFX34aqp/MNRn3nd0A/b3DQI
uAu2qY9/W+WxTZI2Z7wyfu5JWOo+3qEYwhYMjsU9j3ZqLeKLKqd0Sx0quQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFAQOSldKnIe3kcCvIjUuxop7+5j6MB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvQkE1S1YwcWNoN2VSd0s4aU5TN0dpbnY3bVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUAKhFlBgMF
ACoRdoUDBQAqEYMAAwUAKhG3gwMFACoRwQYDBQAqEc0AAwUAKhHQhAMFACoSO0Aw
DQYJKoZIhvcNAQELBQADggEBAJWBlvzvkEl0EtlXvPtk2MeHvo754bPgBhNZS8G6
KKqRUtIWngElzZuqsmVRvT6NsruSGkApDAcGy9zDN0By5kw9SqoX+e2WZehb2TvZ
4Yf8NLceBitckzdbqV9W661exMoMGlOagbgFIst8uv7pLnbSyvchiCuzNjPzfirs
40OGOWezr9fDQ2pZKU0lpdLqvGxVr9jMKiuUcyWZneNYL4GFlfzY1HpkhJ8rrV0C
u0FISOUDVmP9cHxGA+fP6D2NIGAH27rqFa5nY6XMl8PV7IAlJAYShIU0dQdWYPm/
PycPSKttUlez4dBTfBlsmmCp3RMvU+ai0crPmTgXCWMkduo=
-----END CERTIFICATE-----
Generated at Wed Jul 23 23:28:16 2025 by rpki-client