Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/P7Ra8L-BqlGvnqo-q2fXNcc20sY.roa
File:                     P7Ra8L-BqlGvnqo-q2fXNcc20sY.roa (raw, json)
Hash identifier:          0xQnB3yY0fEpMVOW8NiEqqQNCblWPYqWGXrmAPV6twc=
Subject key identifier:   3F:B4:5A:F0:BF:81:AA:51:AF:9E:AA:3E:AB:67:D7:35:C7:36:D2:C6
Certificate issuer:       /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial:       019809D45BB7E19DC8965F5E35C4A3F9C96E
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/P7Ra8L-BqlGvnqo-q2fXNcc20sY.roa
Signing time:             Mon 14 Jul 2025 16:46:08 +0000
ROA not before:           Mon 14 Jul 2025 16:46:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206873
IP address blocks:        2a0a:c386::/32 maxlen: 32
                          2a11:5883::/32 maxlen: 32
                          2a12:1943::/32 maxlen: 32
                          2a12:1944::/32 maxlen: 32
                          2a12:1cc0::/32 maxlen: 32
                          2a12:2c42::/32 maxlen: 32
                          2a12:2c46::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:d4:5b:b7:e1:9d:c8:96:5f:5e:35:c4:a3:f9:c9:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
        Validity
            Not Before: Jul 14 16:46:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fb45af0bf81aa51af9eaa3eab67d735c736d2c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:28:17:82:24:a7:f9:e2:d8:ee:5f:e6:ab:6b:
                    3a:c7:ff:b7:4e:7b:f3:c9:c5:12:a8:28:96:d1:61:
                    f1:f2:ca:ac:4d:d3:88:5f:0e:f6:07:cb:c1:d1:43:
                    3c:ee:53:65:56:d4:3b:b2:5e:90:16:14:1b:4b:9c:
                    80:a6:ba:47:c7:98:d3:6c:e4:ac:89:2a:db:1b:77:
                    45:f0:fb:0a:5a:be:2d:de:eb:bf:41:87:76:01:45:
                    13:7a:a1:35:40:2f:70:4e:43:43:40:56:52:ed:d2:
                    4a:2b:14:1e:f6:60:3e:bb:39:1f:23:ba:59:b7:ce:
                    0d:3c:af:8c:c0:95:21:fa:7b:40:92:d9:ae:b8:35:
                    32:3d:17:50:54:7c:30:9f:b2:a8:d8:94:0d:65:52:
                    34:95:44:df:6c:4e:9c:2f:6f:b5:9f:9f:e0:54:e6:
                    cb:0e:09:aa:96:3f:f8:34:1e:24:b1:dd:e6:f7:3d:
                    83:6e:09:da:3f:68:d7:54:56:f1:ff:90:a4:5d:f4:
                    57:e0:77:5b:ec:38:34:bb:6a:29:32:68:88:ab:3a:
                    01:b1:a8:cb:ff:2f:7e:e8:51:ea:c0:cc:27:c2:d1:
                    c5:1d:e1:f9:34:c6:4c:4d:b4:cc:27:e2:a1:28:24:
                    9d:11:64:42:01:d4:ac:3d:0a:21:eb:14:bb:8a:4f:
                    f8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B4:5A:F0:BF:81:AA:51:AF:9E:AA:3E:AB:67:D7:35:C7:36:D2:C6
            X509v3 Authority Key Identifier:
                keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/P7Ra8L-BqlGvnqo-q2fXNcc20sY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:c386::/32
                  2a11:5883::/32
                  2a12:1943::-2a12:1944:ffff:ffff:ffff:ffff:ffff:ffff
                  2a12:1cc0::/32
                  2a12:2c42::/32
                  2a12:2c46::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:76:45:69:9a:d0:99:9d:e9:6f:16:fe:3a:d1:ba:28:fc:af:
         da:ab:73:f8:a9:18:fb:39:46:17:d7:ea:56:43:cb:c3:bb:63:
         3c:0d:e1:fa:91:92:39:58:dc:15:7d:7e:2e:46:cb:68:2c:2f:
         68:a6:4f:c9:d8:84:7f:a8:bd:95:5c:2f:f0:09:21:f1:a6:44:
         37:e6:42:9e:8b:14:25:b9:b6:87:4d:b7:d5:36:46:b6:37:0f:
         5c:96:8f:57:39:64:18:61:65:2b:f6:32:fa:9c:9d:52:5c:23:
         00:c4:30:c2:11:2e:81:37:e0:e6:01:33:20:ef:02:50:8b:35:
         8e:14:ff:ca:fa:3f:b8:85:85:4d:ed:9e:4b:77:80:6f:e6:32:
         14:3b:7b:30:2e:8d:89:4d:2a:90:49:b9:76:12:33:9b:16:ef:
         25:92:70:b9:91:a2:ea:f5:1b:bb:6c:cf:32:88:70:f5:09:c3:
         47:87:a1:49:84:46:c1:04:32:10:16:41:36:78:29:39:a2:b5:
         9c:67:f5:61:72:c2:08:7a:23:a4:c0:e3:ea:0e:2d:d7:0d:bd:
         6d:40:35:25:1a:b7:9b:b2:cd:81:ab:82:0a:4a:f7:c9:ac:44:
         bb:c9:90:e4:45:ce:fc:ff:28:c6:b8:15:63:c1:7b:ca:e2:9d:
         07:84:1f:0c
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZgJ1Fu34Z3Ill9eNcSj+cluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNzE0MTY0NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmI0NWFmMGJmODFhYTUxYWY5ZWFhM2VhYjY3ZDczNWM3MzZkMmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCgXgiSn+eLY7l/mq2s6x/+3Tnvz
ycUSqCiW0WHx8sqsTdOIXw72B8vB0UM87lNlVtQ7sl6QFhQbS5yAprpHx5jTbOSs
iSrbG3dF8PsKWr4t3uu/QYd2AUUTeqE1QC9wTkNDQFZS7dJKKxQe9mA+uzkfI7pZ
t84NPK+MwJUh+ntAktmuuDUyPRdQVHwwn7Ko2JQNZVI0lUTfbE6cL2+1n5/gVObL
Dgmqlj/4NB4ksd3m9z2DbgnaP2jXVFbx/5CkXfRX4Hdb7Dg0u2opMmiIqzoBsajL
/y9+6FHqwMwnwtHFHeH5NMZMTbTMJ+KhKCSdEWRCAdSsPQoh6xS7ik/4awIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFD+0WvC/gapRr56qPqtn1zXHNtLGMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvUDdSYThMLUJxbEd2bnFvLXEyZlhOY2MyMHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzA5BAIAAjAzAwUAKgrDhgMF
ACoRWIMwDgMFACoSGUMDBQAqEhlEAwUAKhIcwAMFACoSLEIDBQAqEixGMA0GCSqG
SIb3DQEBCwUAA4IBAQCndkVpmtCZnelvFv460boo/K/aq3P4qRj7OUYX1+pWQ8vD
u2M8DeH6kZI5WNwVfX4uRstoLC9opk/J2IR/qL2VXC/wCSHxpkQ35kKeixQlubaH
TbfVNka2Nw9clo9XOWQYYWUr9jL6nJ1SXCMAxDDCES6BN+DmATMg7wJQizWOFP/K
+j+4hYVN7Z5Ld4Bv5jIUO3swLo2JTSqQSbl2EjObFu8lknC5kaLq9Ru7bM8yiHD1
CcNHh6FJhEbBBDIQFkE2eCk5orWcZ/VhcsIIeiOkwOPqDi3XDb1tQDUlGrebss2B
q4IKSvfJrES7yZDkRc78/yjGuBVjwXvK4p0HhB8M
-----END CERTIFICATE-----
Generated at Wed Jul 23 23:30:02 2025 by rpki-client