Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/e4637f-2de1-4815-bb6b-f11712149966/1/3MeFfxWwjQ6Kgyjwc8OFOMe1t-s.roa
File:                     3MeFfxWwjQ6Kgyjwc8OFOMe1t-s.roa (raw, json)
Hash identifier:          r3DEchGe5iz4n3FqdBNl0yWyf9CgJWVWDNCwVODTBTM=
Subject key identifier:   DC:C7:85:7F:15:B0:8D:0E:8A:83:28:F0:73:C3:85:38:C7:B5:B7:EB
Certificate issuer:       /CN=79cb91394b790781d3a8773a855e5a9a3af20810
Certificate serial:       019EFD5FCC2975F0076D850265A17821DFED
Authority key identifier: 79:CB:91:39:4B:79:07:81:D3:A8:77:3A:85:5E:5A:9A:3A:F2:08:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ecuROUt5B4HTqHc6hV5amjryCBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/e4637f-2de1-4815-bb6b-f11712149966/1/3MeFfxWwjQ6Kgyjwc8OFOMe1t-s.roa
Signing time:             Thu 25 Jun 2026 06:02:54 +0000
ROA not before:           Thu 25 Jun 2026 06:02:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        2a14:d281::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/e4637f-2de1-4815-bb6b-f11712149966/1/ecuROUt5B4HTqHc6hV5amjryCBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/e4637f-2de1-4815-bb6b-f11712149966/1/ecuROUt5B4HTqHc6hV5amjryCBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ecuROUt5B4HTqHc6hV5amjryCBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fd:5f:cc:29:75:f0:07:6d:85:02:65:a1:78:21:df:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79cb91394b790781d3a8773a855e5a9a3af20810
        Validity
            Not Before: Jun 25 06:02:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dcc7857f15b08d0e8a8328f073c38538c7b5b7eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:6f:02:ef:d2:5e:50:05:5f:a5:7a:5c:e7:f9:
                    5c:c9:2f:b1:d8:08:84:6c:6d:c4:46:9c:3e:a4:cc:
                    b0:a0:28:96:9c:34:3b:eb:83:cd:9e:89:73:91:c1:
                    7f:cb:f1:98:df:26:4e:85:8c:5d:53:fe:f3:bf:c6:
                    db:80:f6:67:96:00:c4:bd:17:4d:06:5c:97:0b:f8:
                    48:20:e1:4a:e0:85:ec:46:13:f0:77:6b:93:e9:53:
                    4c:a8:e1:9d:53:1c:5c:55:5c:64:76:eb:c9:bb:d0:
                    72:fe:ab:e0:2f:cb:26:ac:76:77:29:3b:fe:1a:a8:
                    83:c2:eb:1c:3a:a5:93:12:6a:c3:be:9f:01:c8:4a:
                    c4:08:c0:a4:fe:7a:8c:6d:b3:4a:d4:e0:bf:d2:53:
                    79:0b:fc:c9:16:3a:65:4c:26:bb:15:d0:74:b8:1a:
                    33:85:4c:73:9d:62:52:88:ea:2c:94:34:df:76:28:
                    b2:bc:4a:1f:12:21:3c:d8:15:90:3d:6e:6d:29:31:
                    d1:c1:18:81:89:f7:64:b8:cd:16:af:4d:20:2c:d2:
                    80:63:63:89:06:bf:0b:55:7e:8a:89:58:e2:89:f1:
                    b5:c2:06:42:43:4b:2a:81:c0:77:9d:c1:1f:5f:c5:
                    9c:7c:3e:c7:fd:e6:24:07:eb:b1:5f:94:78:e5:65:
                    7c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C7:85:7F:15:B0:8D:0E:8A:83:28:F0:73:C3:85:38:C7:B5:B7:EB
            X509v3 Authority Key Identifier:
                keyid:79:CB:91:39:4B:79:07:81:D3:A8:77:3A:85:5E:5A:9A:3A:F2:08:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ecuROUt5B4HTqHc6hV5amjryCBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/e4637f-2de1-4815-bb6b-f11712149966/1/3MeFfxWwjQ6Kgyjwc8OFOMe1t-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/e4637f-2de1-4815-bb6b-f11712149966/1/ecuROUt5B4HTqHc6hV5amjryCBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:d281::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:86:8e:12:6c:43:74:4b:5b:51:bb:57:29:b9:18:e5:70:36:
         8a:1b:75:7d:da:c8:3c:c7:25:d3:d9:50:5b:5f:3c:14:6f:3f:
         84:55:1b:7f:0d:f2:2e:5f:9b:29:2c:1e:35:0b:d8:14:bf:e2:
         e5:0f:b5:89:1c:f0:85:e4:e7:26:20:83:2b:dd:0b:a7:ea:b8:
         6e:67:da:e5:16:93:cb:f4:d4:92:8c:59:29:2f:76:26:7d:9c:
         e9:59:e0:9e:16:e6:ba:ba:f5:5c:ca:ce:fe:62:24:ab:a7:bd:
         c7:fb:35:6e:bf:64:19:4d:1e:d2:6d:ce:23:a0:b3:1e:66:07:
         38:2a:d1:db:bf:a1:b5:9c:e4:76:39:a3:e9:9f:7f:51:95:b8:
         32:f2:ab:26:ca:97:61:1e:be:51:53:54:73:2b:a5:89:ee:3b:
         5f:6c:30:95:54:bd:72:ed:f8:04:d6:cc:5b:2d:d5:7e:ce:09:
         8e:f8:85:6f:1c:67:8c:98:7d:85:bd:5d:f4:a0:23:b1:21:87:
         f7:d7:9a:05:40:ca:ae:d9:71:47:f1:8f:02:05:3c:30:24:a1:
         2e:0a:c8:9f:97:00:f3:b8:b3:db:56:dd:92:42:91:17:a9:0e:
         ae:e1:67:1f:24:a6:ed:0d:c1:8e:9e:b2:05:1e:21:78:11:65:
         1d:98:59:e0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ79X8wpdfAHbYUCZaF4Id/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Y2I5MTM5NGI3OTA3ODFkM2E4NzczYTg1NWU1YTlhM2Fm
MjA4MTAwHhcNMjYwNjI1MDYwMjU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2M3ODU3ZjE1YjA4ZDBlOGE4MzI4ZjA3M2MzODUzOGM3YjViN2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA628C79JeUAVfpXpc5/lcyS+x2AiE
bG3ERpw+pMywoCiWnDQ764PNnolzkcF/y/GY3yZOhYxdU/7zv8bbgPZnlgDEvRdN
BlyXC/hIIOFK4IXsRhPwd2uT6VNMqOGdUxxcVVxkduvJu9By/qvgL8smrHZ3KTv+
GqiDwuscOqWTEmrDvp8ByErECMCk/nqMbbNK1OC/0lN5C/zJFjplTCa7FdB0uBoz
hUxznWJSiOoslDTfdiiyvEofEiE82BWQPW5tKTHRwRiBifdkuM0Wr00gLNKAY2OJ
Br8LVX6KiVjiifG1wgZCQ0sqgcB3ncEfX8WcfD7H/eYkB+uxX5R45WV8bwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNzHhX8VsI0OioMo8HPDhTjHtbfrMB8GA1UdIwQY
MBaAFHnLkTlLeQeB06h3OoVeWpo68ggQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWN1Uk9VdDVCNEhUcUhjNmhWNWFtanJ5Q0JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9lNDYzN2YtMmRlMS00ODE1LWJiNmIt
ZjExNzEyMTQ5OTY2LzEvM01lRmZ4V3dqUTZLZ3lqd2M4T0ZPTWUxdC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9lNDYzN2YtMmRlMS00ODE1LWJiNmItZjExNzEyMTQ5OTY2
LzEvZWN1Uk9VdDVCNEhUcUhjNmhWNWFtanJ5Q0JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhTSgTAN
BgkqhkiG9w0BAQsFAAOCAQEAEYaOEmxDdEtbUbtXKbkY5XA2iht1fdrIPMcl09lQ
W188FG8/hFUbfw3yLl+bKSweNQvYFL/i5Q+1iRzwheTnJiCDK90Lp+q4bmfa5RaT
y/TUkoxZKS92Jn2c6Vngnhbmurr1XMrO/mIkq6e9x/s1br9kGU0e0m3OI6CzHmYH
OCrR27+htZzkdjmj6Z9/UZW4MvKrJsqXYR6+UVNUcyulie47X2wwlVS9cu34BNbM
Wy3Vfs4JjviFbxxnjJh9hb1d9KAjsSGH99eaBUDKrtlxR/GPAgU8MCShLgrIn5cA
87iz21bdkkKRF6kOruFnHySm7Q3Bjp6yBR4heBFlHZhZ4A==
-----END CERTIFICATE-----
Generated at Wed Jul 1 05:20:33 2026 by rpki-client