Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TUpjml9WQKOjb833UMlxyIbIJXQ.roa
File:                     TUpjml9WQKOjb833UMlxyIbIJXQ.roa (raw, json)
Hash identifier:          A3r7ryR/JwTSUo0045YCC4FabN6lnB3usf0TC7yBDU8=
Subject key identifier:   4D:4A:63:9A:5F:56:40:A3:A3:6F:CD:F7:50:C9:71:C8:86:C8:25:74
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019F2C6D3FFE468EA31FFFA3D894E4D83B24
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TUpjml9WQKOjb833UMlxyIbIJXQ.roa
Signing time:             Sat 04 Jul 2026 09:19:45 +0000
ROA not before:           Sat 04 Jul 2026 09:19:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219284
IP address blocks:        2a0e:97c0:d70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Jul 2026 05:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:2c:6d:3f:fe:46:8e:a3:1f:ff:a3:d8:94:e4:d8:3b:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul  4 09:19:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d4a639a5f5640a3a36fcdf750c971c886c82574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:46:08:c2:96:a7:40:af:e0:d6:56:03:f8:f6:
                    3b:cd:af:02:2d:50:8a:9c:ed:7d:4a:bc:a0:80:d2:
                    06:b8:82:bb:af:34:ce:46:e0:2d:dc:ba:42:e2:51:
                    31:97:7b:a7:64:dd:34:c8:0f:eb:34:28:7b:4f:a7:
                    a6:6d:7f:f3:e2:d6:3a:32:82:09:b2:a2:43:31:b6:
                    63:bc:c9:b8:7e:2d:d6:60:83:68:c0:89:2f:7d:b6:
                    d9:b6:d6:d0:df:49:ba:94:c1:f7:9b:8a:17:ac:94:
                    8e:43:ed:14:1d:69:6c:fe:33:b6:48:a4:d7:86:f9:
                    fc:3a:71:50:af:98:8a:c0:96:4a:37:be:17:dc:3d:
                    f8:dc:e5:af:0c:38:89:ab:09:b6:a2:ad:cb:e6:ca:
                    83:7a:a8:99:6f:d2:9a:ef:28:fa:93:ba:89:da:a2:
                    ae:98:20:2e:3b:ff:df:40:bf:ac:b0:49:e6:2e:42:
                    56:15:77:04:75:7f:d9:d6:bc:da:77:9a:0c:89:97:
                    8c:02:78:5c:36:15:40:91:fb:05:dc:2a:ae:bf:9f:
                    44:08:15:5f:96:6b:9b:e3:1e:6e:5e:dc:08:fc:d9:
                    82:d7:db:d3:8d:71:3f:7d:d0:8e:1e:94:e0:3f:48:
                    99:58:e4:a8:a2:22:76:05:d3:5c:85:65:90:ed:6f:
                    99:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:4A:63:9A:5F:56:40:A3:A3:6F:CD:F7:50:C9:71:C8:86:C8:25:74
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TUpjml9WQKOjb833UMlxyIbIJXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:d70::/44

    Signature Algorithm: sha256WithRSAEncryption
         a8:71:f9:af:8c:89:10:2e:29:95:8a:b3:c6:00:db:99:7a:74:
         35:47:a7:de:d0:49:5e:bb:87:a0:7c:ea:a4:0a:98:2e:85:33:
         03:dd:03:e9:db:77:04:a3:94:77:27:d7:79:21:a8:df:e7:fd:
         2a:4a:04:b7:4c:74:98:e7:01:ba:b8:cc:e3:4b:70:01:45:99:
         d2:d1:7a:73:c9:ef:70:7b:3f:62:54:e3:23:2a:c4:dc:5f:e1:
         d6:f3:14:65:19:ea:09:6a:48:56:98:09:4f:4f:ff:e6:a8:53:
         5d:bf:9c:7c:03:d9:a9:8f:e8:13:3f:d4:5e:29:12:dd:6a:9d:
         da:e4:7d:77:39:28:3d:24:f7:62:fc:cb:4a:96:cf:cf:46:a2:
         70:f3:55:f4:21:c2:ff:f1:83:42:ca:8e:5d:04:ef:ed:94:df:
         ff:17:d6:17:e4:ac:1f:0b:a7:6e:5d:52:62:44:ce:60:40:15:
         09:86:6d:10:6c:e8:7b:bc:7a:b3:c1:eb:38:e6:35:4c:96:07:
         d6:6b:34:0c:f4:f8:2b:d7:ac:95:28:35:5f:ad:cc:78:5d:ad:
         bb:14:3f:46:7e:e0:9a:d3:e0:36:45:6f:78:fd:77:aa:31:87:
         ef:53:45:18:c5:68:ff:f2:34:63:e5:e9:15:95:47:80:f5:64:
         e6:07:66:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ8sbT/+Ro6jH/+j2JTk2DskMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNzA0MDkxOTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDRhNjM5YTVmNTY0MGEzYTM2ZmNkZjc1MGM5NzFjODg2YzgyNTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6UYIwpanQK/g1lYD+PY7za8CLVCK
nO19SryggNIGuIK7rzTORuAt3LpC4lExl3unZN00yA/rNCh7T6embX/z4tY6MoIJ
sqJDMbZjvMm4fi3WYINowIkvfbbZttbQ30m6lMH3m4oXrJSOQ+0UHWls/jO2SKTX
hvn8OnFQr5iKwJZKN74X3D343OWvDDiJqwm2oq3L5sqDeqiZb9Ka7yj6k7qJ2qKu
mCAuO//fQL+ssEnmLkJWFXcEdX/Z1rzad5oMiZeMAnhcNhVAkfsF3Cquv59ECBVf
lmub4x5uXtwI/NmC19vTjXE/fdCOHpTgP0iZWOSooiJ2BdNchWWQ7W+ZUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE1KY5pfVkCjo2/N91DJcciGyCV0MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVFVwam1sOVdRS09qYjgzM1VNbHh5SWJJSlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwA1w
MA0GCSqGSIb3DQEBCwUAA4IBAQCocfmvjIkQLimVirPGANuZenQ1R6fe0Eleu4eg
fOqkCpguhTMD3QPp23cEo5R3J9d5Iajf5/0qSgS3THSY5wG6uMzjS3ABRZnS0Xpz
ye9wez9iVOMjKsTcX+HW8xRlGeoJakhWmAlPT//mqFNdv5x8A9mpj+gTP9ReKRLd
ap3a5H13OSg9JPdi/MtKls/PRqJw81X0IcL/8YNCyo5dBO/tlN//F9YX5KwfC6du
XVJiRM5gQBUJhm0QbOh7vHqzwes45jVMlgfWazQM9Pgr16yVKDVfrcx4Xa27FD9G
fuCa0+A2RW94/XeqMYfvU0UYxWj/8jRj5ekVlUeA9WTmB2bA
-----END CERTIFICATE-----
Generated at Sat Jul 4 12:37:45 2026 by rpki-client