Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LNm0XrP2z6i6vLfmJYewvBT9PvU.roa
File:                     LNm0XrP2z6i6vLfmJYewvBT9PvU.roa (raw, json)
Hash identifier:          YyvrtiGcoYu0+nlah0OZoeDTEpOHiu2k3Z8adq3H5Hk=
Subject key identifier:   2C:D9:B4:5E:B3:F6:CF:A8:BA:BC:B7:E6:25:87:B0:BC:14:FD:3E:F5
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0196CFAAF7F50D4D33B4E901855ED61BC366
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LNm0XrP2z6i6vLfmJYewvBT9PvU.roa
Signing time:             Wed 14 May 2025 16:40:10 +0000
ROA not before:           Wed 14 May 2025 16:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        2a06:35c1::/32 maxlen: 32
                          2a07:a300::/29 maxlen: 29
                          2a0e:1a86::/32 maxlen: 32
                          2a0f:2100::/29 maxlen: 29
                          2a0f:31c0::/32 maxlen: 32
                          2a0f:dac0::/29 maxlen: 29
                          2a0f:e0c0::/29 maxlen: 29
                          2a13:8100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cf:aa:f7:f5:0d:4d:33:b4:e9:01:85:5e:d6:1b:c3:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May 14 16:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cd9b45eb3f6cfa8babcb7e62587b0bc14fd3ef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1e:d6:90:4d:bd:92:54:96:24:89:62:ee:8d:
                    d5:bd:8d:64:f5:df:f3:10:2c:8b:0a:54:79:0b:30:
                    16:7a:4c:bf:4a:4a:02:29:ae:5c:2f:eb:f2:22:e7:
                    8c:f5:e2:66:93:25:27:e7:b6:0a:9e:06:c5:d2:4b:
                    7c:9b:b1:42:e4:b2:cb:40:d8:af:80:ca:0d:78:4b:
                    d0:b9:9e:47:41:11:07:38:39:b9:1d:d1:c1:0e:4e:
                    8f:7f:ef:1c:ee:1c:e5:3f:4a:7b:c2:1f:cd:71:90:
                    bf:90:fe:a7:63:51:e2:6c:37:d1:db:05:ab:a4:6a:
                    aa:8d:c4:76:ea:f8:c9:32:37:40:ca:e3:43:99:fa:
                    51:93:88:a5:4f:d0:41:02:e0:2b:b8:85:f5:4d:08:
                    81:26:c8:66:32:34:ad:7d:fc:74:ab:ba:0d:93:4e:
                    de:4a:47:10:5c:32:62:e2:38:ad:d2:03:78:95:0c:
                    39:f0:23:ed:44:4c:db:7f:e6:5f:8d:89:af:3f:db:
                    18:6f:75:71:3c:69:d5:78:c0:e7:0c:0b:d1:ae:f7:
                    d1:b6:ea:44:9c:c4:2f:84:4b:74:57:64:73:6b:6a:
                    3e:a1:46:ae:7c:3f:2a:0a:fe:ee:f8:ac:e1:e2:7f:
                    8d:96:01:05:c8:ed:40:7f:12:6e:67:4f:2b:70:11:
                    cc:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:D9:B4:5E:B3:F6:CF:A8:BA:BC:B7:E6:25:87:B0:BC:14:FD:3E:F5
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LNm0XrP2z6i6vLfmJYewvBT9PvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:35c1::/32
                  2a07:a300::/29
                  2a0e:1a86::/32
                  2a0f:2100::/29
                  2a0f:31c0::/32
                  2a0f:dac0::/29
                  2a0f:e0c0::/29
                  2a13:8100::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:a8:d8:68:fd:58:a0:84:a4:33:c3:0c:cf:f3:e0:77:07:cd:
         a1:e7:0d:a6:f3:14:25:df:df:94:2a:cb:5e:ac:a9:3e:06:cf:
         2f:4c:22:c5:86:cf:87:4a:63:db:59:f3:a1:2f:a7:22:88:9d:
         09:79:6d:e6:64:d8:ae:ec:11:ec:6d:11:a5:84:eb:00:2e:91:
         87:bd:7a:f9:57:86:bd:0a:c2:2b:c6:63:30:56:cb:47:98:d7:
         9b:e5:ec:55:58:75:05:36:91:f0:a6:9a:c8:cd:dd:fd:36:13:
         d9:d9:80:0d:bc:7f:06:9a:09:de:fd:55:96:06:04:0d:d0:a0:
         cb:f3:22:d3:e3:a7:1f:b2:a1:58:1e:39:d4:bd:6e:d6:d4:46:
         57:fe:0f:a6:d1:ca:e4:fc:83:b2:78:b5:c5:5f:c6:6e:f6:bf:
         9f:7f:54:bb:2e:81:35:2a:4c:b3:de:aa:b4:83:e6:e6:80:4b:
         4a:09:70:f9:7a:7b:07:39:b2:db:5f:cf:97:4a:93:4c:0e:3f:
         da:75:df:83:b0:98:64:51:f4:0d:b1:3e:28:9f:b4:24:30:cf:
         ee:4c:c5:4f:ec:89:ae:82:56:97:b8:3a:99:e1:7e:61:a8:5e:
         0b:e7:8c:f7:41:d6:4b:cb:93:49:3e:35:7a:bc:3c:de:55:79:
         14:9b:91:5e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZbPqvf1DU0ztOkBhV7WG8NmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNTE0MTY0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2Q5YjQ1ZWIzZjZjZmE4YmFiY2I3ZTYyNTg3YjBiYzE0ZmQzZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtB7WkE29klSWJIli7o3VvY1k9d/z
ECyLClR5CzAWeky/SkoCKa5cL+vyIueM9eJmkyUn57YKngbF0kt8m7FC5LLLQNiv
gMoNeEvQuZ5HQREHODm5HdHBDk6Pf+8c7hzlP0p7wh/NcZC/kP6nY1HibDfR2wWr
pGqqjcR26vjJMjdAyuNDmfpRk4ilT9BBAuAruIX1TQiBJshmMjStffx0q7oNk07e
SkcQXDJi4jit0gN4lQw58CPtREzbf+ZfjYmvP9sYb3VxPGnVeMDnDAvRrvfRtupE
nMQvhEt0V2Rza2o+oUaufD8qCv7u+Kzh4n+NlgEFyO1AfxJuZ08rcBHMqQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFCzZtF6z9s+oury35iWHsLwU/T71MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTE5tMFhyUDJ6Nmk2dkxmbUpZZXd2QlQ5UHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUAKgY1wQMF
AyoHowADBQAqDhqGAwUDKg8hAAMFACoPMcADBQMqD9rAAwUDKg/gwAMFAyoTgQAw
DQYJKoZIhvcNAQELBQADggEBABKo2Gj9WKCEpDPDDM/z4HcHzaHnDabzFCXf35Qq
y16sqT4Gzy9MIsWGz4dKY9tZ86EvpyKInQl5beZk2K7sEextEaWE6wAukYe9evlX
hr0KwivGYzBWy0eY15vl7FVYdQU2kfCmmsjN3f02E9nZgA28fwaaCd79VZYGBA3Q
oMvzItPjpx+yoVgeOdS9btbURlf+D6bRyuT8g7J4tcVfxm72v59/VLsugTUqTLPe
qrSD5uaAS0oJcPl6ewc5sttfz5dKk0wOP9p134OwmGRR9A2xPiiftCQwz+5MxU/s
ia6CVpe4OpnhfmGoXgvnjPdB1kvLk0k+NXq8PN5VeRSbkV4=
-----END CERTIFICATE-----
Generated at Tue Jun 10 10:22:43 2025 by rpki-client