Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/2Dw9eoBT_LrbQmRTKZdOCsgYvos.roa
File:                     2Dw9eoBT_LrbQmRTKZdOCsgYvos.roa (raw, json)
Hash identifier:          khe32DS4olffiu5OMwepOJ/hzJUfrlBOWt1rVcTtoKI=
Subject key identifier:   D8:3C:3D:7A:80:53:FC:BA:DB:42:64:53:29:97:4E:0A:C8:18:BE:8B
Certificate issuer:       /CN=d6e535ef216ebe6f7fc55cfbdc31532b912d8e63
Certificate serial:       0197352B940C40942D96D045C280F17F9B14
Authority key identifier: D6:E5:35:EF:21:6E:BE:6F:7F:C5:5C:FB:DC:31:53:2B:91:2D:8E:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1uU17yFuvm9_xVz73DFTK5EtjmM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/2Dw9eoBT_LrbQmRTKZdOCsgYvos.roa
Signing time:             Tue 03 Jun 2025 09:42:17 +0000
ROA not before:           Tue 03 Jun 2025 09:42:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8648
IP address blocks:        81.173.82.0/24 maxlen: 24
                          81.173.88.0/21 maxlen: 24
                          2a00:1128::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/1uU17yFuvm9_xVz73DFTK5EtjmM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/1uU17yFuvm9_xVz73DFTK5EtjmM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1uU17yFuvm9_xVz73DFTK5EtjmM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:2b:94:0c:40:94:2d:96:d0:45:c2:80:f1:7f:9b:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6e535ef216ebe6f7fc55cfbdc31532b912d8e63
        Validity
            Not Before: Jun  3 09:42:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d83c3d7a8053fcbadb42645329974e0ac818be8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6c:a2:af:7f:73:71:c9:af:76:90:f0:8f:fb:
                    e0:f5:bf:c3:04:03:fd:1c:db:42:d4:81:d3:1c:19:
                    4c:b4:29:5e:0f:0e:d8:01:72:32:d1:d9:92:38:b2:
                    68:d0:24:b9:72:c9:3e:a4:db:57:c5:9c:ed:6a:87:
                    9a:1a:bc:b9:05:fe:06:fc:b4:b1:a9:b8:ce:71:b7:
                    fa:96:83:47:df:8a:73:03:5a:9d:45:97:0f:2f:91:
                    bd:c3:23:77:5a:38:f2:e3:a7:61:cb:b7:69:6e:dd:
                    c7:b1:de:6e:41:96:00:bc:ac:ca:db:9a:75:ed:ff:
                    07:17:90:b8:05:63:d9:25:8f:a6:15:7a:89:cb:c5:
                    9f:c3:47:51:c9:a7:85:46:58:3e:fa:e9:fa:e1:59:
                    d9:d3:2c:cc:89:ef:c8:e3:51:54:cc:c0:dc:7b:01:
                    7d:b8:9c:d9:0b:ee:93:79:a8:7d:dd:38:04:ad:35:
                    72:89:79:4e:0d:1d:f4:c4:8c:55:cb:8c:13:52:29:
                    36:6a:55:ab:05:d4:55:75:03:e8:59:0d:ef:60:57:
                    d9:28:9e:0a:3f:06:78:c7:6a:b9:11:de:e3:9d:46:
                    e0:b1:ac:7e:92:10:ce:2b:dd:45:2b:b2:2b:fd:93:
                    df:f9:cc:90:be:83:b4:62:1f:62:32:1b:51:aa:e9:
                    ae:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:3C:3D:7A:80:53:FC:BA:DB:42:64:53:29:97:4E:0A:C8:18:BE:8B
            X509v3 Authority Key Identifier:
                keyid:D6:E5:35:EF:21:6E:BE:6F:7F:C5:5C:FB:DC:31:53:2B:91:2D:8E:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1uU17yFuvm9_xVz73DFTK5EtjmM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/2Dw9eoBT_LrbQmRTKZdOCsgYvos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/1uU17yFuvm9_xVz73DFTK5EtjmM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.173.82.0/24
                  81.173.88.0/21
                IPv6:
                  2a00:1128::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:20:2a:25:ec:db:3c:bf:f0:be:32:0b:63:72:69:56:80:37:
         37:91:bb:07:0c:ca:e0:95:2e:c3:0d:c1:24:b7:de:e9:15:71:
         59:23:38:bf:23:a2:74:bc:ca:0c:28:da:a4:fb:82:af:5a:fa:
         2a:3a:7d:cc:c0:b2:37:e7:70:97:14:9d:25:56:f8:64:6e:29:
         03:ec:09:0c:f3:1f:dc:a4:54:f8:b8:50:bb:b0:87:fd:1a:2f:
         b0:6c:02:59:cf:19:55:10:08:e2:41:1a:95:4f:cd:54:04:a8:
         bd:7a:9f:fd:be:b9:53:fc:3e:57:43:bc:f6:e1:0d:90:f7:35:
         5d:cc:cd:f1:0b:15:76:e5:ec:b6:8d:89:34:e3:7c:d9:69:43:
         8a:a1:ed:8c:ff:f1:30:96:55:ab:27:22:81:25:b1:2a:6a:83:
         18:65:eb:31:33:aa:d6:db:3b:5a:cb:6b:47:94:68:ef:6f:a4:
         00:57:61:84:da:1a:5c:e6:9f:d4:ad:ba:dd:5f:54:9f:b6:a0:
         e1:c2:77:05:db:59:54:0f:0f:7a:f3:c2:f9:d6:7a:5f:52:e9:
         18:fb:32:6d:7a:f8:76:c3:85:3a:5c:3d:eb:4c:e7:0c:4d:7c:
         3e:72:9a:cc:b6:64:92:19:3e:f9:15:d7:9a:d1:8d:44:60:5c:
         dc:9b:2a:0c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZc1K5QMQJQtltBFwoDxf5sUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZTUzNWVmMjE2ZWJlNmY3ZmM1NWNmYmRjMzE1MzJiOTEy
ZDhlNjMwHhcNMjUwNjAzMDk0MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODNjM2Q3YTgwNTNmY2JhZGI0MjY0NTMyOTk3NGUwYWM4MThiZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGyir39zccmvdpDwj/vg9b/DBAP9
HNtC1IHTHBlMtCleDw7YAXIy0dmSOLJo0CS5csk+pNtXxZztaoeaGry5Bf4G/LSx
qbjOcbf6loNH34pzA1qdRZcPL5G9wyN3Wjjy46dhy7dpbt3Hsd5uQZYAvKzK25p1
7f8HF5C4BWPZJY+mFXqJy8Wfw0dRyaeFRlg++un64VnZ0yzMie/I41FUzMDcewF9
uJzZC+6Teah93TgErTVyiXlODR30xIxVy4wTUik2alWrBdRVdQPoWQ3vYFfZKJ4K
PwZ4x2q5Ed7jnUbgsax+khDOK91FK7Ir/ZPf+cyQvoO0Yh9iMhtRqumuXQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNg8PXqAU/y620JkUymXTgrIGL6LMB8GA1UdIwQY
MBaAFNblNe8hbr5vf8Vc+9wxUyuRLY5jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXVVMTd5RnV2bTlfeFZ6NzNERlRLNUV0am1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9iZDBkN2QtZjQyNS00MDhhLWIwN2Qt
MDc3MTFlZDAyYjc1LzEvMkR3OWVvQlRfTHJiUW1SVEtaZE9Dc2dZdm9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9iZDBkN2QtZjQyNS00MDhhLWIwN2QtMDc3MTFlZDAyYjc1
LzEvMXVVMTd5RnV2bTlfeFZ6NzNERlRLNUV0am1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAUa1SAwQD
Ua1YMA0EAgACMAcDBQAqABEoMA0GCSqGSIb3DQEBCwUAA4IBAQCCICol7Ns8v/C+
MgtjcmlWgDc3kbsHDMrglS7DDcEkt97pFXFZIzi/I6J0vMoMKNqk+4KvWvoqOn3M
wLI353CXFJ0lVvhkbikD7AkM8x/cpFT4uFC7sIf9Gi+wbAJZzxlVEAjiQRqVT81U
BKi9ep/9vrlT/D5XQ7z24Q2Q9zVdzM3xCxV25ey2jYk043zZaUOKoe2M//EwllWr
JyKBJbEqaoMYZesxM6rW2ztay2tHlGjvb6QAV2GE2hpc5p/UrbrdX1SftqDhwncF
21lUDw9688L51npfUukY+zJtevh2w4U6XD3rTOcMTXw+cprMtmSSGT75Fdea0Y1E
YFzcmyoM
-----END CERTIFICATE-----
Generated at Tue Jun 10 11:39:07 2025 by rpki-client