Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/z3_94WmdnjVLSWoRztIv2ad8Oo4.roa
File:                     z3_94WmdnjVLSWoRztIv2ad8Oo4.roa (raw, json)
Hash identifier:          /Fcfv5LTbkQXp/tBSBZjVYXkm95fG/ZllW6YhwiK2KA=
Subject key identifier:   CF:7F:FD:E1:69:9D:9E:35:4B:49:6A:11:CE:D2:2F:D9:A7:7C:3A:8E
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0198673982FD7E7CF8C6A7F2ECD63BB015C4
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/z3_94WmdnjVLSWoRztIv2ad8Oo4.roa
Signing time:             Fri 01 Aug 2025 20:01:18 +0000
ROA not before:           Fri 01 Aug 2025 20:01:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214929
IP address blocks:        5.175.238.0/24 maxlen: 24
                          89.144.15.0/24 maxlen: 24
                          2a02:2fc0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:67:39:82:fd:7e:7c:f8:c6:a7:f2:ec:d6:3b:b0:15:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Aug  1 20:01:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf7ffde1699d9e354b496a11ced22fd9a77c3a8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f7:02:10:3b:22:65:39:b1:2a:c6:3c:81:4e:
                    da:47:28:f2:57:6a:d7:9b:fa:53:9a:50:3c:e2:48:
                    c9:89:ed:1b:5f:6e:78:24:38:09:e8:a7:87:1b:27:
                    dd:df:17:79:4d:dc:7f:d1:bd:90:53:08:66:42:cc:
                    ee:ac:c4:36:f2:c9:8c:b8:a5:46:44:e3:12:f9:5f:
                    9c:27:7c:8a:54:d5:d2:06:34:4a:93:f1:be:a4:ce:
                    e1:7f:fd:ac:02:2e:25:e8:6b:71:ab:32:3d:69:48:
                    6b:36:e7:df:71:75:7d:f7:b6:bb:6b:b5:a1:90:2d:
                    62:0c:4f:4e:e8:4f:37:1e:c3:20:cd:3d:26:4c:f4:
                    03:d8:ac:ff:73:6c:87:1d:d9:b0:0f:dc:31:23:37:
                    60:1c:de:12:72:e7:61:da:26:cb:4d:c4:75:b9:60:
                    3e:72:af:b2:b4:18:dc:57:d7:34:5c:89:23:0a:3d:
                    49:3b:e9:e0:5a:2f:74:71:3c:5c:3c:a8:21:3b:24:
                    d8:ac:b6:4e:fb:72:71:fe:ad:e6:28:b7:2b:e4:2d:
                    11:35:46:5d:26:71:0e:ef:fc:d2:25:59:3b:ca:71:
                    d1:eb:fd:57:61:d4:9a:32:29:f5:bd:5c:d0:48:04:
                    c8:0c:63:77:11:4a:c4:af:ff:f6:e8:20:e1:f2:c2:
                    55:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7F:FD:E1:69:9D:9E:35:4B:49:6A:11:CE:D2:2F:D9:A7:7C:3A:8E
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/z3_94WmdnjVLSWoRztIv2ad8Oo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.238.0/24
                  89.144.15.0/24
                IPv6:
                  2a02:2fc0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:4d:fa:f4:97:db:7f:5c:25:44:15:1b:d8:69:51:6e:9a:ef:
         57:ba:22:6f:cd:57:12:dd:a2:8e:8a:a9:8b:e8:19:ac:a9:ac:
         e4:78:41:62:06:55:76:4b:d3:94:76:0b:93:2c:b1:9c:8b:13:
         57:74:ed:f1:34:ea:c8:f0:98:6d:ae:c1:29:38:35:f0:93:18:
         54:0a:e0:99:f6:3d:b1:c9:ac:73:b2:87:c7:b9:4d:28:59:9f:
         e7:9f:05:1e:f7:fc:b9:a6:66:dd:8c:74:9d:a3:1c:d5:90:21:
         a8:ea:ed:5d:29:b6:7c:99:6f:91:e3:63:fa:f8:29:06:42:38:
         e1:fd:e1:c9:25:0c:6d:1e:00:30:11:9a:1b:f4:4a:c1:ec:e1:
         07:d2:4b:ed:e1:6f:f1:5f:6b:ea:45:f4:82:b9:94:7d:e0:21:
         3d:62:e7:20:d5:76:5b:2d:fc:ba:cd:91:f7:72:aa:c7:3e:10:
         4d:68:e0:49:20:ba:ed:04:75:59:19:ce:ab:05:46:ff:60:7a:
         51:10:84:67:9d:99:e2:06:c1:75:b9:17:00:e1:3b:26:24:8a:
         e6:5e:d1:c5:36:be:bb:b8:f5:30:f3:21:49:10:0e:7e:b0:3f:
         97:98:b4:e5:c5:10:f0:05:35:f1:2f:ea:0c:1e:f7:58:04:1b:
         7e:cf:39:22
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZhnOYL9fnz4xqfy7NY7sBXEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwODAxMjAwMTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjdmZmRlMTY5OWQ5ZTM1NGI0OTZhMTFjZWQyMmZkOWE3N2MzYThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfcCEDsiZTmxKsY8gU7aRyjyV2rX
m/pTmlA84kjJie0bX254JDgJ6KeHGyfd3xd5Tdx/0b2QUwhmQszurMQ28smMuKVG
ROMS+V+cJ3yKVNXSBjRKk/G+pM7hf/2sAi4l6GtxqzI9aUhrNuffcXV997a7a7Wh
kC1iDE9O6E83HsMgzT0mTPQD2Kz/c2yHHdmwD9wxIzdgHN4Scudh2ibLTcR1uWA+
cq+ytBjcV9c0XIkjCj1JO+ngWi90cTxcPKghOyTYrLZO+3Jx/q3mKLcr5C0RNUZd
JnEO7/zSJVk7ynHR6/1XYdSaMin1vVzQSATIDGN3EUrEr//26CDh8sJVgwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFM9//eFpnZ41S0lqEc7SL9mnfDqOMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvejNfOTRXbWRualZMU1dvUnp0SXYyYWQ4T280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQABa/uAwQA
WZAPMA8EAgACMAkDBwAqAi/AAAEwDQYJKoZIhvcNAQELBQADggEBAKFN+vSX239c
JUQVG9hpUW6a71e6Im/NVxLdoo6KqYvoGayprOR4QWIGVXZL05R2C5MssZyLE1d0
7fE06sjwmG2uwSk4NfCTGFQK4Jn2PbHJrHOyh8e5TShZn+efBR73/LmmZt2MdJ2j
HNWQIajq7V0ptnyZb5HjY/r4KQZCOOH94cklDG0eADARmhv0SsHs4QfSS+3hb/Ff
a+pF9IK5lH3gIT1i5yDVdlst/LrNkfdyqsc+EE1o4Ekguu0EdVkZzqsFRv9gelEQ
hGedmeIGwXW5FwDhOyYkiuZe0cU2vru49TDzIUkQDn6wP5eYtOXFEPAFNfEv6gwe
91gEG37POSI=
-----END CERTIFICATE-----
Generated at Mon Aug 4 19:15:11 2025 by rpki-client