Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/gitklWD7TllTa09uVT2HYtJ2HAc.roa
File:                     gitklWD7TllTa09uVT2HYtJ2HAc.roa (raw, json)
Hash identifier:          4UXSpGqlkDuQDI9lXYLAHQ9HNN6MyyLOEemk6yCC+m8=
Subject key identifier:   82:2B:64:95:60:FB:4E:59:53:6B:4F:6E:55:3D:87:62:D2:76:1C:07
Certificate issuer:       /CN=65ea93d88a202d51d34d2a903597e76b8f17f0ea
Certificate serial:       019833C243B2A50586EE73D2B6F69ED247FF
Authority key identifier: 65:EA:93:D8:8A:20:2D:51:D3:4D:2A:90:35:97:E7:6B:8F:17:F0:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/gitklWD7TllTa09uVT2HYtJ2HAc.roa
Signing time:             Tue 22 Jul 2025 20:10:25 +0000
ROA not before:           Tue 22 Jul 2025 20:10:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207713
IP address blocks:        213.165.60.0/24 maxlen: 24
                          213.165.61.0/24 maxlen: 24
                          213.165.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:33:c2:43:b2:a5:05:86:ee:73:d2:b6:f6:9e:d2:47:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65ea93d88a202d51d34d2a903597e76b8f17f0ea
        Validity
            Not Before: Jul 22 20:10:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=822b649560fb4e59536b4f6e553d8762d2761c07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6b:ee:19:cd:3b:a5:1b:ce:00:42:0c:fb:8a:
                    85:16:7d:e1:3a:b9:59:bb:83:b2:fd:86:55:82:51:
                    97:20:5a:55:52:5e:c6:38:d0:d8:39:67:79:ed:11:
                    e9:5f:3c:33:b5:d8:64:a3:41:dd:a7:65:1c:dd:81:
                    bc:45:6e:10:5e:fd:1d:8a:52:a3:2d:15:d8:f5:ac:
                    a7:0d:c6:29:77:61:a9:cc:be:60:f7:18:86:2f:ce:
                    29:0b:f2:81:e1:93:04:96:41:e5:2a:9f:f8:20:62:
                    45:6c:af:5a:74:5b:bd:55:dc:a2:90:79:91:46:51:
                    8f:af:ab:ef:7b:fe:6f:ab:fb:1e:7a:3a:7f:2b:73:
                    8d:d6:be:b0:bf:09:7d:4e:ab:df:30:d2:b6:7f:48:
                    10:1c:c1:1e:9f:89:ce:68:63:c6:0f:8c:8b:1d:99:
                    49:aa:9d:72:4f:1d:50:69:e0:50:86:af:3f:32:37:
                    13:82:b7:e1:6d:16:51:1d:27:15:5f:bd:72:39:31:
                    1a:c4:be:70:db:2f:6d:de:14:ed:54:9d:2d:59:3f:
                    59:24:1d:2c:9a:b2:01:85:60:a2:39:10:76:e4:e1:
                    eb:c1:a7:1c:9e:3d:62:8b:be:68:aa:52:67:12:33:
                    13:2e:fc:dd:47:19:3e:9a:aa:66:89:6b:ba:db:4a:
                    0a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:2B:64:95:60:FB:4E:59:53:6B:4F:6E:55:3D:87:62:D2:76:1C:07
            X509v3 Authority Key Identifier:
                keyid:65:EA:93:D8:8A:20:2D:51:D3:4D:2A:90:35:97:E7:6B:8F:17:F0:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/gitklWD7TllTa09uVT2HYtJ2HAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.165.60.0-213.165.62.255

    Signature Algorithm: sha256WithRSAEncryption
         6b:0d:3e:ae:9b:9b:00:ae:47:0f:47:a9:83:72:c1:30:cb:b4:
         4e:e9:ba:23:f0:62:00:8f:98:cf:7f:d0:a4:da:5d:21:cc:71:
         46:a6:5d:fd:f5:89:54:2d:32:d9:4d:54:01:09:99:89:2a:2d:
         98:e9:ff:c1:d5:87:2d:a2:a2:a3:4a:bd:46:46:b8:2b:7b:32:
         fd:2c:47:e2:1d:b9:f8:68:35:dc:6a:c0:49:17:1b:68:fb:d7:
         d9:ce:f5:50:11:7e:4b:d0:8a:55:7b:c7:a7:8a:71:f6:36:d4:
         c0:48:35:79:bd:a7:44:61:7d:8e:a6:3a:95:2a:8a:3d:31:d3:
         eb:9e:ae:c5:b1:37:89:dd:3f:7f:c7:bf:34:20:f7:ad:ca:3f:
         02:00:2a:e3:fa:02:9c:3b:52:86:e0:8f:9b:3f:1d:5a:60:03:
         4f:61:cf:cd:2e:0a:38:ec:4e:93:f5:7c:a8:55:7e:da:72:6e:
         32:7b:91:7d:b5:ed:8e:9e:35:a6:1b:da:66:ff:ea:b6:39:e4:
         b4:db:0c:4e:fb:af:7e:ed:05:66:00:90:80:aa:aa:08:49:27:
         84:75:e2:74:65:48:0d:29:da:8d:63:77:98:33:60:5b:53:ae:
         7a:cb:52:26:7a:08:7d:f6:7b:5f:50:ee:12:1a:fe:65:d4:9a:
         fb:f1:cd:40
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZgzwkOypQWG7nPStvae0kf/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZWE5M2Q4OGEyMDJkNTFkMzRkMmE5MDM1OTdlNzZiOGYx
N2YwZWEwHhcNMjUwNzIyMjAxMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjJiNjQ5NTYwZmI0ZTU5NTM2YjRmNmU1NTNkODc2MmQyNzYxYzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmvuGc07pRvOAEIM+4qFFn3hOrlZ
u4Oy/YZVglGXIFpVUl7GONDYOWd57RHpXzwztdhko0Hdp2Uc3YG8RW4QXv0dilKj
LRXY9aynDcYpd2GpzL5g9xiGL84pC/KB4ZMElkHlKp/4IGJFbK9adFu9VdyikHmR
RlGPr6vve/5vq/seejp/K3ON1r6wvwl9TqvfMNK2f0gQHMEen4nOaGPGD4yLHZlJ
qp1yTx1QaeBQhq8/MjcTgrfhbRZRHScVX71yOTEaxL5w2y9t3hTtVJ0tWT9ZJB0s
mrIBhWCiORB25OHrwaccnj1ii75oqlJnEjMTLvzdRxk+mqpmiWu620oKEQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIIrZJVg+05ZU2tPblU9h2LSdhwHMB8GA1UdIwQY
MBaAFGXqk9iKIC1R000qkDWX52uPF/DqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmVxVDJJb2dMVkhUVFNxUU5aZm5hNDhYOE9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC81NGVhYzAtNzFmZC00NmU5LTllMWIt
Y2UxYmJhNjkxYjM3LzEvZ2l0a2xXRDdUbGxUYTA5dVZUMkhZdEoySEFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC81NGVhYzAtNzFmZC00NmU5LTllMWItY2UxYmJhNjkxYjM3
LzEvWmVxVDJJb2dMVkhUVFNxUU5aZm5hNDhYOE9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALVpTwD
BADVpT4wDQYJKoZIhvcNAQELBQADggEBAGsNPq6bmwCuRw9HqYNywTDLtE7puiPw
YgCPmM9/0KTaXSHMcUamXf31iVQtMtlNVAEJmYkqLZjp/8HVhy2ioqNKvUZGuCt7
Mv0sR+IdufhoNdxqwEkXG2j719nO9VARfkvQilV7x6eKcfY21MBINXm9p0RhfY6m
OpUqij0x0+uersWxN4ndP3/HvzQg963KPwIAKuP6Apw7Uobgj5s/HVpgA09hz80u
CjjsTpP1fKhVftpybjJ7kX217Y6eNaYb2mb/6rY55LTbDE77r37tBWYAkICqqghJ
J4R14nRlSA0p2o1jd5gzYFtTrnrLUiZ6CH32e19Q7hIa/mXUmvvxzUA=
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:10:38 2025 by rpki-client