Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/PvR4a-txEJwX5rDBeXc9vaUzgQU.roa
File:                     PvR4a-txEJwX5rDBeXc9vaUzgQU.roa (raw, json)
Hash identifier:          jQDVfGVZNiz1+oazMU7NANFisFFzfnE+UMzCl36QCVM=
Subject key identifier:   3E:F4:78:6B:EB:71:10:9C:17:E6:B0:C1:79:77:3D:BD:A5:33:81:05
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019845B5E4E77AD063EB6D037F7AF0F272BC
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/PvR4a-txEJwX5rDBeXc9vaUzgQU.roa
Signing time:             Sat 26 Jul 2025 07:50:05 +0000
ROA not before:           Sat 26 Jul 2025 07:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        2a0c:b641:660::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:45:b5:e4:e7:7a:d0:63:eb:6d:03:7f:7a:f0:f2:72:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jul 26 07:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ef4786beb71109c17e6b0c179773dbda5338105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:fb:73:a6:e8:20:31:0c:f3:1a:20:77:07:54:
                    a4:42:f0:45:53:d3:45:7a:83:28:0d:08:26:f1:80:
                    b7:d7:cc:a8:e8:de:2e:e2:7f:9e:3c:50:59:fe:50:
                    35:de:f5:3c:20:9c:0f:88:85:9f:b0:fe:ce:09:0c:
                    87:ca:53:08:0d:45:06:4d:fd:3f:cd:aa:99:f0:2c:
                    c1:04:dc:7e:e7:73:d9:4f:c5:f2:69:9b:a8:c2:cc:
                    bc:77:80:dc:1c:a9:b7:51:dd:90:d3:8c:2f:d6:88:
                    b4:0f:5a:9c:b5:a6:29:1a:7e:01:28:09:1a:c5:a3:
                    a9:aa:a2:61:2c:be:14:69:9d:3d:e5:56:14:61:51:
                    0a:28:b0:8c:eb:30:d1:df:22:9b:48:d0:08:bf:72:
                    f2:35:37:35:29:37:84:8b:55:d1:a4:12:44:98:38:
                    1e:8b:00:36:37:f0:1e:76:20:4c:44:d3:16:dc:af:
                    fa:7d:cf:1f:08:04:a3:d3:c1:ab:01:64:cf:df:ae:
                    cf:92:e2:2e:6b:1d:0e:ba:df:9f:79:6f:cc:2f:06:
                    c2:db:77:bf:75:8b:0e:06:be:d3:72:eb:cc:8b:cf:
                    2a:5c:27:cb:61:b3:b0:24:75:a5:a1:02:1b:9c:69:
                    19:0d:b0:ea:f2:ec:8f:9b:5c:15:43:d7:f5:b5:74:
                    03:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F4:78:6B:EB:71:10:9C:17:E6:B0:C1:79:77:3D:BD:A5:33:81:05
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/PvR4a-txEJwX5rDBeXc9vaUzgQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:660::/44

    Signature Algorithm: sha256WithRSAEncryption
         49:d2:35:bb:30:0a:77:40:13:98:1c:bc:93:9b:ed:02:0d:4e:
         05:2e:e0:bc:13:fe:97:36:25:79:e5:f8:e5:81:ca:d9:22:de:
         11:3f:27:89:2d:84:51:59:2d:7c:87:54:f3:52:f4:cc:1a:e9:
         d8:2c:6d:92:49:3f:ef:44:0f:f7:b4:fc:ad:51:86:93:1d:55:
         82:bd:62:09:74:eb:0d:32:2e:ec:d2:43:02:1a:d5:4d:62:62:
         35:63:7c:c6:c6:57:13:c4:9c:f5:3e:6e:cb:02:ad:19:fe:6f:
         ae:7c:f0:76:b9:54:aa:0f:b8:a3:f5:45:bd:e9:55:f7:1d:bb:
         17:1c:2d:25:d9:36:f0:a0:bf:78:69:e9:a2:9e:ee:2b:e4:17:
         7e:20:e0:e6:99:58:2e:59:17:56:1f:5e:43:ee:44:c0:d2:99:
         b7:9c:35:2a:c6:27:90:e7:6c:c2:7e:89:cf:69:b8:6b:2e:45:
         65:1e:9d:a4:8e:45:08:14:9e:1b:b7:15:ee:8c:af:06:00:c1:
         13:ae:4c:93:7b:7a:00:f7:d2:2b:44:25:b0:a7:4b:f5:9b:1c:
         82:cb:89:3c:fd:72:6f:ab:ae:ea:93:84:8d:ff:84:88:00:40:
         f2:00:d9:59:fe:96:90:e2:e0:91:ca:1d:0a:46:a0:a9:f7:e2:
         b5:7b:62:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZhFteTnetBj620Df3rw8nK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNzI2MDc1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWY0Nzg2YmViNzExMDljMTdlNmIwYzE3OTc3M2RiZGE1MzM4MTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvtzpuggMQzzGiB3B1SkQvBFU9NF
eoMoDQgm8YC318yo6N4u4n+ePFBZ/lA13vU8IJwPiIWfsP7OCQyHylMIDUUGTf0/
zaqZ8CzBBNx+53PZT8XyaZuowsy8d4DcHKm3Ud2Q04wv1oi0D1qctaYpGn4BKAka
xaOpqqJhLL4UaZ095VYUYVEKKLCM6zDR3yKbSNAIv3LyNTc1KTeEi1XRpBJEmDge
iwA2N/AediBMRNMW3K/6fc8fCASj08GrAWTP367PkuIuax0Out+feW/MLwbC23e/
dYsOBr7TcuvMi88qXCfLYbOwJHWloQIbnGkZDbDq8uyPm1wVQ9f1tXQDSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD70eGvrcRCcF+awwXl3Pb2lM4EFMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUHZSNGEtdHhFSndYNXJEQmVYYzl2YVV6Z1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQZg
MA0GCSqGSIb3DQEBCwUAA4IBAQBJ0jW7MAp3QBOYHLyTm+0CDU4FLuC8E/6XNiV5
5fjlgcrZIt4RPyeJLYRRWS18h1TzUvTMGunYLG2SST/vRA/3tPytUYaTHVWCvWIJ
dOsNMi7s0kMCGtVNYmI1Y3zGxlcTxJz1Pm7LAq0Z/m+ufPB2uVSqD7ij9UW96VX3
HbsXHC0l2TbwoL94aeminu4r5Bd+IODmmVguWRdWH15D7kTA0pm3nDUqxieQ52zC
fonPabhrLkVlHp2kjkUIFJ4btxXujK8GAMETrkyTe3oA99IrRCWwp0v1mxyCy4k8
/XJvq67qk4SN/4SIAEDyANlZ/paQ4uCRyh0KRqCp9+K1e2IR
-----END CERTIFICATE-----
Generated at Wed Aug 6 13:22:39 2025 by rpki-client