Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3UR8XHbsV8Pm03Lo4hB35khcmbM.roa
File:                     3UR8XHbsV8Pm03Lo4hB35khcmbM.roa (raw, json)
Hash identifier:          7lUoNSn0J3BLmdcIy64MIpoDheo/ztHh9bQURUOLEJo=
Subject key identifier:   DD:44:7C:5C:76:EC:57:C3:E6:D3:72:E8:E2:10:77:E6:48:5C:99:B3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198656409404771DA432DE28D7E9C79B3BE
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3UR8XHbsV8Pm03Lo4hB35khcmbM.roa
Signing time:             Fri 01 Aug 2025 11:28:31 +0000
ROA not before:           Fri 01 Aug 2025 11:28:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215738
IP address blocks:        2a06:de00:700::/44 maxlen: 48
                          2a06:de00:7f1::/48 maxlen: 48
                          2a0e:97c0:4c1::/48 maxlen: 48
                          2a0e:97c0:4c2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 17:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:65:64:09:40:47:71:da:43:2d:e2:8d:7e:9c:79:b3:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug  1 11:28:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd447c5c76ec57c3e6d372e8e21077e6485c99b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3b:88:80:5b:6e:ba:5f:28:76:f6:45:aa:fe:
                    f5:da:43:27:14:a3:04:7e:87:3c:37:d8:c4:66:bc:
                    37:48:14:ee:d6:e3:85:56:f1:45:f8:ac:7a:d5:65:
                    4a:99:be:5f:1d:72:c2:71:e8:c0:eb:e5:0c:aa:46:
                    67:1a:32:b7:36:28:bb:1f:ff:fe:01:21:18:a0:ac:
                    b9:f7:36:2a:08:63:76:7e:42:e9:8f:be:21:8d:e0:
                    4b:55:05:40:ac:b9:5a:c9:38:23:0c:20:19:b7:43:
                    36:00:d8:ed:94:a7:44:b2:f2:1b:3f:54:2a:6c:10:
                    4b:c8:f0:37:04:99:59:4c:80:41:d3:8b:cd:28:2e:
                    aa:46:94:4a:33:1a:a7:53:d1:0a:41:78:d8:9d:e1:
                    e4:64:ab:13:e0:ce:fe:2f:10:77:e7:08:2f:dc:74:
                    0b:69:99:ff:8d:c7:78:c4:d8:ac:7c:49:77:e3:bc:
                    d5:33:9d:c2:c9:aa:75:dd:00:c8:d2:80:1c:98:c1:
                    0d:c6:6e:dd:e0:cf:fe:71:5f:9c:ed:f2:fd:6f:54:
                    59:2b:05:6b:76:d8:a5:cb:c0:aa:74:9a:91:a6:ea:
                    22:86:70:62:7a:88:a1:91:55:51:4f:6c:74:ac:1a:
                    ef:83:47:4e:db:49:89:70:16:76:7e:bd:35:2c:0d:
                    52:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:44:7C:5C:76:EC:57:C3:E6:D3:72:E8:E2:10:77:E6:48:5C:99:B3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3UR8XHbsV8Pm03Lo4hB35khcmbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:700::/44
                  2a06:de00:7f1::/48
                  2a0e:97c0:4c1::-2a0e:97c0:4c2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         9e:0d:14:67:bb:4e:0c:8d:51:f6:3d:5e:e1:f3:f2:f6:29:ee:
         e4:e3:98:1e:2f:93:9a:f7:bb:34:af:8e:c4:77:92:cc:d9:c4:
         1b:b4:45:2d:aa:9f:a4:c2:7c:0e:47:2f:5e:f8:5e:cd:9f:bc:
         a7:1c:76:07:fd:66:78:94:18:38:e6:36:08:4f:37:62:d1:94:
         40:02:8b:d0:c5:72:6d:a2:78:03:5b:53:a3:a2:20:da:45:85:
         d0:bb:35:ba:a0:f2:32:3a:33:44:21:3e:41:3c:98:e2:0a:98:
         00:fc:9a:45:92:6c:60:64:9e:55:7a:65:7c:a2:cb:c0:43:05:
         93:94:8e:ff:e8:b6:fc:0f:36:a9:3f:62:3a:64:42:b9:2a:67:
         c9:1b:62:47:8f:30:7b:c3:3d:a0:cb:82:aa:8b:65:c2:37:ec:
         16:6e:61:58:29:ae:0d:bd:85:2b:c8:1f:b9:0d:fd:a8:6a:49:
         c5:d0:b5:77:61:80:55:fb:4d:a2:f5:90:c6:38:ff:e9:87:03:
         9b:bf:74:4e:ef:55:e1:a9:a7:dd:58:15:df:4b:96:7e:bc:b6:
         af:3c:84:a1:fe:73:58:de:99:ae:f0:cb:49:8a:84:74:fa:b2:
         1c:79:1e:a9:06:bd:6e:0d:99:48:6e:5b:94:15:9f:0a:d9:89:
         ef:c3:c3:3c
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZhlZAlAR3HaQy3ijX6cebO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwODAxMTEyODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQ0N2M1Yzc2ZWM1N2MzZTZkMzcyZThlMjEwNzdlNjQ4NWM5OWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTuIgFtuul8odvZFqv712kMnFKME
foc8N9jEZrw3SBTu1uOFVvFF+Kx61WVKmb5fHXLCcejA6+UMqkZnGjK3Nii7H//+
ASEYoKy59zYqCGN2fkLpj74hjeBLVQVArLlayTgjDCAZt0M2ANjtlKdEsvIbP1Qq
bBBLyPA3BJlZTIBB04vNKC6qRpRKMxqnU9EKQXjYneHkZKsT4M7+LxB35wgv3HQL
aZn/jcd4xNisfEl347zVM53Cyap13QDI0oAcmMENxm7d4M/+cV+c7fL9b1RZKwVr
dtily8CqdJqRpuoihnBieoihkVVRT2x0rBrvg0dO20mJcBZ2fr01LA1SxwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFN1EfFx27FfD5tNy6OIQd+ZIXJmzMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM1VSOFhIYnNWOFBtMDNMbzRoQjM1a2hjbWJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAAjAmAwcEKgbeAAcA
AwcAKgbeAAfxMBIDBwAqDpfABMEDBwAqDpfABMIwDQYJKoZIhvcNAQELBQADggEB
AJ4NFGe7TgyNUfY9XuHz8vYp7uTjmB4vk5r3uzSvjsR3kszZxBu0RS2qn6TCfA5H
L174Xs2fvKccdgf9ZniUGDjmNghPN2LRlEACi9DFcm2ieANbU6OiINpFhdC7Nbqg
8jI6M0QhPkE8mOIKmAD8mkWSbGBknlV6ZXyiy8BDBZOUjv/otvwPNqk/YjpkQrkq
Z8kbYkePMHvDPaDLgqqLZcI37BZuYVgprg29hSvIH7kN/ahqScXQtXdhgFX7TaL1
kMY4/+mHA5u/dE7vVeGpp91YFd9Lln68tq88hKH+c1jema7wy0mKhHT6shx5HqkG
vW4NmUhuW5QVnwrZie/Dwzw=
-----END CERTIFICATE-----
Generated at Sat Aug 9 01:04:43 2025 by rpki-client