Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/mEjb7YolVkNoRPc7NFh2s3n4ofI.roa
File:                     mEjb7YolVkNoRPc7NFh2s3n4ofI.roa (raw, json)
Hash identifier:          YkFvSAFSbMEKapQ4QmCFtptbDTMKOkrwWyOA+WEx7Vw=
Subject key identifier:   98:48:DB:ED:8A:25:56:43:68:44:F7:3B:34:58:76:B3:79:F8:A1:F2
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       01987FDBFADC178800BF27571F68C65C5265
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/mEjb7YolVkNoRPc7NFh2s3n4ofI.roa
Signing time:             Wed 06 Aug 2025 14:49:39 +0000
ROA not before:           Wed 06 Aug 2025 14:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35704
IP address blocks:        2a02:11ff:400::/46 maxlen: 46
                          2a02:11ff:404::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 08:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:db:fa:dc:17:88:00:bf:27:57:1f:68:c6:5c:52:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Aug  6 14:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9848dbed8a2556436844f73b345876b379f8a1f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c7:89:1b:82:d9:03:ae:81:2c:1c:47:6b:d2:
                    55:ce:fc:cc:73:a9:9a:b4:7d:ff:4b:12:7b:79:b2:
                    48:ea:31:17:88:51:e4:bb:ee:7f:cf:44:0d:c7:6c:
                    63:7b:9e:e0:63:e5:73:73:0b:d1:36:a6:a8:31:90:
                    5b:00:f8:ac:a2:c1:e4:3e:78:80:d9:0d:de:d2:e2:
                    f0:04:03:25:c6:f4:81:06:26:b2:d6:70:f5:bb:ce:
                    06:d3:6f:87:f1:bb:9d:44:6b:c7:e9:06:2a:eb:7c:
                    00:50:7d:25:66:df:ad:cb:1d:46:3c:ec:0f:fa:89:
                    36:bf:2a:29:45:4e:84:1a:0e:4f:ac:7c:be:ad:30:
                    ce:ee:dd:44:c2:a6:bb:e0:43:f1:56:58:15:13:b8:
                    ad:39:d3:43:fc:99:a9:ed:20:6e:78:99:9e:62:73:
                    e3:2b:57:06:51:f5:3d:1e:8e:1c:77:0c:38:f3:ec:
                    77:ab:c8:61:e3:5e:1e:65:e7:f7:10:a5:ab:1b:ff:
                    95:a1:da:55:31:36:a7:d4:ba:10:e7:e2:52:18:d9:
                    ce:a7:a8:eb:f8:d7:83:cb:a4:6f:cc:82:a3:2e:e6:
                    8d:51:77:75:05:67:15:75:a6:5b:0d:68:11:76:3b:
                    6f:25:ad:bb:66:9d:7a:06:e0:b0:56:8a:a5:66:bc:
                    70:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:48:DB:ED:8A:25:56:43:68:44:F7:3B:34:58:76:B3:79:F8:A1:F2
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/mEjb7YolVkNoRPc7NFh2s3n4ofI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:11ff:400::/45

    Signature Algorithm: sha256WithRSAEncryption
         4d:00:02:89:77:69:77:2e:f5:ca:ad:1e:ea:20:db:45:d0:78:
         2c:64:99:85:8c:1f:44:77:de:11:79:74:5b:ea:ed:82:0f:4c:
         48:e2:ec:fe:3f:51:85:7f:36:a2:91:ed:40:04:af:79:e6:86:
         41:7c:f1:94:6e:82:90:fd:ef:f8:a5:f3:2b:64:95:9d:ca:38:
         95:e5:4f:24:75:d4:3e:5f:99:e7:fd:f7:5b:06:e3:29:c6:1b:
         c7:89:11:62:b4:ee:34:e7:8e:fd:f8:2a:a0:10:98:f1:2c:8c:
         bc:35:66:5a:a5:9e:ef:d2:8f:5d:4a:36:25:11:89:8b:ee:a6:
         37:fb:24:cd:6b:1c:c5:49:bc:40:3f:15:fc:58:33:b4:01:b7:
         bb:0a:91:13:a8:e8:e1:4e:60:9f:53:26:e5:b2:18:00:f0:01:
         fb:7c:09:a9:4c:dd:41:00:30:9d:b2:f4:6b:98:cc:1a:89:b1:
         56:dd:ec:1a:6e:05:e6:9c:17:36:ae:aa:96:27:fd:1e:ec:b0:
         29:80:bd:7b:21:95:f5:56:39:f9:8a:2c:a2:9f:c4:81:9d:ec:
         17:c4:8a:23:81:b0:2e:ca:9b:70:d9:b7:be:1e:e4:21:50:e6:
         15:e0:ef:6e:5e:c3:d0:c7:b5:f4:42:6f:af:4d:e0:10:a6:d1:
         d0:3c:c1:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZh/2/rcF4gAvydXH2jGXFJlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjUwODA2MTQ0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODQ4ZGJlZDhhMjU1NjQzNjg0NGY3M2IzNDU4NzZiMzc5ZjhhMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuseJG4LZA66BLBxHa9JVzvzMc6ma
tH3/SxJ7ebJI6jEXiFHku+5/z0QNx2xje57gY+VzcwvRNqaoMZBbAPisosHkPniA
2Q3e0uLwBAMlxvSBBiay1nD1u84G02+H8budRGvH6QYq63wAUH0lZt+tyx1GPOwP
+ok2vyopRU6EGg5PrHy+rTDO7t1Ewqa74EPxVlgVE7itOdND/Jmp7SBueJmeYnPj
K1cGUfU9Ho4cdww48+x3q8hh414eZef3EKWrG/+VodpVMTan1LoQ5+JSGNnOp6jr
+NeDy6RvzIKjLuaNUXd1BWcVdaZbDWgRdjtvJa27Zp16BuCwVoqlZrxw/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJhI2+2KJVZDaET3OzRYdrN5+KHyMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvbUVqYjdZb2xWa05vUlBjN05GaDJzM240b2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKgIR/wQA
MA0GCSqGSIb3DQEBCwUAA4IBAQBNAAKJd2l3LvXKrR7qINtF0HgsZJmFjB9Ed94R
eXRb6u2CD0xI4uz+P1GFfzaike1ABK955oZBfPGUboKQ/e/4pfMrZJWdyjiV5U8k
ddQ+X5nn/fdbBuMpxhvHiRFitO405479+CqgEJjxLIy8NWZapZ7v0o9dSjYlEYmL
7qY3+yTNaxzFSbxAPxX8WDO0Abe7CpETqOjhTmCfUyblshgA8AH7fAmpTN1BADCd
svRrmMwaibFW3ewabgXmnBc2rqqWJ/0e7LApgL17IZX1Vjn5iiyin8SBnewXxIoj
gbAuyptw2be+HuQhUOYV4O9uXsPQx7X0Qm+vTeAQptHQPMFs
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:42:07 2025 by rpki-client