Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/7747b0-2f95-478a-b2e3-677cb6044563/1/dxY0xMgnrZPFPdIhvpK7XNi03Bw.roa
File:                     dxY0xMgnrZPFPdIhvpK7XNi03Bw.roa (raw, json)
Hash identifier:          TWZjpr/lUtZY8GDwW5uWh6y9SEA92i+QvT7Y+hDT3YI=
Subject key identifier:   77:16:34:C4:C8:27:AD:93:C5:3D:D2:21:BE:92:BB:5C:D8:B4:DC:1C
Certificate issuer:       /CN=7b06870c91f540cdd30aa59598b77bf2938d84d4
Certificate serial:       01983C94AE4E1E0F2A812D686326D3AF6464
Authority key identifier: 7B:06:87:0C:91:F5:40:CD:D3:0A:A5:95:98:B7:7B:F2:93:8D:84:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ewaHDJH1QM3TCqWVmLd78pONhNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/7747b0-2f95-478a-b2e3-677cb6044563/1/dxY0xMgnrZPFPdIhvpK7XNi03Bw.roa
Signing time:             Thu 24 Jul 2025 13:17:13 +0000
ROA not before:           Thu 24 Jul 2025 13:17:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39804
IP address blocks:        193.53.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/7747b0-2f95-478a-b2e3-677cb6044563/1/ewaHDJH1QM3TCqWVmLd78pONhNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/7747b0-2f95-478a-b2e3-677cb6044563/1/ewaHDJH1QM3TCqWVmLd78pONhNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ewaHDJH1QM3TCqWVmLd78pONhNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3c:94:ae:4e:1e:0f:2a:81:2d:68:63:26:d3:af:64:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b06870c91f540cdd30aa59598b77bf2938d84d4
        Validity
            Not Before: Jul 24 13:17:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=771634c4c827ad93c53dd221be92bb5cd8b4dc1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:8d:94:13:2e:e4:3e:cd:ba:3a:5d:13:1c:a7:
                    d5:3b:fe:22:db:c9:9d:47:b2:bd:86:e5:4e:84:f3:
                    0c:2e:ae:b1:06:3f:8c:0a:74:ce:01:d7:c3:bf:9d:
                    dc:b4:92:d3:b1:69:d1:00:44:f0:59:6e:17:84:d7:
                    72:7c:99:29:b7:cb:03:32:b2:48:90:ae:00:1a:ef:
                    c2:32:91:96:f8:70:e1:b1:fa:8d:13:47:24:bb:05:
                    59:da:81:bc:5e:0c:ff:06:ee:b2:34:6b:3d:4a:3f:
                    6e:06:ed:63:d3:a2:fb:0b:e5:35:a1:df:7c:7e:96:
                    f1:88:33:4f:75:80:7c:6b:10:ec:c3:1b:a9:c1:4d:
                    c0:3f:aa:90:4c:f4:33:a4:76:ec:5e:1f:5f:87:e2:
                    e9:dd:98:30:04:d4:18:2b:60:30:7a:7d:bb:7e:b2:
                    93:e2:fb:c1:e7:67:96:fb:3f:60:6d:4c:ff:36:90:
                    9d:d7:b6:c1:23:f9:57:d3:57:80:b1:3c:60:e4:46:
                    69:51:1a:2b:1f:17:2c:94:97:8e:bb:ac:82:46:46:
                    4e:0c:b3:d8:31:7a:9a:15:bb:77:a8:e0:82:b6:91:
                    36:04:b0:e0:e0:8f:f0:63:e2:a8:74:a0:8e:df:d6:
                    06:a7:c0:e2:d5:e1:5f:2a:85:c5:b3:5b:e1:41:99:
                    d2:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:16:34:C4:C8:27:AD:93:C5:3D:D2:21:BE:92:BB:5C:D8:B4:DC:1C
            X509v3 Authority Key Identifier:
                keyid:7B:06:87:0C:91:F5:40:CD:D3:0A:A5:95:98:B7:7B:F2:93:8D:84:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ewaHDJH1QM3TCqWVmLd78pONhNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/7747b0-2f95-478a-b2e3-677cb6044563/1/dxY0xMgnrZPFPdIhvpK7XNi03Bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/7747b0-2f95-478a-b2e3-677cb6044563/1/ewaHDJH1QM3TCqWVmLd78pONhNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b1:99:1c:bc:c5:24:da:ee:86:c3:a0:8c:20:d9:0a:37:c5:
         b4:b8:3a:89:17:3f:f7:86:70:c3:12:d5:82:a7:2e:eb:32:bf:
         9d:1e:91:8a:14:c7:69:18:ff:48:fd:56:2b:90:82:7a:de:bd:
         e9:b2:dc:d9:2b:7d:86:26:96:7e:2b:f1:dc:e0:e1:03:e0:7b:
         ff:be:99:75:d3:cf:df:b8:80:22:57:6c:75:67:2c:2c:6b:2d:
         4b:5d:3c:06:35:99:b6:62:4f:e3:40:85:de:9e:d9:56:5d:dc:
         9b:e1:20:2b:56:22:17:d5:bf:0a:e0:46:c2:e6:3a:7a:3e:52:
         7a:72:20:c8:bb:b2:d0:4c:5b:f7:93:72:06:1c:1d:df:ad:72:
         ec:e9:e1:c7:71:53:25:0d:37:60:e6:cc:f4:8d:b1:09:a2:de:
         43:9d:68:f9:3a:9c:e4:c1:40:d5:16:2c:3d:7a:2d:a6:ce:ef:
         a4:3d:d2:ec:34:9e:e8:67:65:9b:12:29:6c:5f:6f:26:60:c0:
         7a:39:25:4b:c9:40:3f:f7:1c:10:ce:41:e0:58:9a:52:67:be:
         f1:cb:dd:25:c9:8b:29:a0:25:a1:98:62:9d:9e:b9:21:ad:ed:
         e0:be:22:67:27:8e:20:b6:07:16:70:4c:29:aa:dd:52:1c:10:
         e6:39:60:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg8lK5OHg8qgS1oYybTr2RkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMDY4NzBjOTFmNTQwY2RkMzBhYTU5NTk4Yjc3YmYyOTM4
ZDg0ZDQwHhcNMjUwNzI0MTMxNzEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzE2MzRjNGM4MjdhZDkzYzUzZGQyMjFiZTkyYmI1Y2Q4YjRkYzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl42UEy7kPs26Ol0THKfVO/4i28md
R7K9huVOhPMMLq6xBj+MCnTOAdfDv53ctJLTsWnRAETwWW4XhNdyfJkpt8sDMrJI
kK4AGu/CMpGW+HDhsfqNE0ckuwVZ2oG8Xgz/Bu6yNGs9Sj9uBu1j06L7C+U1od98
fpbxiDNPdYB8axDswxupwU3AP6qQTPQzpHbsXh9fh+Lp3ZgwBNQYK2Awen27frKT
4vvB52eW+z9gbUz/NpCd17bBI/lX01eAsTxg5EZpURorHxcslJeOu6yCRkZODLPY
MXqaFbt3qOCCtpE2BLDg4I/wY+KodKCO39YGp8Di1eFfKoXFs1vhQZnSTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcWNMTIJ62TxT3SIb6Su1zYtNwcMB8GA1UdIwQY
MBaAFHsGhwyR9UDN0wqllZi3e/KTjYTUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXdhSERKSDFRTTNUQ3FXVm1MZDc4cE9OaE5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy83NzQ3YjAtMmY5NS00NzhhLWIyZTMt
Njc3Y2I2MDQ0NTYzLzEvZHhZMHhNZ25yWlBGUGRJaHZwSzdYTmkwM0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy83NzQ3YjAtMmY5NS00NzhhLWIyZTMtNjc3Y2I2MDQ0NTYz
LzEvZXdhSERKSDFRTTNUQ3FXVm1MZDc4cE9OaE5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTXZMA0G
CSqGSIb3DQEBCwUAA4IBAQAzsZkcvMUk2u6Gw6CMINkKN8W0uDqJFz/3hnDDEtWC
py7rMr+dHpGKFMdpGP9I/VYrkIJ63r3pstzZK32GJpZ+K/Hc4OED4Hv/vpl108/f
uIAiV2x1Zywsay1LXTwGNZm2Yk/jQIXentlWXdyb4SArViIX1b8K4EbC5jp6PlJ6
ciDIu7LQTFv3k3IGHB3frXLs6eHHcVMlDTdg5sz0jbEJot5DnWj5OpzkwUDVFiw9
ei2mzu+kPdLsNJ7oZ2WbEilsX28mYMB6OSVLyUA/9xwQzkHgWJpSZ77xy90lyYsp
oCWhmGKdnrkhre3gviJnJ44gtgcWcEwpqt1SHBDmOWBy
-----END CERTIFICATE-----
Generated at Sat Aug 9 23:11:54 2025 by rpki-client