Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/e792b0-0f79-4fa2-a5cb-94dbf3fd0e2d/1/OZJAkQeWPGiu0MMG4YGewg2oUhI.roa
File:                     OZJAkQeWPGiu0MMG4YGewg2oUhI.roa (raw, json)
Hash identifier:          kvD4Jh7HATnFEhZqQFNvhTQZ3Ir8ynHCKw0hu3/CQds=
Subject key identifier:   39:92:40:91:07:96:3C:68:AE:D0:C3:06:E1:81:9E:C2:0D:A8:52:12
Certificate issuer:       /CN=0a4a861d7c14b4ca5e6d1c7d60aaeeb32ea8ef61
Certificate serial:       01985627DA0F5E2579E10E5727221B3F1980
Authority key identifier: 0A:4A:86:1D:7C:14:B4:CA:5E:6D:1C:7D:60:AA:EE:B3:2E:A8:EF:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkqGHXwUtMpebRx9YKrusy6o72E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/e792b0-0f79-4fa2-a5cb-94dbf3fd0e2d/1/OZJAkQeWPGiu0MMG4YGewg2oUhI.roa
Signing time:             Tue 29 Jul 2025 12:28:28 +0000
ROA not before:           Tue 29 Jul 2025 12:28:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12540
IP address blocks:        212.64.160.0/19 maxlen: 19
                          212.64.160.0/24 maxlen: 24
                          212.64.161.0/24 maxlen: 24
                          212.64.162.0/24 maxlen: 24
                          212.64.163.0/24 maxlen: 24
                          212.64.164.0/24 maxlen: 24
                          212.64.165.0/24 maxlen: 24
                          212.64.166.0/24 maxlen: 24
                          212.64.167.0/24 maxlen: 24
                          212.64.168.0/24 maxlen: 24
                          212.64.169.0/24 maxlen: 24
                          212.64.170.0/24 maxlen: 24
                          212.64.171.0/24 maxlen: 24
                          212.64.172.0/24 maxlen: 24
                          212.64.173.0/24 maxlen: 24
                          212.64.174.0/24 maxlen: 24
                          212.64.175.0/24 maxlen: 24
                          212.64.176.0/24 maxlen: 24
                          212.64.177.0/24 maxlen: 24
                          212.64.178.0/24 maxlen: 24
                          212.64.179.0/24 maxlen: 24
                          212.64.180.0/24 maxlen: 24
                          212.64.181.0/24 maxlen: 24
                          212.64.182.0/24 maxlen: 24
                          212.64.183.0/24 maxlen: 24
                          212.64.184.0/24 maxlen: 24
                          212.64.185.0/24 maxlen: 24
                          212.64.186.0/24 maxlen: 24
                          212.64.187.0/24 maxlen: 24
                          212.64.188.0/24 maxlen: 24
                          212.64.189.0/24 maxlen: 24
                          212.64.190.0/24 maxlen: 24
                          212.64.191.0/24 maxlen: 24
                          2a0d:fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/e792b0-0f79-4fa2-a5cb-94dbf3fd0e2d/1/CkqGHXwUtMpebRx9YKrusy6o72E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/e792b0-0f79-4fa2-a5cb-94dbf3fd0e2d/1/CkqGHXwUtMpebRx9YKrusy6o72E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CkqGHXwUtMpebRx9YKrusy6o72E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:56:27:da:0f:5e:25:79:e1:0e:57:27:22:1b:3f:19:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a4a861d7c14b4ca5e6d1c7d60aaeeb32ea8ef61
        Validity
            Not Before: Jul 29 12:28:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3992409107963c68aed0c306e1819ec20da85212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:12:84:d8:4b:30:aa:d1:8e:e1:88:98:89:be:
                    0f:d8:2a:ac:f8:a2:e6:ec:45:66:83:72:eb:66:45:
                    cc:5b:fb:79:0a:45:54:33:44:eb:ff:4a:cf:9e:95:
                    cc:af:8e:df:2b:b4:d1:12:c4:c7:b5:87:81:bd:1d:
                    b0:71:af:b4:a2:a1:db:8d:6e:b8:6d:f2:41:6d:aa:
                    fd:54:02:d6:c1:96:4a:ed:d6:01:3b:9d:b6:a9:72:
                    ef:15:69:ba:ee:bb:13:83:8d:27:c6:6d:45:6a:b4:
                    04:58:4c:a6:24:0c:dd:d2:36:d4:5d:ee:ac:54:5d:
                    e0:83:4d:53:7f:db:20:19:a4:5e:0e:06:db:38:d6:
                    b1:25:a9:b4:9e:75:86:6d:88:73:79:1f:47:bd:b6:
                    d1:39:27:d0:b6:de:3f:6a:6c:e6:91:57:74:7a:7f:
                    09:bf:14:05:0a:7a:60:21:66:d3:47:2f:fc:bd:3a:
                    b3:93:3d:08:74:d9:7a:34:17:e2:89:f5:c3:5b:ef:
                    9a:0a:ea:b3:33:7b:01:0c:f7:70:80:f3:d9:e6:61:
                    ec:e0:ae:5d:12:82:b0:3e:28:9e:12:21:66:c1:7a:
                    9d:bb:79:94:2c:73:c4:95:4e:89:98:e6:2f:b4:29:
                    ef:90:12:11:c2:a0:e9:6f:11:90:12:c4:41:79:b7:
                    54:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:92:40:91:07:96:3C:68:AE:D0:C3:06:E1:81:9E:C2:0D:A8:52:12
            X509v3 Authority Key Identifier:
                keyid:0A:4A:86:1D:7C:14:B4:CA:5E:6D:1C:7D:60:AA:EE:B3:2E:A8:EF:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkqGHXwUtMpebRx9YKrusy6o72E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/e792b0-0f79-4fa2-a5cb-94dbf3fd0e2d/1/OZJAkQeWPGiu0MMG4YGewg2oUhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/e792b0-0f79-4fa2-a5cb-94dbf3fd0e2d/1/CkqGHXwUtMpebRx9YKrusy6o72E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.160.0/19
                IPv6:
                  2a0d:fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:d5:54:0e:da:96:93:3d:19:ae:af:a7:9e:e8:1a:93:b8:70:
         97:87:53:35:38:59:7e:61:3b:f5:9a:b7:69:f7:d5:fa:5e:34:
         8f:1b:92:94:1a:83:c8:ba:a3:09:97:76:be:25:97:29:b1:f5:
         ae:91:7f:be:c3:2d:94:2c:95:79:2b:aa:f4:b1:bd:b2:c1:d8:
         e4:47:5d:7f:19:3d:37:fb:33:50:d6:b6:e3:5f:50:73:ca:e5:
         fc:07:6d:f4:0c:80:47:f9:83:af:19:c4:de:bd:89:07:0d:45:
         c4:05:79:f0:be:8e:b2:6b:03:ee:2c:cf:35:3b:ca:c0:74:8e:
         5a:0b:06:1c:f5:f7:7d:7a:2b:a9:16:ca:31:0c:78:72:03:90:
         50:26:ba:d3:24:3e:7c:80:f6:68:71:ff:e0:89:86:cd:a1:a1:
         24:77:be:91:0a:42:38:92:7d:62:8d:08:d7:64:e0:ba:3c:c3:
         63:dc:da:fc:0f:a4:10:b4:d9:a9:5d:1f:ea:65:68:23:84:d4:
         d7:5c:b6:75:82:9b:24:ee:a6:0e:c5:60:54:e5:24:e6:d0:70:
         ce:59:cd:22:e8:1b:1b:b2:16:93:03:c6:22:e5:ae:a6:e6:ef:
         ad:05:0d:0c:3f:75:ae:b7:9e:bb:b3:95:41:2e:85:71:ba:c6:
         52:b9:17:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZhWJ9oPXiV54Q5XJyIbPxmAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNGE4NjFkN2MxNGI0Y2E1ZTZkMWM3ZDYwYWFlZWIzMmVh
OGVmNjEwHhcNMjUwNzI5MTIyODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTkyNDA5MTA3OTYzYzY4YWVkMGMzMDZlMTgxOWVjMjBkYTg1MjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBKE2EswqtGO4YiYib4P2Cqs+KLm
7EVmg3LrZkXMW/t5CkVUM0Tr/0rPnpXMr47fK7TREsTHtYeBvR2wca+0oqHbjW64
bfJBbar9VALWwZZK7dYBO522qXLvFWm67rsTg40nxm1FarQEWEymJAzd0jbUXe6s
VF3gg01Tf9sgGaReDgbbONaxJam0nnWGbYhzeR9HvbbROSfQtt4/amzmkVd0en8J
vxQFCnpgIWbTRy/8vTqzkz0IdNl6NBfiifXDW++aCuqzM3sBDPdwgPPZ5mHs4K5d
EoKwPiieEiFmwXqdu3mULHPElU6JmOYvtCnvkBIRwqDpbxGQEsRBebdUiQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDmSQJEHljxortDDBuGBnsINqFISMB8GA1UdIwQY
MBaAFApKhh18FLTKXm0cfWCq7rMuqO9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2txR0hYd1V0TXBlYlJ4OVlLcnVzeTZvNzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9lNzkyYjAtMGY3OS00ZmEyLWE1Y2It
OTRkYmYzZmQwZTJkLzEvT1pKQWtRZVdQR2l1ME1NRzRZR2V3ZzJvVWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9lNzkyYjAtMGY3OS00ZmEyLWE1Y2ItOTRkYmYzZmQwZTJk
LzEvQ2txR0hYd1V0TXBlYlJ4OVlLcnVzeTZvNzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1ECgMA0E
AgACMAcDBQMqDQ/AMA0GCSqGSIb3DQEBCwUAA4IBAQBi1VQO2paTPRmur6ee6BqT
uHCXh1M1OFl+YTv1mrdp99X6XjSPG5KUGoPIuqMJl3a+JZcpsfWukX++wy2ULJV5
K6r0sb2ywdjkR11/GT03+zNQ1rbjX1BzyuX8B230DIBH+YOvGcTevYkHDUXEBXnw
vo6yawPuLM81O8rAdI5aCwYc9fd9eiupFsoxDHhyA5BQJrrTJD58gPZocf/giYbN
oaEkd76RCkI4kn1ijQjXZOC6PMNj3Nr8D6QQtNmpXR/qZWgjhNTXXLZ1gpsk7qYO
xWBU5STm0HDOWc0i6BsbshaTA8Yi5a6m5u+tBQ0MP3Wut567s5VBLoVxusZSuRfL
-----END CERTIFICATE-----
Generated at Mon Aug 4 19:04:14 2025 by rpki-client