Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/eba0b9-6275-426c-8b10-95db9bf63763/1/fQnNiPgnrExlgGixhIK5k0FYGr8.roa
File:                     fQnNiPgnrExlgGixhIK5k0FYGr8.roa (raw, json)
Hash identifier:          g9xiA7oNRTWzFjyPXSwcVbHrjtoJGtsiu0z+mGGqspE=
Subject key identifier:   7D:09:CD:88:F8:27:AC:4C:65:80:68:B1:84:82:B9:93:41:58:1A:BF
Certificate issuer:       /CN=cb3bda3877b03bb7af4acf960fdc2f96de891ff1
Certificate serial:       019864CEF073B2DADB28781EA70122F37AB1
Authority key identifier: CB:3B:DA:38:77:B0:3B:B7:AF:4A:CF:96:0F:DC:2F:96:DE:89:1F:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yzvaOHewO7evSs-WD9wvlt6JH_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/eba0b9-6275-426c-8b10-95db9bf63763/1/fQnNiPgnrExlgGixhIK5k0FYGr8.roa
Signing time:             Fri 01 Aug 2025 08:45:40 +0000
ROA not before:           Fri 01 Aug 2025 08:45:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2488
IP address blocks:        147.125.0.0/17 maxlen: 17
                          2001:67c:1b70::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/eba0b9-6275-426c-8b10-95db9bf63763/1/yzvaOHewO7evSs-WD9wvlt6JH_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/eba0b9-6275-426c-8b10-95db9bf63763/1/yzvaOHewO7evSs-WD9wvlt6JH_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yzvaOHewO7evSs-WD9wvlt6JH_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 08:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:ce:f0:73:b2:da:db:28:78:1e:a7:01:22:f3:7a:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb3bda3877b03bb7af4acf960fdc2f96de891ff1
        Validity
            Not Before: Aug  1 08:45:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d09cd88f827ac4c658068b18482b99341581abf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:96:8c:f0:6f:88:88:d1:df:b8:3f:68:a8:9a:
                    72:d7:06:2e:ad:bc:de:0f:d3:b5:93:cc:c4:f3:3d:
                    b8:99:34:6d:8f:6b:57:14:fe:a5:23:2f:95:e7:34:
                    2e:b1:d7:65:e3:f7:f2:89:d4:6d:76:b0:00:c3:1d:
                    d2:94:c7:b8:81:72:db:32:cc:25:65:ba:23:e9:b5:
                    93:af:81:ab:33:60:b0:24:85:ca:69:12:b7:c9:41:
                    83:b4:4b:13:ed:58:fd:2f:62:d6:05:ec:04:ef:ca:
                    10:0e:c1:31:d7:1a:e6:25:20:22:c0:5e:2e:7b:8e:
                    e9:71:15:ff:da:47:9f:d0:21:1e:18:7f:75:71:a9:
                    d5:41:ee:19:3c:f7:cf:b3:72:2e:ad:43:e9:2f:d2:
                    f7:54:f0:c4:08:61:ef:82:54:ee:1b:c2:f2:f0:de:
                    a3:af:c2:8b:25:d6:22:cc:56:86:70:44:1d:1c:36:
                    18:1a:db:5c:2d:b6:17:0c:8d:3d:57:a1:48:8d:5f:
                    b7:c4:e3:45:0a:ef:d8:e6:1b:ff:bf:a2:21:4d:5d:
                    1c:be:7d:2d:79:39:1a:2f:a6:0f:a6:64:31:31:ef:
                    36:33:50:00:fa:31:36:e1:4e:19:ce:63:c1:d2:4c:
                    c4:3c:40:38:3e:6e:f9:1d:24:a7:08:0b:cb:a2:cc:
                    3c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:09:CD:88:F8:27:AC:4C:65:80:68:B1:84:82:B9:93:41:58:1A:BF
            X509v3 Authority Key Identifier:
                keyid:CB:3B:DA:38:77:B0:3B:B7:AF:4A:CF:96:0F:DC:2F:96:DE:89:1F:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yzvaOHewO7evSs-WD9wvlt6JH_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/eba0b9-6275-426c-8b10-95db9bf63763/1/fQnNiPgnrExlgGixhIK5k0FYGr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/eba0b9-6275-426c-8b10-95db9bf63763/1/yzvaOHewO7evSs-WD9wvlt6JH_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.0.0/17
                IPv6:
                  2001:67c:1b70::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:e9:33:1c:37:cd:b3:c5:d4:a6:00:ab:ec:10:fd:3d:0e:aa:
         ca:b4:09:6f:a1:ce:cd:d9:43:e0:8e:f1:d3:e1:2d:23:4a:6e:
         c7:64:33:59:73:fb:6b:3d:02:d8:86:86:67:22:7b:93:92:26:
         3f:69:a0:de:29:84:47:2c:d7:c6:8e:a3:36:6e:b1:a2:a7:da:
         90:bd:34:74:d0:ea:69:e3:30:7f:ee:bb:82:32:bf:4a:bb:5a:
         27:e1:f2:35:2c:30:15:e3:27:8d:c9:73:81:36:62:75:ca:fa:
         65:a9:11:81:4d:f6:b9:2e:4a:3a:2e:b0:50:6e:58:8e:de:c9:
         e4:84:bc:20:58:0a:cd:a9:91:b9:99:2a:dc:35:e3:57:c9:5e:
         ce:ec:46:6e:c7:cc:43:9c:f0:29:6d:f7:20:f8:11:5a:a1:71:
         b1:a4:e9:97:72:17:fa:b6:e7:8e:7a:fc:a4:63:2a:4e:1c:c2:
         62:36:3b:16:24:d4:cf:d4:24:ca:a8:b5:0d:d1:f1:64:e3:9b:
         4b:01:67:74:c7:88:aa:f1:4f:5d:fb:ef:db:a8:01:ff:c4:7d:
         b6:8d:ba:39:42:5d:a6:be:36:f3:77:3e:6d:bc:cf:93:c9:f3:
         83:27:b5:62:ba:f4:bf:6f:55:02:50:29:54:cd:2e:0b:03:a0:
         41:fa:a6:c7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZhkzvBzstrbKHgepwEi83qxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiM2JkYTM4NzdiMDNiYjdhZjRhY2Y5NjBmZGMyZjk2ZGU4
OTFmZjEwHhcNMjUwODAxMDg0NTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDA5Y2Q4OGY4MjdhYzRjNjU4MDY4YjE4NDgyYjk5MzQxNTgxYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5aM8G+IiNHfuD9oqJpy1wYurbze
D9O1k8zE8z24mTRtj2tXFP6lIy+V5zQusddl4/fyidRtdrAAwx3SlMe4gXLbMswl
Zboj6bWTr4GrM2CwJIXKaRK3yUGDtEsT7Vj9L2LWBewE78oQDsEx1xrmJSAiwF4u
e47pcRX/2kef0CEeGH91canVQe4ZPPfPs3IurUPpL9L3VPDECGHvglTuG8Ly8N6j
r8KLJdYizFaGcEQdHDYYGttcLbYXDI09V6FIjV+3xONFCu/Y5hv/v6IhTV0cvn0t
eTkaL6YPpmQxMe82M1AA+jE24U4ZzmPB0kzEPEA4Pm75HSSnCAvLosw84QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH0JzYj4J6xMZYBosYSCuZNBWBq/MB8GA1UdIwQY
MBaAFMs72jh3sDu3r0rPlg/cL5beiR/xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXp2YU9IZXdPN2V2U3MtV0Q5d3ZsdDZKSF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9lYmEwYjktNjI3NS00MjZjLThiMTAt
OTVkYjliZjYzNzYzLzEvZlFuTmlQZ25yRXhsZ0dpeGhJSzVrMEZZR3I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9lYmEwYjktNjI3NS00MjZjLThiMTAtOTVkYjliZjYzNzYz
LzEveXp2YU9IZXdPN2V2U3MtV0Q5d3ZsdDZKSF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQHk30AMA8E
AgACMAkDBwAgAQZ8G3AwDQYJKoZIhvcNAQELBQADggEBAGTpMxw3zbPF1KYAq+wQ
/T0Oqsq0CW+hzs3ZQ+CO8dPhLSNKbsdkM1lz+2s9AtiGhmcie5OSJj9poN4phEcs
18aOozZusaKn2pC9NHTQ6mnjMH/uu4Iyv0q7Wifh8jUsMBXjJ43Jc4E2YnXK+mWp
EYFN9rkuSjousFBuWI7eyeSEvCBYCs2pkbmZKtw141fJXs7sRm7HzEOc8Clt9yD4
EVqhcbGk6ZdyF/q25456/KRjKk4cwmI2OxYk1M/UJMqotQ3R8WTjm0sBZ3THiKrx
T13779uoAf/EfbaNujlCXaa+NvN3Pm28z5PJ84MntWK69L9vVQJQKVTNLgsDoEH6
psc=
-----END CERTIFICATE-----
Generated at Sun Aug 10 16:05:30 2025 by rpki-client