Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/Yk2pXWWJv4sGuxcLppogjSmk248.roa
File:                     Yk2pXWWJv4sGuxcLppogjSmk248.roa (raw, json)
Hash identifier:          i4LHXRMr0CAiEgBhwaeFhn7uPBNJPB2vLXzYJP+HFUw=
Subject key identifier:   62:4D:A9:5D:65:89:BF:8B:06:BB:17:0B:A6:9A:20:8D:29:A4:DB:8F
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       0198853476285B85C5C6D72357468CB43795
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/Yk2pXWWJv4sGuxcLppogjSmk248.roa
Signing time:             Thu 07 Aug 2025 15:44:24 +0000
ROA not before:           Thu 07 Aug 2025 15:44:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206097
IP address blocks:        2a01:ecc0:800::/42 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:85:34:76:28:5b:85:c5:c6:d7:23:57:46:8c:b4:37:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Aug  7 15:44:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=624da95d6589bf8b06bb170ba69a208d29a4db8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ce:c3:00:12:78:41:70:ab:35:ef:a6:d9:5f:
                    3f:83:80:6d:cd:d3:4a:ef:7f:b2:c9:07:b5:8e:9c:
                    31:a4:3f:56:e1:a0:ec:08:79:b3:b7:95:12:a5:f5:
                    50:0d:6a:6a:e9:f2:88:c2:3b:d7:68:8d:4a:dc:9e:
                    ec:a4:db:2e:64:37:96:f2:8c:7b:58:4d:76:98:4c:
                    b9:09:b3:b0:e1:f1:26:1c:16:2c:d3:89:cb:97:1b:
                    43:dc:b2:37:b0:17:6f:93:f4:29:1c:06:ee:f3:0f:
                    87:7b:77:66:ed:b2:e8:9e:04:bc:ac:db:b9:f2:5c:
                    4b:f6:7c:dc:a7:f1:56:ae:19:78:02:48:fd:72:1b:
                    87:3b:00:cf:11:ef:2c:af:b6:e8:c3:5a:72:c8:a9:
                    df:90:8c:d7:6c:cd:00:3f:7c:27:e0:84:98:24:72:
                    b4:6b:3e:4d:e8:bb:1c:b5:4c:17:73:68:dd:7d:e2:
                    83:7e:a2:a3:42:79:70:c5:d5:7d:89:72:b9:7c:d5:
                    b7:0a:d0:74:6b:18:c5:a3:2e:37:6b:08:27:65:d6:
                    d3:77:28:b3:bf:60:44:6e:f6:2a:21:3c:25:62:5b:
                    3b:08:0f:9e:fe:78:51:0f:da:1d:0f:e8:1a:f6:83:
                    7d:83:6d:d0:c5:15:ef:87:23:c4:37:d7:63:76:d6:
                    f4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:4D:A9:5D:65:89:BF:8B:06:BB:17:0B:A6:9A:20:8D:29:A4:DB:8F
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/Yk2pXWWJv4sGuxcLppogjSmk248.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:800::/42

    Signature Algorithm: sha256WithRSAEncryption
         23:62:a3:0d:52:2c:93:15:73:3d:37:d7:b7:28:ba:87:bc:e0:
         ad:67:62:c4:2b:d5:80:e5:bd:91:90:64:8a:b4:b1:9d:3c:96:
         87:1a:c0:ad:ae:41:bb:3e:7f:53:1b:9b:c4:ca:f1:b6:b3:83:
         c5:c3:01:59:17:65:be:bb:26:65:b0:d1:68:a6:4d:72:57:a9:
         7a:2f:66:31:f1:93:c2:ef:a6:8f:29:e0:14:bd:1c:df:4a:37:
         35:0a:7c:b7:d3:bc:f5:fa:01:a5:22:77:77:a6:df:64:81:53:
         4d:bf:47:0c:16:40:f4:1f:3a:ab:e5:da:9e:5b:fb:6e:e3:82:
         45:34:ee:2f:85:f6:1d:df:1f:83:42:b8:27:92:e3:54:a5:f0:
         05:b5:74:11:e2:bd:2d:10:ec:52:1c:a8:33:db:21:b7:49:67:
         2f:8f:c7:7d:ce:25:8d:84:69:e1:31:a2:4b:50:83:fe:9f:60:
         ed:3a:90:6e:ee:00:d2:66:8e:54:1e:44:c6:f2:29:7d:a6:e5:
         e3:1e:cc:21:98:07:26:60:3b:cc:7d:82:d4:68:8f:5e:e8:23:
         12:37:3a:1e:62:94:ca:8d:73:e3:4a:f2:0f:5f:0d:0c:bf:92:
         e4:bd:f0:86:e0:da:51:16:7c:70:ee:0d:d0:c8:80:d9:0d:ae:
         b1:87:76:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZiFNHYoW4XFxtcjV0aMtDeVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUwODA3MTU0NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjRkYTk1ZDY1ODliZjhiMDZiYjE3MGJhNjlhMjA4ZDI5YTRkYjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnc7DABJ4QXCrNe+m2V8/g4BtzdNK
73+yyQe1jpwxpD9W4aDsCHmzt5USpfVQDWpq6fKIwjvXaI1K3J7spNsuZDeW8ox7
WE12mEy5CbOw4fEmHBYs04nLlxtD3LI3sBdvk/QpHAbu8w+He3dm7bLongS8rNu5
8lxL9nzcp/FWrhl4Akj9chuHOwDPEe8sr7bow1pyyKnfkIzXbM0AP3wn4ISYJHK0
az5N6LsctUwXc2jdfeKDfqKjQnlwxdV9iXK5fNW3CtB0axjFoy43awgnZdbTdyiz
v2BEbvYqITwlYls7CA+e/nhRD9odD+ga9oN9g23QxRXvhyPEN9djdtb0SwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGJNqV1lib+LBrsXC6aaII0ppNuPMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvWWsycFhXV0p2NHNHdXhjTHBwb2dqU21rMjQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKgHswAgA
MA0GCSqGSIb3DQEBCwUAA4IBAQAjYqMNUiyTFXM9N9e3KLqHvOCtZ2LEK9WA5b2R
kGSKtLGdPJaHGsCtrkG7Pn9TG5vEyvG2s4PFwwFZF2W+uyZlsNFopk1yV6l6L2Yx
8ZPC76aPKeAUvRzfSjc1Cny307z1+gGlInd3pt9kgVNNv0cMFkD0Hzqr5dqeW/tu
44JFNO4vhfYd3x+DQrgnkuNUpfAFtXQR4r0tEOxSHKgz2yG3SWcvj8d9ziWNhGnh
MaJLUIP+n2DtOpBu7gDSZo5UHkTG8il9puXjHswhmAcmYDvMfYLUaI9e6CMSNzoe
YpTKjXPjSvIPXw0Mv5LkvfCG4NpRFnxw7g3QyIDZDa6xh3ZK
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:48:22 2025 by rpki-client