Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z6akKn-MxYHNkrUsz3vuCnNZ7ts.roa
File:                     Z6akKn-MxYHNkrUsz3vuCnNZ7ts.roa (raw, json)
Hash identifier:          X05LrICuRhEa3Kghw289NiFimyo5+rQreZiSrutVWOk=
Subject key identifier:   67:A6:A4:2A:7F:8C:C5:81:CD:92:B5:2C:CF:7B:EE:0A:73:59:EE:DB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019851D00A8591917351AA3A7DB9C836BBE4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z6akKn-MxYHNkrUsz3vuCnNZ7ts.roa
Signing time:             Mon 28 Jul 2025 16:14:05 +0000
ROA not before:           Mon 28 Jul 2025 16:14:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9318
IP address blocks:        77.107.95.0/24 maxlen: 24
                          82.152.83.0/24 maxlen: 24
                          109.176.10.0/24 maxlen: 24
                          109.176.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:51:d0:0a:85:91:91:73:51:aa:3a:7d:b9:c8:36:bb:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 28 16:14:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67a6a42a7f8cc581cd92b52ccf7bee0a7359eedb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:04:3b:fc:6d:a4:1a:ff:e9:eb:69:62:e4:3a:
                    76:7a:70:35:5c:c5:47:f7:67:47:8a:15:f9:67:1e:
                    2d:d4:f1:14:8c:61:e8:59:48:10:36:bc:e2:1a:3e:
                    67:e1:0b:ef:3d:4c:2d:72:c4:fd:3d:0b:f7:79:dc:
                    18:44:ef:2a:2b:87:a7:c3:7a:2b:61:ec:a2:76:5c:
                    24:a8:16:45:d7:72:f0:39:4e:73:76:67:8a:29:b5:
                    ef:88:95:07:51:7b:17:02:18:da:c6:3b:a8:d4:37:
                    a1:46:13:bc:f8:43:8a:35:15:3f:fb:6f:05:8e:a7:
                    a2:71:b2:01:95:f8:92:71:30:21:8d:d5:80:6f:62:
                    11:c7:4f:f6:df:af:5d:55:fd:90:9f:c0:f9:4d:0e:
                    9d:29:d0:64:12:41:a8:57:3e:70:d6:66:4e:02:3b:
                    17:ff:49:96:db:df:88:a3:92:79:62:9a:dd:07:33:
                    1d:fd:67:8f:5e:bd:33:64:7f:e4:46:5b:a3:a5:1c:
                    50:63:17:3e:93:3c:0f:a8:de:7d:05:53:3c:d2:39:
                    98:f0:17:05:13:19:7c:b3:f8:8d:cd:3c:ea:46:70:
                    f9:d4:c1:fa:b2:06:be:4e:fd:a6:ed:0f:c6:13:2c:
                    7d:51:e1:2f:0c:24:39:87:9d:32:55:a7:36:4b:36:
                    6c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A6:A4:2A:7F:8C:C5:81:CD:92:B5:2C:CF:7B:EE:0A:73:59:EE:DB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z6akKn-MxYHNkrUsz3vuCnNZ7ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.107.95.0/24
                  82.152.83.0/24
                  109.176.10.0/24
                  109.176.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:2e:cb:78:9f:21:47:a7:f0:a1:17:92:a8:3a:23:ad:54:5a:
         1b:37:ef:e5:7e:a8:8c:a9:c4:21:67:04:b5:04:3a:2e:b5:6e:
         da:a6:21:be:ed:6a:3a:2b:89:b5:48:3a:cd:9d:46:a8:31:69:
         fd:b7:1a:b2:3d:ec:d9:5c:ce:bd:47:49:c9:23:59:c6:34:d3:
         57:da:ad:69:ee:60:64:9f:8c:15:d6:da:c6:57:7f:56:54:ad:
         f6:cd:31:ed:47:89:fe:6e:c3:39:4f:1f:4a:d6:c7:2f:a3:56:
         44:2f:60:67:d8:5c:28:3e:e3:7e:d7:78:a3:20:34:e1:8e:e1:
         0b:43:b4:36:d9:7e:bc:13:a0:22:04:43:8b:61:01:61:78:b7:
         4b:60:6e:8a:75:30:88:29:a9:e9:16:6a:86:5c:74:ba:3b:67:
         6a:d3:48:5c:1f:f7:b7:44:0a:ed:12:91:c1:ca:21:49:a9:b1:
         04:37:14:a0:05:eb:6b:62:a9:70:50:e8:4b:d7:d0:5c:a5:a6:
         7d:84:d5:26:c1:82:e8:d8:95:6c:5e:2e:d1:56:ed:af:8b:a7:
         ea:a1:77:4a:71:94:38:5b:84:50:85:74:56:df:73:f3:56:f4:
         a1:5e:03:91:d1:99:a8:ff:f4:28:1d:82:51:54:9f:90:7a:70:
         a0:51:9e:14
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZhR0AqFkZFzUao6fbnINrvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzI4MTYxNDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2E2YTQyYTdmOGNjNTgxY2Q5MmI1MmNjZjdiZWUwYTczNTllZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgQ7/G2kGv/p62li5Dp2enA1XMVH
92dHihX5Zx4t1PEUjGHoWUgQNrziGj5n4QvvPUwtcsT9PQv3edwYRO8qK4enw3or
YeyidlwkqBZF13LwOU5zdmeKKbXviJUHUXsXAhjaxjuo1DehRhO8+EOKNRU/+28F
jqeicbIBlfiScTAhjdWAb2IRx0/2369dVf2Qn8D5TQ6dKdBkEkGoVz5w1mZOAjsX
/0mW29+Io5J5YprdBzMd/WePXr0zZH/kRlujpRxQYxc+kzwPqN59BVM80jmY8BcF
Exl8s/iNzTzqRnD51MH6sga+Tv2m7Q/GEyx9UeEvDCQ5h50yVac2SzZsHQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGempCp/jMWBzZK1LM977gpzWe7bMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWjZha0tuLU14WUhOa3JVc3ozdnVDbk5aN3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQATWtfAwQA
UphTAwQAbbAKAwQAbbCGMA0GCSqGSIb3DQEBCwUAA4IBAQBJLst4nyFHp/ChF5Ko
OiOtVFobN+/lfqiMqcQhZwS1BDoutW7apiG+7Wo6K4m1SDrNnUaoMWn9txqyPezZ
XM69R0nJI1nGNNNX2q1p7mBkn4wV1trGV39WVK32zTHtR4n+bsM5Tx9K1scvo1ZE
L2Bn2FwoPuN+13ijIDThjuELQ7Q22X68E6AiBEOLYQFheLdLYG6KdTCIKanpFmqG
XHS6O2dq00hcH/e3RArtEpHByiFJqbEENxSgBetrYqlwUOhL19BcpaZ9hNUmwYLo
2JVsXi7RVu2vi6fqoXdKcZQ4W4RQhXRW33PzVvShXgOR0Zmo//QoHYJRVJ+QenCg
UZ4U
-----END CERTIFICATE-----
Generated at Thu Aug 7 04:28:47 2025 by rpki-client