Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/YCOxnrJZzRohN18jKfSDMAOgQUI.roa
File:                     YCOxnrJZzRohN18jKfSDMAOgQUI.roa (raw, json)
Hash identifier:          /PrVwAluwlwegI08mKBtFGWqwyRlaqAj4wNKvuzMcSU=
Subject key identifier:   60:23:B1:9E:B2:59:CD:1A:21:37:5F:23:29:F4:83:30:03:A0:41:42
Certificate issuer:       /CN=33b65a8baeba4ff621492ebee6fc1e88adb21b03
Certificate serial:       01983C70144287420FB01978E8F0DD68075F
Authority key identifier: 33:B6:5A:8B:AE:BA:4F:F6:21:49:2E:BE:E6:FC:1E:88:AD:B2:1B:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M7Zai666T_YhSS6-5vweiK2yGwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/YCOxnrJZzRohN18jKfSDMAOgQUI.roa
Signing time:             Thu 24 Jul 2025 12:37:14 +0000
ROA not before:           Thu 24 Jul 2025 12:37:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206226
IP address blocks:        2a14:9d07:100::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/M7Zai666T_YhSS6-5vweiK2yGwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/M7Zai666T_YhSS6-5vweiK2yGwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M7Zai666T_YhSS6-5vweiK2yGwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3c:70:14:42:87:42:0f:b0:19:78:e8:f0:dd:68:07:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33b65a8baeba4ff621492ebee6fc1e88adb21b03
        Validity
            Not Before: Jul 24 12:37:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6023b19eb259cd1a21375f2329f4833003a04142
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1a:2d:6d:62:f6:b5:e1:ba:9f:3a:24:70:ac:
                    86:dd:54:69:2b:95:41:25:1d:61:b4:f9:6f:45:5b:
                    f8:2b:e6:59:30:de:2c:50:00:c8:0c:ef:c9:e9:d5:
                    e8:51:61:18:24:74:b9:a2:78:cd:9c:4e:51:0f:b7:
                    7c:b4:79:c1:e6:15:49:8f:b9:3c:1c:43:b9:b5:82:
                    2f:92:5b:e6:9e:f5:c4:ee:a6:54:8e:b3:6d:7c:78:
                    ab:a0:69:32:2c:6d:35:2b:9b:65:4b:41:a5:f8:c9:
                    96:13:d8:82:95:53:7e:6c:72:e4:c9:b7:e0:24:6d:
                    5c:98:db:e1:07:dc:c3:87:6c:fa:b0:85:7d:29:ec:
                    34:e6:50:73:56:61:96:8a:69:26:a9:e3:d6:83:0a:
                    d8:b4:42:48:4e:bf:9a:68:f7:4a:8c:a9:47:2d:cc:
                    87:27:54:f5:d5:cd:26:90:6b:03:0d:0d:94:17:03:
                    21:e4:78:7d:b7:1a:d2:5e:ff:e5:81:06:53:a3:02:
                    1d:62:b4:1c:2c:d8:96:09:d9:23:6a:f4:d3:52:64:
                    5d:fb:78:f5:8a:1e:71:f2:21:1f:e2:32:d9:28:45:
                    80:eb:1d:29:ca:38:94:8f:cc:0c:88:0f:3b:9c:b7:
                    06:7d:70:97:3d:ff:2c:f9:e9:7a:1d:bc:a5:eb:34:
                    72:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:23:B1:9E:B2:59:CD:1A:21:37:5F:23:29:F4:83:30:03:A0:41:42
            X509v3 Authority Key Identifier:
                keyid:33:B6:5A:8B:AE:BA:4F:F6:21:49:2E:BE:E6:FC:1E:88:AD:B2:1B:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M7Zai666T_YhSS6-5vweiK2yGwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/YCOxnrJZzRohN18jKfSDMAOgQUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/M7Zai666T_YhSS6-5vweiK2yGwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9d07:100::/44

    Signature Algorithm: sha256WithRSAEncryption
         17:61:69:7e:f3:7a:b3:b5:3e:16:2a:61:4c:fc:cc:81:e3:99:
         6a:14:f9:95:b7:9c:e2:c1:81:e8:6e:f8:a2:15:14:10:a9:5f:
         c0:cc:2d:4e:19:62:5c:a6:19:ac:ff:9a:f1:8c:08:ad:20:30:
         12:8a:d4:05:73:0b:cb:6d:e9:11:d0:f3:f5:bb:f6:60:0c:17:
         69:f9:0f:c2:ff:02:f6:1d:30:d8:b4:ab:84:31:33:99:7d:ff:
         d5:ea:f7:ef:b7:4e:ea:08:63:3d:92:5f:95:21:24:82:5d:2a:
         e2:4a:a2:b5:7d:67:89:2b:e2:40:56:9b:c0:cd:68:66:71:38:
         45:ab:96:e2:0e:d2:86:31:ed:33:aa:34:87:6c:23:e8:2c:95:
         a4:e9:04:45:7c:9c:8a:91:dc:c5:77:92:42:9a:e7:11:75:ba:
         ff:50:7d:29:87:ae:ed:3e:f0:73:50:97:af:29:bb:4b:56:a8:
         b5:06:93:62:99:56:5a:56:fa:d5:f2:a2:63:85:41:c7:b7:88:
         48:b1:41:3c:82:2f:83:c1:59:57:30:d4:e9:b5:f3:36:45:e6:
         21:62:24:7c:0e:46:f0:bf:e0:5a:12:2b:e2:d1:5b:43:ab:b1:
         c4:d8:a9:cc:92:13:2d:1d:27:1e:31:74:bd:33:a5:26:31:8f:
         ef:f2:08:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZg8cBRCh0IPsBl46PDdaAdfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYjY1YThiYWViYTRmZjYyMTQ5MmViZWU2ZmMxZTg4YWRi
MjFiMDMwHhcNMjUwNzI0MTIzNzE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDIzYjE5ZWIyNTljZDFhMjEzNzVmMjMyOWY0ODMzMDAzYTA0MTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhotbWL2teG6nzokcKyG3VRpK5VB
JR1htPlvRVv4K+ZZMN4sUADIDO/J6dXoUWEYJHS5onjNnE5RD7d8tHnB5hVJj7k8
HEO5tYIvklvmnvXE7qZUjrNtfHiroGkyLG01K5tlS0Gl+MmWE9iClVN+bHLkybfg
JG1cmNvhB9zDh2z6sIV9Kew05lBzVmGWimkmqePWgwrYtEJITr+aaPdKjKlHLcyH
J1T11c0mkGsDDQ2UFwMh5Hh9txrSXv/lgQZTowIdYrQcLNiWCdkjavTTUmRd+3j1
ih5x8iEf4jLZKEWA6x0pyjiUj8wMiA87nLcGfXCXPf8s+el6Hbyl6zRy4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGAjsZ6yWc0aITdfIyn0gzADoEFCMB8GA1UdIwQY
MBaAFDO2Wouuuk/2IUkuvub8HoitshsDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTdaYWk2NjZUX1loU1M2LTV2d2VpSzJ5R3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9hYWJjNmMtMDQ1Ni00OTM1LWE0Njkt
ZDU0NzE4NTUxMmRlLzEvWUNPeG5ySlp6Um9oTjE4aktmU0RNQU9nUVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9hYWJjNmMtMDQ1Ni00OTM1LWE0NjktZDU0NzE4NTUxMmRl
LzEvTTdaYWk2NjZUX1loU1M2LTV2d2VpSzJ5R3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhSdBwEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAXYWl+83qztT4WKmFM/MyB45lqFPmVt5ziwYHo
bviiFRQQqV/AzC1OGWJcphms/5rxjAitIDASitQFcwvLbekR0PP1u/ZgDBdp+Q/C
/wL2HTDYtKuEMTOZff/V6vfvt07qCGM9kl+VISSCXSriSqK1fWeJK+JAVpvAzWhm
cThFq5biDtKGMe0zqjSHbCPoLJWk6QRFfJyKkdzFd5JCmucRdbr/UH0ph67tPvBz
UJevKbtLVqi1BpNimVZaVvrV8qJjhUHHt4hIsUE8gi+DwVlXMNTptfM2ReYhYiR8
Dkbwv+BaEivi0VtDq7HE2KnMkhMtHSceMXS9M6UmMY/v8ghL
-----END CERTIFICATE-----
Generated at Mon Aug 11 08:46:01 2025 by rpki-client