Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/hdbWZzPv8mKL7ila4Mhuuk01Www.roa
File:                     hdbWZzPv8mKL7ila4Mhuuk01Www.roa (raw, json)
Hash identifier:          CfHG1SiNzylmV2mCUzoHK+y9CvaZseJUgqyvhhx1NeI=
Subject key identifier:   85:D6:D6:67:33:EF:F2:62:8B:EE:29:5A:E0:C8:6E:BA:4D:35:5B:0C
Certificate issuer:       /CN=893afecd711705c476b785d0c86ef54c2124354c
Certificate serial:       019850EB27398B2FEF06E19EB91C33864F56
Authority key identifier: 89:3A:FE:CD:71:17:05:C4:76:B7:85:D0:C8:6E:F5:4C:21:24:35:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iTr-zXEXBcR2t4XQyG71TCEkNUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/hdbWZzPv8mKL7ila4Mhuuk01Www.roa
Signing time:             Mon 28 Jul 2025 12:04:04 +0000
ROA not before:           Mon 28 Jul 2025 12:04:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20546
IP address blocks:        139.29.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/iTr-zXEXBcR2t4XQyG71TCEkNUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/iTr-zXEXBcR2t4XQyG71TCEkNUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iTr-zXEXBcR2t4XQyG71TCEkNUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:eb:27:39:8b:2f:ef:06:e1:9e:b9:1c:33:86:4f:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=893afecd711705c476b785d0c86ef54c2124354c
        Validity
            Not Before: Jul 28 12:04:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85d6d66733eff2628bee295ae0c86eba4d355b0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:be:5e:98:90:c7:f6:33:f7:8a:dc:7f:98:c7:
                    3c:a1:79:17:44:d2:6b:18:4c:0e:2a:1c:d5:1e:eb:
                    78:ee:e9:93:dc:ef:e7:31:f3:4b:2f:60:65:f4:97:
                    3e:40:cb:e7:92:56:0e:08:b9:f9:a2:b3:be:33:e5:
                    c9:6e:8d:ef:88:32:36:1b:5f:0b:cf:7d:33:74:41:
                    5c:02:9b:ce:27:0b:06:b9:c6:38:16:7b:6c:fa:05:
                    08:65:bd:21:58:58:dd:95:2a:61:c3:28:ef:7f:56:
                    99:0d:97:e9:ad:89:96:c0:a7:ca:2e:e5:14:ab:87:
                    49:f7:03:a8:e2:49:a3:0e:5f:d1:01:83:2b:88:8e:
                    5d:5b:3d:67:22:e0:2b:8e:5f:c6:e9:2e:5e:72:68:
                    7f:f4:41:a5:dc:c0:eb:6e:62:f0:4c:6d:95:30:8d:
                    95:1f:5d:ec:75:31:ab:8b:67:e8:16:38:62:2a:4e:
                    6a:aa:7c:d1:71:11:38:72:23:ee:c0:3f:17:a0:d2:
                    65:02:0f:c9:89:55:c0:ba:6d:0f:18:e6:bc:f3:e8:
                    ea:ed:03:61:98:bc:0c:89:a5:50:d1:d6:f1:13:ee:
                    cf:02:6a:83:a7:aa:ca:9e:84:f2:68:e5:b7:10:d6:
                    d3:70:4c:5f:d0:bf:10:6d:a8:d4:52:3f:b1:5f:19:
                    c0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:D6:D6:67:33:EF:F2:62:8B:EE:29:5A:E0:C8:6E:BA:4D:35:5B:0C
            X509v3 Authority Key Identifier:
                keyid:89:3A:FE:CD:71:17:05:C4:76:B7:85:D0:C8:6E:F5:4C:21:24:35:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iTr-zXEXBcR2t4XQyG71TCEkNUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/hdbWZzPv8mKL7ila4Mhuuk01Www.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/ca3b5f-0221-43ad-8abd-1c13206a8123/1/iTr-zXEXBcR2t4XQyG71TCEkNUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.29.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d4:27:55:9e:0b:90:68:bf:fb:a8:2a:33:e9:34:8e:d5:40:
         f7:bc:fd:d5:79:b4:d2:a5:d6:c5:12:d9:d0:61:ac:b1:d9:5f:
         25:ec:cd:29:85:3f:73:17:de:a7:f6:3e:c8:d6:b2:cd:0d:c2:
         50:03:f2:73:44:7e:95:61:6c:58:36:67:22:f0:bb:ba:21:04:
         00:25:ea:67:e2:ac:4b:c7:2a:f4:c9:c8:d0:9c:6c:f3:55:f9:
         f4:da:d1:5c:fb:63:e7:ac:67:3d:9d:63:d6:98:ed:06:b9:fb:
         82:a8:19:aa:4c:7b:6a:3a:40:a2:e7:0e:92:c0:77:55:fd:a3:
         ea:50:de:b7:07:78:26:dc:d0:fb:e4:0d:46:b9:94:2c:d2:4f:
         a6:2a:5d:0b:18:41:48:82:a4:68:a1:ec:4b:02:17:4d:de:5c:
         1b:2f:90:54:30:d3:5c:f0:72:40:fd:05:a3:59:37:02:02:d4:
         5a:f2:d3:06:17:a8:61:66:11:46:51:dd:ba:38:71:38:6a:85:
         03:1d:77:6b:d5:92:27:0b:88:ef:55:5b:29:43:d7:70:b6:a7:
         d6:43:b3:65:bb:b8:59:69:b6:ed:68:92:15:ec:9c:42:7d:db:
         55:fc:8c:33:c4:05:94:99:47:e9:18:a8:21:62:50:78:52:11:
         27:8b:e9:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhQ6yc5iy/vBuGeuRwzhk9WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5M2FmZWNkNzExNzA1YzQ3NmI3ODVkMGM4NmVmNTRjMjEy
NDM1NGMwHhcNMjUwNzI4MTIwNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWQ2ZDY2NzMzZWZmMjYyOGJlZTI5NWFlMGM4NmViYTRkMzU1YjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArL5emJDH9jP3itx/mMc8oXkXRNJr
GEwOKhzVHut47umT3O/nMfNLL2Bl9Jc+QMvnklYOCLn5orO+M+XJbo3viDI2G18L
z30zdEFcApvOJwsGucY4Fnts+gUIZb0hWFjdlSphwyjvf1aZDZfprYmWwKfKLuUU
q4dJ9wOo4kmjDl/RAYMriI5dWz1nIuArjl/G6S5ecmh/9EGl3MDrbmLwTG2VMI2V
H13sdTGri2foFjhiKk5qqnzRcRE4ciPuwD8XoNJlAg/JiVXAum0PGOa88+jq7QNh
mLwMiaVQ0dbxE+7PAmqDp6rKnoTyaOW3ENbTcExf0L8QbajUUj+xXxnAQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXW1mcz7/Jii+4pWuDIbrpNNVsMMB8GA1UdIwQY
MBaAFIk6/s1xFwXEdreF0Mhu9UwhJDVMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVRyLXpYRVhCY1IydDRYUXlHNzFUQ0VrTlV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9jYTNiNWYtMDIyMS00M2FkLThhYmQt
MWMxMzIwNmE4MTIzLzEvaGRiV1p6UHY4bUtMN2lsYTRNaHV1azAxV3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9jYTNiNWYtMDIyMS00M2FkLThhYmQtMWMxMzIwNmE4MTIz
LzEvaVRyLXpYRVhCY1IydDRYUXlHNzFUQ0VrTlV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAix1/MA0G
CSqGSIb3DQEBCwUAA4IBAQB81CdVnguQaL/7qCoz6TSO1UD3vP3VebTSpdbFEtnQ
Yayx2V8l7M0phT9zF96n9j7I1rLNDcJQA/JzRH6VYWxYNmci8Lu6IQQAJepn4qxL
xyr0ycjQnGzzVfn02tFc+2PnrGc9nWPWmO0GufuCqBmqTHtqOkCi5w6SwHdV/aPq
UN63B3gm3ND75A1GuZQs0k+mKl0LGEFIgqRooexLAhdN3lwbL5BUMNNc8HJA/QWj
WTcCAtRa8tMGF6hhZhFGUd26OHE4aoUDHXdr1ZInC4jvVVspQ9dwtqfWQ7Nlu7hZ
abbtaJIV7JxCfdtV/IwzxAWUmUfpGKghYlB4UhEni+lf
-----END CERTIFICATE-----
Generated at Wed Aug 6 05:56:35 2025 by rpki-client