Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/8rc38ft7-cghVzgrIG_FEF23U4Y.roa
File:                     8rc38ft7-cghVzgrIG_FEF23U4Y.roa (raw, json)
Hash identifier:          zloCasQf4bNBLab9ps9NdNLvpuuMo4M0OO1zU76wLpY=
Subject key identifier:   F2:B7:37:F1:FB:7B:F9:C8:21:57:38:2B:20:6F:C5:10:5D:B7:53:86
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0198806D8D12A50D9DB940B76BBC4807B7DF
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/8rc38ft7-cghVzgrIG_FEF23U4Y.roa
Signing time:             Wed 06 Aug 2025 17:28:39 +0000
ROA not before:           Wed 06 Aug 2025 17:28:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211009
IP address blocks:        2a12:2cc1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 20:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:80:6d:8d:12:a5:0d:9d:b9:40:b7:6b:bc:48:07:b7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Aug  6 17:28:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2b737f1fb7bf9c82157382b206fc5105db75386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:50:66:0f:3a:fc:bc:7e:6e:43:91:5f:47:60:
                    81:7d:0f:6e:e6:f0:31:6e:74:db:3a:54:e9:d2:6f:
                    41:5f:4a:2c:df:f3:ef:43:fe:ae:8c:ff:3c:21:46:
                    4c:74:98:fc:7c:86:d6:a5:9b:61:f1:62:f9:78:34:
                    47:83:2e:f5:b4:17:53:b9:d2:06:f4:9d:87:7a:26:
                    5a:b4:e1:04:71:9f:0e:09:67:3b:d9:3e:f6:87:3c:
                    f4:03:8c:4c:ce:21:4a:a9:9d:b6:2c:a5:a5:4a:bb:
                    b4:c2:7c:12:1d:07:69:e0:a5:06:fb:cb:58:70:34:
                    ac:6a:bd:4f:07:71:11:3f:8c:8c:0e:6f:e6:80:57:
                    50:b9:d2:e5:f5:14:15:ba:48:16:5e:03:24:19:94:
                    0f:0e:a2:3a:98:78:1f:06:1b:49:2f:bc:6f:65:fd:
                    68:32:43:f1:c0:28:57:d2:70:6d:08:c1:55:4d:b6:
                    e3:ac:28:63:9f:44:a8:4c:e1:a8:a4:61:44:26:1b:
                    00:5e:4a:83:8f:ad:f1:f7:2d:17:b2:8e:c3:4d:c1:
                    aa:6e:98:81:d1:95:b5:54:bf:f7:8c:98:b7:fc:5e:
                    3f:bb:44:3d:96:2c:1b:f2:5f:9f:a9:af:35:9e:e3:
                    fd:0f:65:8c:f4:e8:94:9d:c2:40:93:72:8c:76:52:
                    3e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:B7:37:F1:FB:7B:F9:C8:21:57:38:2B:20:6F:C5:10:5D:B7:53:86
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/8rc38ft7-cghVzgrIG_FEF23U4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:2cc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:54:c9:69:76:f6:72:87:47:f3:4a:64:5e:47:03:c2:58:61:
         de:6a:c4:9e:3c:a0:7c:e1:6e:09:53:aa:de:a3:db:fb:a0:0f:
         07:f4:e2:bd:f9:09:de:b3:0a:2d:59:cf:9c:9e:e5:25:b1:74:
         49:25:e9:09:42:a5:fa:70:cd:10:99:76:4e:8e:ab:8c:71:56:
         20:a2:08:84:ef:c0:40:36:ef:c2:9c:57:5a:09:2a:21:e0:ec:
         ae:db:ae:a6:22:31:d5:21:d9:63:01:e3:ed:b8:1e:d3:02:f2:
         74:c6:c2:11:28:b4:9a:04:4c:fa:d2:cc:1e:b8:40:c7:5d:9d:
         4c:fe:ac:cd:f3:39:51:5f:18:a2:f5:03:47:0f:50:0a:3a:94:
         01:b8:6d:e9:d6:33:b1:f8:b0:b6:49:78:1f:29:8d:72:53:98:
         8d:92:b0:88:a2:d8:11:d8:8c:46:57:b7:b6:c4:7e:43:45:4a:
         b7:7e:c9:7e:d9:39:e6:fd:ec:5a:a4:78:64:9e:14:3d:d0:a2:
         59:fb:93:4a:ff:1e:3d:44:50:dd:18:b8:39:11:c9:64:f2:a0:
         7e:48:cf:17:32:c5:e6:fb:9c:7b:06:98:c1:c8:50:41:57:6f:
         19:f1:57:b5:83:ba:c9:c0:57:9d:ae:37:66:58:ae:f1:f2:ad:
         9b:e8:62:31
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZiAbY0SpQ2duUC3a7xIB7ffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwODA2MTcyODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmI3MzdmMWZiN2JmOWM4MjE1NzM4MmIyMDZmYzUxMDVkYjc1Mzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1BmDzr8vH5uQ5FfR2CBfQ9u5vAx
bnTbOlTp0m9BX0os3/PvQ/6ujP88IUZMdJj8fIbWpZth8WL5eDRHgy71tBdTudIG
9J2HeiZatOEEcZ8OCWc72T72hzz0A4xMziFKqZ22LKWlSru0wnwSHQdp4KUG+8tY
cDSsar1PB3ERP4yMDm/mgFdQudLl9RQVukgWXgMkGZQPDqI6mHgfBhtJL7xvZf1o
MkPxwChX0nBtCMFVTbbjrChjn0SoTOGopGFEJhsAXkqDj63x9y0Xso7DTcGqbpiB
0ZW1VL/3jJi3/F4/u0Q9liwb8l+fqa81nuP9D2WM9OiUncJAk3KMdlI+swIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPK3N/H7e/nIIVc4KyBvxRBdt1OGMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvOHJjMzhmdDctY2doVnpncklHX0ZFRjIzVTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhIswTAN
BgkqhkiG9w0BAQsFAAOCAQEAm1TJaXb2codH80pkXkcDwlhh3mrEnjygfOFuCVOq
3qPb+6APB/TivfkJ3rMKLVnPnJ7lJbF0SSXpCUKl+nDNEJl2To6rjHFWIKIIhO/A
QDbvwpxXWgkqIeDsrtuupiIx1SHZYwHj7bge0wLydMbCESi0mgRM+tLMHrhAx12d
TP6szfM5UV8YovUDRw9QCjqUAbht6dYzsfiwtkl4HymNclOYjZKwiKLYEdiMRle3
tsR+Q0VKt37Jftk55v3sWqR4ZJ4UPdCiWfuTSv8ePURQ3Ri4ORHJZPKgfkjPFzLF
5vucewaYwchQQVdvGfFXtYO6ycBXna43Zliu8fKtm+hiMQ==
-----END CERTIFICATE-----
Generated at Mon Aug 11 04:08:13 2025 by rpki-client