Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/qy54wvD-UqyI03aLQcqKG-q0PRw.roa
File:                     qy54wvD-UqyI03aLQcqKG-q0PRw.roa (raw, json)
Hash identifier:          yKYBGINVrUtVUmFPJ4gA643gf/r/PoTI448Js0/vezM=
Subject key identifier:   AB:2E:78:C2:F0:FE:52:AC:88:D3:76:8B:41:CA:8A:1B:EA:B4:3D:1C
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       01985F00DE79C3022DA5E904B78BFA01BAAA
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/qy54wvD-UqyI03aLQcqKG-q0PRw.roa
Signing time:             Thu 31 Jul 2025 05:42:29 +0000
ROA not before:           Thu 31 Jul 2025 05:42:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        213.145.68.0/24 maxlen: 24
                          213.145.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5f:00:de:79:c3:02:2d:a5:e9:04:b7:8b:fa:01:ba:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jul 31 05:42:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab2e78c2f0fe52ac88d3768b41ca8a1beab43d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9b:5e:b9:81:5a:ef:4f:e3:ca:b5:ce:52:46:
                    e9:b7:42:8e:c0:40:98:d2:9c:c4:d1:15:fa:59:43:
                    fd:6c:c4:2c:e1:64:05:7f:37:e7:c1:a7:71:74:d8:
                    dd:73:22:79:12:9b:32:57:9d:35:d3:9b:ae:b4:c3:
                    74:fc:75:b1:c3:c4:9b:46:c5:00:90:4a:32:78:33:
                    4e:a2:6d:40:da:b5:a6:db:7c:a7:1f:1a:a3:d3:be:
                    a7:b7:b6:bf:7f:aa:9c:2a:42:e7:98:ae:fa:fb:37:
                    b6:5b:50:33:6a:4d:1d:85:67:76:19:18:f5:56:64:
                    2e:e1:13:c5:c2:9c:dd:52:80:1c:f8:d6:96:27:f1:
                    66:54:3b:1c:7a:80:e7:62:95:65:11:c1:a1:4b:c3:
                    0a:ab:a0:f8:a0:20:b4:75:c3:d7:9a:f8:26:c3:31:
                    be:e5:fe:f5:0e:25:92:e1:26:17:17:34:a2:80:c1:
                    24:1a:64:3a:ec:47:77:d7:f7:fb:c4:65:34:87:f5:
                    c9:f6:b5:1a:fb:ed:31:46:2b:16:73:d8:41:c4:42:
                    03:ca:a7:aa:6f:a4:98:10:3c:18:56:72:b8:22:24:
                    c4:d2:44:94:08:79:bd:0e:28:9a:69:62:21:92:fb:
                    53:66:c2:b2:98:d3:e7:e5:12:4b:68:a9:f7:d2:e0:
                    48:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:2E:78:C2:F0:FE:52:AC:88:D3:76:8B:41:CA:8A:1B:EA:B4:3D:1C
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/qy54wvD-UqyI03aLQcqKG-q0PRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.68.0/24
                  213.145.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e5:37:b5:c5:87:71:f3:7b:0e:82:34:54:db:d0:55:0f:a6:b1:
         0c:03:61:91:7a:e4:36:b8:ce:cc:00:d8:39:d5:3a:18:26:91:
         31:cf:59:73:b6:43:f8:80:20:52:ee:0f:f8:76:bc:77:91:a9:
         60:d7:28:68:ba:06:c3:2f:85:a4:d8:05:67:34:c1:c8:94:58:
         4c:af:b0:bc:27:bd:09:6b:bf:7e:50:e2:af:88:ed:c1:2f:e3:
         20:54:5f:48:20:29:ac:20:2d:02:f0:68:a9:1c:44:3d:e0:3e:
         c9:e1:8d:b3:00:15:9a:ac:6c:e7:d1:3c:6e:69:f7:74:71:59:
         d3:6e:a1:9b:97:15:80:0c:d3:5c:d1:82:26:e9:b4:2e:a5:0d:
         ea:80:86:cd:ce:e9:81:e2:ee:50:3e:0a:62:37:25:72:a9:32:
         e3:07:ac:14:10:f5:77:f7:8c:e1:20:ea:53:52:44:fe:81:48:
         2b:f8:3a:40:ea:a9:88:c9:91:90:e4:8e:52:6f:80:dc:a2:6e:
         2f:f0:70:b8:01:99:b4:59:4c:ea:1f:1c:a9:9d:97:cf:aa:c7:
         04:99:2e:ec:65:f6:6d:32:ee:05:67:f6:18:33:08:fd:8b:52:
         72:55:59:85:dc:eb:16:b5:71:2a:27:82:50:e8:e9:2c:96:cb:
         56:6e:8c:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhfAN55wwItpekEt4v6AbqqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjUwNzMxMDU0MjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjJlNzhjMmYwZmU1MmFjODhkMzc2OGI0MWNhOGExYmVhYjQzZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5teuYFa70/jyrXOUkbpt0KOwECY
0pzE0RX6WUP9bMQs4WQFfzfnwadxdNjdcyJ5EpsyV50105uutMN0/HWxw8SbRsUA
kEoyeDNOom1A2rWm23ynHxqj076nt7a/f6qcKkLnmK76+ze2W1Azak0dhWd2GRj1
VmQu4RPFwpzdUoAc+NaWJ/FmVDsceoDnYpVlEcGhS8MKq6D4oCC0dcPXmvgmwzG+
5f71DiWS4SYXFzSigMEkGmQ67Ed31/f7xGU0h/XJ9rUa++0xRisWc9hBxEIDyqeq
b6SYEDwYVnK4IiTE0kSUCHm9DiiaaWIhkvtTZsKymNPn5RJLaKn30uBI1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKsueMLw/lKsiNN2i0HKihvqtD0cMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvcXk1NHd2RC1VcXlJMDNhTFFjcUtHLXEwUFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1ZFEAwQA
1ZFSMA0GCSqGSIb3DQEBCwUAA4IBAQDlN7XFh3Hzew6CNFTb0FUPprEMA2GReuQ2
uM7MANg51ToYJpExz1lztkP4gCBS7g/4drx3kalg1yhougbDL4Wk2AVnNMHIlFhM
r7C8J70Ja79+UOKviO3BL+MgVF9IICmsIC0C8GipHEQ94D7J4Y2zABWarGzn0Txu
afd0cVnTbqGblxWADNNc0YIm6bQupQ3qgIbNzumB4u5QPgpiNyVyqTLjB6wUEPV3
94zhIOpTUkT+gUgr+DpA6qmIyZGQ5I5Sb4Dcom4v8HC4AZm0WUzqHxypnZfPqscE
mS7sZfZtMu4FZ/YYMwj9i1JyVVmF3OsWtXEqJ4JQ6OkslstWbozU
-----END CERTIFICATE-----
Generated at Mon Aug 4 19:15:44 2025 by rpki-client