Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/k4yKqIR7cQItxrDu_gDWC-myYX0.roa
File:                     k4yKqIR7cQItxrDu_gDWC-myYX0.roa (raw, json)
Hash identifier:          xhdvsy13/3L8cbu2Dvi5ab7FoTe57YZRZZmouEau4sA=
Subject key identifier:   93:8C:8A:A8:84:7B:71:02:2D:C6:B0:EE:FE:00:D6:0B:E9:B2:61:7D
Certificate issuer:       /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial:       0198798DBE191CE88353C63A05DB269542DA
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/k4yKqIR7cQItxrDu_gDWC-myYX0.roa
Signing time:             Tue 05 Aug 2025 09:26:29 +0000
ROA not before:           Tue 05 Aug 2025 09:26:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35263
IP address blocks:        86.109.64.0/21 maxlen: 21
                          86.109.72.0/23 maxlen: 23
                          2a00:1b90::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 16:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:79:8d:be:19:1c:e8:83:53:c6:3a:05:db:26:95:42:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
        Validity
            Not Before: Aug  5 09:26:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=938c8aa8847b71022dc6b0eefe00d60be9b2617d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b1:c9:88:97:69:ac:41:a2:e8:6f:1e:04:d7:
                    6a:b0:6d:f7:82:75:3b:d4:9d:d8:61:df:39:b4:18:
                    29:b6:e6:08:d8:1c:74:43:1f:18:4b:57:06:7e:ee:
                    3c:18:6f:2f:c8:71:a3:28:ce:00:08:77:a8:93:01:
                    1a:d5:9d:3d:45:97:dc:5d:2a:ba:6d:54:bd:4c:b4:
                    ab:b9:8e:b5:42:4e:14:36:11:18:45:49:05:f8:be:
                    31:0a:71:17:c8:f7:96:8e:19:ea:96:73:16:8b:d7:
                    a9:0a:7d:7c:f0:cb:bd:ab:77:0c:34:fa:7f:85:af:
                    c0:c7:b6:44:5c:7d:03:46:ea:3c:8f:65:a6:33:8d:
                    fc:9f:27:6d:83:26:a5:da:01:26:7a:cf:06:c9:75:
                    a5:16:e4:3a:5b:fb:f2:3a:c8:9f:67:70:07:93:06:
                    14:72:9b:c9:e5:95:a7:c4:c8:fd:4d:7e:52:11:9c:
                    19:04:dc:71:ba:34:2f:c6:96:fb:85:cf:6e:7c:c5:
                    e1:45:36:10:51:d9:cd:b0:56:06:f9:d7:ec:03:8c:
                    29:94:0c:e7:fb:d1:05:86:90:74:7a:9d:8a:1b:cf:
                    7f:5a:6d:f9:02:9a:68:60:df:d5:2b:de:3d:fe:57:
                    86:85:de:44:e1:89:b9:79:24:39:46:12:d4:86:ec:
                    46:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8C:8A:A8:84:7B:71:02:2D:C6:B0:EE:FE:00:D6:0B:E9:B2:61:7D
            X509v3 Authority Key Identifier:
                keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/k4yKqIR7cQItxrDu_gDWC-myYX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.64.0-86.109.73.255
                IPv6:
                  2a00:1b90::/32

    Signature Algorithm: sha256WithRSAEncryption
         ac:f2:c4:1e:1c:a9:c2:13:9e:a9:22:28:dc:38:ff:b9:9f:81:
         12:14:47:5f:f7:96:31:9b:d0:b3:26:ae:84:8a:ac:6a:1d:5d:
         63:00:51:ce:2d:57:74:18:48:cb:b3:6d:ef:4d:54:ae:1f:5b:
         18:2f:49:20:c9:3f:0e:f7:03:ba:67:29:62:13:3a:d0:c4:0a:
         7a:bb:10:02:7e:c1:b5:17:6a:80:95:e7:ce:b7:6d:a7:58:5b:
         bf:2b:51:da:a6:ad:4d:8c:4e:a1:ec:ab:e3:be:a6:a4:4d:86:
         7d:fa:08:e6:0f:03:48:f9:a2:44:4d:b2:0d:4d:80:7a:ac:42:
         04:39:23:5b:77:20:59:76:a3:c3:ed:bd:5a:ab:c8:67:cc:31:
         ac:ad:68:a7:ad:cd:44:9b:c6:ee:d0:bc:b6:94:8e:b2:49:70:
         93:18:69:de:b0:44:f7:02:c3:82:6e:61:76:e0:df:45:0e:f1:
         80:1a:ad:c5:8b:d0:31:b6:cb:5f:d2:5b:51:08:69:d4:aa:60:
         46:b6:ca:2d:34:af:21:58:6d:5d:cf:bb:01:4a:d1:16:cc:eb:
         4c:9d:b1:28:fa:b3:87:e0:58:5f:1c:d5:2b:9e:6b:28:0a:0a:
         0e:f8:72:a7:bd:f4:da:a5:db:6b:b0:99:db:08:c6:b4:43:e8:
         d2:3a:6a:47
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZh5jb4ZHOiDU8Y6BdsmlULaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUwODA1MDkyNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzhjOGFhODg0N2I3MTAyMmRjNmIwZWVmZTAwZDYwYmU5YjI2MTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLHJiJdprEGi6G8eBNdqsG33gnU7
1J3YYd85tBgptuYI2Bx0Qx8YS1cGfu48GG8vyHGjKM4ACHeokwEa1Z09RZfcXSq6
bVS9TLSruY61Qk4UNhEYRUkF+L4xCnEXyPeWjhnqlnMWi9epCn188Mu9q3cMNPp/
ha/Ax7ZEXH0DRuo8j2WmM438nydtgyal2gEmes8GyXWlFuQ6W/vyOsifZ3AHkwYU
cpvJ5ZWnxMj9TX5SEZwZBNxxujQvxpb7hc9ufMXhRTYQUdnNsFYG+dfsA4wplAzn
+9EFhpB0ep2KG89/Wm35AppoYN/VK949/leGhd5E4Ym5eSQ5RhLUhuxGEQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJOMiqiEe3ECLcaw7v4A1gvpsmF9MB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvazR5S3FJUjdjUUl0eHJEdV9nRFdDLW15WVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAZWbUAD
BAFWbUgwDQQCAAIwBwMFACoAG5AwDQYJKoZIhvcNAQELBQADggEBAKzyxB4cqcIT
nqkiKNw4/7mfgRIUR1/3ljGb0LMmroSKrGodXWMAUc4tV3QYSMuzbe9NVK4fWxgv
SSDJPw73A7pnKWITOtDECnq7EAJ+wbUXaoCV5863badYW78rUdqmrU2MTqHsq+O+
pqRNhn36COYPA0j5okRNsg1NgHqsQgQ5I1t3IFl2o8PtvVqryGfMMaytaKetzUSb
xu7QvLaUjrJJcJMYad6wRPcCw4JuYXbg30UO8YAarcWL0DG2y1/SW1EIadSqYEa2
yi00ryFYbV3PuwFK0RbM60ydsSj6s4fgWF8c1SueaygKCg74cqe99Nql22uwmdsI
xrRD6NI6akc=
-----END CERTIFICATE-----
Generated at Sat Aug 9 01:22:53 2025 by rpki-client