Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/4is7oarlUlE_cBHOgTitgHxyrkc.roa
File:                     4is7oarlUlE_cBHOgTitgHxyrkc.roa (raw, json)
Hash identifier:          qZVlByTSh1XFAvIhseY4HhxihXTQeYS+WUxMcII1cZU=
Subject key identifier:   E2:2B:3B:A1:AA:E5:52:51:3F:70:11:CE:81:38:AD:80:7C:72:AE:47
Certificate issuer:       /CN=5fc90518df70b13d706bfe237aa5a76926a576d1
Certificate serial:       0199F1370670552EC20DF315923B2AFD174B
Authority key identifier: 5F:C9:05:18:DF:70:B1:3D:70:6B:FE:23:7A:A5:A7:69:26:A5:76:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/4is7oarlUlE_cBHOgTitgHxyrkc.roa
Signing time:             Fri 17 Oct 2025 08:08:59 +0000
ROA not before:           Fri 17 Oct 2025 08:08:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55201
IP address blocks:        2001:3782::/32 maxlen: 40
                          2a12:4042::/32 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 08:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f1:37:06:70:55:2e:c2:0d:f3:15:92:3b:2a:fd:17:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fc90518df70b13d706bfe237aa5a76926a576d1
        Validity
            Not Before: Oct 17 08:08:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e22b3ba1aae552513f7011ce8138ad807c72ae47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:17:a2:17:b1:a3:c9:a8:23:4c:69:4e:2a:fb:
                    19:76:1c:2a:d1:d2:c4:95:58:05:ef:b7:36:ff:d8:
                    14:5c:cf:7f:5c:04:53:47:7c:9a:f7:97:45:ea:77:
                    d9:45:9d:43:3a:1d:54:ba:46:b9:d7:57:4e:16:7e:
                    d1:5b:1e:9c:2e:d3:a2:91:75:57:83:f3:49:e3:25:
                    d0:1d:f3:1d:38:1e:5d:d8:a8:50:13:d5:ac:96:11:
                    1e:43:d1:cc:2d:fc:cf:9d:28:51:3f:08:1e:40:c6:
                    53:8b:2d:fa:37:cb:98:02:3a:66:e0:9f:28:6b:49:
                    a2:49:25:fc:2e:e6:b4:72:16:3c:6b:57:94:f0:48:
                    77:10:2f:d2:46:af:8b:a6:59:ec:e1:22:05:35:6b:
                    2f:8d:6c:ed:51:d1:98:87:3c:d6:45:bd:ca:5a:d2:
                    09:e0:85:cd:2e:43:a1:ca:69:49:fb:ae:30:7d:0b:
                    22:b9:08:34:42:e7:cd:9a:79:c7:93:fd:7b:09:40:
                    f0:e0:95:08:56:42:52:26:f2:d9:09:7b:3c:62:b3:
                    06:0e:a3:9a:f7:95:63:82:19:6c:f6:f4:cb:6c:23:
                    cf:2b:3a:3b:20:2d:c9:9e:a5:59:1f:42:71:c0:12:
                    76:29:c0:b6:f7:fa:52:97:74:90:72:a7:a5:22:37:
                    07:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:2B:3B:A1:AA:E5:52:51:3F:70:11:CE:81:38:AD:80:7C:72:AE:47
            X509v3 Authority Key Identifier:
                keyid:5F:C9:05:18:DF:70:B1:3D:70:6B:FE:23:7A:A5:A7:69:26:A5:76:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/4is7oarlUlE_cBHOgTitgHxyrkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3782::/32
                  2a12:4042::/32

    Signature Algorithm: sha256WithRSAEncryption
         a8:5b:0c:04:be:0b:19:19:2b:32:27:57:22:ad:de:c2:77:cd:
         2f:21:8a:39:d0:b8:6e:58:58:c3:86:20:5d:89:da:6e:ae:38:
         4d:9a:af:b2:37:9a:c3:f1:b9:e5:5d:58:71:da:79:63:45:a2:
         0d:2c:86:0d:e7:b2:96:f2:2c:8e:9a:be:01:93:5e:93:e9:4d:
         9d:cf:44:4a:e6:48:94:bb:47:e1:27:f9:78:cc:62:f9:53:43:
         ac:9a:09:d1:80:45:73:e3:1d:c1:6d:09:b2:a3:e7:85:8e:fd:
         b9:82:23:67:1c:f5:b4:82:81:17:5c:dd:11:29:e5:05:81:3a:
         41:f7:68:0f:37:d0:58:6c:69:14:85:37:64:a0:46:9e:c8:b6:
         d3:88:fb:3b:d1:b4:c7:18:18:cc:2f:96:0f:b0:8f:1b:36:67:
         1a:34:42:03:35:5f:a3:73:26:65:e8:11:f4:db:e3:19:89:b9:
         ca:5c:f9:51:f9:e3:c0:89:53:54:91:a5:17:c2:a9:d2:16:7e:
         ab:31:c8:1b:a0:95:b3:dc:e1:cf:12:9e:cc:8b:4c:81:5e:fe:
         9e:94:30:30:06:da:f1:79:b7:fd:ca:c6:53:c8:87:42:be:84:
         12:7d:0f:4f:e9:9c:d8:d1:9c:ab:db:0b:70:97:92:8c:6c:6e:
         19:20:23:59
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZnxNwZwVS7CDfMVkjsq/RdLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYzkwNTE4ZGY3MGIxM2Q3MDZiZmUyMzdhYTVhNzY5MjZh
NTc2ZDEwHhcNMjUxMDE3MDgwODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjJiM2JhMWFhZTU1MjUxM2Y3MDExY2U4MTM4YWQ4MDdjNzJhZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xeiF7GjyagjTGlOKvsZdhwq0dLE
lVgF77c2/9gUXM9/XARTR3ya95dF6nfZRZ1DOh1Uuka511dOFn7RWx6cLtOikXVX
g/NJ4yXQHfMdOB5d2KhQE9WslhEeQ9HMLfzPnShRPwgeQMZTiy36N8uYAjpm4J8o
a0miSSX8Lua0chY8a1eU8Eh3EC/SRq+Lplns4SIFNWsvjWztUdGYhzzWRb3KWtIJ
4IXNLkOhymlJ+64wfQsiuQg0QufNmnnHk/17CUDw4JUIVkJSJvLZCXs8YrMGDqOa
95Vjghls9vTLbCPPKzo7IC3JnqVZH0JxwBJ2KcC29/pSl3SQcqelIjcHaQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOIrO6Gq5VJRP3ARzoE4rYB8cq5HMB8GA1UdIwQY
MBaAFF/JBRjfcLE9cGv+I3qlp2kmpXbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDhrRkdOOXdzVDF3YV80amVxV25hU2FsZHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82NWNjMjAtMGRmYi00MTgwLTlhYzEt
YzgzMDJlODJlYTIyLzEvNGlzN29hcmxVbEVfY0JIT2dUaXRnSHh5cmtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82NWNjMjAtMGRmYi00MTgwLTlhYzEtYzgzMDJlODJlYTIy
LzEvWDhrRkdOOXdzVDF3YV80amVxV25hU2FsZHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAIAE3ggMF
ACoSQEIwDQYJKoZIhvcNAQELBQADggEBAKhbDAS+CxkZKzInVyKt3sJ3zS8hijnQ
uG5YWMOGIF2J2m6uOE2ar7I3msPxueVdWHHaeWNFog0shg3nspbyLI6avgGTXpPp
TZ3PRErmSJS7R+En+XjMYvlTQ6yaCdGARXPjHcFtCbKj54WO/bmCI2cc9bSCgRdc
3REp5QWBOkH3aA830FhsaRSFN2SgRp7IttOI+zvRtMcYGMwvlg+wjxs2Zxo0QgM1
X6NzJmXoEfTb4xmJucpc+VH548CJU1SRpRfCqdIWfqsxyBuglbPc4c8SnsyLTIFe
/p6UMDAG2vF5t/3KxlPIh0K+hBJ9D0/pnNjRnKvbC3CXkoxsbhkgI1k=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:51:04 2025 by rpki-client