Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/3UrcXAvUPXOxJHin-fpij-Rxeow.roa
File:                     3UrcXAvUPXOxJHin-fpij-Rxeow.roa (raw, json)
Hash identifier:          u5YOevQq4A8lK81tVn2BR62vGaGNiFwRH3yerg3JNHU=
Subject key identifier:   DD:4A:DC:5C:0B:D4:3D:73:B1:24:78:A7:F9:FA:62:8F:E4:71:7A:8C
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01999975DE63336B187373F2F11329D2DC46
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/3UrcXAvUPXOxJHin-fpij-Rxeow.roa
Signing time:             Tue 30 Sep 2025 07:11:02 +0000
ROA not before:           Tue 30 Sep 2025 07:11:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133944
IP address blocks:        2a06:fe45::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 06:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:99:75:de:63:33:6b:18:73:73:f2:f1:13:29:d2:dc:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Sep 30 07:11:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd4adc5c0bd43d73b12478a7f9fa628fe4717a8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9f:e6:cc:d8:da:e8:15:d4:5a:c8:4f:d4:53:
                    2a:ae:c8:86:4b:fd:13:a5:68:12:a1:53:63:d2:a9:
                    64:a1:48:a0:e8:6a:9d:41:2c:bc:20:1e:bd:00:9c:
                    7a:2b:c6:ea:84:48:d1:c6:90:82:87:64:77:f2:80:
                    27:6b:f0:2e:ef:8e:7a:42:87:35:c4:d3:e2:3c:82:
                    05:12:07:a5:d6:c0:49:52:61:64:fe:a1:e8:7a:f2:
                    c3:17:b7:45:88:0a:af:45:e3:82:4a:e3:bf:cf:76:
                    8e:42:e2:a8:19:0b:fc:5e:57:be:dc:66:5d:c2:5b:
                    03:78:c8:4e:36:b9:d6:73:3c:a3:da:51:a3:c5:49:
                    ec:ce:e8:f7:34:90:c1:ac:e7:cf:09:e5:78:3e:9f:
                    74:63:95:68:cd:3e:59:d4:6f:05:d7:ee:06:43:f5:
                    d3:be:08:b4:67:97:62:53:cf:06:99:a8:32:dc:a0:
                    94:34:f9:f5:3d:5b:a6:23:09:b2:f8:19:e2:76:a0:
                    d3:7c:e8:36:79:75:ca:85:3e:57:33:a9:2b:ec:15:
                    ea:70:9d:62:00:aa:83:bd:c5:a2:8e:18:3a:80:50:
                    9d:db:e3:b1:5e:0b:38:41:2f:15:be:92:85:cd:2c:
                    ec:b4:8a:a3:26:fb:ca:e9:90:c3:2a:72:34:25:44:
                    71:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:4A:DC:5C:0B:D4:3D:73:B1:24:78:A7:F9:FA:62:8F:E4:71:7A:8C
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/3UrcXAvUPXOxJHin-fpij-Rxeow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:fe45::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:a2:c6:ca:73:f2:16:ef:07:33:96:c4:58:51:95:57:80:a5:
         ca:14:7d:c2:48:0e:f8:89:53:53:99:7d:23:59:4b:53:a1:c9:
         6e:8b:85:6d:5a:cf:ed:31:f3:a6:c3:47:29:8a:b6:72:1c:99:
         e5:16:7b:b5:6b:4d:5b:22:0a:c5:75:85:30:18:6b:c9:2d:48:
         23:45:54:c1:4b:e3:e5:28:6f:03:a2:8f:a3:3d:3d:81:45:c2:
         b5:5e:e8:f0:71:32:aa:02:4a:06:ff:c0:d5:a2:68:3a:8b:02:
         58:e8:1f:7f:36:d2:db:74:dd:3c:d5:40:d8:75:d9:25:1e:1a:
         68:4d:88:ff:dc:3d:b0:a8:0c:1d:cc:8a:c8:8d:6c:66:b5:47:
         ba:58:af:11:5b:bb:b0:76:05:7b:8c:19:11:4a:1d:1f:a0:e9:
         26:0f:6c:22:bc:54:10:b3:94:37:52:51:52:7b:cb:ec:cd:a6:
         7f:31:30:62:64:70:01:61:4a:a9:81:51:7c:89:88:1a:3a:de:
         02:36:7d:7a:e1:f9:77:89:b7:bf:b3:84:cb:a0:05:e6:b2:9b:
         7b:ae:9f:da:00:33:9f:c2:0e:1f:99:74:fd:70:c8:f2:9b:7b:
         58:e8:83:92:bf:a9:77:da:ac:6c:85:06:d0:cb:86:c4:0d:23:
         a2:df:8c:23
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZmZdd5jM2sYc3Py8RMp0txGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwOTMwMDcxMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDRhZGM1YzBiZDQzZDczYjEyNDc4YTdmOWZhNjI4ZmU0NzE3YThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJ/mzNja6BXUWshP1FMqrsiGS/0T
pWgSoVNj0qlkoUig6GqdQSy8IB69AJx6K8bqhEjRxpCCh2R38oAna/Au7456Qoc1
xNPiPIIFEgel1sBJUmFk/qHoevLDF7dFiAqvReOCSuO/z3aOQuKoGQv8Xle+3GZd
wlsDeMhONrnWczyj2lGjxUnszuj3NJDBrOfPCeV4Pp90Y5VozT5Z1G8F1+4GQ/XT
vgi0Z5diU88Gmagy3KCUNPn1PVumIwmy+BnidqDTfOg2eXXKhT5XM6kr7BXqcJ1i
AKqDvcWijhg6gFCd2+OxXgs4QS8VvpKFzSzstIqjJvvK6ZDDKnI0JURxYwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN1K3FwL1D1zsSR4p/n6Yo/kcXqMMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvM1VyY1hBdlVQWE94Skhpbi1mcGlqLVJ4ZW93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgb+RTAN
BgkqhkiG9w0BAQsFAAOCAQEAFKLGynPyFu8HM5bEWFGVV4ClyhR9wkgO+IlTU5l9
I1lLU6HJbouFbVrP7THzpsNHKYq2chyZ5RZ7tWtNWyIKxXWFMBhryS1II0VUwUvj
5ShvA6KPoz09gUXCtV7o8HEyqgJKBv/A1aJoOosCWOgffzbS23TdPNVA2HXZJR4a
aE2I/9w9sKgMHcyKyI1sZrVHulivEVu7sHYFe4wZEUodH6DpJg9sIrxUELOUN1JR
UnvL7M2mfzEwYmRwAWFKqYFRfImIGjreAjZ9euH5d4m3v7OEy6AF5rKbe66f2gAz
n8IOH5l0/XDI8pt7WOiDkr+pd9qsbIUG0MuGxA0jot+MIw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:28:13 2025 by rpki-client