Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1-5_Gl9cBSmPk71utQk31vg39RwE.roa
File:                     1-5_Gl9cBSmPk71utQk31vg39RwE.roa (raw, json)
Hash identifier:          vMjRFsYPKUtr2VCKeKmIaOsxsdR8qzQT+ksKE8qsV0w=
Subject key identifier:   FB:9F:C6:97:D7:01:4A:63:E4:EF:5B:AD:42:4D:F5:BE:0D:FD:47:01
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       01992E56D3071443BB8E98BE4B5DA6A789C1
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1-5_Gl9cBSmPk71utQk31vg39RwE.roa
Signing time:             Tue 09 Sep 2025 11:57:46 +0000
ROA not before:           Tue 09 Sep 2025 11:57:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209982
IP address blocks:        2a13:2980::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2e:56:d3:07:14:43:bb:8e:98:be:4b:5d:a6:a7:89:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Sep  9 11:57:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb9fc697d7014a63e4ef5bad424df5be0dfd4701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:80:02:79:56:fb:d7:e4:aa:3d:9d:32:69:d5:
                    c7:67:61:19:20:8e:5b:86:4a:18:a5:95:cd:a3:30:
                    72:b7:c5:89:ab:00:02:63:41:51:fc:29:21:f3:79:
                    34:f7:6e:9d:aa:8d:39:2c:f8:9f:ba:a1:1b:5e:44:
                    fd:42:a3:d4:de:ce:f1:95:39:fe:0f:81:c5:56:2d:
                    54:d5:e3:0c:aa:72:76:28:d7:a0:54:b1:87:2b:43:
                    ff:6f:4c:7a:ff:0b:7d:66:26:28:16:12:ec:47:91:
                    5e:8c:a3:0c:09:bd:a5:33:88:69:0f:5a:85:c6:17:
                    da:77:65:72:8f:11:7a:d9:ed:c2:76:c7:6a:ad:d9:
                    06:aa:15:c1:a1:85:15:72:e8:70:9a:01:84:f9:30:
                    f1:4a:a0:46:bd:ab:da:a1:81:c2:79:56:f5:f2:61:
                    46:b6:ad:84:84:4c:48:da:d2:6a:eb:e7:1a:16:ee:
                    90:6b:08:89:bb:28:f5:78:a9:0b:8c:2d:c9:78:90:
                    52:74:85:e9:d0:b7:6a:ed:cc:b5:7e:09:9f:32:8d:
                    7a:9c:b3:0e:04:3a:16:ca:58:0c:8b:80:f1:80:ad:
                    33:27:0e:dd:79:9c:af:95:bc:50:1b:0b:9f:88:78:
                    44:b9:ef:42:06:eb:b5:fb:e5:70:bd:3c:39:e0:6e:
                    bd:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:9F:C6:97:D7:01:4A:63:E4:EF:5B:AD:42:4D:F5:BE:0D:FD:47:01
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1-5_Gl9cBSmPk71utQk31vg39RwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:2980::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:92:1b:22:b5:b0:c6:e8:26:63:02:f8:26:c0:9a:b1:52:67:
         47:a0:08:e2:9b:49:83:4c:82:39:94:fc:1a:c4:74:b9:e7:1c:
         e4:0b:47:b9:1d:ee:21:98:2e:b8:a7:d4:63:56:f5:41:64:de:
         b8:05:89:76:f2:e8:d6:0e:f0:68:2f:73:b4:f2:3d:19:8d:71:
         b1:a0:2e:ee:9b:7c:c5:4e:ac:bb:f5:fe:0f:ec:24:54:d9:46:
         0d:92:57:8e:63:e0:37:65:9d:83:34:e2:cf:48:4b:a7:a6:2d:
         e2:5b:fc:33:a1:a9:87:bf:08:99:e2:35:5f:1e:d3:aa:b3:36:
         d7:f5:13:7e:6a:0c:58:ea:d5:f5:18:79:8d:ee:70:f4:9c:d1:
         12:25:9d:19:a3:45:b6:27:a0:13:82:a9:10:c4:df:df:84:c8:
         82:c2:4c:65:87:e5:a2:66:9c:c7:40:ed:a7:7b:d5:5b:5e:1d:
         6d:0e:4b:0a:cc:07:24:96:52:00:60:1f:9a:da:3c:77:3c:42:
         5d:c2:3d:dc:5a:c3:71:ca:e5:0c:3d:8f:70:1a:f7:a1:07:89:
         d4:31:e4:7d:b3:c0:65:87:f3:87:95:3b:f7:31:4e:2c:18:6c:
         28:90:04:c0:01:f4:69:2a:b9:1d:97:54:96:38:db:6b:93:64:
         f0:a7:97:a1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZkuVtMHFEO7jpi+S12mp4nBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwOTA5MTE1NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjlmYzY5N2Q3MDE0YTYzZTRlZjViYWQ0MjRkZjViZTBkZmQ0NzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/IACeVb71+SqPZ0yadXHZ2EZII5b
hkoYpZXNozByt8WJqwACY0FR/Ckh83k0926dqo05LPifuqEbXkT9QqPU3s7xlTn+
D4HFVi1U1eMMqnJ2KNegVLGHK0P/b0x6/wt9ZiYoFhLsR5FejKMMCb2lM4hpD1qF
xhfad2VyjxF62e3CdsdqrdkGqhXBoYUVcuhwmgGE+TDxSqBGvavaoYHCeVb18mFG
tq2EhExI2tJq6+caFu6QawiJuyj1eKkLjC3JeJBSdIXp0Ldq7cy1fgmfMo16nLMO
BDoWylgMi4DxgK0zJw7deZyvlbxQGwufiHhEue9CBuu1++VwvTw54G69UQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPufxpfXAUpj5O9brUJN9b4N/UcBMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvMS01X0dsOWNCU21QazcxdXRRazMxdmczOVJ3RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmUvMWZhNmEzLThkYzUtNGMzNS1hNDliLTE3MWMzNjdiZTc4
Mi8xL2RRaEhYX0RZN0pZRE5nRnVEZ1FpR3BqbDdQSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoTKYAw
DQYJKoZIhvcNAQELBQADggEBAD2SGyK1sMboJmMC+CbAmrFSZ0egCOKbSYNMgjmU
/BrEdLnnHOQLR7kd7iGYLrin1GNW9UFk3rgFiXby6NYO8Ggvc7TyPRmNcbGgLu6b
fMVOrLv1/g/sJFTZRg2SV45j4DdlnYM04s9IS6emLeJb/DOhqYe/CJniNV8e06qz
Ntf1E35qDFjq1fUYeY3ucPSc0RIlnRmjRbYnoBOCqRDE39+EyILCTGWH5aJmnMdA
7ad71VteHW0OSwrMBySWUgBgH5raPHc8Ql3CPdxaw3HK5Qw9j3Aa96EHidQx5H2z
wGWH84eVO/cxTiwYbCiQBMAB9GkquR2XVJY422uTZPCnl6E=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:52 2025 by rpki-client