Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/8EKc5hUahN_d6c6PznxuNrKg9tI.roa
File:                     8EKc5hUahN_d6c6PznxuNrKg9tI.roa (raw, json)
Hash identifier:          b3TAMpPmh1LeZMUPJrskhZjvWeWGSWUlQR6rEcVzaks=
Subject key identifier:   F0:42:9C:E6:15:1A:84:DF:DD:E9:CE:8F:CE:7C:6E:36:B2:A0:F6:D2
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       01995C9C7E58C649CBF0467E2DD01437E43B
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/8EKc5hUahN_d6c6PznxuNrKg9tI.roa
Signing time:             Thu 18 Sep 2025 11:36:23 +0000
ROA not before:           Thu 18 Sep 2025 11:36:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44812
IP address blocks:        2a12:a343::/32 maxlen: 32
                          2a13:93c3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:9c:7e:58:c6:49:cb:f0:46:7e:2d:d0:14:37:e4:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Sep 18 11:36:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0429ce6151a84dfdde9ce8fce7c6e36b2a0f6d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:09:1e:da:d4:e2:e9:6a:3b:82:1e:14:11:a1:
                    53:0e:b5:d1:b0:35:07:71:6d:18:68:45:c3:db:17:
                    ed:f6:a6:80:a2:0a:22:37:41:0b:84:16:64:b2:18:
                    cb:f6:f8:00:fe:51:99:21:6b:b1:6f:4e:d3:c9:a8:
                    a7:52:fe:ac:be:6c:95:7c:b4:10:f6:83:0c:36:89:
                    39:10:96:67:35:f4:6d:ce:1d:cc:19:ed:1e:e1:23:
                    ed:3f:d9:60:73:30:54:64:cc:f8:fb:ac:a5:21:d2:
                    9f:02:c1:40:a0:d0:9a:4b:23:7a:06:0f:37:bd:5a:
                    00:6d:d1:76:db:42:5d:68:5d:15:fa:5c:26:ba:39:
                    25:a7:63:db:da:b5:a3:66:62:7c:08:10:a3:9b:97:
                    59:40:5a:45:a9:7a:12:f8:29:ec:61:df:5a:54:1d:
                    1b:dd:30:4c:50:ee:ff:60:f2:bb:db:25:1f:20:3a:
                    28:a5:aa:19:55:e4:1d:a3:42:ac:c9:76:dd:85:d3:
                    7b:87:e2:c5:aa:c0:bd:cd:14:0c:86:07:c3:d9:d1:
                    59:55:16:72:c1:57:4c:31:5a:6c:e5:c5:38:41:18:
                    d1:09:5c:a9:dd:b5:ed:c5:ae:ec:2d:cb:34:5c:b3:
                    d1:1a:93:f7:37:8c:3f:b3:cc:d4:3f:36:d4:b3:15:
                    ec:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:42:9C:E6:15:1A:84:DF:DD:E9:CE:8F:CE:7C:6E:36:B2:A0:F6:D2
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/8EKc5hUahN_d6c6PznxuNrKg9tI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a343::/32
                  2a13:93c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:e2:53:e2:87:d1:12:ad:d7:3c:49:4c:46:e2:0b:4b:00:01:
         c3:10:36:74:c6:aa:f3:4e:54:33:84:66:e3:1b:52:12:8e:a3:
         e4:bd:d4:2a:38:25:98:a3:cf:26:0d:56:80:cd:90:d1:14:b8:
         09:eb:8f:29:ad:8b:00:ed:f2:a2:14:87:4b:79:f0:08:e5:18:
         ed:24:51:8e:14:35:af:1a:79:d8:39:ef:e4:c6:25:a1:ce:c7:
         3f:b4:7b:2f:ac:48:24:bf:8e:2e:45:91:6f:42:76:42:6e:e7:
         a7:d0:68:9a:54:4f:36:ac:99:8d:7a:b7:3c:2c:3f:75:9b:5f:
         69:5d:36:75:89:37:3d:05:bf:76:de:1b:19:1e:1c:2f:7c:c9:
         63:1a:f7:bd:88:61:d7:72:8d:c3:cd:5d:bb:ea:f1:07:9f:69:
         6c:14:11:11:0c:a9:23:7b:8b:09:75:1b:79:ad:a5:57:cd:02:
         44:4c:1b:61:80:59:6f:f8:7b:f2:9d:45:a7:38:d9:89:6d:f8:
         93:b3:80:7b:d3:39:ef:cb:cb:b6:76:1b:45:a0:cf:21:b2:95:
         84:70:77:10:f7:eb:69:06:f4:50:f0:32:ad:ca:43:e2:06:06:
         85:d8:70:46:43:60:fc:b1:cb:c3:7c:e8:6e:d5:a3:aa:8b:45:
         29:5f:2c:65
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZlcnH5YxknL8EZ+LdAUN+Q7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwOTE4MTEzNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQyOWNlNjE1MWE4NGRmZGRlOWNlOGZjZTdjNmUzNmIyYTBmNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQke2tTi6Wo7gh4UEaFTDrXRsDUH
cW0YaEXD2xft9qaAogoiN0ELhBZkshjL9vgA/lGZIWuxb07TyainUv6svmyVfLQQ
9oMMNok5EJZnNfRtzh3MGe0e4SPtP9lgczBUZMz4+6ylIdKfAsFAoNCaSyN6Bg83
vVoAbdF220JdaF0V+lwmujklp2Pb2rWjZmJ8CBCjm5dZQFpFqXoS+CnsYd9aVB0b
3TBMUO7/YPK72yUfIDoopaoZVeQdo0KsyXbdhdN7h+LFqsC9zRQMhgfD2dFZVRZy
wVdMMVps5cU4QRjRCVyp3bXtxa7sLcs0XLPRGpP3N4w/s8zUPzbUsxXseQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPBCnOYVGoTf3enOj858bjayoPbSMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvOEVLYzVoVWFoTl9kNmM2UHpueHVOcktnOXRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhKjQwMF
ACoTk8MwDQYJKoZIhvcNAQELBQADggEBAD/iU+KH0RKt1zxJTEbiC0sAAcMQNnTG
qvNOVDOEZuMbUhKOo+S91Co4JZijzyYNVoDNkNEUuAnrjymtiwDt8qIUh0t58Ajl
GO0kUY4UNa8aedg57+TGJaHOxz+0ey+sSCS/ji5FkW9CdkJu56fQaJpUTzasmY16
tzwsP3WbX2ldNnWJNz0Fv3beGxkeHC98yWMa972IYddyjcPNXbvq8QefaWwUEREM
qSN7iwl1G3mtpVfNAkRMG2GAWW/4e/KdRac42Ylt+JOzgHvTOe/Ly7Z2G0WgzyGy
lYRwdxD362kG9FDwMq3KQ+IGBoXYcEZDYPyxy8N86G7Vo6qLRSlfLGU=
-----END CERTIFICATE-----
Generated at Sun Oct 19 17:44:50 2025 by rpki-client