Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/326130343a626463373a3130303a3a2f34382d3438203d3e203633343733.roa
File:                     326130343a626463373a3130303a3a2f34382d3438203d3e203633343733.roa (raw, json)
Hash identifier:          DAuKEfQ1kcbktAKQTOZ4Lsh3r8TOkcHH2cWIseksVCI=
Subject key identifier:   F2:06:E9:CA:5D:88:0D:ED:5F:BA:14:96:8F:4E:42:F3:53:C8:16:16
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       500A2DAE5E11B06C8BA652994F391E59A75E7B55
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/326130343a626463373a3130303a3a2f34382d3438203d3e203633343733.roa
Signing time:             Mon 13 Oct 2025 08:47:51 +0000
ROA not before:           Mon 13 Oct 2025 08:42:51 +0000
ROA not after:            Mon 12 Oct 2026 08:47:51 +0000
asID:                     63473
IP address blocks:        2a04:bdc7:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:0a:2d:ae:5e:11:b0:6c:8b:a6:52:99:4f:39:1e:59:a7:5e:7b:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct 13 08:42:51 2025 GMT
            Not After : Oct 12 08:47:51 2026 GMT
        Subject: CN=F206E9CA5D880DED5FBA14968F4E42F353C81616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:96:f6:cf:a0:46:89:46:e9:39:9b:1e:24:5c:
                    5f:e4:fb:94:0a:a9:5b:d0:b9:62:eb:96:a2:28:87:
                    0c:65:da:41:5e:31:6c:10:02:3b:c2:0b:8d:32:12:
                    ab:07:e9:2f:49:89:9e:2d:14:54:ff:7d:07:d0:a4:
                    2c:ed:07:70:7e:6c:1d:e5:58:5e:37:d1:77:9a:24:
                    f3:18:29:e2:c2:da:2a:ee:80:5a:7c:0e:0b:fd:bf:
                    37:86:63:af:a6:2a:b3:24:5f:8a:b1:d1:fb:a4:8a:
                    2d:b7:d0:7f:a9:4a:03:d6:62:55:10:46:0d:fd:0f:
                    2a:8f:25:dd:58:1c:c4:e2:3d:a5:0d:af:c8:00:05:
                    9f:b0:6c:22:37:0d:22:c8:c2:e9:4a:0b:22:0a:89:
                    c7:d8:b9:a2:b1:7b:ab:d0:64:27:09:c7:bd:d6:42:
                    40:7c:2b:b5:7c:75:9f:ce:8e:7c:8e:0f:03:cd:15:
                    15:3c:b7:a2:c5:5e:3e:b8:3d:1c:13:92:4a:ee:b4:
                    4b:f0:7f:78:2b:61:15:9d:2c:df:47:f8:28:ce:1a:
                    4c:07:02:f5:7f:b6:f4:07:ec:69:06:03:00:27:f9:
                    14:c3:e7:21:ce:fd:b9:95:b0:43:f1:03:ea:93:80:
                    01:6f:1a:34:ca:d9:f6:b9:06:68:d9:8d:f0:c0:d5:
                    b1:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:06:E9:CA:5D:88:0D:ED:5F:BA:14:96:8F:4E:42:F3:53:C8:16:16
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/326130343a626463373a3130303a3a2f34382d3438203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:bdc7:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:52:2e:e8:f5:5f:63:80:63:b7:3c:78:d2:1f:84:47:99:5b:
         f5:dd:e4:08:e6:f0:51:7e:4e:9d:96:79:91:5a:e4:b8:52:e9:
         e3:8f:f8:3c:39:c3:d4:6e:bc:54:1c:0f:74:de:66:a2:f0:7f:
         c3:aa:cc:dc:1f:93:f2:5e:c8:8d:da:93:7a:d7:1c:37:f9:2e:
         ae:2c:c2:e6:0a:ad:a2:46:d0:93:28:a3:60:3b:ed:10:b6:ca:
         ab:78:7c:5c:45:b1:d4:72:c3:c1:55:06:25:f2:5f:34:6d:54:
         04:fc:3b:45:a7:d4:55:d7:e1:ea:39:b3:82:5d:0e:29:2b:31:
         e5:b0:9c:9b:d8:54:8d:82:de:17:c0:a7:ea:0a:b7:6c:71:ac:
         02:f8:ce:a7:c0:a8:62:69:12:0e:9b:4f:dd:8b:b7:b6:37:5d:
         a7:bd:1a:b1:38:5b:11:5e:eb:57:79:6b:4e:99:7f:5a:f4:c4:
         50:89:3c:3e:58:b4:77:ca:e6:29:7c:a8:4c:3b:27:41:18:46:
         4c:8b:aa:f3:47:ec:3e:c1:c5:44:2a:e3:ad:7c:3a:52:ab:f5:
         85:6d:23:1c:8d:b6:06:70:f5:b3:63:f0:3b:51:d0:85:70:26:
         b8:5b:57:77:cc:ea:e1:75:58:8c:b2:60:3c:e0:c0:47:91:cd:
         df:98:90:60
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIUUAotrl4RsGyLplKZTzkeWadee1UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMTMwODQyNTFaFw0yNjEwMTIwODQ3NTFaMDMxMTAvBgNV
BAMTKEYyMDZFOUNBNUQ4ODBERUQ1RkJBMTQ5NjhGNEU0MkYzNTNDODE2MTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8lvbPoEaJRuk5mx4kXF/k+5QK
qVvQuWLrlqIohwxl2kFeMWwQAjvCC40yEqsH6S9JiZ4tFFT/fQfQpCztB3B+bB3l
WF430XeaJPMYKeLC2irugFp8Dgv9vzeGY6+mKrMkX4qx0fukii230H+pSgPWYlUQ
Rg39DyqPJd1YHMTiPaUNr8gABZ+wbCI3DSLIwulKCyIKicfYuaKxe6vQZCcJx73W
QkB8K7V8dZ/OjnyODwPNFRU8t6LFXj64PRwTkkrutEvwf3grYRWdLN9H+CjOGkwH
AvV/tvQH7GkGAwAn+RTD5yHO/bmVsEPxA+qTgAFvGjTK2fa5BmjZjfDA1bH9AgMB
AAGjggJGMIICQjAdBgNVHQ4EFgQU8gbpyl2IDe1fuhSWj05C81PIFhYwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgbMGCCsGAQUFBwELBIGmMIGjMIGgBggrBgEFBQcwC4aBk3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzI2MTMwMzQzYTYyNjQ2MzM3
M2EzMTMwMzAzYTNhMmYzNDM4MmQzNDM4MjAzZDNlMjAzNjMzMzQzNzMzLnJvYTAY
BgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIA
AjAJAwcAKgS9xwEAMA0GCSqGSIb3DQEBCwUAA4IBAQBJUi7o9V9jgGO3PHjSH4RH
mVv13eQI5vBRfk6dlnmRWuS4Uunjj/g8OcPUbrxUHA903mai8H/DqszcH5PyXsiN
2pN61xw3+S6uLMLmCq2iRtCTKKNgO+0QtsqreHxcRbHUcsPBVQYl8l80bVQE/DtF
p9RV1+HqObOCXQ4pKzHlsJyb2FSNgt4XwKfqCrdscawC+M6nwKhiaRIOm0/di7e2
N12nvRqxOFsRXutXeWtOmX9a9MRQiTw+WLR3yuYpfKhMOydBGEZMi6rzR+w+wcVE
KuOtfDpSq/WFbSMcjbYGcPWzY/A7UdCFcCa4W1d3zOrhdViMsmA84MBHkc3fmJBg
-----END CERTIFICATE-----
Generated at Sun Oct 19 22:26:24 2025 by rpki-client