Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/1IO7D2ixQ-lvyHRtaxSutQuJrdk.roa
File:                     1IO7D2ixQ-lvyHRtaxSutQuJrdk.roa (raw, json)
Hash identifier:          w8VZiMHzBrWoJWSQi1dFm3cARenc5HNcqj8t4FMaUvc=
Subject key identifier:   D4:83:BB:0F:68:B1:43:E9:6F:C8:74:6D:6B:14:AE:B5:0B:89:AD:D9
Certificate issuer:       /CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
Certificate serial:       019F23684255A8C3172359220D4C7FD229AA
Authority key identifier: 6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/1IO7D2ixQ-lvyHRtaxSutQuJrdk.roa
Signing time:             Thu 02 Jul 2026 15:17:43 +0000
ROA not before:           Thu 02 Jul 2026 15:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        86.110.57.0/24 maxlen: 24
                          86.110.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Jul 2026 03:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:42:55:a8:c3:17:23:59:22:0d:4c:7f:d2:29:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
        Validity
            Not Before: Jul  2 15:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d483bb0f68b143e96fc8746d6b14aeb50b89add9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:80:28:a2:1b:d3:17:65:d9:cb:21:e8:b8:6d:
                    0e:f4:1a:d9:47:20:74:ad:f0:12:b2:c2:c5:b2:17:
                    50:b2:fe:56:74:25:f1:7d:16:c0:1f:ae:9e:bc:c3:
                    f0:be:1d:f0:1a:68:d7:ac:3e:70:22:5f:21:3e:00:
                    24:4f:02:21:ab:a4:27:66:94:1a:e8:af:f8:94:a8:
                    dc:3d:6c:41:13:f0:fa:d2:c7:1d:fc:cc:56:ec:69:
                    bc:52:f7:2b:5d:d2:05:26:e1:c4:c0:cc:ff:91:02:
                    c4:98:bd:37:de:dc:a7:8d:a3:fe:e3:cd:75:8b:91:
                    73:87:4c:74:35:00:cb:ed:a2:86:57:9b:11:a7:4e:
                    de:cf:2c:4c:56:92:ba:de:cb:fa:20:5b:20:eb:8d:
                    6a:53:3e:8b:f1:53:09:45:04:c3:24:9c:59:76:99:
                    13:eb:de:33:d0:97:f3:dd:7a:87:1d:c8:3d:8d:a2:
                    2e:e3:e1:18:de:77:0b:96:3c:f9:28:a5:ca:38:a2:
                    05:5c:8d:f9:1f:87:b2:25:9c:af:b5:e4:1b:52:47:
                    95:f6:8f:dc:58:20:9d:25:28:0e:ee:06:56:34:82:
                    18:d6:a8:c2:92:11:b3:1b:c3:e8:9a:54:1c:b7:dc:
                    13:d8:61:8e:1c:63:86:65:81:9c:d0:bb:7d:1b:25:
                    ec:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:83:BB:0F:68:B1:43:E9:6F:C8:74:6D:6B:14:AE:B5:0B:89:AD:D9
            X509v3 Authority Key Identifier:
                keyid:6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/1IO7D2ixQ-lvyHRtaxSutQuJrdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.57.0/24
                  86.110.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:f5:ff:47:a2:ea:32:ad:b0:92:f2:14:12:b4:1d:cc:30:f1:
         0e:9b:70:8e:24:7c:9a:25:76:07:2e:07:d5:24:0a:60:d7:6a:
         17:85:16:34:c6:8c:81:a9:45:03:ad:75:3b:d6:e7:bf:72:38:
         2a:0e:e3:65:2a:c1:a5:6e:73:af:b0:7a:45:de:4d:9b:6e:d0:
         22:1a:af:10:c2:45:79:08:8c:41:df:87:02:66:67:7a:b4:54:
         f4:90:49:47:65:5e:ed:bc:ba:0a:04:d2:da:1b:6e:86:64:20:
         b2:04:a4:c9:c9:17:d3:71:2d:83:d9:06:01:2d:a3:2e:e2:7e:
         ee:39:b7:66:95:f5:ba:4c:1b:b8:50:e6:d3:65:a5:2e:3e:f3:
         46:50:9d:19:c7:7e:61:8a:f0:2d:62:6e:8e:6b:66:c8:e2:47:
         75:a0:a6:f1:d9:f1:0e:21:39:4d:6f:b6:71:2d:30:a8:36:c8:
         33:d1:4e:79:91:21:1b:2f:db:27:54:93:2d:bc:bd:94:77:c9:
         6d:9b:4a:31:7d:16:eb:56:3f:b2:a5:46:da:ac:20:a0:eb:17:
         73:bb:9d:9e:44:39:28:92:22:27:9f:aa:cb:c3:ca:31:ba:49:
         f8:db:c7:35:78:9b:52:df:e9:04:1c:2f:0f:59:60:00:16:b8:
         ed:14:31:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8jaEJVqMMXI1kiDUx/0imqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMGUxNmNjMmE4YjkxY2I0ODNmNDUxZTgxM2I2NzhhZTk3
NTgyYjAwHhcNMjYwNzAyMTUxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDgzYmIwZjY4YjE0M2U5NmZjODc0NmQ2YjE0YWViNTBiODlhZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIAoohvTF2XZyyHouG0O9BrZRyB0
rfASssLFshdQsv5WdCXxfRbAH66evMPwvh3wGmjXrD5wIl8hPgAkTwIhq6QnZpQa
6K/4lKjcPWxBE/D60scd/MxW7Gm8UvcrXdIFJuHEwMz/kQLEmL033tynjaP+4811
i5Fzh0x0NQDL7aKGV5sRp07ezyxMVpK63sv6IFsg641qUz6L8VMJRQTDJJxZdpkT
694z0Jfz3XqHHcg9jaIu4+EY3ncLljz5KKXKOKIFXI35H4eyJZyvteQbUkeV9o/c
WCCdJSgO7gZWNIIY1qjCkhGzG8PomlQct9wT2GGOHGOGZYGc0Lt9GyXs9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNSDuw9osUPpb8h0bWsUrrULia3ZMB8GA1UdIwQY
MBaAFGoOFswqi5HLSD9FHoE7Z4rpdYKwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvMUlPN0QyaXhRLWx2eUhSdGF4U3V0UXVKcmRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVm45AwQA
Vm48MA0GCSqGSIb3DQEBCwUAA4IBAQAB9f9HouoyrbCS8hQStB3MMPEOm3COJHya
JXYHLgfVJApg12oXhRY0xoyBqUUDrXU71ue/cjgqDuNlKsGlbnOvsHpF3k2bbtAi
Gq8QwkV5CIxB34cCZmd6tFT0kElHZV7tvLoKBNLaG26GZCCyBKTJyRfTcS2D2QYB
LaMu4n7uObdmlfW6TBu4UObTZaUuPvNGUJ0Zx35hivAtYm6Oa2bI4kd1oKbx2fEO
ITlNb7ZxLTCoNsgz0U55kSEbL9snVJMtvL2Ud8ltm0oxfRbrVj+ypUbarCCg6xdz
u52eRDkokiInn6rLw8oxukn428c1eJtS3+kEHC8PWWAAFrjtFDHn
-----END CERTIFICATE-----
Generated at Sat Jul 4 09:19:30 2026 by rpki-client