Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/PehZN3iXx53NNUUfpGjKtEgbtG0.roa
File:                     PehZN3iXx53NNUUfpGjKtEgbtG0.roa (raw, json)
Hash identifier:          ZF5FCAasCGxv9d43oiaKd2A5u46kRGpM48JeEUZzsOY=
Subject key identifier:   3D:E8:59:37:78:97:C7:9D:CD:35:45:1F:A4:68:CA:B4:48:1B:B4:6D
Certificate issuer:       /CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
Certificate serial:       019F236843B99F863E1416E82DF624499656
Authority key identifier: 6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/PehZN3iXx53NNUUfpGjKtEgbtG0.roa
Signing time:             Thu 02 Jul 2026 15:17:43 +0000
ROA not before:           Thu 02 Jul 2026 15:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21840
IP address blocks:        86.110.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Jul 2026 03:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:43:b9:9f:86:3e:14:16:e8:2d:f6:24:49:96:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
        Validity
            Not Before: Jul  2 15:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3de859377897c79dcd35451fa468cab4481bb46d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:34:d8:bb:24:25:a6:3a:58:81:55:04:44:04:
                    3a:88:ab:76:c0:d0:c4:d5:b4:31:c2:c7:4f:d0:01:
                    be:4e:8a:a2:ea:a1:59:0c:8d:e7:89:a9:67:dc:dc:
                    59:5a:06:81:0d:9b:d4:48:66:20:a3:c4:64:7f:90:
                    ac:e6:e9:72:a4:41:00:04:67:9b:ad:c8:37:42:2e:
                    88:f1:ec:85:db:d3:dc:34:1f:bb:58:0a:2c:c0:60:
                    f9:23:84:c1:44:1b:91:2c:5d:65:f4:6b:79:d2:57:
                    7b:25:c4:bf:ba:ee:58:d0:84:45:3a:bf:e8:6e:0f:
                    48:0c:62:f3:dd:69:75:52:f2:6f:09:f7:77:3d:35:
                    f8:21:50:ad:bb:95:fa:37:8d:1e:a8:64:be:8d:67:
                    00:e7:e0:b9:71:ac:50:ec:f1:91:fd:b3:2e:c0:86:
                    ca:f0:8f:ee:f4:85:09:a5:b1:64:cb:ba:ca:10:21:
                    ff:95:92:a0:7d:33:2b:8c:d7:a5:ae:11:2a:67:4c:
                    5a:33:da:11:8d:47:9a:c7:08:14:b9:ff:35:59:27:
                    ef:c9:c3:73:b2:10:c8:4e:16:13:e3:8e:37:e1:cf:
                    b7:ad:95:12:eb:1f:5c:94:34:2f:66:57:5c:54:ae:
                    02:1f:d6:a2:e1:4b:d9:f6:7e:0e:5b:06:69:13:b3:
                    85:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E8:59:37:78:97:C7:9D:CD:35:45:1F:A4:68:CA:B4:48:1B:B4:6D
            X509v3 Authority Key Identifier:
                keyid:6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/PehZN3iXx53NNUUfpGjKtEgbtG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:69:5b:a9:8c:d8:6a:be:b0:3b:4d:b9:0a:42:8b:55:c8:f9:
         ac:a6:bb:c5:a8:9d:d5:b3:c2:d0:ae:c6:e4:72:03:56:9e:7b:
         ee:f5:32:1b:53:5f:e7:90:c8:f1:97:37:b7:91:5d:23:9a:ec:
         d6:92:c2:44:2a:b2:48:b2:4f:1d:fc:c3:3d:35:c9:46:64:6f:
         0c:27:f4:ea:8a:51:d1:d7:a6:13:83:82:bb:7e:f3:f2:76:32:
         46:31:6f:68:73:a7:d6:a1:2f:b5:57:f4:06:70:73:eb:69:93:
         65:1f:74:81:a3:91:27:33:c4:c0:be:2c:cb:07:fc:a8:54:00:
         35:16:6c:52:4a:9e:8d:62:93:9b:d1:55:0e:86:4f:a3:1f:cc:
         1e:f3:32:18:83:1c:88:c4:3c:d6:d8:62:57:4c:75:83:41:27:
         09:80:2e:a9:7d:6a:6b:92:1b:50:6c:31:9b:d6:9d:17:9c:61:
         71:5c:c6:5f:5b:10:ae:42:b1:15:10:86:87:f3:dd:85:9d:63:
         16:3b:4b:54:68:39:6d:33:ef:65:3a:ba:fd:1a:13:9e:ac:4a:
         b5:d5:b3:e2:1a:02:63:55:59:38:16:95:28:ba:41:e4:94:9f:
         ed:46:15:ce:73:24:bb:13:bc:3a:e6:d9:95:66:1f:b7:f3:06:
         6b:77:04:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaEO5n4Y+FBboLfYkSZZWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMGUxNmNjMmE4YjkxY2I0ODNmNDUxZTgxM2I2NzhhZTk3
NTgyYjAwHhcNMjYwNzAyMTUxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGU4NTkzNzc4OTdjNzlkY2QzNTQ1MWZhNDY4Y2FiNDQ4MWJiNDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjTYuyQlpjpYgVUERAQ6iKt2wNDE
1bQxwsdP0AG+Toqi6qFZDI3nialn3NxZWgaBDZvUSGYgo8Rkf5Cs5ulypEEABGeb
rcg3Qi6I8eyF29PcNB+7WAoswGD5I4TBRBuRLF1l9Gt50ld7JcS/uu5Y0IRFOr/o
bg9IDGLz3Wl1UvJvCfd3PTX4IVCtu5X6N40eqGS+jWcA5+C5caxQ7PGR/bMuwIbK
8I/u9IUJpbFky7rKECH/lZKgfTMrjNelrhEqZ0xaM9oRjUeaxwgUuf81WSfvycNz
shDIThYT44434c+3rZUS6x9clDQvZldcVK4CH9ai4UvZ9n4OWwZpE7OF8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3oWTd4l8edzTVFH6RoyrRIG7RtMB8GA1UdIwQY
MBaAFGoOFswqi5HLSD9FHoE7Z4rpdYKwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvUGVoWk4zaVh4NTNOTlVVZnBHakt0RWdidEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4sMA0G
CSqGSIb3DQEBCwUAA4IBAQBAaVupjNhqvrA7TbkKQotVyPmsprvFqJ3Vs8LQrsbk
cgNWnnvu9TIbU1/nkMjxlze3kV0jmuzWksJEKrJIsk8d/MM9NclGZG8MJ/TqilHR
16YTg4K7fvPydjJGMW9oc6fWoS+1V/QGcHPraZNlH3SBo5EnM8TAvizLB/yoVAA1
FmxSSp6NYpOb0VUOhk+jH8we8zIYgxyIxDzW2GJXTHWDQScJgC6pfWprkhtQbDGb
1p0XnGFxXMZfWxCuQrEVEIaH892FnWMWO0tUaDltM+9lOrr9GhOerEq11bPiGgJj
VVk4FpUoukHklJ/tRhXOcyS7E7w65tmVZh+38wZrdwRu
-----END CERTIFICATE-----
Generated at Sat Jul 4 09:20:32 2026 by rpki-client