Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/SOdgrNHWpRExOJRc-f9cfWJ4cms.roa
File:                     SOdgrNHWpRExOJRc-f9cfWJ4cms.roa (raw, json)
Hash identifier:          k5GQQCFGnAJdQAMjkz3mMLNhKN0O4TfU790kcOAiuaM=
Subject key identifier:   48:E7:60:AC:D1:D6:A5:11:31:38:94:5C:F9:FF:5C:7D:62:78:72:6B
Certificate issuer:       /CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
Certificate serial:       019F23684CE271D60DD5BC937CCED03A647D
Authority key identifier: 6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/SOdgrNHWpRExOJRc-f9cfWJ4cms.roa
Signing time:             Thu 02 Jul 2026 15:17:45 +0000
ROA not before:           Thu 02 Jul 2026 15:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     393942
IP address blocks:        86.110.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Jul 2026 03:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:4c:e2:71:d6:0d:d5:bc:93:7c:ce:d0:3a:64:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
        Validity
            Not Before: Jul  2 15:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=48e760acd1d6a5113138945cf9ff5c7d6278726b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8c:19:01:cb:ed:fe:c3:56:cb:de:ef:29:e8:
                    38:3f:63:86:6e:66:26:f1:23:72:04:8a:b0:a0:b9:
                    8d:70:17:e6:22:ad:ed:5d:33:25:9b:78:6e:6a:2d:
                    f3:3d:02:1b:03:5d:d1:2d:2c:cc:c0:93:56:b9:2f:
                    38:42:7c:e7:5c:90:95:a6:39:94:f7:08:d2:2c:a1:
                    43:08:6f:31:e8:1f:5f:29:17:dd:af:76:07:4d:80:
                    eb:9a:7e:61:60:ad:4b:d5:96:c5:04:a1:a3:68:64:
                    9e:f4:ce:39:43:82:6c:67:36:55:33:e8:a9:40:81:
                    01:b4:2e:60:89:e2:ee:36:6e:fd:9a:6c:1a:64:6b:
                    35:7d:30:4d:73:3a:f2:3e:e9:c9:7c:fe:05:04:64:
                    b8:ed:c4:14:70:de:d6:f8:ea:bb:47:5b:83:1b:2a:
                    4c:39:7b:c5:22:93:2a:09:e4:73:66:40:7f:ae:d0:
                    c5:18:6f:04:8c:d1:4a:48:19:d9:32:fd:09:73:82:
                    04:61:dc:93:35:dd:8e:ab:ec:bc:af:58:ac:e8:20:
                    d7:ee:0f:07:00:17:72:c7:d7:24:40:4c:40:66:fb:
                    9a:a1:98:73:ca:8f:05:82:13:38:5c:19:fa:1d:34:
                    b5:df:22:4f:6f:55:3f:d1:3b:c0:ee:50:cc:6f:34:
                    86:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:E7:60:AC:D1:D6:A5:11:31:38:94:5C:F9:FF:5C:7D:62:78:72:6B
            X509v3 Authority Key Identifier:
                keyid:6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/SOdgrNHWpRExOJRc-f9cfWJ4cms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:61:e6:e2:bd:f8:5f:85:73:27:c4:a3:df:aa:fd:69:3c:f5:
         db:f9:c4:2c:d3:f5:cf:5d:cd:84:c0:1b:90:77:55:a3:e9:cd:
         03:e5:75:52:39:f0:2e:de:77:c2:e2:9d:66:ed:ee:41:05:1b:
         d6:3c:be:27:64:4e:39:09:eb:86:77:40:76:cd:78:e8:10:38:
         09:1b:88:2c:86:fc:fd:c6:9d:d4:97:66:7d:df:63:59:e6:9a:
         77:bd:a6:76:e2:81:84:07:8b:88:7d:37:70:f3:25:8a:ad:45:
         c0:e0:df:db:fc:22:86:f8:7e:3b:e5:2b:41:1f:68:07:d4:97:
         2a:e7:81:19:d9:e4:38:99:d7:f3:e2:74:85:b0:c2:10:08:22:
         30:28:37:84:a6:3d:aa:46:5b:08:6c:76:71:a6:97:88:42:89:
         7a:e0:40:da:91:ec:ca:eb:d0:ec:e6:ab:be:47:67:27:d7:e9:
         23:86:bc:d2:a4:c6:c1:9b:33:25:50:f4:19:09:10:07:8c:b2:
         6d:b6:54:6e:ab:f6:c6:f3:03:09:e9:4e:1a:65:46:51:89:bc:
         9a:3b:01:6e:c8:f4:26:a3:77:e3:53:85:99:72:f3:3c:17:13:
         6b:2d:55:29:06:c0:13:26:1f:f7:af:a1:ab:0f:0b:7b:db:4a:
         89:04:94:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaEzicdYN1byTfM7QOmR9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMGUxNmNjMmE4YjkxY2I0ODNmNDUxZTgxM2I2NzhhZTk3
NTgyYjAwHhcNMjYwNzAyMTUxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGU3NjBhY2QxZDZhNTExMzEzODk0NWNmOWZmNWM3ZDYyNzg3MjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjowZAcvt/sNWy97vKeg4P2OGbmYm
8SNyBIqwoLmNcBfmIq3tXTMlm3huai3zPQIbA13RLSzMwJNWuS84QnznXJCVpjmU
9wjSLKFDCG8x6B9fKRfdr3YHTYDrmn5hYK1L1ZbFBKGjaGSe9M45Q4JsZzZVM+ip
QIEBtC5gieLuNm79mmwaZGs1fTBNczryPunJfP4FBGS47cQUcN7W+Oq7R1uDGypM
OXvFIpMqCeRzZkB/rtDFGG8EjNFKSBnZMv0Jc4IEYdyTNd2Oq+y8r1is6CDX7g8H
ABdyx9ckQExAZvuaoZhzyo8FghM4XBn6HTS13yJPb1U/0TvA7lDMbzSG2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEjnYKzR1qURMTiUXPn/XH1ieHJrMB8GA1UdIwQY
MBaAFGoOFswqi5HLSD9FHoE7Z4rpdYKwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvU09kZ3JOSFdwUkV4T0pSYy1mOWNmV0o0Y21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4vMA0G
CSqGSIb3DQEBCwUAA4IBAQBHYebivfhfhXMnxKPfqv1pPPXb+cQs0/XPXc2EwBuQ
d1Wj6c0D5XVSOfAu3nfC4p1m7e5BBRvWPL4nZE45CeuGd0B2zXjoEDgJG4gshvz9
xp3Ul2Z932NZ5pp3vaZ24oGEB4uIfTdw8yWKrUXA4N/b/CKG+H475StBH2gH1Jcq
54EZ2eQ4mdfz4nSFsMIQCCIwKDeEpj2qRlsIbHZxppeIQol64EDakezK69Ds5qu+
R2cn1+kjhrzSpMbBmzMlUPQZCRAHjLJttlRuq/bG8wMJ6U4aZUZRibyaOwFuyPQm
o3fjU4WZcvM8FxNrLVUpBsATJh/3r6GrDwt720qJBJQ5
-----END CERTIFICATE-----
Generated at Sat Jul 4 09:18:47 2026 by rpki-client