Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/vTCE3_WjlZWEHiUifn-Z3rZn-3g.roa
File:                     vTCE3_WjlZWEHiUifn-Z3rZn-3g.roa (raw, json)
Hash identifier:          k0eIUOFWrIqLB7Ha+lzX5IKld1csxUVRrPdDqLcQHmQ=
Subject key identifier:   BD:30:84:DF:F5:A3:95:95:84:1E:25:22:7E:7F:99:DE:B6:67:FB:78
Certificate issuer:       /CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
Certificate serial:       019F2368497ADF67A81763912E52226456BC
Authority key identifier: 6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/vTCE3_WjlZWEHiUifn-Z3rZn-3g.roa
Signing time:             Thu 02 Jul 2026 15:17:44 +0000
ROA not before:           Thu 02 Jul 2026 15:17:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202656
IP address blocks:        86.110.40.0/24 maxlen: 24
                          86.110.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Jul 2026 03:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:49:7a:df:67:a8:17:63:91:2e:52:22:64:56:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a0e16cc2a8b91cb483f451e813b678ae97582b0
        Validity
            Not Before: Jul  2 15:17:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd3084dff5a39595841e25227e7f99deb667fb78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:fb:1f:fa:b0:46:de:89:38:8d:42:13:56:a0:
                    09:16:7a:89:a4:b5:9a:dd:44:99:b6:83:0e:71:a8:
                    7c:12:45:7c:37:3e:10:55:46:2c:b2:0d:47:9c:d1:
                    d1:c3:0b:a0:95:aa:04:43:a4:90:a4:bd:91:9e:b4:
                    77:f7:80:8d:e4:ea:54:ba:58:e0:09:d9:31:a5:58:
                    cb:ad:83:8d:0c:d0:ee:2f:73:4f:48:9e:91:72:88:
                    a0:f5:bf:c1:90:3b:29:2e:5f:b9:a3:c6:0a:62:5d:
                    fc:23:ff:c6:64:ff:36:99:b4:6d:f1:85:4e:e0:90:
                    8d:1c:d6:89:3d:5e:b5:bd:ed:0f:d6:a8:d4:d7:3b:
                    e5:24:41:a3:c7:34:ab:8c:6e:43:b9:17:7e:50:03:
                    ae:47:e5:62:45:5c:e2:9c:c8:47:9b:e0:a1:1e:45:
                    f3:6a:01:64:78:eb:01:43:ed:cf:a5:17:38:fe:22:
                    5b:dc:9b:55:58:bc:19:31:5b:20:cf:78:6e:0a:f1:
                    84:8f:d0:33:32:ca:0c:72:9a:6d:72:6c:75:f7:c7:
                    f9:06:98:81:e4:31:6c:38:48:68:63:e9:40:76:6e:
                    12:63:33:b1:52:dd:79:97:52:3f:1d:97:56:55:18:
                    15:bd:31:e6:20:91:a8:8d:f7:d5:f7:32:b6:f4:83:
                    da:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:30:84:DF:F5:A3:95:95:84:1E:25:22:7E:7F:99:DE:B6:67:FB:78
            X509v3 Authority Key Identifier:
                keyid:6A:0E:16:CC:2A:8B:91:CB:48:3F:45:1E:81:3B:67:8A:E9:75:82:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ag4WzCqLkctIP0UegTtniul1grA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/vTCE3_WjlZWEHiUifn-Z3rZn-3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ag4WzCqLkctIP0UegTtniul1grA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:86:a2:db:a5:87:7b:dd:d6:f9:ec:68:c3:02:b0:13:a8:b6:
         de:18:14:a7:20:fe:a0:d1:7e:0e:1a:a9:fb:9a:aa:e9:e2:89:
         fc:c2:5c:d3:c8:cb:78:fe:53:64:cc:d0:23:46:37:5d:f6:f5:
         5e:a3:18:d2:59:7f:6c:0c:73:15:0b:96:f9:ad:7a:ba:49:e1:
         6e:e8:de:b6:0c:98:08:d4:d0:6e:d7:24:c0:48:70:c8:d6:25:
         e5:fb:44:05:11:7e:26:4a:7b:45:e0:27:a3:c1:8c:c6:ef:cd:
         68:91:39:43:7b:bc:0a:ae:50:62:43:70:17:00:47:d8:fe:1e:
         1d:ca:f6:9b:41:49:1f:d3:36:e6:0f:4b:5d:f9:73:f5:f7:ce:
         07:dd:45:84:cf:e8:ef:bc:f1:8a:bf:92:22:1b:ec:47:f9:cf:
         33:d9:e7:b3:db:af:f1:b9:31:b4:4d:e5:10:6e:3c:8b:b8:65:
         ad:3a:15:c9:28:bb:50:94:2b:36:83:63:3c:8e:4d:74:26:60:
         76:54:eb:cd:56:0e:1c:66:41:18:ba:d4:ec:c8:56:22:43:df:
         0a:c9:64:f5:ae:5f:82:10:be:38:34:43:9c:78:c6:66:96:c8:
         b9:06:17:a2:53:d3:73:16:29:77:bd:a7:4d:da:7e:1f:08:64:
         f0:f1:95:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaEl632eoF2ORLlIiZFa8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMGUxNmNjMmE4YjkxY2I0ODNmNDUxZTgxM2I2NzhhZTk3
NTgyYjAwHhcNMjYwNzAyMTUxNzQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDMwODRkZmY1YTM5NTk1ODQxZTI1MjI3ZTdmOTlkZWI2NjdmYjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fsf+rBG3ok4jUITVqAJFnqJpLWa
3USZtoMOcah8EkV8Nz4QVUYssg1HnNHRwwuglaoEQ6SQpL2RnrR394CN5OpUuljg
CdkxpVjLrYONDNDuL3NPSJ6Rcoig9b/BkDspLl+5o8YKYl38I//GZP82mbRt8YVO
4JCNHNaJPV61ve0P1qjU1zvlJEGjxzSrjG5DuRd+UAOuR+ViRVzinMhHm+ChHkXz
agFkeOsBQ+3PpRc4/iJb3JtVWLwZMVsgz3huCvGEj9AzMsoMcpptcmx198f5BpiB
5DFsOEhoY+lAdm4SYzOxUt15l1I/HZdWVRgVvTHmIJGojffV9zK29IPaYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0whN/1o5WVhB4lIn5/md62Z/t4MB8GA1UdIwQY
MBaAFGoOFswqi5HLSD9FHoE7Z4rpdYKwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvdlRDRTNfV2psWldFSGlVaWZuLVozclpuLTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvYWc0V3pDcUxrY3RJUDBVZWdUdG5pdWwxZ3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVm4oMA0G
CSqGSIb3DQEBCwUAA4IBAQA/hqLbpYd73db57GjDArATqLbeGBSnIP6g0X4OGqn7
mqrp4on8wlzTyMt4/lNkzNAjRjdd9vVeoxjSWX9sDHMVC5b5rXq6SeFu6N62DJgI
1NBu1yTASHDI1iXl+0QFEX4mSntF4CejwYzG781okTlDe7wKrlBiQ3AXAEfY/h4d
yvabQUkf0zbmD0td+XP1984H3UWEz+jvvPGKv5IiG+xH+c8z2eez26/xuTG0TeUQ
bjyLuGWtOhXJKLtQlCs2g2M8jk10JmB2VOvNVg4cZkEYutTsyFYiQ98KyWT1rl+C
EL44NEOceMZmlsi5BheiU9NzFil3vadN2n4fCGTw8ZVi
-----END CERTIFICATE-----
Generated at Sat Jul 4 09:19:23 2026 by rpki-client