Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/pMAQCVNkPSRH_CBfHnLj9SWOU5w.roa
File:                     pMAQCVNkPSRH_CBfHnLj9SWOU5w.roa (raw, json)
Hash identifier:          KKUudvbbbYbJdUkQGRngDn+KqBMSDxTbsA1BJV05K2s=
Subject key identifier:   A4:C0:10:09:53:64:3D:24:47:FC:20:5F:1E:72:E3:F5:25:8E:53:9C
Certificate issuer:       /CN=31b0f64c69d330b66ebcd03a9bf0fdc19f3147d8
Certificate serial:       019F137FDFD079102B8185FBC67432DFD1CB
Authority key identifier: 31:B0:F6:4C:69:D3:30:B6:6E:BC:D0:3A:9B:F0:FD:C1:9F:31:47:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/pMAQCVNkPSRH_CBfHnLj9SWOU5w.roa
Signing time:             Mon 29 Jun 2026 13:09:35 +0000
ROA not before:           Mon 29 Jun 2026 13:09:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47217
IP address blocks:        5.100.233.0/24 maxlen: 24
                          94.142.149.0/24 maxlen: 24
                          212.103.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:13:7f:df:d0:79:10:2b:81:85:fb:c6:74:32:df:d1:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31b0f64c69d330b66ebcd03a9bf0fdc19f3147d8
        Validity
            Not Before: Jun 29 13:09:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4c0100953643d2447fc205f1e72e3f5258e539c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b3:cf:d6:f3:a3:27:8b:6f:4b:79:44:4c:12:
                    c9:8a:2e:ed:1b:f4:82:72:c2:e9:10:3f:73:51:32:
                    6b:b3:d1:29:28:41:0b:06:7e:19:c2:a8:7f:63:fd:
                    8e:20:e6:03:08:c1:5e:36:e2:b9:b2:37:48:2f:21:
                    54:1c:da:eb:96:42:9e:9a:16:ad:30:df:2a:d6:1f:
                    00:5f:6c:d0:8f:f6:ec:b7:32:87:b4:82:13:12:75:
                    44:48:fa:8f:35:d7:0f:e5:d8:7b:26:d3:4f:72:69:
                    e3:c4:80:68:a1:9a:de:f6:04:f1:75:66:f9:a3:30:
                    c8:96:03:87:e0:27:ff:11:57:af:88:06:93:67:d7:
                    0c:14:4c:61:d1:ec:18:d6:a8:c9:a9:1d:40:66:e1:
                    7e:18:35:8c:4f:82:db:42:18:e5:78:ce:ff:c4:06:
                    c5:2d:3a:f7:a5:9b:81:ae:9c:f3:85:2a:ea:0d:03:
                    17:e8:ac:e2:08:5c:30:26:20:71:bf:3f:0e:73:07:
                    ca:62:91:3a:4e:4f:bf:6c:05:61:6f:6c:c2:f8:2b:
                    bb:12:62:ca:f1:a3:1b:62:86:19:43:c5:c3:5e:c9:
                    fb:bd:67:75:ff:69:10:14:11:ef:b8:91:27:0c:96:
                    9f:35:c8:45:4c:af:c0:de:c2:95:6a:12:59:7b:a5:
                    d0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C0:10:09:53:64:3D:24:47:FC:20:5F:1E:72:E3:F5:25:8E:53:9C
            X509v3 Authority Key Identifier:
                keyid:31:B0:F6:4C:69:D3:30:B6:6E:BC:D0:3A:9B:F0:FD:C1:9F:31:47:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/pMAQCVNkPSRH_CBfHnLj9SWOU5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/2fb473-8e6b-4f0d-ad30-d4934493a679/1/MbD2TGnTMLZuvNA6m_D9wZ8xR9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.100.233.0/24
                  94.142.149.0/24
                  212.103.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:07:d4:a9:1c:77:88:c9:d7:c5:f7:b7:2e:f2:5b:71:c8:4f:
         b5:66:d3:3d:58:ce:25:4f:7c:dd:8b:37:d6:e5:ef:9d:4e:e1:
         78:9c:ea:2b:be:fc:c1:05:2c:3e:d5:43:6b:c0:76:f1:99:ca:
         d5:b0:ce:22:d1:4c:2e:5f:fe:87:9f:1b:3f:03:e7:a8:07:b9:
         d7:29:fa:8d:81:49:58:a1:40:a5:e6:92:e0:e4:12:f5:a9:1c:
         fe:f0:12:b6:a7:3a:81:37:a5:96:d1:13:c6:9f:55:0e:b3:19:
         a1:c3:5d:3d:c8:ef:42:34:1b:17:c4:84:25:5c:ac:e9:f0:85:
         71:f2:a5:fb:26:71:d3:43:61:8d:41:7e:70:ef:1f:a7:fa:1b:
         36:ba:ab:a8:6c:52:ec:24:62:5c:d8:e7:70:1a:f1:82:0a:4d:
         23:17:e3:e5:fc:ae:f0:78:1c:2c:aa:52:b8:6c:0b:1e:b8:2f:
         73:7f:2d:5d:85:2b:3d:56:15:90:d3:80:70:a7:cb:9c:df:90:
         20:36:26:b4:2c:fe:85:b0:f2:aa:6d:d2:e8:50:cc:de:8b:54:
         c8:a6:bf:97:2b:c9:fc:f9:a1:4a:fe:16:db:f4:29:44:68:fe:
         78:6a:59:4c:34:b8:17:90:25:10:49:2c:aa:55:dd:f6:ab:72:
         22:2d:0c:0f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ8Tf9/QeRArgYX7xnQy39HLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYjBmNjRjNjlkMzMwYjY2ZWJjZDAzYTliZjBmZGMxOWYz
MTQ3ZDgwHhcNMjYwNjI5MTMwOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGMwMTAwOTUzNjQzZDI0NDdmYzIwNWYxZTcyZTNmNTI1OGU1MzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7PP1vOjJ4tvS3lETBLJii7tG/SC
csLpED9zUTJrs9EpKEELBn4Zwqh/Y/2OIOYDCMFeNuK5sjdILyFUHNrrlkKemhat
MN8q1h8AX2zQj/bstzKHtIITEnVESPqPNdcP5dh7JtNPcmnjxIBooZre9gTxdWb5
ozDIlgOH4Cf/EVeviAaTZ9cMFExh0ewY1qjJqR1AZuF+GDWMT4LbQhjleM7/xAbF
LTr3pZuBrpzzhSrqDQMX6KziCFwwJiBxvz8OcwfKYpE6Tk+/bAVhb2zC+Cu7EmLK
8aMbYoYZQ8XDXsn7vWd1/2kQFBHvuJEnDJafNchFTK/A3sKVahJZe6XQ/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKTAEAlTZD0kR/wgXx5y4/UljlOcMB8GA1UdIwQY
MBaAFDGw9kxp0zC2brzQOpvw/cGfMUfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWJEMlRHblRNTFp1dk5BNm1fRDl3Wjh4UjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8yZmI0NzMtOGU2Yi00ZjBkLWFkMzAt
ZDQ5MzQ0OTNhNjc5LzEvcE1BUUNWTmtQU1JIX0NCZkhuTGo5U1dPVTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8yZmI0NzMtOGU2Yi00ZjBkLWFkMzAtZDQ5MzQ0OTNhNjc5
LzEvTWJEMlRHblRNTFp1dk5BNm1fRDl3Wjh4UjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABWTpAwQA
Xo6VAwQA1GfKMA0GCSqGSIb3DQEBCwUAA4IBAQBCB9SpHHeIydfF97cu8ltxyE+1
ZtM9WM4lT3zdizfW5e+dTuF4nOorvvzBBSw+1UNrwHbxmcrVsM4i0UwuX/6Hnxs/
A+eoB7nXKfqNgUlYoUCl5pLg5BL1qRz+8BK2pzqBN6WW0RPGn1UOsxmhw109yO9C
NBsXxIQlXKzp8IVx8qX7JnHTQ2GNQX5w7x+n+hs2uquobFLsJGJc2OdwGvGCCk0j
F+Pl/K7weBwsqlK4bAseuC9zfy1dhSs9VhWQ04Bwp8uc35AgNia0LP6FsPKqbdLo
UMzei1TIpr+XK8n8+aFK/hbb9ClEaP54allMNLgXkCUQSSyqVd32q3IiLQwP
-----END CERTIFICATE-----
Generated at Wed Jul 1 00:12:09 2026 by rpki-client