Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/VHCbgB2ATThahBAQ0_Wyxf0owhM.roa
File:                     VHCbgB2ATThahBAQ0_Wyxf0owhM.roa (raw, json)
Hash identifier:          hCVwSy59RxrE+Tg9Np1iqXmZk/e5opFjdQ7TOzl8JOk=
Subject key identifier:   54:70:9B:80:1D:80:4D:38:5A:84:10:10:D3:F5:B2:C5:FD:28:C2:13
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019F12833649A7CD564606BE1F263FD212CF
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/VHCbgB2ATThahBAQ0_Wyxf0owhM.roa
Signing time:             Mon 29 Jun 2026 08:33:36 +0000
ROA not before:           Mon 29 Jun 2026 08:33:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.249.192.0/21 maxlen: 24
                          89.249.203.0/24 maxlen: 24
                          89.249.205.0/24 maxlen: 24
                          89.249.206.0/23 maxlen: 24
                          89.249.206.0/24 maxlen: 24
                          212.42.192.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Jul 2026 05:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:12:83:36:49:a7:cd:56:46:06:be:1f:26:3f:d2:12:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jun 29 08:33:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54709b801d804d385a841010d3f5b2c5fd28c213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2e:8c:b4:ac:93:a6:96:3e:9c:c0:e1:2c:33:
                    29:03:52:70:06:36:23:4d:52:8d:da:de:68:f4:76:
                    6f:ac:3f:2c:1d:cb:48:d1:a4:ae:ef:d7:02:29:e3:
                    ba:25:93:6c:9f:a1:0b:60:07:8c:65:e7:3a:40:49:
                    c8:74:8c:bf:f8:4b:cb:34:3e:5f:93:1f:ff:11:92:
                    4d:df:fa:af:50:df:70:07:ee:0a:1b:15:f2:bf:1d:
                    4b:60:13:de:bf:b9:ff:e4:f4:76:46:bc:58:eb:7c:
                    7e:74:5b:10:07:4e:27:5b:37:47:c8:96:41:a4:8a:
                    19:90:cc:bc:89:49:a3:6c:e6:c0:c3:d4:73:28:54:
                    76:c6:9c:36:76:6d:9b:05:f6:7e:d3:de:81:9e:22:
                    89:cc:0b:09:e1:4f:62:d0:cb:f8:82:c8:db:49:db:
                    65:93:d5:f1:af:c2:26:61:92:c6:9a:e4:b2:0e:41:
                    b1:ef:0e:af:b0:d5:87:f5:1b:fa:98:ac:25:af:2e:
                    74:2e:e2:e3:16:59:1e:b1:35:db:d9:38:b5:1d:d5:
                    a5:df:b7:6a:72:ec:bd:ad:07:22:ef:31:f1:55:9a:
                    8e:77:93:f1:de:22:b4:22:7f:70:d4:45:a4:38:18:
                    6c:43:91:9c:55:89:25:9d:87:cd:ae:2f:65:cc:bf:
                    97:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:70:9B:80:1D:80:4D:38:5A:84:10:10:D3:F5:B2:C5:FD:28:C2:13
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/VHCbgB2ATThahBAQ0_Wyxf0owhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.192.0/21
                  89.249.203.0/24
                  89.249.205.0-89.249.207.255
                  212.42.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         06:f7:65:5f:e6:9d:2c:bb:3c:62:48:88:23:93:af:c9:2d:70:
         f6:36:17:59:3f:5b:d9:da:fb:b8:45:d3:50:17:8a:3c:1e:e7:
         c8:7d:09:f6:12:46:ce:e9:7e:22:2b:ad:1f:f9:bc:df:5c:2e:
         a0:4e:f5:be:7b:67:33:c1:61:4d:a6:a2:03:0f:3d:56:2c:6f:
         d3:0b:fe:a3:5b:ef:fd:1f:49:69:d7:c3:c2:2a:b7:8e:fc:25:
         18:3a:bd:87:98:8e:ca:e5:f8:cf:b7:d1:05:47:e9:a3:d7:42:
         73:4d:32:4d:e1:59:0b:35:2d:f0:2a:ca:b1:3c:65:22:ef:96:
         9e:4f:0e:72:42:91:e1:e7:f6:1a:b3:7f:c5:d7:3b:04:b9:de:
         96:3d:fa:2e:0c:63:4f:f5:fc:b3:20:a4:f2:2f:23:71:1c:ad:
         36:1b:8e:89:d7:01:2d:83:4b:9e:dc:ac:5a:dc:c6:1a:76:32:
         85:b9:8a:d2:74:c6:ac:75:9f:f7:91:38:4d:3c:37:38:16:ef:
         af:8a:6e:0c:b0:34:1f:c7:13:89:ff:e2:85:21:f0:a7:c9:0a:
         fa:56:2e:c0:6f:77:01:bf:bd:74:ee:49:7d:15:4a:09:1c:dd:
         03:57:89:54:3e:70:de:eb:3c:53:33:42:78:fd:24:7a:2d:46:
         17:a9:34:b9
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ8SgzZJp81WRga+HyY/0hLPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjYwNjI5MDgzMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDcwOWI4MDFkODA0ZDM4NWE4NDEwMTBkM2Y1YjJjNWZkMjhjMjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAry6MtKyTppY+nMDhLDMpA1JwBjYj
TVKN2t5o9HZvrD8sHctI0aSu79cCKeO6JZNsn6ELYAeMZec6QEnIdIy/+EvLND5f
kx//EZJN3/qvUN9wB+4KGxXyvx1LYBPev7n/5PR2RrxY63x+dFsQB04nWzdHyJZB
pIoZkMy8iUmjbObAw9RzKFR2xpw2dm2bBfZ+096BniKJzAsJ4U9i0Mv4gsjbSdtl
k9Xxr8ImYZLGmuSyDkGx7w6vsNWH9Rv6mKwlry50LuLjFlkesTXb2Ti1HdWl37dq
cuy9rQci7zHxVZqOd5Px3iK0In9w1EWkOBhsQ5GcVYklnYfNri9lzL+X5wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFFRwm4AdgE04WoQQENP1ssX9KMITMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvVkhDYmdCMkFUVGhhaEJBUTBfV3l4ZjBvd2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQDWfnAAwQA
WfnLMAwDBABZ+c0DBARZ+cADBATUKsAwDQYJKoZIhvcNAQELBQADggEBAAb3ZV/m
nSy7PGJIiCOTr8ktcPY2F1k/W9na+7hF01AXijwe58h9CfYSRs7pfiIrrR/5vN9c
LqBO9b57ZzPBYU2mogMPPVYsb9ML/qNb7/0fSWnXw8Iqt478JRg6vYeYjsrl+M+3
0QVH6aPXQnNNMk3hWQs1LfAqyrE8ZSLvlp5PDnJCkeHn9hqzf8XXOwS53pY9+i4M
Y0/1/LMgpPIvI3EcrTYbjonXAS2DS57crFrcxhp2MoW5itJ0xqx1n/eROE08NzgW
76+KbgywNB/HE4n/4oUh8KfJCvpWLsBvdwG/vXTuSX0VSgkc3QNXiVQ+cN7rPFMz
Qnj9JHotRhepNLk=
-----END CERTIFICATE-----
Generated at Sat Jul 4 06:26:39 2026 by rpki-client