Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/_2gi_vpTr-sKapIp_mcy5ZYF88U.roa
File:                     _2gi_vpTr-sKapIp_mcy5ZYF88U.roa (raw, json)
Hash identifier:          286b0Tq+TdXphaizu8IlySNmJSZlkHv7A2MnbV1eWbc=
Subject key identifier:   FF:68:22:FE:FA:53:AF:EB:0A:6A:92:29:FE:67:32:E5:96:05:F3:C5
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019F1C52A13476971EBB2418A7C3B4625C6E
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/_2gi_vpTr-sKapIp_mcy5ZYF88U.roa
Signing time:             Wed 01 Jul 2026 06:16:45 +0000
ROA not before:           Wed 01 Jul 2026 06:16:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219394
IP address blocks:        217.8.197.0/24 maxlen: 24
                          217.8.199.0/24 maxlen: 24
                          217.8.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:1c:52:a1:34:76:97:1e:bb:24:18:a7:c3:b4:62:5c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jul  1 06:16:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff6822fefa53afeb0a6a9229fe6732e59605f3c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6e:7f:13:a2:a4:6b:03:28:2e:51:ea:4d:2e:
                    db:8c:0a:35:c7:e3:44:34:fd:8b:b4:7a:f6:bf:55:
                    91:da:4d:6a:4c:4b:42:6a:39:6f:33:d3:0b:9a:16:
                    57:3b:9a:73:46:63:3c:41:49:5e:33:1f:9b:38:57:
                    28:9b:6b:ca:f0:d7:b3:dd:8e:c0:26:3f:c3:5c:1c:
                    18:bf:d1:43:20:a6:bd:79:cb:73:d4:fa:05:51:8e:
                    bb:ca:a3:69:63:d6:80:f2:a9:98:3b:05:72:17:eb:
                    65:a0:8b:51:e2:2c:aa:01:16:2c:7f:dc:f3:2c:f6:
                    5a:2e:22:7d:1f:ff:74:58:18:8e:cb:e8:9d:3b:5c:
                    64:22:d4:d5:c2:bf:b2:22:c5:fd:7f:5a:63:76:d3:
                    77:52:64:cb:c6:07:fc:56:b7:14:ce:9e:9b:4b:3b:
                    c9:ea:db:25:de:b8:7f:82:b2:36:1f:f6:1f:24:6d:
                    8d:48:56:56:a9:fc:a8:81:24:63:23:c7:42:d0:25:
                    19:b6:a7:a5:41:38:bc:14:97:4a:93:d6:22:8f:4b:
                    78:aa:3a:54:f4:7c:8a:63:ba:04:66:45:f2:57:f2:
                    e0:be:e6:bb:0e:04:f2:5d:65:4b:f0:1f:24:c8:43:
                    08:fc:83:77:c9:57:36:4a:16:39:90:48:f7:59:a9:
                    3e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:68:22:FE:FA:53:AF:EB:0A:6A:92:29:FE:67:32:E5:96:05:F3:C5
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/_2gi_vpTr-sKapIp_mcy5ZYF88U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.8.197.0/24
                  217.8.199.0/24
                  217.8.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:f3:36:17:05:b1:65:a6:22:a5:8f:40:db:b5:74:c4:f1:1f:
         b6:2e:93:69:22:c0:85:d8:97:fb:69:40:7f:84:7b:44:ad:d5:
         53:bb:47:7f:f9:b9:a5:95:88:94:6b:db:ef:2c:cf:c2:0f:c9:
         f6:63:62:fb:9b:9f:96:b1:73:fd:d1:28:b7:70:6e:e9:02:8e:
         1c:71:46:7d:9f:c1:8a:87:03:27:8f:91:ed:44:2e:ab:d7:af:
         5a:bb:11:2b:7a:98:ec:0d:59:f8:2c:6d:b6:d4:2c:47:5c:c2:
         06:f1:e8:3e:99:54:01:85:dd:2b:60:5a:73:68:56:80:10:e4:
         99:57:3d:da:7b:7e:b8:7d:bb:f3:f0:59:0d:58:f8:12:13:54:
         b9:66:3f:e0:12:17:7c:f7:f4:77:b2:3b:0a:5a:3d:38:35:2e:
         ff:f1:46:0e:e0:2e:d7:46:fc:2a:27:6a:da:d2:82:14:a2:0a:
         47:5c:b7:b9:60:e9:f4:1a:57:1e:78:e6:d2:fc:05:65:a5:9a:
         9c:cf:b2:29:14:9c:0c:8b:d4:7a:fb:0f:41:99:14:72:a6:ff:
         6a:98:e7:fe:77:49:28:04:85:ed:0e:ba:2a:ed:c0:c1:8a:85:
         af:56:37:aa:cc:5d:00:66:2c:2e:b7:42:af:71:ea:a7:25:60:
         dc:a2:a2:33
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ8cUqE0dpceuyQYp8O0YlxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNzAxMDYxNjQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjY4MjJmZWZhNTNhZmViMGE2YTkyMjlmZTY3MzJlNTk2MDVmM2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW5/E6KkawMoLlHqTS7bjAo1x+NE
NP2LtHr2v1WR2k1qTEtCajlvM9MLmhZXO5pzRmM8QUleMx+bOFcom2vK8Nez3Y7A
Jj/DXBwYv9FDIKa9ectz1PoFUY67yqNpY9aA8qmYOwVyF+tloItR4iyqARYsf9zz
LPZaLiJ9H/90WBiOy+idO1xkItTVwr+yIsX9f1pjdtN3UmTLxgf8VrcUzp6bSzvJ
6tsl3rh/grI2H/YfJG2NSFZWqfyogSRjI8dC0CUZtqelQTi8FJdKk9Yij0t4qjpU
9HyKY7oEZkXyV/Lgvua7DgTyXWVL8B8kyEMI/IN3yVc2ShY5kEj3Wak+/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP9oIv76U6/rCmqSKf5nMuWWBfPFMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvXzJnaV92cFRyLXNLYXBJcF9tY3k1WllGODhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA2QjFAwQA
2QjHAwQA2QjJMA0GCSqGSIb3DQEBCwUAA4IBAQAm8zYXBbFlpiKlj0DbtXTE8R+2
LpNpIsCF2Jf7aUB/hHtErdVTu0d/+bmllYiUa9vvLM/CD8n2Y2L7m5+WsXP90Si3
cG7pAo4ccUZ9n8GKhwMnj5HtRC6r169auxErepjsDVn4LG221CxHXMIG8eg+mVQB
hd0rYFpzaFaAEOSZVz3ae364fbvz8FkNWPgSE1S5Zj/gEhd89/R3sjsKWj04NS7/
8UYO4C7XRvwqJ2ra0oIUogpHXLe5YOn0GlceeObS/AVlpZqcz7IpFJwMi9R6+w9B
mRRypv9qmOf+d0koBIXtDroq7cDBioWvVjeqzF0AZiwut0KvceqnJWDcoqIz
-----END CERTIFICATE-----
Generated at Fri Jul 3 19:56:59 2026 by rpki-client