Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/9k5BtTPPxnZiW0r-J9VyWSs6SCI.roa
File:                     9k5BtTPPxnZiW0r-J9VyWSs6SCI.roa (raw, json)
Hash identifier:          F+RPFKfqZfbIU5EIxsSYhbg7pY/p6XGYN9oPR99wNrI=
Subject key identifier:   F6:4E:41:B5:33:CF:C6:76:62:5B:4A:FE:27:D5:72:59:2B:3A:48:22
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       019EFE1206B8795E3DA5E47B33AF279C3432
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/9k5BtTPPxnZiW0r-J9VyWSs6SCI.roa
Signing time:             Thu 25 Jun 2026 09:17:34 +0000
ROA not before:           Thu 25 Jun 2026 09:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        80.76.44.0/24 maxlen: 24
                          93.177.111.0/24 maxlen: 24
                          185.240.87.0/24 maxlen: 24
                          193.42.246.0/24 maxlen: 24
                          194.62.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Jul 2026 08:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fe:12:06:b8:79:5e:3d:a5:e4:7b:33:af:27:9c:34:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jun 25 09:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f64e41b533cfc676625b4afe27d572592b3a4822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c4:2d:8f:de:ff:16:69:a8:ae:5c:9d:37:63:
                    a9:9c:ab:74:50:1e:0f:72:07:99:b2:21:f4:a5:bf:
                    3b:c6:ba:e7:3c:93:9d:24:6f:23:c4:f9:36:96:47:
                    18:3b:51:03:1b:fc:4d:36:64:e8:35:0d:4a:33:34:
                    94:01:8b:19:5d:da:45:ee:e3:d7:9f:d1:67:61:d7:
                    18:28:89:00:cb:a5:f6:e2:63:a1:06:d2:02:a0:c0:
                    63:a0:b1:df:f7:b8:38:e9:09:5c:ad:a9:f9:36:e6:
                    85:e8:26:33:2f:2e:71:4a:2e:a7:a1:db:be:fd:55:
                    bd:a0:4e:ff:ed:26:8e:3c:db:5c:ba:2e:65:04:15:
                    ef:87:5c:59:db:99:da:c9:48:a2:6a:6e:48:3a:f8:
                    d6:32:df:42:92:d7:f8:64:83:26:09:83:3b:23:9a:
                    90:31:7f:89:56:d8:c6:b9:39:c6:26:a6:05:85:bb:
                    86:9e:b9:0d:4d:bc:c9:5a:07:56:61:3c:53:c1:50:
                    af:ae:d6:7d:9a:0b:1f:2c:f7:f1:8f:5d:c5:a2:c9:
                    27:29:f3:17:7f:0b:37:b6:70:27:fb:e6:c4:92:ef:
                    54:d0:ae:5c:f3:50:71:bf:46:77:6e:57:ba:ef:83:
                    ad:9d:ed:76:4d:a9:08:27:d9:cd:1a:2e:76:2f:b8:
                    09:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:4E:41:B5:33:CF:C6:76:62:5B:4A:FE:27:D5:72:59:2B:3A:48:22
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/9k5BtTPPxnZiW0r-J9VyWSs6SCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.44.0/24
                  93.177.111.0/24
                  185.240.87.0/24
                  193.42.246.0/24
                  194.62.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:04:ac:7f:07:53:eb:6c:6f:f5:fc:4f:d1:9d:12:de:c0:84:
         c9:83:89:11:b0:04:ab:48:69:98:08:ea:24:6c:77:e3:7f:0e:
         2f:33:07:f2:94:c6:71:30:6a:90:d0:8b:02:39:54:89:ea:53:
         62:d8:ae:19:55:32:52:f5:8e:6e:33:75:c4:0b:cc:ce:8b:29:
         03:cc:ed:8a:ff:9c:96:5b:56:16:62:b4:bb:24:c9:c0:10:e8:
         7e:35:e7:83:b5:35:de:93:3d:d9:56:36:44:39:e1:39:16:a6:
         be:a0:1e:e8:44:95:7a:11:ab:5f:01:4b:49:b9:f0:34:4c:95:
         b4:14:6b:0e:ef:50:b2:20:64:6d:cc:64:c0:ac:da:63:c1:fe:
         f5:88:7a:c7:b6:d2:1a:d8:c6:aa:34:3f:84:ee:8c:97:1b:e8:
         5b:18:9f:89:da:6c:e4:7b:1d:7e:a5:24:82:6c:ba:1f:a8:b3:
         a4:85:ff:50:6b:cc:18:76:03:74:37:3e:5a:0f:11:4e:d5:e5:
         5e:1f:8d:e1:ac:cf:ad:62:f7:bb:b2:c8:bf:a7:1c:6c:cf:38:
         9a:b6:76:6b:ac:98:e4:0a:8c:d0:1d:b7:6f:ea:2d:06:43:8b:
         8c:74:f2:a2:4c:5f:9e:52:6b:3e:7c:40:87:5d:b6:eb:b6:19:
         14:90:86:aa
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ7+Ega4eV49peR7M68nnDQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjYwNjI1MDkxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjRlNDFiNTMzY2ZjNjc2NjI1YjRhZmUyN2Q1NzI1OTJiM2E0ODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsQtj97/FmmorlydN2OpnKt0UB4P
cgeZsiH0pb87xrrnPJOdJG8jxPk2lkcYO1EDG/xNNmToNQ1KMzSUAYsZXdpF7uPX
n9FnYdcYKIkAy6X24mOhBtICoMBjoLHf97g46Qlcran5NuaF6CYzLy5xSi6nodu+
/VW9oE7/7SaOPNtcui5lBBXvh1xZ25nayUiiam5IOvjWMt9Cktf4ZIMmCYM7I5qQ
MX+JVtjGuTnGJqYFhbuGnrkNTbzJWgdWYTxTwVCvrtZ9mgsfLPfxj13FosknKfMX
fws3tnAn++bEku9U0K5c81Bxv0Z3ble674Otne12TakIJ9nNGi52L7gJdQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFPZOQbUzz8Z2YltK/ifVclkrOkgiMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvOWs1QnRUUFB4blppVzByLUo5VnlXU3M2U0NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAUEwsAwQA
XbFvAwQAufBXAwQAwSr2AwQAwj6lMA0GCSqGSIb3DQEBCwUAA4IBAQAfBKx/B1Pr
bG/1/E/RnRLewITJg4kRsASrSGmYCOokbHfjfw4vMwfylMZxMGqQ0IsCOVSJ6lNi
2K4ZVTJS9Y5uM3XEC8zOiykDzO2K/5yWW1YWYrS7JMnAEOh+NeeDtTXekz3ZVjZE
OeE5Fqa+oB7oRJV6EatfAUtJufA0TJW0FGsO71CyIGRtzGTArNpjwf71iHrHttIa
2MaqND+E7oyXG+hbGJ+J2mzkex1+pSSCbLofqLOkhf9Qa8wYdgN0Nz5aDxFO1eVe
H43hrM+tYve7ssi/pxxszziatnZrrJjkCozQHbdv6i0GQ4uMdPKiTF+eUms+fECH
XbbrthkUkIaq
-----END CERTIFICATE-----
Generated at Wed Jul 1 13:50:54 2026 by rpki-client