Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/vWUkGJTAlCW5stsudP79tJd9Jqs.roa
File:                     vWUkGJTAlCW5stsudP79tJd9Jqs.roa (raw, json)
Hash identifier:          DiYk04Hr15IqKozXDnzpPJH9ZduXrUisd67fCRFzPZY=
Subject key identifier:   BD:65:24:18:94:C0:94:25:B9:B2:DB:2E:74:FE:FD:B4:97:7D:26:AB
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019F1886093C2AB975669D4BC5F532795650
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/vWUkGJTAlCW5stsudP79tJd9Jqs.roa
Signing time:             Tue 30 Jun 2026 12:34:25 +0000
ROA not before:           Tue 30 Jun 2026 12:34:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199242
IP address blocks:        82.108.125.0/24 maxlen: 24
                          82.108.126.0/24 maxlen: 24
                          82.108.127.0/24 maxlen: 24
                          87.82.198.0/24 maxlen: 24
                          87.82.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:18:86:09:3c:2a:b9:75:66:9d:4b:c5:f5:32:79:56:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun 30 12:34:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd65241894c09425b9b2db2e74fefdb4977d26ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:d0:cd:a0:8d:20:bf:bd:31:ee:e4:23:61:34:
                    d1:86:ef:3e:f7:e6:b2:f3:73:b6:e2:b0:a9:3e:d0:
                    42:5c:46:31:cc:36:20:85:b1:d5:85:32:32:e4:df:
                    d5:77:e0:ac:bc:6c:75:44:bd:14:52:c9:6e:aa:ab:
                    96:2d:b2:6e:fe:fe:76:9e:a8:2a:0e:3f:2c:f5:85:
                    6e:6a:b5:e4:b7:2c:54:ec:3b:ae:40:9b:f8:cb:f7:
                    67:2f:02:ff:0f:9f:57:84:7a:91:7c:b6:74:d9:24:
                    ea:2a:f1:a3:8e:e3:fa:e9:bd:fd:76:e2:09:96:39:
                    69:e6:20:6d:cd:58:ae:76:98:6b:a9:2a:13:78:ae:
                    3f:90:bb:1a:cf:a3:fd:f6:ca:4d:f2:86:44:5f:5d:
                    c2:83:01:62:1c:1f:d2:8b:1f:11:21:2e:c4:de:d4:
                    08:67:de:d4:8e:08:05:90:58:4f:c9:7a:23:83:6f:
                    33:bf:be:b7:55:c5:2a:c3:92:e3:68:c5:0a:a0:85:
                    c0:e1:68:f5:3a:76:31:8e:2d:69:f4:31:12:70:23:
                    aa:59:65:31:fb:3b:50:e9:1d:f5:02:94:be:ed:2d:
                    0f:ac:62:a9:8f:c1:bf:56:e2:7d:a6:ce:5f:f5:05:
                    dc:37:ce:23:7c:b4:c5:ec:a2:8b:28:c5:15:6e:9a:
                    d7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:65:24:18:94:C0:94:25:B9:B2:DB:2E:74:FE:FD:B4:97:7D:26:AB
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/vWUkGJTAlCW5stsudP79tJd9Jqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.108.125.0-82.108.127.255
                  87.82.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:5f:15:3e:29:6c:19:ea:d6:36:ca:68:fd:3c:fb:5b:d3:d2:
         55:03:85:dc:68:72:90:24:8e:ad:de:17:7e:08:03:cb:c2:92:
         21:2b:94:4e:6b:a3:8b:a8:9a:6f:62:56:d8:cd:16:d1:82:91:
         8b:dc:ae:78:15:88:8f:62:d8:d4:02:f7:9e:ee:a4:e4:bb:53:
         b2:f9:b3:53:5f:03:74:d2:18:a7:8f:11:9b:72:0f:e2:ba:71:
         44:21:19:cf:b4:82:cd:25:e0:ef:70:aa:3f:8a:f9:b0:65:47:
         bc:aa:ee:ee:50:d0:b7:48:97:4e:3e:08:17:55:85:d2:f8:71:
         ab:0b:38:7f:57:cd:0a:b0:77:56:c4:57:3c:cf:85:7c:3a:4f:
         33:ec:ed:80:10:05:63:e6:2d:ad:b0:62:43:c8:9d:a3:e9:26:
         d1:31:1b:6c:1a:cc:63:c0:23:38:e1:1c:fb:0e:06:9a:b7:b9:
         6e:99:7b:2f:2f:c9:f3:77:a6:6c:4a:ae:20:10:98:03:2a:32:
         23:c6:f7:ca:dd:e5:05:73:97:67:60:7b:d3:a4:32:7d:99:0f:
         95:f5:a5:da:e2:75:e7:a8:f0:fa:c6:d1:85:d8:e5:56:78:ca:
         17:61:e1:4b:29:7d:d4:0a:7f:91:db:8c:f3:bc:27:94:6b:af:
         97:3b:ea:33
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ8Yhgk8Krl1Zp1LxfUyeVZQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjMwMTIzNDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDY1MjQxODk0YzA5NDI1YjliMmRiMmU3NGZlZmRiNDk3N2QyNmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9DNoI0gv70x7uQjYTTRhu8+9+ay
83O24rCpPtBCXEYxzDYghbHVhTIy5N/Vd+CsvGx1RL0UUsluqquWLbJu/v52nqgq
Dj8s9YVuarXktyxU7DuuQJv4y/dnLwL/D59XhHqRfLZ02STqKvGjjuP66b39duIJ
ljlp5iBtzViudphrqSoTeK4/kLsaz6P99spN8oZEX13CgwFiHB/Six8RIS7E3tQI
Z97UjggFkFhPyXojg28zv763VcUqw5LjaMUKoIXA4Wj1OnYxji1p9DEScCOqWWUx
+ztQ6R31ApS+7S0PrGKpj8G/VuJ9ps5f9QXcN84jfLTF7KKLKMUVbprX4QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFL1lJBiUwJQlubLbLnT+/bSXfSarMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvdldVa0dKVEFsQ1c1c3RzdWRQNzl0SmQ5SnFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABSbH0D
BAdSbAADBAFXUsYwDQYJKoZIhvcNAQELBQADggEBAJlfFT4pbBnq1jbKaP08+1vT
0lUDhdxocpAkjq3eF34IA8vCkiErlE5ro4uomm9iVtjNFtGCkYvcrngViI9i2NQC
957upOS7U7L5s1NfA3TSGKePEZtyD+K6cUQhGc+0gs0l4O9wqj+K+bBlR7yq7u5Q
0LdIl04+CBdVhdL4casLOH9XzQqwd1bEVzzPhXw6TzPs7YAQBWPmLa2wYkPInaPp
JtExG2wazGPAIzjhHPsOBpq3uW6Zey8vyfN3pmxKriAQmAMqMiPG98rd5QVzl2dg
e9OkMn2ZD5X1pdrideeo8PrG0YXY5VZ4yhdh4UspfdQKf5HbjPO8J5Rrr5c76jM=
-----END CERTIFICATE-----
Generated at Wed Jul 1 02:33:59 2026 by rpki-client