Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/y9bAPKDzmjiaZG0GNXCSorCmnDc.roa
File:                     y9bAPKDzmjiaZG0GNXCSorCmnDc.roa (raw, json)
Hash identifier:          56eDR52OnKCFwTIBYSQ9jaRspNOA8BKU9margCMUb8Y=
Subject key identifier:   CB:D6:C0:3C:A0:F3:9A:38:9A:64:6D:06:35:70:92:A2:B0:A6:9C:37
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019EDFE330D2ECEA3E59DB892BD46DAF805B
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/y9bAPKDzmjiaZG0GNXCSorCmnDc.roa
Signing time:             Fri 19 Jun 2026 12:37:48 +0000
ROA not before:           Fri 19 Jun 2026 12:37:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219476
IP address blocks:        87.84.200.0/24 maxlen: 24
                          87.84.203.0/24 maxlen: 24
                          194.242.132.0/24 maxlen: 24
                          194.242.135.0/24 maxlen: 24
                          212.135.135.0/24 maxlen: 24
                          212.135.143.0/24 maxlen: 24
                          212.135.154.0/24 maxlen: 24
                          212.135.161.0/24 maxlen: 24
                          212.135.164.0/24 maxlen: 24
                          212.135.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:df:e3:30:d2:ec:ea:3e:59:db:89:2b:d4:6d:af:80:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun 19 12:37:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbd6c03ca0f39a389a646d06357092a2b0a69c37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:cf:e4:c6:2f:53:a1:7d:fb:03:e4:fe:46:1c:
                    de:b8:5f:8a:be:9e:49:cd:13:b8:b3:93:0c:63:5e:
                    04:9d:f2:4d:c3:f9:aa:85:e2:4e:56:d9:43:9f:99:
                    be:68:c3:64:13:27:a6:82:11:51:92:79:4c:d3:72:
                    a1:5f:a7:c9:8f:e0:ca:b7:f0:15:09:4c:c3:11:b1:
                    5f:89:0b:78:57:6d:b5:8f:48:8b:c9:95:58:63:9a:
                    49:28:ba:61:88:4c:49:99:aa:ab:51:d3:8b:ba:20:
                    01:46:41:85:ac:89:61:95:65:2b:ec:15:cb:48:fc:
                    17:fa:84:ea:34:5a:14:a8:4c:63:bc:11:c0:fb:10:
                    a2:a0:39:07:69:3c:43:8a:e8:c1:71:c7:ae:01:75:
                    c2:6d:c2:7b:98:e7:07:17:7d:a1:4c:d6:d5:21:7d:
                    f4:fa:aa:fb:e7:b4:0c:78:f1:eb:24:6d:35:f4:15:
                    cd:fa:75:c0:e7:9c:ee:c3:a3:cf:29:b2:bd:14:91:
                    be:1f:aa:e6:1a:9c:1a:7a:1a:d9:2b:20:c8:af:3d:
                    3f:eb:7f:59:fe:ef:22:45:08:b8:41:91:01:8c:32:
                    4d:08:9b:7e:ac:6b:cf:8c:3e:a2:d6:d7:e4:70:5e:
                    13:9a:40:a1:47:54:26:3b:1b:a7:e0:46:c3:6a:0a:
                    c4:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:D6:C0:3C:A0:F3:9A:38:9A:64:6D:06:35:70:92:A2:B0:A6:9C:37
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/y9bAPKDzmjiaZG0GNXCSorCmnDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.84.200.0/24
                  87.84.203.0/24
                  194.242.132.0/24
                  194.242.135.0/24
                  212.135.135.0/24
                  212.135.143.0/24
                  212.135.154.0/24
                  212.135.161.0/24
                  212.135.164.0/24
                  212.135.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:42:5e:dd:a9:4f:37:da:58:01:59:6e:c7:5a:dc:00:10:a5:
         53:9d:56:df:08:da:f5:88:9f:a2:77:4e:07:dd:4f:93:f4:4e:
         e6:45:76:0e:e4:73:fc:c2:aa:41:96:b7:6b:07:e3:f4:85:ef:
         12:b6:67:3d:7a:91:b4:1a:68:b9:13:05:d2:f0:25:ac:e9:bb:
         c0:8e:53:b7:f9:93:11:c1:5c:6c:95:64:83:26:f9:66:4e:60:
         23:2e:8d:70:6d:7c:81:cc:5f:43:14:61:72:72:06:f5:a3:00:
         a4:30:26:e7:cd:33:3b:23:39:7a:14:8a:70:34:1c:46:63:76:
         1f:00:fd:58:58:18:0f:73:74:21:a0:d2:26:77:c9:12:38:37:
         28:78:33:8e:f5:c3:d3:f5:29:90:44:ba:20:fc:d0:00:7a:19:
         ea:84:60:b5:f6:8a:ae:97:4a:a7:4d:cd:2e:42:45:96:bd:02:
         46:03:50:78:46:7c:2a:32:b7:87:ad:b3:97:56:b3:27:32:34:
         68:7d:9e:7d:df:d6:61:fa:36:bf:54:5e:91:2c:08:7b:be:1c:
         60:9f:76:68:d7:cc:e4:85:76:5b:fd:60:46:10:a4:a0:53:33:
         5f:2f:1b:54:82:8c:6f:d6:05:9e:c7:8d:58:53:af:9c:8b:db:
         43:c8:81:d9
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZ7f4zDS7Oo+WduJK9Rtr4BbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjE5MTIzNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmQ2YzAzY2EwZjM5YTM4OWE2NDZkMDYzNTcwOTJhMmIwYTY5YzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08/kxi9ToX37A+T+RhzeuF+Kvp5J
zRO4s5MMY14EnfJNw/mqheJOVtlDn5m+aMNkEyemghFRknlM03KhX6fJj+DKt/AV
CUzDEbFfiQt4V221j0iLyZVYY5pJKLphiExJmaqrUdOLuiABRkGFrIlhlWUr7BXL
SPwX+oTqNFoUqExjvBHA+xCioDkHaTxDiujBcceuAXXCbcJ7mOcHF32hTNbVIX30
+qr757QMePHrJG019BXN+nXA55zuw6PPKbK9FJG+H6rmGpwaehrZKyDIrz0/639Z
/u8iRQi4QZEBjDJNCJt+rGvPjD6i1tfkcF4TmkChR1QmOxun4EbDagrEpwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFMvWwDyg85o4mmRtBjVwkqKwppw3MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEveTliQVBLRHptamlhWkcwR05YQ1NvckNtbkRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAV1TIAwQA
V1TLAwQAwvKEAwQAwvKHAwQA1IeHAwQA1IePAwQA1IeaAwQA1IehAwQA1IekAwQA
1IenMA0GCSqGSIb3DQEBCwUAA4IBAQBFQl7dqU832lgBWW7HWtwAEKVTnVbfCNr1
iJ+id04H3U+T9E7mRXYO5HP8wqpBlrdrB+P0he8Stmc9epG0Gmi5EwXS8CWs6bvA
jlO3+ZMRwVxslWSDJvlmTmAjLo1wbXyBzF9DFGFycgb1owCkMCbnzTM7Izl6FIpw
NBxGY3YfAP1YWBgPc3QhoNImd8kSODcoeDOO9cPT9SmQRLog/NAAehnqhGC19oqu
l0qnTc0uQkWWvQJGA1B4RnwqMreHrbOXVrMnMjRofZ5939Zh+ja/VF6RLAh7vhxg
n3Zo18zkhXZb/WBGEKSgUzNfLxtUgoxv1gWex41YU6+ci9tDyIHZ
-----END CERTIFICATE-----
Generated at Fri Jul 3 19:56:11 2026 by rpki-client