Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0CJEqizBLgjb5GwxiyQc-SHgu0s.roa
File:                     0CJEqizBLgjb5GwxiyQc-SHgu0s.roa (raw, json)
Hash identifier:          6igDBNZsH3qT4/zLB/inwifuR8f+lPMbsyt9JKpLDYQ=
Subject key identifier:   D0:22:44:AA:2C:C1:2E:08:DB:E4:6C:31:8B:24:1C:F9:21:E0:BB:4B
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368D874BE7EAB5C87DA271AD27B1D95
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0CJEqizBLgjb5GwxiyQc-SHgu0s.roa
Signing time:             Thu 02 Jul 2026 15:18:21 +0000
ROA not before:           Thu 02 Jul 2026 15:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197537
IP address blocks:        81.168.58.0/24 maxlen: 24
                          82.152.114.0/24 maxlen: 24
                          82.152.143.0/24 maxlen: 24
                          82.152.186.0/24 maxlen: 24
                          82.153.114.0/24 maxlen: 24
                          109.176.203.0/24 maxlen: 24
                          109.176.230.0/24 maxlen: 24
                          213.218.234.0/23 maxlen: 23
                          213.218.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:d8:74:be:7e:ab:5c:87:da:27:1a:d2:7b:1d:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d02244aa2cc12e08dbe46c318b241cf921e0bb4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:04:12:02:98:5f:ff:ee:7a:ea:65:3a:64:f5:
                    dc:8d:76:ab:73:dc:08:c1:77:3e:72:61:02:93:24:
                    b2:9f:12:33:68:a2:66:25:22:5c:13:29:a0:98:ed:
                    70:75:11:f2:8b:1d:94:29:cf:29:5f:48:4d:a6:06:
                    00:79:fa:eb:bc:3d:85:fe:15:c2:cf:0b:e5:cd:c1:
                    7d:98:7d:48:53:ca:1e:48:6c:1e:84:ef:be:c6:bd:
                    ed:a5:94:1a:ed:06:31:ec:bd:0e:95:c7:99:e4:5e:
                    8d:39:82:ab:98:b4:12:d7:c1:a3:9a:e3:3a:db:39:
                    cc:76:de:61:08:93:18:52:60:a3:2b:c1:cc:6c:91:
                    f3:64:ac:f0:cc:fa:ea:57:41:b2:85:81:e8:08:33:
                    d8:1f:8a:58:39:1f:53:69:77:7d:63:f3:73:58:88:
                    bd:19:51:64:f7:df:1f:44:df:6a:0a:a2:ea:4f:b6:
                    9b:4d:00:cd:51:71:f7:ec:d2:71:f0:9d:32:90:e2:
                    2b:a6:c6:32:02:06:d9:85:f2:35:2a:6a:47:20:5b:
                    ba:0e:e1:d1:2e:f3:0a:e1:bb:01:63:57:d2:eb:4e:
                    38:40:c8:69:75:21:9e:54:ea:2f:f0:dd:f8:09:99:
                    4f:31:dc:8b:0f:88:a3:0f:a6:c1:03:3d:34:d7:bf:
                    3c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:22:44:AA:2C:C1:2E:08:DB:E4:6C:31:8B:24:1C:F9:21:E0:BB:4B
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0CJEqizBLgjb5GwxiyQc-SHgu0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.58.0/24
                  82.152.114.0/24
                  82.152.143.0/24
                  82.152.186.0/24
                  82.153.114.0/24
                  109.176.203.0/24
                  109.176.230.0/24
                  213.218.234.0/23
                  213.218.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:88:24:e1:c8:b1:d8:38:31:1d:36:b5:61:5a:a3:fb:04:83:
         d7:26:c1:55:03:93:4f:f7:74:36:83:be:45:a0:b2:91:c0:d0:
         3f:ca:52:9a:84:08:7e:a6:ee:8a:50:a0:1a:00:8a:45:a8:51:
         af:f1:0f:cc:70:bb:dc:76:3a:4a:1e:02:3a:c1:40:f1:bf:23:
         b8:d7:d3:a0:04:a1:29:d6:f6:a3:7a:f3:0c:59:5d:14:cc:ed:
         b8:cd:64:39:6a:1f:f1:8d:4c:a8:2f:9b:a0:a4:cc:aa:c6:75:
         f7:ea:59:0f:0a:89:05:f2:22:0f:f9:bc:25:76:84:56:7c:e6:
         37:76:8c:4e:8a:07:e3:f8:dc:67:da:50:52:8e:57:27:6c:82:
         18:33:4c:d2:e6:62:ff:5d:b1:ec:5f:1b:c8:ef:f2:9e:76:e6:
         31:39:56:9d:63:a2:5d:15:ce:6a:01:4b:c5:a0:0e:3c:69:4b:
         ee:2f:50:c7:e9:88:6a:e8:52:58:37:b3:fd:70:e1:1b:66:2c:
         17:20:65:a3:b6:6f:7f:67:31:d1:11:7d:2f:45:35:f6:70:6e:
         d8:a3:69:22:6a:2a:ff:4e:60:74:af:70:80:f0:08:79:74:12:
         c1:ac:32:28:21:c9:f3:e0:9f:ed:b0:e1:9a:00:d5:91:ac:3b:
         b9:b9:e7:52
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZ8jaNh0vn6rXIfaJxrSex2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDIyNDRhYTJjYzEyZTA4ZGJlNDZjMzE4YjI0MWNmOTIxZTBiYjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwQSAphf/+566mU6ZPXcjXarc9wI
wXc+cmECkySynxIzaKJmJSJcEymgmO1wdRHyix2UKc8pX0hNpgYAefrrvD2F/hXC
zwvlzcF9mH1IU8oeSGwehO++xr3tpZQa7QYx7L0OlceZ5F6NOYKrmLQS18GjmuM6
2znMdt5hCJMYUmCjK8HMbJHzZKzwzPrqV0GyhYHoCDPYH4pYOR9TaXd9Y/NzWIi9
GVFk998fRN9qCqLqT7abTQDNUXH37NJx8J0ykOIrpsYyAgbZhfI1KmpHIFu6DuHR
LvMK4bsBY1fS6044QMhpdSGeVOov8N34CZlPMdyLD4ijD6bBAz001788RwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNAiRKoswS4I2+RsMYskHPkh4LtLMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMENKRXFpekJMZ2piNUd3eGl5UWMtU0hndTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAUag6AwQA
UphyAwQAUpiPAwQAUpi6AwQAUplyAwQAbbDLAwQAbbDmAwQB1drqAwQA1dr3MA0G
CSqGSIb3DQEBCwUAA4IBAQBgiCThyLHYODEdNrVhWqP7BIPXJsFVA5NP93Q2g75F
oLKRwNA/ylKahAh+pu6KUKAaAIpFqFGv8Q/McLvcdjpKHgI6wUDxvyO419OgBKEp
1vajevMMWV0UzO24zWQ5ah/xjUyoL5ugpMyqxnX36lkPCokF8iIP+bwldoRWfOY3
doxOigfj+Nxn2lBSjlcnbIIYM0zS5mL/XbHsXxvI7/KeduYxOVadY6JdFc5qAUvF
oA48aUvuL1DH6Yhq6FJYN7P9cOEbZiwXIGWjtm9/ZzHREX0vRTX2cG7Yo2kiair/
TmB0r3CA8Ah5dBLBrDIoIcnz4J/tsOGaANWRrDu5uedS
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:22:41 2026 by rpki-client