Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/15wRRCaMBc727-6wfjyEQSl7zMs.roa
File:                     15wRRCaMBc727-6wfjyEQSl7zMs.roa (raw, json)
Hash identifier:          gKZAYu+ZKVH4m7RuyOBefbovJubTZv2gxJsXZ+cJJ4s=
Subject key identifier:   D7:9C:11:44:26:8C:05:CE:F6:EF:EE:B0:7E:3C:84:41:29:7B:CC:CB
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F23690278C020E3C109E827688D58586B
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/15wRRCaMBc727-6wfjyEQSl7zMs.roa
Signing time:             Thu 02 Jul 2026 15:18:32 +0000
ROA not before:           Thu 02 Jul 2026 15:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213693
IP address blocks:        109.176.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:02:78:c0:20:e3:c1:09:e8:27:68:8d:58:58:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d79c1144268c05cef6efeeb07e3c8441297bcccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7b:6c:df:ad:d9:c3:35:40:29:bf:27:bb:be:
                    c9:c7:f6:42:0b:8d:37:7f:90:93:08:08:7d:85:6c:
                    3e:74:d7:f6:3d:70:1d:0f:59:7e:0e:87:44:96:3b:
                    d0:af:d7:25:43:2f:1e:c3:37:ab:f6:71:83:26:6d:
                    b3:f4:03:40:52:4a:48:e3:ed:8a:ed:08:5f:cf:37:
                    9d:ea:31:60:ff:c3:69:a9:46:6e:e0:c9:f7:5c:cb:
                    51:73:7a:c7:8a:00:b5:6f:67:93:8a:fa:1a:a3:9a:
                    95:68:f7:87:35:83:07:b0:4a:48:3a:8e:88:ba:3b:
                    06:f9:6b:6f:99:f7:15:45:6d:09:3a:ce:af:d2:1a:
                    03:0a:2e:3d:b0:af:5d:bd:5c:2c:56:72:4f:9f:20:
                    c7:36:32:4b:85:95:50:74:96:46:23:80:9a:13:21:
                    25:55:ae:b2:80:e2:83:b4:00:00:9d:13:07:a3:96:
                    f2:25:78:0e:6d:e9:27:ab:88:8f:cf:ea:4e:c3:e3:
                    b5:bd:99:31:63:19:a9:12:d1:55:45:26:9d:58:d4:
                    ed:5e:61:82:ee:e1:4e:d3:3a:c5:a1:5f:2a:c6:14:
                    1a:e4:78:ab:d1:04:16:17:3f:75:29:00:43:bd:76:
                    45:f7:16:83:3c:d4:d6:2d:02:8f:ff:cc:8a:bd:25:
                    f6:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:9C:11:44:26:8C:05:CE:F6:EF:EE:B0:7E:3C:84:41:29:7B:CC:CB
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/15wRRCaMBc727-6wfjyEQSl7zMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:f6:9b:e1:3d:7c:03:41:a3:25:e4:a3:54:35:5f:cd:e0:ae:
         c9:5f:4e:ed:3d:58:ab:b6:1f:53:f2:09:c8:d3:42:de:2e:cb:
         8e:55:ad:27:5e:13:f8:ff:ec:0f:fc:b8:ca:7f:d2:47:9d:e4:
         f8:98:57:0d:ab:72:d2:8d:37:ed:50:33:72:2d:75:0b:17:60:
         71:dc:68:02:ca:bf:c1:02:6f:d4:65:27:1b:29:41:99:f1:16:
         bc:e4:e7:45:39:fb:b6:eb:06:1a:7d:60:21:67:1f:a6:1e:70:
         55:23:b5:46:ac:8e:5b:75:0c:80:d9:ee:e7:01:2d:02:94:5f:
         f1:d0:81:4f:44:69:47:99:1e:6b:f2:5d:01:f3:4f:2d:42:49:
         c5:25:21:9d:24:b7:9b:d4:bc:7b:87:71:d8:ff:b9:26:c8:16:
         a2:cd:22:d5:74:72:27:1c:53:de:b3:5c:a0:b4:84:b0:1a:10:
         ca:ca:9f:df:0a:ee:ec:9d:4d:bc:8c:d3:26:66:c4:90:2f:a6:
         d3:ec:0f:65:11:c5:7f:d1:61:e1:45:e8:ad:54:bc:21:04:d7:
         ce:1d:85:89:d7:e5:e0:1d:93:45:ab:5b:99:bc:2f:5d:62:8b:
         82:ea:5b:77:0e:92:7b:20:08:4f:37:05:52:d3:40:48:87:de:
         3a:2d:34:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaQJ4wCDjwQnoJ2iNWFhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzljMTE0NDI2OGMwNWNlZjZlZmVlYjA3ZTNjODQ0MTI5N2JjY2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3ts363ZwzVAKb8nu77Jx/ZCC403
f5CTCAh9hWw+dNf2PXAdD1l+DodEljvQr9clQy8ewzer9nGDJm2z9ANAUkpI4+2K
7Qhfzzed6jFg/8NpqUZu4Mn3XMtRc3rHigC1b2eTivoao5qVaPeHNYMHsEpIOo6I
ujsG+WtvmfcVRW0JOs6v0hoDCi49sK9dvVwsVnJPnyDHNjJLhZVQdJZGI4CaEyEl
Va6ygOKDtAAAnRMHo5byJXgObeknq4iPz+pOw+O1vZkxYxmpEtFVRSadWNTtXmGC
7uFO0zrFoV8qxhQa5Hir0QQWFz91KQBDvXZF9xaDPNTWLQKP/8yKvSX26wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNecEUQmjAXO9u/usH48hEEpe8zLMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMTV3UlJDYU1CYzcyNy02d2ZqeUVRU2w3ek1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDKMA0G
CSqGSIb3DQEBCwUAA4IBAQAa9pvhPXwDQaMl5KNUNV/N4K7JX07tPVirth9T8gnI
00LeLsuOVa0nXhP4/+wP/LjKf9JHneT4mFcNq3LSjTftUDNyLXULF2Bx3GgCyr/B
Am/UZScbKUGZ8Ra85OdFOfu26wYafWAhZx+mHnBVI7VGrI5bdQyA2e7nAS0ClF/x
0IFPRGlHmR5r8l0B808tQknFJSGdJLeb1Lx7h3HY/7kmyBaizSLVdHInHFPes1yg
tISwGhDKyp/fCu7snU28jNMmZsSQL6bT7A9lEcV/0WHhReitVLwhBNfOHYWJ1+Xg
HZNFq1uZvC9dYouC6lt3DpJ7IAhPNwVS00BIh946LTT6
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:29 2026 by rpki-client