Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1RO8uUeft9PWzLQ98JY1p8FCY-Q.roa
File:                     1RO8uUeft9PWzLQ98JY1p8FCY-Q.roa (raw, json)
Hash identifier:          BlvPnIMoot5MCnn+63yWxOjh20466RRQ3rEcXffDTMQ=
Subject key identifier:   D5:13:BC:B9:47:9F:B7:D3:D6:CC:B4:3D:F0:96:35:A7:C1:42:63:E4
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2710DEEEB9EDF57C271F88495650FC97
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1RO8uUeft9PWzLQ98JY1p8FCY-Q.roa
Signing time:             Fri 03 Jul 2026 08:20:44 +0000
ROA not before:           Fri 03 Jul 2026 08:20:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210667
IP address blocks:        213.130.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:27:10:de:ee:b9:ed:f5:7c:27:1f:88:49:56:50:fc:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  3 08:20:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d513bcb9479fb7d3d6ccb43df09635a7c14263e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:81:fa:d2:2d:1e:71:40:4f:07:51:73:5c:5e:
                    23:f2:c4:e9:1a:75:ab:89:eb:40:68:7f:fe:70:5f:
                    64:43:60:37:c6:d3:10:eb:6b:65:c7:7e:c2:e7:3e:
                    3a:d9:f1:3f:70:65:a6:d6:db:1e:fb:5d:b9:ca:df:
                    a6:e5:44:29:ca:e9:bd:d0:a1:b9:64:cb:94:98:cd:
                    bf:11:ba:00:de:a9:94:ee:f0:13:4f:a0:50:4f:f4:
                    30:b9:1e:44:4d:ed:12:15:df:a6:b3:88:ad:55:fe:
                    0a:56:8a:8f:fe:1b:58:11:6f:93:59:95:f0:8a:62:
                    0d:ea:75:65:31:93:50:2c:34:cd:8e:90:33:ce:79:
                    1b:9b:dc:5f:08:1e:5d:64:a0:de:4f:3c:cc:73:76:
                    39:54:d1:b8:ae:4f:f0:06:10:fc:bc:ed:0f:2b:ab:
                    b5:f6:55:28:f8:b6:48:f6:46:32:77:65:58:57:7c:
                    1f:b1:0d:12:89:2d:88:3a:bf:2f:9d:55:67:ee:3e:
                    f7:10:eb:9a:0e:04:dd:b9:4a:1e:59:cd:b9:a4:a1:
                    6a:de:f1:e6:4a:72:05:3a:d9:c2:e2:c7:36:6e:94:
                    6a:df:d5:fe:c8:c1:d4:0e:11:12:f3:4a:d7:35:67:
                    0b:c6:90:5f:5b:10:d9:d3:9e:bd:52:96:c1:bf:25:
                    5c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:13:BC:B9:47:9F:B7:D3:D6:CC:B4:3D:F0:96:35:A7:C1:42:63:E4
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1RO8uUeft9PWzLQ98JY1p8FCY-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.130.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:d0:df:a8:30:01:a5:eb:c1:89:03:e7:5f:33:86:9f:30:6f:
         86:69:73:83:78:a5:c1:81:8e:80:6b:13:13:9a:c3:1d:77:42:
         12:39:9a:17:e4:ef:19:09:cf:f4:56:ca:04:3b:21:e9:23:8d:
         4f:76:67:7a:52:21:26:22:14:d9:5f:62:3b:26:cd:19:27:10:
         f5:90:de:0a:2b:43:b4:4a:09:aa:a2:01:ac:81:88:87:9b:d1:
         59:4a:30:88:4f:7f:c2:d8:99:55:6e:1d:8f:2c:f9:b3:d9:14:
         ab:fa:75:d0:db:a2:14:e1:0a:a6:53:3c:2a:9e:d1:2c:6e:92:
         03:9e:bc:09:fb:50:3e:95:b8:1c:06:b8:90:ec:32:1f:9f:30:
         0d:eb:07:92:35:3c:01:b6:d3:c2:66:e5:e1:ba:67:9d:70:62:
         36:36:42:23:e1:b3:a0:83:e5:80:ef:50:aa:a9:7e:67:fb:6d:
         0b:a9:84:36:b1:84:c8:df:01:22:e8:ec:88:71:02:59:af:cc:
         ab:9d:80:d0:74:db:04:6a:43:5f:ef:31:f5:a5:c8:77:8c:c6:
         11:78:b8:5d:f7:df:11:5c:30:d2:67:6a:3a:e0:3b:2f:f9:09:
         81:b8:9c:a8:f6:7b:0c:40:8c:61:69:10:98:f3:aa:aa:52:35:
         ca:f0:a3:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8nEN7uue31fCcfiElWUPyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAzMDgyMDQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTEzYmNiOTQ3OWZiN2QzZDZjY2I0M2RmMDk2MzVhN2MxNDI2M2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIH60i0ecUBPB1FzXF4j8sTpGnWr
ietAaH/+cF9kQ2A3xtMQ62tlx37C5z462fE/cGWm1tse+125yt+m5UQpyum90KG5
ZMuUmM2/EboA3qmU7vATT6BQT/QwuR5ETe0SFd+ms4itVf4KVoqP/htYEW+TWZXw
imIN6nVlMZNQLDTNjpAzznkbm9xfCB5dZKDeTzzMc3Y5VNG4rk/wBhD8vO0PK6u1
9lUo+LZI9kYyd2VYV3wfsQ0SiS2IOr8vnVVn7j73EOuaDgTduUoeWc25pKFq3vHm
SnIFOtnC4sc2bpRq39X+yMHUDhES80rXNWcLxpBfWxDZ0569UpbBvyVccwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUTvLlHn7fT1sy0PfCWNafBQmPkMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMVJPOHVVZWZ0OVBXekxROThKWTFwOEZDWS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YKFMA0G
CSqGSIb3DQEBCwUAA4IBAQAr0N+oMAGl68GJA+dfM4afMG+GaXODeKXBgY6AaxMT
msMdd0ISOZoX5O8ZCc/0VsoEOyHpI41Pdmd6UiEmIhTZX2I7Js0ZJxD1kN4KK0O0
SgmqogGsgYiHm9FZSjCIT3/C2JlVbh2PLPmz2RSr+nXQ26IU4QqmUzwqntEsbpID
nrwJ+1A+lbgcBriQ7DIfnzAN6weSNTwBttPCZuXhumedcGI2NkIj4bOgg+WA71Cq
qX5n+20LqYQ2sYTI3wEi6OyIcQJZr8yrnYDQdNsEakNf7zH1pch3jMYReLhd998R
XDDSZ2o64Dsv+QmBuJyo9nsMQIxhaRCY86qqUjXK8KMe
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:57 2026 by rpki-client