Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1YArWEQ33degjogB_YF0fddst34.roa
File:                     1YArWEQ33degjogB_YF0fddst34.roa (raw, json)
Hash identifier:          vgKflzGeJzIgAsCEFDLdWmBZkXsUIBtuL1OK3H+aOL4=
Subject key identifier:   D5:80:2B:58:44:37:DD:D7:A0:8E:88:01:FD:81:74:7D:D7:6C:B7:7E
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2369140C1B425D6A2C2CD24F826A449C
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1YArWEQ33degjogB_YF0fddst34.roa
Signing time:             Thu 02 Jul 2026 15:18:36 +0000
ROA not before:           Thu 02 Jul 2026 15:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216200
IP address blocks:        109.176.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:14:0c:1b:42:5d:6a:2c:2c:d2:4f:82:6a:44:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5802b584437ddd7a08e8801fd81747dd76cb77e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:c0:82:b0:1c:3d:6b:43:e8:4d:87:f7:39:78:
                    c3:7e:01:a9:7b:79:24:7f:49:0c:ba:99:78:5c:4e:
                    97:3a:57:95:db:ae:60:15:01:e7:83:5d:c8:b1:16:
                    26:70:fb:f7:55:2d:44:37:d8:d7:52:c1:84:62:5f:
                    15:72:3f:30:08:bf:0c:73:b5:1c:76:0a:de:71:5b:
                    16:23:ad:61:35:78:af:2a:83:29:b7:1a:97:73:d9:
                    d1:d3:17:9c:94:74:d9:53:27:90:25:f1:5c:af:41:
                    81:b6:cc:47:c1:fa:9e:d1:49:be:a5:0a:d0:d2:41:
                    d2:98:97:93:f3:45:4a:67:dd:8c:30:bf:f6:27:be:
                    fe:c8:b6:57:02:3e:19:c4:a8:3e:34:76:2a:90:a9:
                    27:87:99:d7:22:77:46:70:81:15:08:47:88:af:b5:
                    20:76:de:7b:59:cc:e8:0b:c4:e3:4e:d0:81:ab:47:
                    ae:98:5d:99:01:cd:83:c1:f1:66:69:3e:a9:8c:b2:
                    eb:97:40:55:dc:ee:46:de:ca:3e:db:05:ba:27:23:
                    0a:b9:f1:fc:b8:b1:7f:26:98:ca:96:a3:ba:ac:d5:
                    82:a6:31:b3:f6:f3:2d:37:cd:9e:c4:f3:58:ea:7c:
                    45:b4:7f:17:2e:23:cb:43:2f:a8:36:ff:a1:70:9f:
                    4c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:80:2B:58:44:37:DD:D7:A0:8E:88:01:FD:81:74:7D:D7:6C:B7:7E
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1YArWEQ33degjogB_YF0fddst34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:9d:98:8d:fe:a7:cb:21:d4:66:f2:22:09:21:b5:95:7c:08:
         51:41:33:7d:08:62:fc:ae:f6:82:ce:9d:27:30:c3:bd:2b:99:
         5c:e5:66:3f:13:12:bb:64:bb:cf:a5:0e:11:b7:b1:c9:a7:fc:
         c8:5b:cf:52:e9:37:49:20:9d:83:10:62:b3:32:0d:f7:1c:0b:
         c9:2d:82:f7:d0:1d:51:86:29:23:c1:1d:0d:66:b5:af:05:43:
         ed:78:7e:a3:9e:76:7b:c2:df:94:d3:82:4a:98:f0:1a:12:14:
         da:5b:42:d9:f1:30:43:03:36:fa:a3:93:93:5b:d7:18:f2:62:
         9c:07:60:da:19:d5:49:03:98:e5:f6:0b:99:47:38:41:93:61:
         fc:8c:aa:76:f8:9e:fd:4f:9f:8c:f8:03:9f:f8:0e:86:fb:4b:
         72:13:8e:51:25:77:45:b9:ea:f8:e3:7c:6c:a3:91:a4:57:8e:
         0c:87:b7:c3:dd:13:bb:fa:74:f8:f3:3e:02:64:e9:ae:82:e2:
         bc:19:a9:ed:7e:52:75:05:21:02:0a:34:68:bd:c5:6d:bb:c2:
         59:5c:16:3e:f4:3a:49:48:e5:5c:8e:ad:f5:a0:1a:0b:60:32:
         e5:aa:c6:89:94:6f:86:58:f0:79:4c:93:4b:fd:e9:17:18:56:
         52:66:a2:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaRQMG0Jdaiws0k+CakScMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTgwMmI1ODQ0MzdkZGQ3YTA4ZTg4MDFmZDgxNzQ3ZGQ3NmNiNzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cCCsBw9a0PoTYf3OXjDfgGpe3kk
f0kMupl4XE6XOleV265gFQHng13IsRYmcPv3VS1EN9jXUsGEYl8Vcj8wCL8Mc7Uc
dgrecVsWI61hNXivKoMptxqXc9nR0xeclHTZUyeQJfFcr0GBtsxHwfqe0Um+pQrQ
0kHSmJeT80VKZ92MML/2J77+yLZXAj4ZxKg+NHYqkKknh5nXIndGcIEVCEeIr7Ug
dt57WczoC8TjTtCBq0eumF2ZAc2DwfFmaT6pjLLrl0BV3O5G3so+2wW6JyMKufH8
uLF/JpjKlqO6rNWCpjGz9vMtN82exPNY6nxFtH8XLiPLQy+oNv+hcJ9MdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWAK1hEN93XoI6IAf2BdH3XbLd+MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMVlBcldFUTMzZGVnam9nQl9ZRjBmZGRzdDM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDwMA0G
CSqGSIb3DQEBCwUAA4IBAQBOnZiN/qfLIdRm8iIJIbWVfAhRQTN9CGL8rvaCzp0n
MMO9K5lc5WY/ExK7ZLvPpQ4Rt7HJp/zIW89S6TdJIJ2DEGKzMg33HAvJLYL30B1R
hikjwR0NZrWvBUPteH6jnnZ7wt+U04JKmPAaEhTaW0LZ8TBDAzb6o5OTW9cY8mKc
B2DaGdVJA5jl9guZRzhBk2H8jKp2+J79T5+M+AOf+A6G+0tyE45RJXdFuer443xs
o5GkV44Mh7fD3RO7+nT48z4CZOmuguK8GantflJ1BSECCjRovcVtu8JZXBY+9DpJ
SOVcjq31oBoLYDLlqsaJlG+GWPB5TJNL/ekXGFZSZqJY
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:18:32 2026 by rpki-client