Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1oCfZwaxRKti8ZozmLYSwu0pWZ0.roa
File:                     1oCfZwaxRKti8ZozmLYSwu0pWZ0.roa (raw, json)
Hash identifier:          CUOcoX5IZD64/yGnQizdx1OiOtzb0pSFHNn4p5C0tjo=
Subject key identifier:   D6:80:9F:67:06:B1:44:AB:62:F1:9A:33:98:B6:12:C2:ED:29:59:9D
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368ADC8E6D090D4E4282BA52A99831D
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1oCfZwaxRKti8ZozmLYSwu0pWZ0.roa
Signing time:             Thu 02 Jul 2026 15:18:10 +0000
ROA not before:           Thu 02 Jul 2026 15:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12200
IP address blocks:        81.168.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:ad:c8:e6:d0:90:d4:e4:28:2b:a5:2a:99:83:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6809f6706b144ab62f19a3398b612c2ed29599d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:15:10:b1:7f:32:38:4e:9c:2f:32:f0:d8:45:
                    5c:d2:aa:d0:16:91:7a:29:b0:e0:6d:38:cb:32:f8:
                    f9:ce:c0:07:ac:ef:43:c8:91:e4:d3:5c:87:74:e0:
                    35:92:34:93:b6:83:35:20:c7:ce:09:e1:48:cf:1f:
                    30:dc:e5:d5:31:68:e8:af:68:7a:9f:4c:96:28:ef:
                    bd:68:df:56:da:d5:37:e0:8b:96:b8:46:dd:85:33:
                    a1:e1:a8:ab:34:b3:a0:6f:7d:c5:60:eb:3a:54:9f:
                    7a:d1:3d:d4:98:f0:1c:20:e9:83:43:f4:db:bd:ca:
                    fd:ba:d9:9a:e7:f4:20:c8:ce:f0:e3:2c:43:42:77:
                    e0:6b:4b:bc:57:f7:40:6a:a8:07:f4:eb:de:ae:fe:
                    fb:8f:7c:89:05:52:58:66:6f:bc:b8:98:8a:bc:6a:
                    16:43:8c:35:74:0a:0a:4c:47:94:5e:c1:32:79:25:
                    52:1c:12:5d:18:d2:3c:1e:89:2e:3b:a3:1b:6c:32:
                    e3:d3:76:f4:73:20:44:43:a1:57:83:d3:a5:39:02:
                    5f:5c:3b:e3:46:63:b8:6c:05:20:9e:22:9e:30:f7:
                    ce:7c:9d:92:83:e5:88:87:6c:a1:c3:6c:8d:5a:7f:
                    14:81:a2:ca:88:c4:15:01:96:ae:f8:76:cb:9f:01:
                    95:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:80:9F:67:06:B1:44:AB:62:F1:9A:33:98:B6:12:C2:ED:29:59:9D
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1oCfZwaxRKti8ZozmLYSwu0pWZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:7e:e4:5f:09:a1:a8:66:aa:99:aa:65:61:56:9e:c0:9a:2f:
         43:06:29:2c:3f:2b:0e:30:ac:3e:01:18:41:ba:c5:f1:56:38:
         5c:ec:ce:4a:86:f8:ef:df:7b:af:2c:94:50:3e:b0:78:8d:2d:
         44:7a:56:49:4b:34:52:94:7b:37:85:89:89:95:7f:4b:46:01:
         52:5b:90:9d:9a:ee:ff:f1:a3:57:2c:1f:a3:ec:cb:30:ff:0f:
         8c:88:94:f6:5f:3f:f0:0f:0f:a2:2c:57:60:f9:53:f4:a7:c6:
         e8:73:f7:da:b9:38:24:18:04:4d:18:39:22:2c:bc:b7:f6:ee:
         3d:ea:b8:01:b0:ff:b5:2c:ce:00:52:fc:02:31:22:fc:da:e8:
         6b:46:5e:01:06:c2:34:da:68:25:4a:e6:b6:c2:86:d3:5d:78:
         1d:e8:2e:1b:76:a4:86:29:a3:8f:7b:27:dc:a8:7c:2b:5a:e4:
         d4:4f:1f:b1:03:2a:68:50:2c:23:44:4e:58:3f:20:a7:05:d0:
         c2:0f:a0:9f:dd:24:0d:88:43:32:c3:34:f5:1e:81:de:f7:d0:
         f2:e4:0f:47:a6:0c:a8:90:91:95:0d:08:5b:d7:31:bc:61:a8:
         f9:d2:40:d2:cd:27:aa:52:14:38:82:bf:5c:9e:47:4c:29:09:
         47:79:ea:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaK3I5tCQ1OQoK6UqmYMdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjgwOWY2NzA2YjE0NGFiNjJmMTlhMzM5OGI2MTJjMmVkMjk1OTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxUQsX8yOE6cLzLw2EVc0qrQFpF6
KbDgbTjLMvj5zsAHrO9DyJHk01yHdOA1kjSTtoM1IMfOCeFIzx8w3OXVMWjor2h6
n0yWKO+9aN9W2tU34IuWuEbdhTOh4airNLOgb33FYOs6VJ960T3UmPAcIOmDQ/Tb
vcr9utma5/QgyM7w4yxDQnfga0u8V/dAaqgH9Overv77j3yJBVJYZm+8uJiKvGoW
Q4w1dAoKTEeUXsEyeSVSHBJdGNI8HokuO6MbbDLj03b0cyBEQ6FXg9OlOQJfXDvj
RmO4bAUgniKeMPfOfJ2Sg+WIh2yhw2yNWn8UgaLKiMQVAZau+HbLnwGVGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaAn2cGsUSrYvGaM5i2EsLtKVmdMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMW9DZlp3YXhSS3RpOFpvem1MWVN3dTBwV1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUagHMA0G
CSqGSIb3DQEBCwUAA4IBAQADfuRfCaGoZqqZqmVhVp7Ami9DBiksPysOMKw+ARhB
usXxVjhc7M5Khvjv33uvLJRQPrB4jS1EelZJSzRSlHs3hYmJlX9LRgFSW5Cdmu7/
8aNXLB+j7Msw/w+MiJT2Xz/wDw+iLFdg+VP0p8boc/fauTgkGARNGDkiLLy39u49
6rgBsP+1LM4AUvwCMSL82uhrRl4BBsI02mglSua2wobTXXgd6C4bdqSGKaOPeyfc
qHwrWuTUTx+xAypoUCwjRE5YPyCnBdDCD6Cf3SQNiEMywzT1HoHe99Dy5A9Hpgyo
kJGVDQhb1zG8Yaj50kDSzSeqUhQ4gr9cnkdMKQlHeepI
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:20:05 2026 by rpki-client