Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/24TpZBsB_ffWuIcbI6hVzhtyJq0.roa
File:                     24TpZBsB_ffWuIcbI6hVzhtyJq0.roa (raw, json)
Hash identifier:          3CS/0I+tQJfoHe7cA1Ity/SqqMjBLxEo8R3i93/mob4=
Subject key identifier:   DB:84:E9:64:1B:01:FD:F7:D6:B8:87:1B:23:A8:55:CE:1B:72:26:AD
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368D2A276F946F781844327E898E4B4
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/24TpZBsB_ffWuIcbI6hVzhtyJq0.roa
Signing time:             Thu 02 Jul 2026 15:18:20 +0000
ROA not before:           Thu 02 Jul 2026 15:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154408
IP address blocks:        213.210.11.0/24 maxlen: 24
                          213.218.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:d2:a2:76:f9:46:f7:81:84:43:27:e8:98:e4:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db84e9641b01fdf7d6b8871b23a855ce1b7226ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d2:11:6b:1e:a6:56:fd:f7:51:1c:79:6c:e2:
                    93:32:2f:88:16:75:9d:1d:cd:c6:2e:09:d7:ca:af:
                    2b:0a:11:80:9c:41:88:42:a4:0b:b6:e9:f6:43:da:
                    7c:2a:60:62:f2:9e:2b:12:10:6e:28:ed:e2:ef:11:
                    71:51:70:b1:b5:cd:8a:e7:5b:f4:6d:46:31:ff:21:
                    42:5f:00:a2:bd:aa:d7:8e:5f:5a:77:4b:7b:56:b8:
                    b3:2c:7e:4f:28:bc:2e:0e:6f:b0:e4:18:c9:2e:50:
                    78:0e:03:a9:bf:d9:f4:d8:2b:12:1c:a1:ad:d6:a2:
                    bf:af:53:23:33:1f:5f:1a:d6:f8:bf:6c:1e:f7:fd:
                    b7:03:66:4d:37:ad:d8:be:77:95:a8:4d:31:fd:e5:
                    c6:08:90:4e:50:49:4b:2f:bf:4d:15:01:d3:d8:01:
                    18:99:94:05:1a:6a:57:b5:6e:80:04:38:49:4f:40:
                    e1:47:42:1f:d0:84:e6:cd:c8:7b:b0:95:63:63:5c:
                    a8:0d:97:71:2b:2c:2a:6b:a7:12:b5:a9:4f:23:bb:
                    71:46:e9:79:b5:7f:a3:03:44:b2:23:94:ee:0f:cb:
                    a9:3e:b3:b5:f0:81:3c:34:c5:26:68:fa:50:1f:6b:
                    2e:9d:76:a8:bb:71:29:ec:6a:ee:51:29:a4:29:34:
                    76:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:84:E9:64:1B:01:FD:F7:D6:B8:87:1B:23:A8:55:CE:1B:72:26:AD
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/24TpZBsB_ffWuIcbI6hVzhtyJq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.11.0/24
                  213.218.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:f4:95:f5:29:88:9c:a2:8c:e2:36:79:85:3b:2d:a9:e8:c0:
         b5:da:85:79:b5:99:0e:73:5c:89:a1:8b:ad:a5:31:f2:08:e1:
         c2:33:56:d4:e5:c3:ed:77:f8:d3:69:92:ac:fb:0e:93:a7:8c:
         5c:f5:06:eb:db:e5:b0:d3:3d:20:8b:1b:e4:da:eb:45:9c:d2:
         6d:d0:0e:c4:da:07:8c:34:b9:df:24:c7:e1:93:e6:10:4e:2d:
         9f:16:3d:03:46:64:8d:85:cd:9d:b6:24:2b:0b:15:e0:ee:ce:
         2e:bb:8a:06:7c:9a:65:8c:10:91:eb:d1:ea:8c:70:95:d4:43:
         1c:cb:28:82:dc:48:70:08:60:7b:4c:2b:e9:73:40:98:7f:b7:
         f5:72:b6:03:f8:56:7c:c9:f0:ca:01:f7:c7:4c:ce:8b:a6:7c:
         4f:00:fe:97:fe:bc:c0:ed:ec:43:83:44:0f:da:8b:b7:86:13:
         84:b2:f0:33:da:1b:9b:85:17:4a:94:86:da:75:0e:ea:88:eb:
         1b:9a:74:fd:0e:3f:cb:4a:14:88:56:fc:f4:39:84:a6:6d:81:
         6a:a6:71:2c:88:8b:b3:b3:1b:2b:98:9c:aa:2b:6d:dd:7a:1d:
         67:7f:8f:d2:db:f5:dd:e4:5c:f3:9a:04:d2:90:dc:ca:5d:ef:
         42:1b:89:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8jaNKidvlG94GEQyfomOS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjg0ZTk2NDFiMDFmZGY3ZDZiODg3MWIyM2E4NTVjZTFiNzIyNmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNIRax6mVv33URx5bOKTMi+IFnWd
Hc3GLgnXyq8rChGAnEGIQqQLtun2Q9p8KmBi8p4rEhBuKO3i7xFxUXCxtc2K51v0
bUYx/yFCXwCivarXjl9ad0t7VrizLH5PKLwuDm+w5BjJLlB4DgOpv9n02CsSHKGt
1qK/r1MjMx9fGtb4v2we9/23A2ZNN63YvneVqE0x/eXGCJBOUElLL79NFQHT2AEY
mZQFGmpXtW6ABDhJT0DhR0If0ITmzch7sJVjY1yoDZdxKywqa6cStalPI7txRul5
tX+jA0SyI5TuD8upPrO18IE8NMUmaPpQH2sunXaou3Ep7GruUSmkKTR2GQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNuE6WQbAf331riHGyOoVc4bciatMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMjRUcFpCc0JfZmZXdUljYkk2aFZ6aHR5SnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1dILAwQA
1drgMA0GCSqGSIb3DQEBCwUAA4IBAQAC9JX1KYicooziNnmFOy2p6MC12oV5tZkO
c1yJoYutpTHyCOHCM1bU5cPtd/jTaZKs+w6Tp4xc9Qbr2+Ww0z0gixvk2utFnNJt
0A7E2geMNLnfJMfhk+YQTi2fFj0DRmSNhc2dtiQrCxXg7s4uu4oGfJpljBCR69Hq
jHCV1EMcyyiC3EhwCGB7TCvpc0CYf7f1crYD+FZ8yfDKAffHTM6LpnxPAP6X/rzA
7exDg0QP2ou3hhOEsvAz2hubhRdKlIbadQ7qiOsbmnT9Dj/LShSIVvz0OYSmbYFq
pnEsiIuzsxsrmJyqK23deh1nf4/S2/Xd5FzzmgTSkNzKXe9CG4nh
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:20:48 2026 by rpki-client