Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2GET_y72NpaZWeDJq3i0nn_o07Y.roa
File:                     2GET_y72NpaZWeDJq3i0nn_o07Y.roa (raw, json)
Hash identifier:          AkH8JeNdvPKd8O56zWjGFhZyMl7mrLj03608uYfwOlE=
Subject key identifier:   D8:61:13:FF:2E:F6:36:96:99:59:E0:C9:AB:78:B4:9E:7F:E8:D3:B6
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F23690FAE15000281A2EE09636E343FF5
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2GET_y72NpaZWeDJq3i0nn_o07Y.roa
Signing time:             Thu 02 Jul 2026 15:18:35 +0000
ROA not before:           Thu 02 Jul 2026 15:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215638
IP address blocks:        89.213.96.0/24 maxlen: 24
                          109.176.243.0/24 maxlen: 24
                          213.218.252.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:0f:ae:15:00:02:81:a2:ee:09:63:6e:34:3f:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d86113ff2ef636969959e0c9ab78b49e7fe8d3b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:51:73:56:ae:54:1c:75:5c:5c:92:5d:f8:bd:
                    83:70:76:4d:c9:48:5f:79:1b:5f:81:dd:a0:b6:d5:
                    04:a5:e5:cd:ef:f1:81:8e:39:a1:5c:8d:93:29:c2:
                    4a:29:30:dd:83:b2:0a:99:0a:58:30:fb:f2:c6:e7:
                    79:75:8f:7e:2d:04:7f:b6:fd:73:f3:1b:f4:0f:d5:
                    05:d1:f2:dd:ca:ee:2d:c4:61:59:96:5a:03:c0:98:
                    b4:28:05:27:a1:25:d1:6f:cc:a2:16:29:c7:63:12:
                    cc:00:02:99:8a:c0:3d:59:66:1e:d0:d5:32:5b:39:
                    c9:e6:89:90:fc:7a:0d:29:0d:b4:36:78:da:cd:5d:
                    28:af:b9:da:0c:b6:f4:bf:52:79:78:7e:41:38:4f:
                    19:67:f3:5b:33:d4:e2:a6:71:33:86:f3:6a:c5:6d:
                    fc:21:72:ac:1c:1f:4a:f1:8c:bc:77:a5:2d:74:82:
                    db:b1:9f:02:90:55:c9:de:30:4a:88:f7:ae:42:1f:
                    fd:83:40:f1:c2:9b:aa:03:7c:f3:3a:b7:ea:a8:f3:
                    53:80:6f:89:28:61:db:0d:52:80:27:03:9b:9d:59:
                    7c:8e:b3:b5:14:ef:ae:d1:f9:24:2d:d6:92:45:85:
                    b7:6f:e3:ae:58:c8:eb:26:0b:5a:09:cd:c8:b0:4f:
                    bf:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:61:13:FF:2E:F6:36:96:99:59:E0:C9:AB:78:B4:9E:7F:E8:D3:B6
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2GET_y72NpaZWeDJq3i0nn_o07Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.96.0/24
                  109.176.243.0/24
                  213.218.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:45:c2:d0:54:38:63:68:48:87:9f:94:e5:ec:22:bb:b8:36:
         55:ad:27:65:28:98:c6:db:aa:6c:e0:99:cb:ff:34:c6:7a:c5:
         fd:84:45:f1:7a:4d:75:5e:68:5f:69:87:0f:38:c1:64:dd:51:
         35:7a:ad:7a:88:c1:86:38:f4:9c:19:cf:ae:54:e8:89:f4:bc:
         16:94:3e:42:a3:3c:be:e0:a7:e8:80:4e:ae:41:e1:51:74:99:
         8d:19:70:2f:96:58:7a:11:ae:69:d2:09:50:d2:fd:a3:a3:ef:
         5b:40:55:cd:86:8c:b4:0b:26:c7:2e:4f:7b:e6:0a:a2:08:30:
         09:83:3f:ca:c1:a8:71:c3:ff:a2:0e:aa:0c:99:06:30:9d:65:
         71:c1:b5:f7:03:2e:a4:e4:39:26:3e:61:11:ed:01:bd:1d:dc:
         67:22:92:c8:51:90:6a:01:73:ae:0c:09:0f:dc:ee:78:e6:f5:
         64:70:ce:b8:77:35:13:e2:8e:f7:d6:7a:29:f1:9f:5e:b7:b7:
         dc:59:4c:50:08:75:04:5e:8a:47:ad:78:75:69:01:78:24:14:
         d5:89:87:7b:bf:46:09:74:32:b0:22:13:17:ea:c3:90:de:68:
         5b:63:b6:71:40:50:4f:9a:3a:09:93:16:7a:53:cb:5c:06:f3:
         9a:99:09:a7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ8jaQ+uFQACgaLuCWNuND/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODYxMTNmZjJlZjYzNjk2OTk1OWUwYzlhYjc4YjQ5ZTdmZThkM2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVFzVq5UHHVcXJJd+L2DcHZNyUhf
eRtfgd2gttUEpeXN7/GBjjmhXI2TKcJKKTDdg7IKmQpYMPvyxud5dY9+LQR/tv1z
8xv0D9UF0fLdyu4txGFZlloDwJi0KAUnoSXRb8yiFinHYxLMAAKZisA9WWYe0NUy
WznJ5omQ/HoNKQ20NnjazV0or7naDLb0v1J5eH5BOE8ZZ/NbM9TipnEzhvNqxW38
IXKsHB9K8Yy8d6UtdILbsZ8CkFXJ3jBKiPeuQh/9g0DxwpuqA3zzOrfqqPNTgG+J
KGHbDVKAJwObnVl8jrO1FO+u0fkkLdaSRYW3b+OuWMjrJgtaCc3IsE+/NQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNhhE/8u9jaWmVngyat4tJ5/6NO2MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMkdFVF95NzJOcGFaV2VESnEzaTBubl9vMDdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWdVgAwQA
bbDzAwQB1dr8MA0GCSqGSIb3DQEBCwUAA4IBAQAGRcLQVDhjaEiHn5Tl7CK7uDZV
rSdlKJjG26ps4JnL/zTGesX9hEXxek11XmhfaYcPOMFk3VE1eq16iMGGOPScGc+u
VOiJ9LwWlD5Cozy+4KfogE6uQeFRdJmNGXAvllh6Ea5p0glQ0v2jo+9bQFXNhoy0
CybHLk975gqiCDAJgz/Kwahxw/+iDqoMmQYwnWVxwbX3Ay6k5DkmPmER7QG9Hdxn
IpLIUZBqAXOuDAkP3O545vVkcM64dzUT4o731nop8Z9et7fcWUxQCHUEXopHrXh1
aQF4JBTViYd7v0YJdDKwIhMX6sOQ3mhbY7ZxQFBPmjoJkxZ6U8tcBvOamQmn
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:20:48 2026 by rpki-client