Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2jfownbjzjYSVjUdFwC1-4RIXGY.roa
File:                     2jfownbjzjYSVjUdFwC1-4RIXGY.roa (raw, json)
Hash identifier:          F+P9ZdR+PbqgwQFGpPTklhYlFWke9OgGX6Gf79xcADA=
Subject key identifier:   DA:37:E8:C2:76:E3:CE:36:12:56:35:1D:17:00:B5:FB:84:48:5C:66
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F236902DDCD28FF26563038F1DEBB0B7A
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2jfownbjzjYSVjUdFwC1-4RIXGY.roa
Signing time:             Thu 02 Jul 2026 15:18:32 +0000
ROA not before:           Thu 02 Jul 2026 15:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213711
IP address blocks:        213.210.11.0/24 maxlen: 24
                          213.218.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:02:dd:cd:28:ff:26:56:30:38:f1:de:bb:0b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da37e8c276e3ce361256351d1700b5fb84485c66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a8:5c:37:5d:12:b4:eb:8b:c8:2e:15:08:7e:
                    05:31:a0:6a:38:d5:49:2e:9c:b8:e3:30:d7:0c:79:
                    8b:54:2b:5c:66:e9:a9:cc:c4:0f:51:67:8c:27:4a:
                    77:a7:4a:3d:a6:d3:a8:19:46:57:99:b2:0d:ca:07:
                    e0:50:9d:be:b8:ac:91:69:c9:a7:fa:af:40:eb:36:
                    e4:3a:fb:c4:cc:4f:0e:4a:7c:7c:a6:4f:91:a1:83:
                    f3:c1:a3:99:2f:17:f2:d5:0c:f2:f3:75:f0:e1:d6:
                    d2:24:52:14:fc:ba:14:66:69:1b:2d:67:a1:9e:7d:
                    d4:f5:09:42:ac:13:f9:9d:0c:a5:1a:cb:c8:7d:78:
                    17:1e:4d:1b:f5:e6:56:69:e1:f3:a6:96:87:45:e7:
                    49:3b:07:6f:37:de:b3:b2:8a:cd:55:f2:49:14:71:
                    38:3e:37:35:cb:a7:e7:e8:73:5f:7e:c8:1c:48:d1:
                    10:c0:00:f7:85:d0:b1:e9:ea:4c:b2:54:97:23:3d:
                    0f:44:ac:77:07:8d:2d:8d:0a:32:d8:87:d4:34:d2:
                    90:a1:42:32:b8:b3:a0:f1:e2:c7:ef:f0:9b:e0:00:
                    c2:ed:61:72:43:3a:ab:3c:e3:22:f5:86:50:35:73:
                    1a:24:a7:00:e5:c5:4f:29:48:ce:1c:bf:02:ca:aa:
                    d1:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:37:E8:C2:76:E3:CE:36:12:56:35:1D:17:00:B5:FB:84:48:5C:66
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2jfownbjzjYSVjUdFwC1-4RIXGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.11.0/24
                  213.218.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:21:55:08:15:fb:cf:ca:6f:52:07:4a:19:16:92:76:42:64:
         54:c3:25:b3:9c:af:12:80:46:5e:27:61:2d:8e:42:9c:2e:df:
         b1:6c:2d:e5:8c:e1:4a:6d:55:f6:7c:39:2f:79:ee:d0:4f:e4:
         10:99:2e:3c:93:59:00:fb:05:3c:55:a6:6c:51:f5:a0:e0:b9:
         90:86:70:53:cb:6d:e9:ae:ae:87:bd:53:39:ca:96:e4:0a:33:
         ab:14:a3:45:0a:a6:f1:81:24:f2:44:a5:8c:cc:e8:15:2d:f8:
         ce:59:18:78:7e:02:c2:cc:20:c4:ea:59:b9:1e:8d:94:f5:2a:
         01:9b:c2:01:6b:fb:0d:df:57:e0:65:81:2a:2d:f9:23:0c:a4:
         7b:90:f0:bb:bb:17:17:c4:67:e5:11:d1:fa:ce:d4:32:c9:85:
         29:2a:70:16:11:ac:bf:c0:87:d0:2b:c0:a7:d3:be:8e:d5:c2:
         ed:40:46:63:b3:b3:57:0c:5d:91:a6:13:94:ce:af:90:5c:66:
         79:f3:67:a2:51:59:e2:71:45:af:95:64:05:6c:dd:21:9b:e2:
         b1:ec:2e:67:b8:5d:38:e8:28:8c:64:2a:0a:74:87:99:15:cb:
         e9:47:bc:71:47:34:57:1f:32:e4:e7:f7:9e:00:84:79:fc:21:
         6e:03:64:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8jaQLdzSj/JlYwOPHeuwt6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTM3ZThjMjc2ZTNjZTM2MTI1NjM1MWQxNzAwYjVmYjg0NDg1YzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36hcN10StOuLyC4VCH4FMaBqONVJ
Lpy44zDXDHmLVCtcZumpzMQPUWeMJ0p3p0o9ptOoGUZXmbINygfgUJ2+uKyRacmn
+q9A6zbkOvvEzE8OSnx8pk+RoYPzwaOZLxfy1Qzy83Xw4dbSJFIU/LoUZmkbLWeh
nn3U9QlCrBP5nQylGsvIfXgXHk0b9eZWaeHzppaHRedJOwdvN96zsorNVfJJFHE4
Pjc1y6fn6HNffsgcSNEQwAD3hdCx6epMslSXIz0PRKx3B40tjQoy2IfUNNKQoUIy
uLOg8eLH7/Cb4ADC7WFyQzqrPOMi9YZQNXMaJKcA5cVPKUjOHL8CyqrRqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNo36MJ24842ElY1HRcAtfuESFxmMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMmpmb3duYmp6allTVmpVZEZ3QzEtNFJJWEdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1dILAwQA
1drgMA0GCSqGSIb3DQEBCwUAA4IBAQBGIVUIFfvPym9SB0oZFpJ2QmRUwyWznK8S
gEZeJ2EtjkKcLt+xbC3ljOFKbVX2fDkvee7QT+QQmS48k1kA+wU8VaZsUfWg4LmQ
hnBTy23prq6HvVM5ypbkCjOrFKNFCqbxgSTyRKWMzOgVLfjOWRh4fgLCzCDE6lm5
Ho2U9SoBm8IBa/sN31fgZYEqLfkjDKR7kPC7uxcXxGflEdH6ztQyyYUpKnAWEay/
wIfQK8Cn076O1cLtQEZjs7NXDF2RphOUzq+QXGZ582eiUVnicUWvlWQFbN0hm+Kx
7C5nuF046CiMZCoKdIeZFcvpR7xxRzRXHzLk5/eeAIR5/CFuA2Qb
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:39 2026 by rpki-client