Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2wgVTQCUlJn_5OAtAzG76z3bnTk.roa
File:                     2wgVTQCUlJn_5OAtAzG76z3bnTk.roa (raw, json)
Hash identifier:          UxoEzKJ9Y+SouWCzfEogQ2/H/ze4SYiq3CbH0+pm6TA=
Subject key identifier:   DB:08:15:4D:00:94:94:99:FF:E4:E0:2D:03:31:BB:EB:3D:DB:9D:39
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368B41A6175573687F4E7C9123EF037
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2wgVTQCUlJn_5OAtAzG76z3bnTk.roa
Signing time:             Thu 02 Jul 2026 15:18:12 +0000
ROA not before:           Thu 02 Jul 2026 15:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22427
IP address blocks:        89.31.235.0/24 maxlen: 24
                          89.213.192.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24
                          213.218.225.0/24 maxlen: 24
                          213.218.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:b4:1a:61:75:57:36:87:f4:e7:c9:12:3e:f0:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db08154d00949499ffe4e02d0331bbeb3ddb9d39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c3:77:c7:72:71:fa:f3:54:fc:ac:f7:21:11:
                    3b:7e:66:19:c8:88:74:aa:9a:a7:a7:8b:8a:09:86:
                    f9:4d:81:ef:ab:45:09:a8:3e:9b:00:52:50:99:e2:
                    88:ba:34:56:39:5d:e7:4a:5c:4b:15:d8:21:11:bb:
                    d9:e7:3c:41:f8:24:32:4d:a8:b4:5c:11:8c:a4:5d:
                    2e:3e:46:12:fc:67:77:a4:d6:60:1e:3a:a9:4f:fd:
                    18:84:aa:ee:92:35:0d:f5:df:76:7f:9f:5c:22:29:
                    d5:60:03:4b:1b:76:23:a8:fc:90:f3:7b:9e:64:51:
                    b7:96:d2:51:bb:d0:b2:45:57:28:81:42:ed:3d:af:
                    a2:b6:66:0d:75:ca:d2:31:dd:0f:3a:7d:f3:85:f3:
                    f3:7c:9f:79:94:82:45:a5:f6:04:ae:42:d0:88:da:
                    cb:8c:8e:45:6d:e4:a6:29:c7:72:75:2d:9a:b4:a8:
                    ec:87:46:b3:a9:36:02:eb:65:2d:44:5c:ea:d8:e5:
                    d7:26:eb:04:6a:c1:c1:28:87:c0:2d:61:eb:58:bb:
                    29:8e:7d:b3:56:44:26:3a:3c:58:b2:cb:26:01:e5:
                    25:f7:e6:9c:12:2a:f2:a6:ba:da:ac:f5:7c:c0:27:
                    2f:cf:0a:ca:c6:a5:71:cf:0d:74:f5:b8:26:b5:0e:
                    8a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:08:15:4D:00:94:94:99:FF:E4:E0:2D:03:31:BB:EB:3D:DB:9D:39
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2wgVTQCUlJn_5OAtAzG76z3bnTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.235.0/24
                  89.213.192.0/24
                  213.130.154.0/24
                  213.218.225.0-213.218.226.255

    Signature Algorithm: sha256WithRSAEncryption
         58:18:e9:cb:80:14:ca:fe:5a:e8:d2:be:e7:59:f9:fa:5a:8e:
         a5:b0:d7:d7:ca:ca:d6:12:5f:b0:44:9e:83:3b:4d:a6:52:d7:
         b3:1b:ff:0d:d1:6d:50:80:1f:1c:e9:74:78:6e:17:83:42:2c:
         b4:a6:26:4b:aa:4c:ee:de:f5:9c:b2:07:9e:c1:da:ec:7b:50:
         88:d5:ba:8a:cc:5b:6c:3b:ea:97:20:f2:cd:bb:33:d1:72:45:
         ef:9a:9d:cc:4f:84:c5:0a:59:cb:d3:b4:76:6e:f1:f7:28:43:
         56:b1:7d:0b:8b:10:bd:5b:83:b9:31:bc:14:e9:b1:80:43:43:
         67:d4:12:96:ee:2e:65:d6:79:c3:c6:b1:a6:b0:46:4f:db:86:
         e2:e7:4f:b4:f9:2a:b4:3a:5e:90:61:13:d0:79:39:2f:4f:0a:
         4d:25:e5:b2:4d:82:d5:b4:5c:a5:79:74:24:d8:10:6f:c6:00:
         c9:36:55:16:63:1b:d4:e2:ec:b1:b1:35:75:b2:74:65:9c:1a:
         08:eb:20:9d:f3:3a:a4:df:57:7a:a7:73:3b:dc:ec:f7:00:6c:
         db:38:98:35:5c:5f:a3:c1:b8:49:9c:31:e0:93:f0:d1:b8:22:
         59:35:8f:da:0c:d6:6a:6c:f1:9e:15:61:80:e1:61:26:86:81:
         a0:dd:2b:a0
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZ8jaLQaYXVXNof058kSPvA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjA4MTU0ZDAwOTQ5NDk5ZmZlNGUwMmQwMzMxYmJlYjNkZGI5ZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMN3x3Jx+vNU/Kz3IRE7fmYZyIh0
qpqnp4uKCYb5TYHvq0UJqD6bAFJQmeKIujRWOV3nSlxLFdghEbvZ5zxB+CQyTai0
XBGMpF0uPkYS/Gd3pNZgHjqpT/0YhKrukjUN9d92f59cIinVYANLG3YjqPyQ83ue
ZFG3ltJRu9CyRVcogULtPa+itmYNdcrSMd0POn3zhfPzfJ95lIJFpfYErkLQiNrL
jI5FbeSmKcdydS2atKjsh0azqTYC62UtRFzq2OXXJusEasHBKIfALWHrWLspjn2z
VkQmOjxYsssmAeUl9+acEiryprrarPV8wCcvzwrKxqVxzw109bgmtQ6K2QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFNsIFU0AlJSZ/+TgLQMxu+s92505MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMndnVlRRQ1VsSm5fNU9BdEF6Rzc2ejNiblRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAWR/rAwQA
WdXAAwQA1YKaMAwDBADV2uEDBADV2uIwDQYJKoZIhvcNAQELBQADggEBAFgY6cuA
FMr+WujSvudZ+fpajqWw19fKytYSX7BEnoM7TaZS17Mb/w3RbVCAHxzpdHhuF4NC
LLSmJkuqTO7e9ZyyB57B2ux7UIjVuorMW2w76pcg8s27M9FyRe+ancxPhMUKWcvT
tHZu8fcoQ1axfQuLEL1bg7kxvBTpsYBDQ2fUEpbuLmXWecPGsaawRk/bhuLnT7T5
KrQ6XpBhE9B5OS9PCk0l5bJNgtW0XKV5dCTYEG/GAMk2VRZjG9Ti7LGxNXWydGWc
GgjrIJ3zOqTfV3qnczvc7PcAbNs4mDVcX6PBuEmcMeCT8NG4Ilk1j9oM1mps8Z4V
YYDhYSaGgaDdK6A=
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:15:57 2026 by rpki-client