Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/34HdxwSWXWC18fWevARntwB2yTE.roa
File:                     34HdxwSWXWC18fWevARntwB2yTE.roa (raw, json)
Hash identifier:          YeXlzSq1eGN5yR/jdlpuxIKswDG3/2eUkLsC/pNLcNY=
Subject key identifier:   DF:81:DD:C7:04:96:5D:60:B5:F1:F5:9E:BC:04:67:B7:00:76:C9:31
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F236916593B4D2B482347A53B230471AD
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/34HdxwSWXWC18fWevARntwB2yTE.roa
Signing time:             Thu 02 Jul 2026 15:18:37 +0000
ROA not before:           Thu 02 Jul 2026 15:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219450
IP address blocks:        77.93.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:16:59:3b:4d:2b:48:23:47:a5:3b:23:04:71:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df81ddc704965d60b5f1f59ebc0467b70076c931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:45:10:b9:cc:b0:31:2b:0c:15:5c:cd:86:1f:
                    d0:81:38:c5:ee:37:10:d1:37:e7:50:f5:45:92:25:
                    9e:9f:20:54:0f:92:02:9b:ac:a5:f8:f9:a0:18:bb:
                    ed:21:34:b7:83:04:0b:c3:c5:ad:cc:08:d5:20:0c:
                    c5:21:ca:c3:35:e8:c3:50:80:70:1d:b1:7b:23:a9:
                    2f:15:fe:5e:5c:8a:32:2d:3a:0a:2e:03:9c:a9:54:
                    10:61:b2:e3:df:2f:f6:b9:89:a3:a9:3a:1a:60:fc:
                    72:1e:1a:67:f6:7f:7b:37:e2:e2:d1:8f:77:b6:9c:
                    82:e7:a8:aa:10:44:de:24:13:e5:92:66:f9:15:95:
                    fa:53:4a:52:56:0f:f9:9d:bf:db:cc:5d:d2:9b:65:
                    4e:61:0e:59:2a:bf:49:32:54:be:0a:3c:15:56:67:
                    73:39:77:cf:52:11:cd:46:7e:5a:ba:fa:1b:50:a9:
                    72:5c:ec:c4:7a:4b:47:c9:48:23:8e:83:79:4c:6f:
                    5d:d6:aa:7e:f6:30:4a:e4:68:81:56:5c:38:31:97:
                    07:bd:5a:e0:96:65:91:20:61:d0:6c:e7:ee:8d:93:
                    8b:29:1d:da:7b:33:01:c6:b7:5b:be:23:03:a3:46:
                    e8:a9:ea:8f:31:11:b4:6c:80:93:cc:15:b6:6f:66:
                    fe:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:81:DD:C7:04:96:5D:60:B5:F1:F5:9E:BC:04:67:B7:00:76:C9:31
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/34HdxwSWXWC18fWevARntwB2yTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:0c:3a:51:71:a3:49:cd:9e:39:ed:45:82:15:eb:d3:26:26:
         49:a1:35:0b:f3:25:f5:a4:0b:16:cc:8b:07:03:f7:70:d7:44:
         11:43:79:16:47:23:b2:c5:02:ce:7b:d3:6d:21:b5:c9:7d:7a:
         90:70:32:78:e8:ff:4e:95:0a:d3:9a:2f:24:90:9b:cf:1b:0a:
         71:a5:6d:53:7c:0d:81:f4:35:c0:bf:a1:26:b5:bc:59:d4:07:
         43:1e:dd:65:d9:a2:3d:0b:9a:98:41:77:30:0b:0c:e4:e5:e4:
         cc:84:23:f1:bb:66:2b:b0:f7:27:1e:f5:a8:d8:93:59:b6:92:
         5f:58:ec:a7:b2:22:e9:f8:75:f4:91:17:94:0a:40:aa:20:e6:
         46:e0:28:56:65:8d:48:a4:b4:88:ef:5c:8a:b2:44:5a:69:7e:
         6f:2e:92:d1:63:54:80:33:4b:84:19:9d:4f:d7:a3:91:b6:d0:
         fb:46:e9:18:66:46:48:5f:4a:6b:5d:db:48:5a:6d:f3:07:cb:
         40:37:58:2d:45:7a:18:bf:8e:a0:9a:2b:e6:10:11:05:55:10:
         57:4e:8e:5c:a6:37:72:6e:b4:73:2f:1a:c2:b5:44:2c:ce:36:
         87:e6:fe:57:65:a9:53:8f:b6:14:5d:4e:13:8c:c0:72:fd:dc:
         67:7a:ef:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaRZZO00rSCNHpTsjBHGtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjgxZGRjNzA0OTY1ZDYwYjVmMWY1OWViYzA0NjdiNzAwNzZjOTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkUQucywMSsMFVzNhh/QgTjF7jcQ
0TfnUPVFkiWenyBUD5ICm6yl+PmgGLvtITS3gwQLw8WtzAjVIAzFIcrDNejDUIBw
HbF7I6kvFf5eXIoyLToKLgOcqVQQYbLj3y/2uYmjqToaYPxyHhpn9n97N+Li0Y93
tpyC56iqEETeJBPlkmb5FZX6U0pSVg/5nb/bzF3Sm2VOYQ5ZKr9JMlS+CjwVVmdz
OXfPUhHNRn5auvobUKlyXOzEektHyUgjjoN5TG9d1qp+9jBK5GiBVlw4MZcHvVrg
lmWRIGHQbOfujZOLKR3aezMBxrdbviMDo0boqeqPMRG0bICTzBW2b2b+AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+B3ccEll1gtfH1nrwEZ7cAdskxMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMzRIZHh3U1dYV0MxOGZXZXZBUm50d0IyeVRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATV2UMA0G
CSqGSIb3DQEBCwUAA4IBAQB7DDpRcaNJzZ457UWCFevTJiZJoTUL8yX1pAsWzIsH
A/dw10QRQ3kWRyOyxQLOe9NtIbXJfXqQcDJ46P9OlQrTmi8kkJvPGwpxpW1TfA2B
9DXAv6EmtbxZ1AdDHt1l2aI9C5qYQXcwCwzk5eTMhCPxu2YrsPcnHvWo2JNZtpJf
WOynsiLp+HX0kReUCkCqIOZG4ChWZY1IpLSI71yKskRaaX5vLpLRY1SAM0uEGZ1P
16ORttD7RukYZkZIX0prXdtIWm3zB8tAN1gtRXoYv46gmivmEBEFVRBXTo5cpjdy
brRzLxrCtUQszjaH5v5XZalTj7YUXU4TjMBy/dxneu+i
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:31 2026 by rpki-client