Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/48ku9AY3hNBbYCHCL-bgvQbBhfw.roa
File:                     48ku9AY3hNBbYCHCL-bgvQbBhfw.roa (raw, json)
Hash identifier:          qCXQz112+bFc9eJ7QG87pWUXq6I2Qfm2c/ExbRAL5Dg=
Subject key identifier:   E3:C9:2E:F4:06:37:84:D0:5B:60:21:C2:2F:E6:E0:BD:06:C1:85:FC
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368C7281F9185C8C4844C2CF4DAB7DF
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/48ku9AY3hNBbYCHCL-bgvQbBhfw.roa
Signing time:             Thu 02 Jul 2026 15:18:17 +0000
ROA not before:           Thu 02 Jul 2026 15:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64267
IP address blocks:        77.93.142.0/24 maxlen: 24
                          89.213.229.0/24 maxlen: 24
                          89.213.249.0/24 maxlen: 24
                          217.145.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:c7:28:1f:91:85:c8:c4:84:4c:2c:f4:da:b7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3c92ef4063784d05b6021c22fe6e0bd06c185fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:84:a1:57:fc:17:46:c2:44:1a:87:ad:be:7b:
                    ef:1d:38:e1:c6:20:4d:4d:58:12:7c:aa:89:40:45:
                    d1:8c:e7:8e:5b:96:69:63:62:b8:cb:5f:fa:c8:d8:
                    3e:b0:c4:9e:91:bc:1d:3d:e3:97:d2:16:b7:ea:7f:
                    cc:27:46:18:04:83:d8:49:6e:ae:eb:bc:39:99:de:
                    83:26:48:c2:56:27:09:c3:85:a9:6e:d1:ff:49:d8:
                    21:72:e2:31:46:eb:f0:e0:93:25:ff:cc:10:c9:40:
                    e1:14:a6:b2:01:10:5f:db:0b:42:c4:1d:bb:02:47:
                    cb:3f:58:ae:df:21:a3:da:fb:40:bf:16:4a:28:45:
                    c1:a2:68:77:09:17:de:28:41:04:0f:96:a5:17:9f:
                    02:f9:0f:b8:fa:a9:8f:41:f7:00:48:87:ce:62:1e:
                    c0:50:94:eb:38:82:c7:95:9a:c4:6e:30:c0:00:71:
                    94:97:16:17:be:94:1e:0a:1a:2e:ba:0f:f9:78:ad:
                    bf:24:18:9a:22:a8:10:f4:60:d0:01:9d:9e:fa:10:
                    12:92:ec:99:d3:e2:29:90:21:92:e0:c7:f6:b1:38:
                    e9:df:0e:12:2a:ea:b3:dc:ad:00:19:f9:8b:b2:9a:
                    c0:42:15:f1:8a:be:57:d6:e5:80:7e:f1:aa:30:d0:
                    7b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:C9:2E:F4:06:37:84:D0:5B:60:21:C2:2F:E6:E0:BD:06:C1:85:FC
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/48ku9AY3hNBbYCHCL-bgvQbBhfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.142.0/24
                  89.213.229.0/24
                  89.213.249.0/24
                  217.145.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:7b:29:88:95:05:d5:26:13:d3:d0:21:73:b2:76:02:d4:35:
         15:35:52:71:40:68:a3:0b:9f:33:65:c6:12:80:e8:a5:89:8e:
         ea:a3:ae:4e:6f:76:1b:47:90:30:f2:12:f0:ea:5d:36:10:ff:
         5d:15:47:6e:92:c2:a5:e5:37:2d:8e:d2:46:13:93:45:7a:2a:
         97:a3:b6:1c:0f:36:bf:76:12:b0:60:0b:e0:ad:05:a2:07:c8:
         bd:12:1b:fb:c9:b0:40:3e:1c:11:55:73:e7:47:8b:44:06:e6:
         b1:e6:02:24:50:5b:35:b8:50:bb:1c:4f:33:72:ce:06:c4:58:
         9c:59:5d:42:f6:41:3d:44:45:eb:e3:bc:b2:ec:fd:05:d7:c1:
         19:a0:9b:2d:15:2f:65:dc:37:f8:be:26:8c:d3:b6:69:ca:e0:
         cc:3e:ae:7c:ae:a7:71:6c:55:7c:05:cc:91:c2:d0:2c:27:4f:
         75:92:06:85:86:48:39:c0:dd:dc:bd:8e:93:a5:63:33:63:60:
         d8:a9:25:db:22:40:b1:c7:27:b0:d0:b5:c6:47:98:0c:40:9a:
         ec:3f:a1:0e:41:58:ef:2b:5d:ca:08:4a:fa:f0:56:2e:ec:1c:
         a3:a6:4b:a7:b1:78:da:08:da:77:f1:a3:74:75:cf:15:d8:19:
         27:ee:33:96
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ8jaMcoH5GFyMSETCz02rffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2M5MmVmNDA2Mzc4NGQwNWI2MDIxYzIyZmU2ZTBiZDA2YzE4NWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIShV/wXRsJEGoetvnvvHTjhxiBN
TVgSfKqJQEXRjOeOW5ZpY2K4y1/6yNg+sMSekbwdPeOX0ha36n/MJ0YYBIPYSW6u
67w5md6DJkjCVicJw4WpbtH/SdghcuIxRuvw4JMl/8wQyUDhFKayARBf2wtCxB27
AkfLP1iu3yGj2vtAvxZKKEXBomh3CRfeKEEED5alF58C+Q+4+qmPQfcASIfOYh7A
UJTrOILHlZrEbjDAAHGUlxYXvpQeChouug/5eK2/JBiaIqgQ9GDQAZ2e+hASkuyZ
0+IpkCGS4Mf2sTjp3w4SKuqz3K0AGfmLsprAQhXxir5X1uWAfvGqMNB72wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFOPJLvQGN4TQW2Ahwi/m4L0GwYX8MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNDhrdTlBWTNoTkJiWUNIQ0wtYmd2UWJCaGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQATV2OAwQA
WdXlAwQAWdX5AwQA2ZFHMA0GCSqGSIb3DQEBCwUAA4IBAQAaeymIlQXVJhPT0CFz
snYC1DUVNVJxQGijC58zZcYSgOiliY7qo65Ob3YbR5Aw8hLw6l02EP9dFUduksKl
5TctjtJGE5NFeiqXo7YcDza/dhKwYAvgrQWiB8i9Ehv7ybBAPhwRVXPnR4tEBuax
5gIkUFs1uFC7HE8zcs4GxFicWV1C9kE9REXr47yy7P0F18EZoJstFS9l3Df4viaM
07ZpyuDMPq58rqdxbFV8BcyRwtAsJ091kgaFhkg5wN3cvY6TpWMzY2DYqSXbIkCx
xyew0LXGR5gMQJrsP6EOQVjvK13KCEr68FYu7ByjpkunsXjaCNp38aN0dc8V2Bkn
7jOW
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:18 2026 by rpki-client