Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6T6fUZfo0v2a5QcuhJ5Ceef41og.roa
File:                     6T6fUZfo0v2a5QcuhJ5Ceef41og.roa (raw, json)
Hash identifier:          iik+AZMGpz3cpz7g6TICSSVcOOerCrfI4yG72qN7hqw=
Subject key identifier:   E9:3E:9F:51:97:E8:D2:FD:9A:E5:07:2E:84:9E:42:79:E7:F8:D6:88
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368DC9E555D200FC09AAEA4BA1DDC63
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6T6fUZfo0v2a5QcuhJ5Ceef41og.roa
Signing time:             Thu 02 Jul 2026 15:18:22 +0000
ROA not before:           Thu 02 Jul 2026 15:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198990
IP address blocks:        89.28.237.0/24 maxlen: 24
                          89.213.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:dc:9e:55:5d:20:0f:c0:9a:ae:a4:ba:1d:dc:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e93e9f5197e8d2fd9ae5072e849e4279e7f8d688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f6:80:78:21:60:aa:3c:65:7e:a1:40:f0:5b:
                    d0:86:96:b2:02:f9:77:f2:ba:9f:5f:97:49:27:38:
                    ea:bf:be:55:9a:3e:7b:51:6e:69:6d:85:ad:6d:23:
                    11:b5:58:c9:23:73:e0:89:a8:41:7a:f1:08:6c:52:
                    62:4f:6a:bf:b6:6e:fa:3e:c0:68:81:0d:e0:da:e7:
                    35:b3:0a:7c:ab:d4:94:9a:25:ea:e8:21:14:d8:52:
                    d4:7b:4b:a5:7d:82:f6:a7:14:4d:7d:12:6b:5a:e3:
                    d0:ce:b3:e4:e5:f4:4a:cb:b7:bf:34:12:e2:15:fe:
                    e0:25:29:c4:2a:84:d7:fd:71:65:0e:66:ce:26:0a:
                    41:f6:cf:f4:74:ee:17:c3:d0:48:ce:d6:51:af:c1:
                    3f:b1:a7:b2:85:60:c0:a2:79:1d:0a:bb:d6:ab:ce:
                    d8:e6:0c:fc:df:14:46:f7:e3:79:50:be:92:d8:62:
                    f1:e8:0b:7d:07:e5:fe:13:e8:13:01:7d:89:fe:5d:
                    a5:e3:9f:cf:bf:01:a3:96:c3:59:25:d1:13:61:59:
                    36:ef:63:33:2f:c6:0d:e4:ff:f2:c0:41:c8:03:00:
                    e1:6c:9c:18:d9:8b:c6:cb:00:ac:e2:30:a7:1c:b4:
                    68:0a:8b:7b:38:55:f5:7f:46:c8:90:fd:40:e7:ca:
                    29:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:3E:9F:51:97:E8:D2:FD:9A:E5:07:2E:84:9E:42:79:E7:F8:D6:88
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6T6fUZfo0v2a5QcuhJ5Ceef41og.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.237.0/24
                  89.213.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:26:40:9c:26:d0:ce:a0:4d:07:4c:4d:47:98:79:6a:cc:95:
         94:a3:4e:7b:e6:fd:f8:a3:c5:a1:00:52:eb:f1:c1:ca:dd:25:
         e4:e9:a5:a4:2b:ba:e9:bd:9d:da:f9:cd:d7:c2:65:94:03:a9:
         75:08:6e:77:e0:11:9e:f1:62:b9:50:5f:51:49:0c:40:16:d5:
         0d:78:ef:cf:a3:3d:92:02:37:33:da:ef:52:7f:57:08:de:2a:
         4b:87:65:20:5d:f9:88:e7:00:d4:3b:ec:9d:09:df:4f:51:33:
         8b:44:c4:4e:12:72:67:aa:b4:3f:ed:2d:a8:d5:d9:40:a5:fd:
         68:ce:fd:96:77:35:52:f3:55:c8:05:61:1b:5c:85:06:a4:c9:
         f2:a4:9b:9c:c6:4e:9b:2c:ed:3d:90:36:40:41:17:6f:cf:e5:
         83:43:c6:ff:01:11:fb:18:9c:84:7a:19:1e:b8:13:df:62:78:
         e0:a4:37:e7:72:11:9f:ee:a7:47:76:76:51:06:4a:de:28:33:
         e4:99:50:fc:8e:37:24:07:56:63:31:80:23:d0:20:56:db:ab:
         f4:8f:55:f3:27:a1:4e:74:5b:12:ec:55:39:00:26:54:ac:2b:
         1b:db:11:1a:cc:67:43:43:4f:59:e5:11:c2:42:ec:cd:c1:58:
         ce:61:3c:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8jaNyeVV0gD8CarqS6HdxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTNlOWY1MTk3ZThkMmZkOWFlNTA3MmU4NDllNDI3OWU3ZjhkNjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfaAeCFgqjxlfqFA8FvQhpayAvl3
8rqfX5dJJzjqv75Vmj57UW5pbYWtbSMRtVjJI3PgiahBevEIbFJiT2q/tm76PsBo
gQ3g2uc1swp8q9SUmiXq6CEU2FLUe0ulfYL2pxRNfRJrWuPQzrPk5fRKy7e/NBLi
Ff7gJSnEKoTX/XFlDmbOJgpB9s/0dO4Xw9BIztZRr8E/saeyhWDAonkdCrvWq87Y
5gz83xRG9+N5UL6S2GLx6At9B+X+E+gTAX2J/l2l45/PvwGjlsNZJdETYVk272Mz
L8YN5P/ywEHIAwDhbJwY2YvGywCs4jCnHLRoCot7OFX1f0bIkP1A58op4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOk+n1GX6NL9muUHLoSeQnnn+NaIMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNlQ2ZlVaZm8wdjJhNVFjdWhKNUNlZWY0MW9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRztAwQA
WdXWMA0GCSqGSIb3DQEBCwUAA4IBAQBZJkCcJtDOoE0HTE1HmHlqzJWUo0575v34
o8WhAFLr8cHK3SXk6aWkK7rpvZ3a+c3XwmWUA6l1CG534BGe8WK5UF9RSQxAFtUN
eO/Poz2SAjcz2u9Sf1cI3ipLh2UgXfmI5wDUO+ydCd9PUTOLRMROEnJnqrQ/7S2o
1dlApf1ozv2WdzVS81XIBWEbXIUGpMnypJucxk6bLO09kDZAQRdvz+WDQ8b/ARH7
GJyEehkeuBPfYnjgpDfnchGf7qdHdnZRBkreKDPkmVD8jjckB1ZjMYAj0CBW26v0
j1XzJ6FOdFsS7FU5ACZUrCsb2xEazGdDQ09Z5RHCQuzNwVjOYTx5
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:30 2026 by rpki-client