Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7c8mpBnqLvS7KjHDpavgP5IXv68.roa
File:                     7c8mpBnqLvS7KjHDpavgP5IXv68.roa (raw, json)
Hash identifier:          /pSVNKeVOj+eJHxtk+6/6g7mPaf/KQM6hhjvp6ubNQk=
Subject key identifier:   ED:CF:26:A4:19:EA:2E:F4:BB:2A:31:C3:A5:AB:E0:3F:92:17:BF:AF
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368C9D2FFB65CC0AD4CD9D048F931F2
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7c8mpBnqLvS7KjHDpavgP5IXv68.roa
Signing time:             Thu 02 Jul 2026 15:18:17 +0000
ROA not before:           Thu 02 Jul 2026 15:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137235
IP address blocks:        89.31.234.0/24 maxlen: 24
                          213.210.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:c9:d2:ff:b6:5c:c0:ad:4c:d9:d0:48:f9:31:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edcf26a419ea2ef4bb2a31c3a5abe03f9217bfaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0f:58:32:9b:ca:4a:ff:7f:e2:01:ff:98:3e:
                    3d:31:fa:25:2f:7d:8f:6a:5c:fa:5d:de:c7:b5:eb:
                    15:21:38:94:20:04:3f:ef:5e:7e:4d:82:0a:93:ed:
                    41:85:a1:36:6f:ac:b1:bd:49:9d:ed:c5:a5:00:e1:
                    b5:ee:4c:ae:de:87:b8:c0:94:8f:6c:d5:da:07:05:
                    ad:5e:e9:ed:9f:7d:23:67:34:66:53:c0:e6:1f:4d:
                    80:30:26:f7:59:bc:16:14:da:1f:f9:eb:6a:76:d4:
                    f8:3b:0b:21:3a:cd:e7:76:8c:80:56:03:bc:de:90:
                    c8:a6:d4:08:6e:f6:50:b0:e4:67:4d:7c:2b:6d:58:
                    33:1e:f7:da:91:3e:5b:cc:78:4a:a6:fe:e2:22:99:
                    9c:58:ad:bc:42:d8:74:fd:fc:a2:45:fe:96:a2:27:
                    10:24:18:85:bb:17:61:af:bb:96:45:b1:8d:85:37:
                    45:15:9f:55:06:e8:dc:a8:1a:1f:5c:ff:c1:f2:8a:
                    5d:39:c5:30:a2:c5:17:19:5b:24:80:f4:2b:dd:93:
                    94:49:2a:98:a7:fc:5c:b2:34:cf:27:9d:49:6a:34:
                    6c:90:52:e5:62:6d:92:7c:fc:de:ea:d5:6d:65:f2:
                    f2:ad:96:8d:ca:7f:3c:6b:ab:fd:3e:55:83:c4:2a:
                    26:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:CF:26:A4:19:EA:2E:F4:BB:2A:31:C3:A5:AB:E0:3F:92:17:BF:AF
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7c8mpBnqLvS7KjHDpavgP5IXv68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.234.0/24
                  213.210.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:01:e9:5a:56:aa:32:b5:72:b1:35:ae:fe:ef:3c:25:74:eb:
         cb:ab:d1:53:ad:a7:b0:9e:44:62:32:55:75:fd:4f:66:84:74:
         cc:88:6e:77:6a:d6:03:0b:ae:28:ec:58:cf:ac:b2:1b:cd:12:
         ac:06:de:5d:98:90:1e:85:b2:76:f0:61:99:84:95:63:9a:c7:
         65:c0:a7:a3:e3:b1:51:c1:21:20:f2:eb:65:86:ef:37:9f:df:
         b5:a0:77:6e:7f:96:72:e6:f9:fe:ab:36:b2:a4:29:e5:9f:82:
         b0:c9:13:8f:28:d5:3e:80:95:bc:ab:ec:91:b5:f9:26:6e:c5:
         57:55:53:69:e8:0b:71:fb:3f:0e:8b:b6:a6:09:06:f7:3c:9a:
         ec:0d:6a:cb:d8:10:71:dc:55:34:f7:4b:1a:2a:6b:fa:8e:1d:
         84:08:53:0b:ad:1f:e2:15:ad:50:a5:23:4c:db:3f:f3:5a:ab:
         1c:ed:e4:da:7a:63:2f:66:45:cb:75:69:86:65:55:5a:02:8e:
         dd:74:89:ec:6c:dc:a6:df:53:40:cf:27:8b:89:73:a3:b6:4a:
         69:ec:c4:08:0a:49:9b:3d:d7:4a:1a:39:d6:17:0a:85:f8:25:
         e4:ae:a1:36:40:8b:82:e4:b7:d6:73:f5:89:5d:91:d1:7e:30:
         0c:3d:c6:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8jaMnS/7ZcwK1M2dBI+THyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGNmMjZhNDE5ZWEyZWY0YmIyYTMxYzNhNWFiZTAzZjkyMTdiZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuA9YMpvKSv9/4gH/mD49MfolL32P
alz6Xd7HtesVITiUIAQ/715+TYIKk+1BhaE2b6yxvUmd7cWlAOG17kyu3oe4wJSP
bNXaBwWtXuntn30jZzRmU8DmH02AMCb3WbwWFNof+etqdtT4OwshOs3ndoyAVgO8
3pDIptQIbvZQsORnTXwrbVgzHvfakT5bzHhKpv7iIpmcWK28Qth0/fyiRf6WoicQ
JBiFuxdhr7uWRbGNhTdFFZ9VBujcqBofXP/B8opdOcUwosUXGVskgPQr3ZOUSSqY
p/xcsjTPJ51JajRskFLlYm2SfPze6tVtZfLyrZaNyn88a6v9PlWDxComTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO3PJqQZ6i70uyoxw6Wr4D+SF7+vMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN2M4bXBCbnFMdlM3S2pIRHBhdmdQNUlYdjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWR/qAwQA
1dI0MA0GCSqGSIb3DQEBCwUAA4IBAQA4AelaVqoytXKxNa7+7zwldOvLq9FTraew
nkRiMlV1/U9mhHTMiG53atYDC64o7FjPrLIbzRKsBt5dmJAehbJ28GGZhJVjmsdl
wKej47FRwSEg8utlhu83n9+1oHduf5Zy5vn+qzaypCnln4KwyROPKNU+gJW8q+yR
tfkmbsVXVVNp6Atx+z8Oi7amCQb3PJrsDWrL2BBx3FU090saKmv6jh2ECFMLrR/i
Fa1QpSNM2z/zWqsc7eTaemMvZkXLdWmGZVVaAo7ddInsbNym31NAzyeLiXOjtkpp
7MQICkmbPddKGjnWFwqF+CXkrqE2QIuC5LfWc/WJXZHRfjAMPcYd
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:11 2026 by rpki-client