Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7diCn2M-WV9hsUEcMCDRnbOjj_g.roa
File:                     7diCn2M-WV9hsUEcMCDRnbOjj_g.roa (raw, json)
Hash identifier:          08JySkGYb76idSJNdJAkdbvdWIW/NNiwUaPnm3LJsQw=
Subject key identifier:   ED:D8:82:9F:63:3E:59:5F:61:B1:41:1C:30:20:D1:9D:B3:A3:8F:F8
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368F2F8715E115C6357A9F2BDEE9BE3
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7diCn2M-WV9hsUEcMCDRnbOjj_g.roa
Signing time:             Thu 02 Jul 2026 15:18:28 +0000
ROA not before:           Thu 02 Jul 2026 15:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211440
IP address blocks:        89.213.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:f2:f8:71:5e:11:5c:63:57:a9:f2:bd:ee:9b:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edd8829f633e595f61b1411c3020d19db3a38ff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:90:8a:15:31:c7:9f:4b:42:c7:8e:a7:b4:46:
                    c5:50:53:9c:33:a0:82:79:d3:1c:40:be:c3:56:0b:
                    3d:dd:dd:e5:f0:d8:ff:cd:7a:85:db:d5:06:da:0c:
                    1e:a5:14:02:81:e7:ad:52:04:e3:b1:db:99:1b:1c:
                    cf:9c:18:46:f2:99:78:98:53:0b:de:d1:b5:6a:38:
                    44:da:d3:e7:98:91:7b:29:94:1c:ea:76:4c:c8:d9:
                    8f:96:d4:8a:ee:f3:a3:9f:4a:7e:b4:eb:e6:44:b9:
                    34:95:37:07:29:b9:36:98:45:ff:f1:5f:6e:ef:70:
                    7a:44:b5:95:49:99:38:37:c0:3f:10:56:c1:ee:52:
                    55:75:c8:f5:d6:68:85:c7:7e:c8:82:e9:a6:b6:b8:
                    95:62:3d:e6:38:bc:a1:9e:7c:2e:ac:d0:62:05:a8:
                    00:55:fa:4a:b5:7d:66:62:bb:e2:7b:2a:85:fc:6f:
                    a1:7f:4e:31:98:e7:f3:83:db:c8:8e:41:ef:a3:c1:
                    4a:f1:12:c6:87:3b:e3:ff:b7:7e:a5:6a:00:11:6a:
                    6a:e8:d7:f4:90:19:53:6d:94:e3:e7:db:7b:cc:0d:
                    39:73:79:12:2b:7d:3c:05:20:cc:19:4d:ad:e0:d8:
                    f2:8b:46:f0:a3:a5:8c:93:d3:d6:a5:26:0f:86:c9:
                    24:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:D8:82:9F:63:3E:59:5F:61:B1:41:1C:30:20:D1:9D:B3:A3:8F:F8
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7diCn2M-WV9hsUEcMCDRnbOjj_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:22:c2:91:0e:69:75:d4:b3:e0:fe:eb:76:7e:3d:14:7f:8a:
         1e:9c:c6:be:ae:25:88:bc:c7:e3:0f:de:a6:8f:f6:6a:e5:54:
         d3:26:f0:86:9e:f2:ff:75:d3:30:fe:d2:63:b5:4c:bd:a6:5d:
         a3:91:25:81:b7:e4:df:70:14:9c:0f:69:fb:d7:04:f8:da:86:
         41:73:fe:1b:bc:97:c1:d5:80:74:9d:dc:ad:61:8f:26:82:de:
         20:b5:b9:3a:90:99:03:85:aa:45:08:23:3b:b3:c8:82:4f:91:
         54:7a:59:8f:7b:c7:a5:e7:e2:08:2d:1e:d1:9e:09:4b:da:7b:
         98:dd:fb:6c:8a:11:7c:0c:28:34:9e:7c:fc:e9:9f:15:cc:4c:
         e7:92:a7:94:cd:cd:83:71:ed:75:71:c9:4e:45:4a:28:5f:57:
         d4:75:ec:1e:28:78:9e:40:61:ae:e9:72:8c:14:e1:f1:13:db:
         48:e8:aa:25:15:29:37:fa:7e:00:c3:2c:3e:72:bf:e9:74:86:
         c0:f7:5d:74:b2:e4:b0:80:18:25:47:83:df:85:a1:0e:02:e1:
         23:70:eb:6e:f6:b6:85:3f:9f:4f:b4:44:19:be:11:0d:82:a4:
         0c:14:84:3e:e7:ca:e5:40:10:6f:88:64:c1:3f:41:ff:ce:2b:
         0f:39:9e:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaPL4cV4RXGNXqfK97pvjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGQ4ODI5ZjYzM2U1OTVmNjFiMTQxMWMzMDIwZDE5ZGIzYTM4ZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZCKFTHHn0tCx46ntEbFUFOcM6CC
edMcQL7DVgs93d3l8Nj/zXqF29UG2gwepRQCgeetUgTjsduZGxzPnBhG8pl4mFML
3tG1ajhE2tPnmJF7KZQc6nZMyNmPltSK7vOjn0p+tOvmRLk0lTcHKbk2mEX/8V9u
73B6RLWVSZk4N8A/EFbB7lJVdcj11miFx37IgummtriVYj3mOLyhnnwurNBiBagA
VfpKtX1mYrvieyqF/G+hf04xmOfzg9vIjkHvo8FK8RLGhzvj/7d+pWoAEWpq6Nf0
kBlTbZTj59t7zA05c3kSK308BSDMGU2t4Njyi0bwo6WMk9PWpSYPhskk7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3Ygp9jPllfYbFBHDAg0Z2zo4/4MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN2RpQ24yTS1XVjloc1VFY01DRFJuYk9qal9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdV7MA0G
CSqGSIb3DQEBCwUAA4IBAQAgIsKRDml11LPg/ut2fj0Uf4oenMa+riWIvMfjD96m
j/Zq5VTTJvCGnvL/ddMw/tJjtUy9pl2jkSWBt+TfcBScD2n71wT42oZBc/4bvJfB
1YB0ndytYY8mgt4gtbk6kJkDhapFCCM7s8iCT5FUelmPe8el5+IILR7RnglL2nuY
3ftsihF8DCg0nnz86Z8VzEznkqeUzc2Dce11cclORUooX1fUdeweKHieQGGu6XKM
FOHxE9tI6KolFSk3+n4Awyw+cr/pdIbA9110suSwgBglR4PfhaEOAuEjcOtu9raF
P59PtEQZvhENgqQMFIQ+58rlQBBviGTBP0H/zisPOZ76
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:02 2026 by rpki-client