Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7nP2bfXrVDR_Q6gqIUTefJJOhw4.roa
File:                     7nP2bfXrVDR_Q6gqIUTefJJOhw4.roa (raw, json)
Hash identifier:          H5vW+w+w7pY6dUtQpVhBTsf1lu6jQXIhjgaUU/0zTBw=
Subject key identifier:   EE:73:F6:6D:F5:EB:54:34:7F:43:A8:2A:21:44:DE:7C:92:4E:87:0E
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368BCA47A7502288F754BA4D5EF3FD0
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7nP2bfXrVDR_Q6gqIUTefJJOhw4.roa
Signing time:             Thu 02 Jul 2026 15:18:14 +0000
ROA not before:           Thu 02 Jul 2026 15:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47692
IP address blocks:        109.176.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:bc:a4:7a:75:02:28:8f:75:4b:a4:d5:ef:3f:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ee73f66df5eb54347f43a82a2144de7c924e870e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a7:3c:63:61:14:f3:2a:9a:cb:4f:f6:1e:ee:
                    75:cd:90:c7:79:98:00:f6:06:8c:01:f2:51:24:a0:
                    fc:60:f8:6e:34:ad:94:33:61:ab:45:11:a8:bd:74:
                    7d:f2:0e:e7:7a:b4:05:c7:25:9f:56:f6:09:ca:eb:
                    63:25:eb:ee:62:60:e2:7f:1c:46:e3:a9:3b:ba:dc:
                    40:64:34:72:e1:37:45:d8:a0:ab:51:b1:cc:32:60:
                    aa:47:8d:f6:f5:0e:fb:2f:1d:52:e0:ec:ef:0f:7d:
                    9b:93:de:f0:de:62:4d:0c:da:51:2d:ec:ce:a1:9b:
                    b5:34:a1:01:9a:41:15:03:01:3f:3d:e9:1f:4b:e6:
                    04:ac:8e:b3:3d:a3:64:09:c1:57:94:3e:e6:d8:e4:
                    9d:31:af:ae:39:4f:27:3d:7c:8d:4d:77:ee:d6:82:
                    02:73:8f:70:f5:cf:50:1a:f9:d8:bc:e7:57:20:41:
                    fa:9a:1f:eb:02:df:a8:71:ae:8c:06:61:15:4c:e3:
                    3d:06:d5:28:75:5f:10:99:38:06:de:9d:9b:3b:53:
                    59:d1:47:26:c5:5c:41:3a:bd:c7:db:cc:c0:c1:5a:
                    52:dc:df:78:bc:48:da:93:db:f7:31:01:f0:2a:b1:
                    62:0e:4b:10:67:92:fd:0f:09:69:d3:4a:73:92:87:
                    94:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:73:F6:6D:F5:EB:54:34:7F:43:A8:2A:21:44:DE:7C:92:4E:87:0E
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7nP2bfXrVDR_Q6gqIUTefJJOhw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:c0:26:7e:2f:9e:51:b6:3f:b0:75:d9:77:f6:41:78:94:31:
         02:fb:06:de:49:0d:6f:4c:71:f4:04:42:a3:28:9f:78:d6:f7:
         4f:09:ae:b2:8c:44:4f:7c:b0:74:03:5d:c6:89:ce:29:6f:75:
         4c:29:80:13:64:1a:ae:8b:e9:ea:c1:2f:9c:f1:50:d0:bd:53:
         7a:e9:a0:48:df:c1:04:ea:c2:d3:9c:1f:23:28:63:7d:b4:0e:
         06:16:2d:76:c3:e1:90:87:60:db:9a:91:d0:e4:db:2c:f3:11:
         2a:c1:b0:f9:f2:b4:58:6c:9f:bb:e0:a9:2e:6c:69:b3:f8:55:
         b9:df:1e:c0:f1:01:82:80:af:d9:f8:e2:a9:3a:74:1f:c4:ea:
         8a:f7:e5:dc:ce:ed:1f:f7:05:5b:43:40:d2:ef:ab:5f:81:c3:
         8d:bd:38:ed:14:3b:80:65:86:4d:00:7b:bb:85:d7:38:f6:8d:
         3d:20:3d:f7:16:ae:c5:24:52:38:60:c9:24:5a:b7:0f:7d:77:
         c3:c5:69:4a:e9:a0:1b:a6:99:5b:69:49:1f:6b:a2:e7:70:c0:
         49:f5:fa:7b:22:2a:fc:39:37:d4:42:d3:a5:b4:1f:63:f0:91:
         5b:c3:d6:66:e3:70:f5:e9:f3:cf:fb:93:d9:c4:c0:23:93:a1:
         96:57:af:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaLykenUCKI91S6TV7z/QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTczZjY2ZGY1ZWI1NDM0N2Y0M2E4MmEyMTQ0ZGU3YzkyNGU4NzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqc8Y2EU8yqay0/2Hu51zZDHeZgA
9gaMAfJRJKD8YPhuNK2UM2GrRRGovXR98g7nerQFxyWfVvYJyutjJevuYmDifxxG
46k7utxAZDRy4TdF2KCrUbHMMmCqR4329Q77Lx1S4OzvD32bk97w3mJNDNpRLezO
oZu1NKEBmkEVAwE/PekfS+YErI6zPaNkCcFXlD7m2OSdMa+uOU8nPXyNTXfu1oIC
c49w9c9QGvnYvOdXIEH6mh/rAt+oca6MBmEVTOM9BtUodV8QmTgG3p2bO1NZ0Ucm
xVxBOr3H28zAwVpS3N94vEjak9v3MQHwKrFiDksQZ5L9Dwlp00pzkoeUpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5z9m3161Q0f0OoKiFE3nySTocOMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN25QMmJmWHJWRFJfUTZncUlVVGVmSkpPaHc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbD6MA0G
CSqGSIb3DQEBCwUAA4IBAQBdwCZ+L55Rtj+wddl39kF4lDEC+wbeSQ1vTHH0BEKj
KJ941vdPCa6yjERPfLB0A13Gic4pb3VMKYATZBqui+nqwS+c8VDQvVN66aBI38EE
6sLTnB8jKGN9tA4GFi12w+GQh2DbmpHQ5Nss8xEqwbD58rRYbJ+74KkubGmz+FW5
3x7A8QGCgK/Z+OKpOnQfxOqK9+Xczu0f9wVbQ0DS76tfgcONvTjtFDuAZYZNAHu7
hdc49o09ID33Fq7FJFI4YMkkWrcPfXfDxWlK6aAbpplbaUkfa6LncMBJ9fp7Iir8
OTfUQtOltB9j8JFbw9Zm43D16fPP+5PZxMAjk6GWV6/c
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:38 2026 by rpki-client