Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7owIj-ltT3evteu6suYojY343KU.roa
File:                     7owIj-ltT3evteu6suYojY343KU.roa (raw, json)
Hash identifier:          tULZQ592JUGzZKhUOuwSWO/Z/q93FmXCatko6ViJXLI=
Subject key identifier:   EE:8C:08:8F:E9:6D:4F:77:AF:B5:EB:BA:B2:E6:28:8D:8D:F8:DC:A5
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368E609F947FF4AB8DD7DB01AA7F74E
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7owIj-ltT3evteu6suYojY343KU.roa
Signing time:             Thu 02 Jul 2026 15:18:24 +0000
ROA not before:           Thu 02 Jul 2026 15:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205733
IP address blocks:        82.152.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:e6:09:f9:47:ff:4a:b8:dd:7d:b0:1a:a7:f7:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ee8c088fe96d4f77afb5ebbab2e6288d8df8dca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:85:3d:7c:cc:a3:e1:19:b6:cc:e9:27:e2:0a:
                    9d:9a:6f:6a:e3:2b:c3:05:31:74:df:a3:0a:56:9c:
                    0f:4d:98:93:57:d5:f0:52:cb:d8:33:90:42:28:56:
                    e3:e5:d5:57:62:ec:42:07:9f:fe:66:e6:b7:b4:8c:
                    f8:78:0f:0a:f7:31:58:1b:91:39:af:97:31:9e:77:
                    96:98:4f:ba:a5:1f:a1:49:58:95:6a:81:d6:6f:63:
                    54:94:91:28:6e:95:00:b8:5b:93:12:83:4f:e3:78:
                    24:8c:c0:59:88:72:42:43:82:41:2d:22:8e:59:c8:
                    66:65:a7:eb:b2:10:84:69:6b:a7:da:8d:f9:0d:a1:
                    b9:ef:76:ca:77:2e:99:06:48:be:3d:4b:b5:76:7c:
                    fc:e5:8a:fe:f0:5f:e4:08:89:03:86:90:a2:06:7d:
                    57:df:fe:44:02:89:77:8b:7d:3e:64:9e:24:a2:98:
                    3a:70:e5:47:b5:b2:96:fc:7c:0a:ff:db:c1:77:f8:
                    ff:21:86:a3:8f:e4:32:8b:2a:80:38:24:40:e0:9d:
                    1b:f9:be:1b:a7:88:45:45:59:6d:9b:a3:fe:d9:6f:
                    3d:f6:9f:88:c1:4b:d7:9a:f2:92:11:13:96:8d:9e:
                    66:59:68:6f:06:1c:8a:7a:e5:e1:83:cc:01:27:6e:
                    a9:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:8C:08:8F:E9:6D:4F:77:AF:B5:EB:BA:B2:E6:28:8D:8D:F8:DC:A5
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7owIj-ltT3evteu6suYojY343KU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:74:f8:27:22:e2:a1:41:c6:f8:d8:f0:18:c1:f7:97:5b:56:
         9f:70:4b:d9:4d:45:c0:55:77:5b:22:60:0d:12:26:71:4f:4b:
         c6:ee:bf:7b:2b:a4:21:22:06:2e:1f:77:df:35:88:19:f2:dc:
         86:55:70:e1:9e:64:42:8c:63:93:0a:a2:fe:7c:87:d6:62:4e:
         07:4b:1a:19:68:e7:ad:f2:72:c8:62:03:b2:f0:8d:76:f8:d6:
         03:2c:71:88:f8:fa:58:bf:64:36:76:bb:3d:a6:3f:8f:1d:0c:
         de:eb:14:5f:7d:64:fa:27:3e:98:1e:62:0a:db:31:a9:9f:9b:
         b4:f0:61:b3:61:0e:6a:43:97:fc:7a:91:ac:bc:37:70:a3:2f:
         e4:63:1e:62:83:f9:93:e9:76:6d:c0:d4:cd:d2:33:ac:91:1e:
         89:0b:72:fc:2e:ec:53:39:b5:92:64:d2:e6:28:e2:a5:f0:9f:
         20:cb:e0:6d:be:46:72:7c:4f:9f:a8:2e:1a:7c:35:4e:88:bb:
         ea:e7:12:f9:01:88:2d:ea:75:fe:59:7f:08:89:ff:35:83:74:
         81:98:ef:7d:72:1a:07:30:3e:a3:81:2c:b5:e0:ea:66:0f:35:
         af:1c:b3:7d:8d:ae:71:47:55:69:61:7c:d3:a4:98:f2:a8:7c:
         5c:87:24:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaOYJ+Uf/SrjdfbAap/dOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZThjMDg4ZmU5NmQ0Zjc3YWZiNWViYmFiMmU2Mjg4ZDhkZjhkY2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYU9fMyj4Rm2zOkn4gqdmm9q4yvD
BTF036MKVpwPTZiTV9XwUsvYM5BCKFbj5dVXYuxCB5/+Zua3tIz4eA8K9zFYG5E5
r5cxnneWmE+6pR+hSViVaoHWb2NUlJEobpUAuFuTEoNP43gkjMBZiHJCQ4JBLSKO
WchmZafrshCEaWun2o35DaG573bKdy6ZBki+PUu1dnz85Yr+8F/kCIkDhpCiBn1X
3/5EAol3i30+ZJ4kopg6cOVHtbKW/HwK/9vBd/j/IYajj+QyiyqAOCRA4J0b+b4b
p4hFRVltm6P+2W899p+IwUvXmvKSEROWjZ5mWWhvBhyKeuXhg8wBJ26pGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6MCI/pbU93r7XrurLmKI2N+NylMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN293SWotbHRUM2V2dGV1NnN1WW9qWTM0M0tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpgLMA0G
CSqGSIb3DQEBCwUAA4IBAQBhdPgnIuKhQcb42PAYwfeXW1afcEvZTUXAVXdbImAN
EiZxT0vG7r97K6QhIgYuH3ffNYgZ8tyGVXDhnmRCjGOTCqL+fIfWYk4HSxoZaOet
8nLIYgOy8I12+NYDLHGI+PpYv2Q2drs9pj+PHQze6xRffWT6Jz6YHmIK2zGpn5u0
8GGzYQ5qQ5f8epGsvDdwoy/kYx5ig/mT6XZtwNTN0jOskR6JC3L8LuxTObWSZNLm
KOKl8J8gy+BtvkZyfE+fqC4afDVOiLvq5xL5AYgt6nX+WX8Iif81g3SBmO99choH
MD6jgSy14OpmDzWvHLN9ja5xR1VpYXzTpJjyqHxchyRL
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:18:33 2026 by rpki-client