Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/860AtFU3NoJ9w94GiLfpKcSC3eY.roa
File:                     860AtFU3NoJ9w94GiLfpKcSC3eY.roa (raw, json)
Hash identifier:          WVY9JP4D/XhOTxSxFxPigrpqdeJV7QKefpCUcOC4GxA=
Subject key identifier:   F3:AD:00:B4:55:37:36:82:7D:C3:DE:06:88:B7:E9:29:C4:82:DD:E6
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F23690532398376ADF92D59495BB8AAF0
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/860AtFU3NoJ9w94GiLfpKcSC3eY.roa
Signing time:             Thu 02 Jul 2026 15:18:32 +0000
ROA not before:           Thu 02 Jul 2026 15:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214036
IP address blocks:        109.176.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:05:32:39:83:76:ad:f9:2d:59:49:5b:b8:aa:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f3ad00b4553736827dc3de0688b7e929c482dde6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:79:10:9b:52:12:9b:ad:74:e8:0c:5d:92:49:
                    a0:77:6d:b0:81:3c:44:f2:a4:2d:70:4a:15:d5:3d:
                    01:9d:b8:bb:0e:ad:92:f5:03:55:cb:1b:3e:fd:aa:
                    39:25:e7:fd:bd:4a:ac:9f:bc:82:e0:62:48:08:4a:
                    e9:f0:bb:00:42:c2:21:7d:d6:ed:de:a3:ba:20:81:
                    97:a2:33:16:11:f2:99:96:56:b5:42:49:af:c2:db:
                    78:d7:e6:12:9a:be:2b:9a:50:43:a4:ea:5e:3f:a9:
                    8f:94:53:c9:21:ae:d0:75:ac:b4:49:e0:4a:78:60:
                    dd:57:4e:cf:86:30:82:6a:c4:8d:cf:71:e9:ca:e3:
                    fc:54:c3:64:95:3e:7c:8a:66:12:1b:de:6d:0a:cf:
                    f5:d0:07:98:5c:82:22:17:3f:53:6d:1a:30:31:1e:
                    c6:24:7b:9d:3f:08:c6:4b:7e:f9:e7:1e:1d:58:be:
                    5e:a1:6d:f4:72:f2:ec:5b:df:3c:d7:20:76:fa:0b:
                    de:6f:03:66:4f:95:8d:bf:c7:fe:73:ec:07:a2:d1:
                    d1:7d:80:7c:63:72:5a:c7:36:51:36:d1:1a:93:9d:
                    df:cf:72:f9:d7:fa:c4:20:6d:d0:7d:73:c0:11:29:
                    74:63:42:37:ef:61:14:c5:36:a8:0f:08:59:39:e9:
                    38:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:AD:00:B4:55:37:36:82:7D:C3:DE:06:88:B7:E9:29:C4:82:DD:E6
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/860AtFU3NoJ9w94GiLfpKcSC3eY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:f6:48:96:a2:75:94:23:58:88:ba:de:0c:a5:d7:9c:ed:d5:
         d2:d6:e6:b6:bb:4d:b8:a4:19:ac:9b:86:77:2c:2e:08:c5:b8:
         65:c2:7f:69:a5:9b:47:b9:35:e1:f0:62:85:2c:49:d1:47:0e:
         f4:81:b7:94:cc:b2:75:62:24:98:c7:f2:dc:4c:f0:be:71:63:
         a6:5b:6c:0e:1f:32:6c:f2:0d:3b:64:de:e7:c4:85:75:90:7f:
         3e:66:a9:1e:db:28:04:99:af:51:b4:0d:b3:57:36:5f:f1:4d:
         cd:e6:f1:45:50:51:62:e6:c3:7a:2b:fe:7a:7f:0b:84:e1:82:
         7f:55:b8:22:23:1f:18:45:4e:d5:69:c7:67:13:18:7b:50:1a:
         6c:b5:d5:6f:93:7c:c8:13:33:12:8f:41:b1:af:a8:37:de:39:
         8c:de:d2:27:c1:e4:4b:ad:b2:4f:a0:14:0b:12:8e:d2:bd:46:
         7f:02:af:51:7b:86:e1:e2:75:08:89:10:b2:41:8c:6c:32:62:
         7c:90:17:ed:26:64:45:58:e8:97:f1:62:dd:1c:bf:ed:c7:b2:
         d7:55:2f:a3:86:f6:fb:2c:de:4e:ec:1a:a4:ec:51:56:8f:29:
         76:87:35:9a:4b:c2:b0:ff:91:cb:0c:bf:b4:f5:3a:2f:15:9a:
         96:cb:03:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaQUyOYN2rfktWUlbuKrwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2FkMDBiNDU1MzczNjgyN2RjM2RlMDY4OGI3ZTkyOWM0ODJkZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXkQm1ISm6106Axdkkmgd22wgTxE
8qQtcEoV1T0Bnbi7Dq2S9QNVyxs+/ao5Jef9vUqsn7yC4GJICErp8LsAQsIhfdbt
3qO6IIGXojMWEfKZlla1Qkmvwtt41+YSmr4rmlBDpOpeP6mPlFPJIa7Qday0SeBK
eGDdV07PhjCCasSNz3HpyuP8VMNklT58imYSG95tCs/10AeYXIIiFz9TbRowMR7G
JHudPwjGS3755x4dWL5eoW30cvLsW9881yB2+gvebwNmT5WNv8f+c+wHotHRfYB8
Y3JaxzZRNtEak53fz3L51/rEIG3QfXPAESl0Y0I372EUxTaoDwhZOek4KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOtALRVNzaCfcPeBoi36SnEgt3mMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvODYwQXRGVTNOb0o5dzk0R2lMZnBLY1NDM2VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDPMA0G
CSqGSIb3DQEBCwUAA4IBAQAu9kiWonWUI1iIut4Mpdec7dXS1ua2u024pBmsm4Z3
LC4Ixbhlwn9ppZtHuTXh8GKFLEnRRw70gbeUzLJ1YiSYx/LcTPC+cWOmW2wOHzJs
8g07ZN7nxIV1kH8+Zqke2ygEma9RtA2zVzZf8U3N5vFFUFFi5sN6K/56fwuE4YJ/
VbgiIx8YRU7VacdnExh7UBpstdVvk3zIEzMSj0Gxr6g33jmM3tInweRLrbJPoBQL
Eo7SvUZ/Aq9Re4bh4nUIiRCyQYxsMmJ8kBftJmRFWOiX8WLdHL/tx7LXVS+jhvb7
LN5O7Bqk7FFWjyl2hzWaS8Kw/5HLDL+09TovFZqWywMS
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:26 2026 by rpki-client