Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8oDheJIlLAkriqbvCgoDURy4D-I.roa
File:                     8oDheJIlLAkriqbvCgoDURy4D-I.roa (raw, json)
Hash identifier:          0t+PUCtpKGWnJQGem5DExeN3xowBaNMdUvEi2UFnK+A=
Subject key identifier:   F2:80:E1:78:92:25:2C:09:2B:8A:A6:EF:0A:0A:03:51:1C:B8:0F:E2
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368BE38CC52ADB6E9AFF3B1EA25879E
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8oDheJIlLAkriqbvCgoDURy4D-I.roa
Signing time:             Thu 02 Jul 2026 15:18:14 +0000
ROA not before:           Thu 02 Jul 2026 15:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48266
IP address blocks:        81.5.191.0/24 maxlen: 24
                          82.152.177.0/24 maxlen: 24
                          82.153.69.0/24 maxlen: 24
                          82.153.96.0/24 maxlen: 24
                          82.153.100.0/24 maxlen: 24
                          82.153.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:be:38:cc:52:ad:b6:e9:af:f3:b1:ea:25:87:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f280e17892252c092b8aa6ef0a0a03511cb80fe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8c:9a:8c:b9:5b:5f:e2:de:90:ce:ea:4d:ea:
                    f8:02:ee:58:39:cf:71:6e:d4:a6:43:14:ba:c5:a3:
                    a9:75:dc:c0:d5:c1:8f:1f:21:22:44:43:b5:1f:6c:
                    31:e8:b0:65:ad:7c:4b:6e:87:d6:a5:4e:ec:b9:51:
                    a2:8c:64:92:0f:80:f6:75:1d:c4:53:e0:f1:0e:4e:
                    77:41:7a:36:f6:8d:12:56:5f:94:79:72:7e:1f:8f:
                    8a:e8:5e:95:84:bb:b5:95:bc:c4:34:fe:82:8e:7f:
                    9c:6f:fd:e7:da:75:e7:01:6b:f4:cc:46:53:71:c0:
                    e1:37:b8:6b:91:9f:e3:3a:44:dc:ba:ce:6b:78:53:
                    92:42:9d:80:f3:61:bd:9e:27:af:15:d4:d6:f4:b4:
                    95:10:16:9d:63:c6:b2:e8:a2:f9:8e:c0:13:6f:a8:
                    54:2c:7f:92:77:e1:07:ac:6d:33:5a:85:2e:d8:8b:
                    4c:17:ac:41:79:0d:c8:62:e7:6e:34:68:e4:26:43:
                    f7:e2:8a:dc:92:2c:11:cc:4c:1b:41:e6:98:62:e3:
                    cb:cf:45:43:a5:9c:a9:75:4b:1e:b9:14:2a:79:8c:
                    cf:df:b9:70:8b:ee:f0:01:c3:6b:17:2a:fc:08:e2:
                    d8:31:e9:9c:8f:30:c2:e5:cd:1e:8c:d4:9d:0e:86:
                    61:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:80:E1:78:92:25:2C:09:2B:8A:A6:EF:0A:0A:03:51:1C:B8:0F:E2
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8oDheJIlLAkriqbvCgoDURy4D-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.191.0/24
                  82.152.177.0/24
                  82.153.69.0/24
                  82.153.96.0/24
                  82.153.100.0/24
                  82.153.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:65:e7:de:29:11:be:dd:9b:d2:7d:12:6b:c9:14:51:3e:bd:
         9a:5c:a6:f0:98:cd:bb:c3:5e:ec:db:8b:1b:00:8e:6c:b8:e8:
         e8:8f:1f:32:fa:bf:5c:ea:3c:4a:e5:7c:f3:de:69:bd:5e:b8:
         3d:c5:4f:44:42:f2:20:53:92:c2:40:1a:96:08:da:04:04:47:
         4a:60:f0:67:30:12:94:cf:87:08:00:f5:b3:c0:60:1c:d3:11:
         35:d8:04:3e:14:01:b2:36:9d:47:f6:07:a2:b0:de:3b:9e:02:
         1f:ec:f2:7e:09:b4:f5:5b:d6:b9:5d:c8:62:31:ff:05:5a:40:
         8f:58:a2:d1:27:b9:d3:6a:d9:36:30:47:9c:af:75:cc:83:f0:
         1f:18:3e:0f:80:14:89:55:96:cf:42:c2:bd:39:67:7a:6e:59:
         f6:28:b8:1b:2e:48:71:5e:2a:85:bf:91:77:7b:3f:bd:b2:ec:
         fd:bf:48:c2:f3:77:80:d1:86:29:9e:57:e5:97:58:77:1a:4f:
         94:50:3e:27:a9:23:b3:b5:fe:f2:d9:b8:08:9f:96:7b:4c:53:
         70:43:d9:e3:23:76:e7:f7:d1:74:92:c8:c5:17:cf:5f:b4:77:
         42:89:58:88:d0:19:8a:77:16:2d:d5:42:61:af:27:98:a8:1e:
         27:f9:4a:83
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ8jaL44zFKttumv87HqJYeeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjgwZTE3ODkyMjUyYzA5MmI4YWE2ZWYwYTBhMDM1MTFjYjgwZmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4yajLlbX+LekM7qTer4Au5YOc9x
btSmQxS6xaOpddzA1cGPHyEiREO1H2wx6LBlrXxLbofWpU7suVGijGSSD4D2dR3E
U+DxDk53QXo29o0SVl+UeXJ+H4+K6F6VhLu1lbzENP6Cjn+cb/3n2nXnAWv0zEZT
ccDhN7hrkZ/jOkTcus5reFOSQp2A82G9nievFdTW9LSVEBadY8ay6KL5jsATb6hU
LH+Sd+EHrG0zWoUu2ItMF6xBeQ3IYuduNGjkJkP34orckiwRzEwbQeaYYuPLz0VD
pZypdUseuRQqeYzP37lwi+7wAcNrFyr8COLYMemcjzDC5c0ejNSdDoZhrQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPKA4XiSJSwJK4qm7woKA1EcuA/iMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOG9EaGVKSWxMQWtyaXFidkNnb0RVUnk0RC1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAUQW/AwQA
UpixAwQAUplFAwQAUplgAwQAUplkAwQAUpnOMA0GCSqGSIb3DQEBCwUAA4IBAQBR
ZefeKRG+3ZvSfRJryRRRPr2aXKbwmM27w17s24sbAI5suOjojx8y+r9c6jxK5Xzz
3mm9Xrg9xU9EQvIgU5LCQBqWCNoEBEdKYPBnMBKUz4cIAPWzwGAc0xE12AQ+FAGy
Np1H9geisN47ngIf7PJ+CbT1W9a5XchiMf8FWkCPWKLRJ7nTatk2MEecr3XMg/Af
GD4PgBSJVZbPQsK9OWd6bln2KLgbLkhxXiqFv5F3ez+9suz9v0jC83eA0YYpnlfl
l1h3Gk+UUD4nqSOztf7y2bgIn5Z7TFNwQ9njI3bn99F0ksjFF89ftHdCiViI0BmK
dxYt1UJhryeYqB4n+UqD
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:20:08 2026 by rpki-client