Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9b8ZRKcZzgePput14049L3B4UW4.roa
File:                     9b8ZRKcZzgePput14049L3B4UW4.roa (raw, json)
Hash identifier:          0q5jUkaObe0xkQese9WjXD4anUSvUAoLqa+T/pK8Xio=
Subject key identifier:   F5:BF:19:44:A7:19:CE:07:8F:A6:EB:75:E3:4E:3D:2F:70:78:51:6E
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368F553BBFCB24C0EBA0EDEA7ACDFCA
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9b8ZRKcZzgePput14049L3B4UW4.roa
Signing time:             Thu 02 Jul 2026 15:18:28 +0000
ROA not before:           Thu 02 Jul 2026 15:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211936
IP address blocks:        82.153.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:f5:53:bb:fc:b2:4c:0e:ba:0e:de:a7:ac:df:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5bf1944a719ce078fa6eb75e34e3d2f7078516e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d4:9e:4e:e9:92:c7:7f:a9:0c:d9:45:f8:29:
                    8e:64:98:48:9a:fc:4e:b2:00:cf:91:b0:62:3f:c1:
                    09:60:27:f9:1f:78:5b:30:3e:9a:25:9e:7b:72:8c:
                    e9:11:3e:62:30:6f:43:af:27:21:95:93:cb:ec:2d:
                    db:c4:49:6c:e0:bd:f4:3f:a1:d6:cd:92:a4:72:96:
                    77:e8:7d:73:4c:98:f3:26:a9:aa:26:e8:99:2d:d1:
                    4d:13:16:d3:63:19:3b:2e:ac:be:0c:28:07:f5:69:
                    f5:12:89:cc:e8:9f:a3:9c:60:60:95:55:db:00:4c:
                    07:e1:ae:d7:b3:23:ee:8c:c1:25:fe:dc:2c:5f:8f:
                    c2:bb:21:e5:a6:de:fc:cc:3f:c3:48:ca:62:08:3a:
                    3d:ee:b0:43:fe:c4:ee:f0:9c:b9:f9:87:53:5d:eb:
                    90:4f:0e:68:bd:87:fa:95:a3:33:de:30:7c:17:dc:
                    84:4a:6b:48:b4:f6:86:6f:53:8b:76:05:4a:37:65:
                    4f:bf:92:96:77:29:08:5b:77:25:87:57:03:5b:04:
                    f7:53:4f:2b:18:01:74:72:8f:07:5c:0e:98:e4:94:
                    61:15:a5:18:5c:23:06:71:41:11:b8:38:ac:33:5e:
                    c3:3c:7f:cb:37:9d:f3:a1:b5:03:a9:4d:7d:a3:8d:
                    a9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:BF:19:44:A7:19:CE:07:8F:A6:EB:75:E3:4E:3D:2F:70:78:51:6E
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9b8ZRKcZzgePput14049L3B4UW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:39:49:00:8f:db:59:52:c5:4e:f1:ff:b7:c3:f1:19:5d:16:
         c6:52:5d:b6:46:80:89:46:3e:2a:9c:28:77:d8:e9:2c:af:9a:
         c0:63:9b:1e:2f:da:c8:f4:cf:41:c0:4b:55:a2:a2:f3:0e:cd:
         fb:42:8f:6c:ba:c9:9b:a5:f4:f5:dc:6f:0d:13:b2:2b:d3:29:
         d1:33:43:fd:08:8b:a7:61:07:38:ee:d2:4c:67:e7:45:63:1a:
         64:56:3f:a2:df:4c:5e:09:fc:97:34:d3:85:c4:5a:82:af:e9:
         56:cf:4b:2c:4b:1c:e8:c5:d6:2e:cc:d7:48:6a:7b:99:cb:5e:
         ef:c4:5e:ac:02:47:d4:b3:5c:f6:d5:b9:e7:fb:06:82:e7:e3:
         5e:78:ea:f7:e2:5d:99:80:7e:b5:23:7c:8e:d8:a4:b3:23:7a:
         69:38:23:94:0f:8c:50:2b:67:5e:67:9e:1f:ea:1b:7e:94:fb:
         29:bf:0b:de:cc:01:c2:b8:c8:eb:59:b4:05:00:41:1f:a4:8e:
         83:ba:9d:b7:c9:1f:8a:ab:49:5c:e7:1a:b5:47:51:5a:43:fb:
         1c:dd:17:26:c0:c6:7c:5c:47:a7:e0:0a:0c:1e:1f:03:be:4b:
         52:d5:52:d7:79:f0:76:e1:58:ee:95:c9:58:5c:78:10:86:7b:
         52:8f:7a:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaPVTu/yyTA66Dt6nrN/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWJmMTk0NGE3MTljZTA3OGZhNmViNzVlMzRlM2QyZjcwNzg1MTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dSeTumSx3+pDNlF+CmOZJhImvxO
sgDPkbBiP8EJYCf5H3hbMD6aJZ57cozpET5iMG9DrychlZPL7C3bxEls4L30P6HW
zZKkcpZ36H1zTJjzJqmqJuiZLdFNExbTYxk7Lqy+DCgH9Wn1EonM6J+jnGBglVXb
AEwH4a7XsyPujMEl/twsX4/CuyHlpt78zD/DSMpiCDo97rBD/sTu8Jy5+YdTXeuQ
Tw5ovYf6laMz3jB8F9yESmtItPaGb1OLdgVKN2VPv5KWdykIW3clh1cDWwT3U08r
GAF0co8HXA6Y5JRhFaUYXCMGcUERuDisM17DPH/LN53zobUDqU19o42p0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPW/GUSnGc4Hj6brdeNOPS9weFFuMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOWI4WlJLY1p6Z2VQcHV0MTQwNDlMM0I0VVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpkgMA0G
CSqGSIb3DQEBCwUAA4IBAQA/OUkAj9tZUsVO8f+3w/EZXRbGUl22RoCJRj4qnCh3
2Oksr5rAY5seL9rI9M9BwEtVoqLzDs37Qo9susmbpfT13G8NE7Ir0ynRM0P9CIun
YQc47tJMZ+dFYxpkVj+i30xeCfyXNNOFxFqCr+lWz0ssSxzoxdYuzNdIanuZy17v
xF6sAkfUs1z21bnn+waC5+NeeOr34l2ZgH61I3yO2KSzI3ppOCOUD4xQK2deZ54f
6ht+lPspvwvezAHCuMjrWbQFAEEfpI6Dup23yR+Kq0lc5xq1R1FaQ/sc3RcmwMZ8
XEen4AoMHh8DvktS1VLXefB24VjulclYXHgQhntSj3ob
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:52 2026 by rpki-client