Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9mFtouQrbdZduIKZC0JyNIEwsfY.roa
File:                     9mFtouQrbdZduIKZC0JyNIEwsfY.roa (raw, json)
Hash identifier:          H8YSYsD6yvcu9glg7ExXo5rfMMxd1iWcBF+mAWvlQto=
Subject key identifier:   F6:61:6D:A2:E4:2B:6D:D6:5D:B8:82:99:0B:42:72:34:81:30:B1:F6
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368E427C46D54C11E99C9628A5DC572
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9mFtouQrbdZduIKZC0JyNIEwsfY.roa
Signing time:             Thu 02 Jul 2026 15:18:24 +0000
ROA not before:           Thu 02 Jul 2026 15:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204044
IP address blocks:        213.210.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:e4:27:c4:6d:54:c1:1e:99:c9:62:8a:5d:c5:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f6616da2e42b6dd65db882990b4272348130b1f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:93:dd:c8:1c:03:9a:ea:6c:f4:d0:39:f9:f9:
                    4c:d3:12:6a:88:ce:cd:34:67:3d:c7:c3:d4:5d:47:
                    d7:22:48:50:87:ca:f3:e7:8a:2a:4e:50:31:41:f7:
                    c3:e2:a5:2b:a4:5a:23:c0:b4:44:2d:15:4c:55:54:
                    9f:fc:bd:70:fa:0b:50:aa:72:1f:5d:9c:01:5f:22:
                    f4:7e:30:a9:5e:a5:56:4f:5d:04:b7:39:05:19:9e:
                    68:c6:f5:50:32:60:e2:8d:11:af:43:59:fd:1c:c8:
                    e3:10:f4:ff:d1:e0:ff:89:0d:55:33:32:b4:97:cb:
                    1b:20:29:51:7a:c0:76:8c:25:78:58:55:1e:4b:fc:
                    36:6a:d8:97:c2:11:db:81:75:b6:8b:7e:6c:52:af:
                    a8:7d:83:02:f0:f8:02:7d:f8:43:d4:88:ab:7d:7c:
                    16:58:a9:30:90:a9:f7:d4:b3:6d:7c:f4:65:0c:91:
                    86:e0:88:4e:e8:1f:74:0c:f4:ad:f7:66:fc:56:50:
                    97:a0:86:61:51:68:6e:45:1c:7c:0c:7b:c5:1f:06:
                    5b:0d:5f:35:e4:62:1d:95:a0:1e:03:08:1f:fc:61:
                    8a:43:f9:7f:89:db:6c:19:4f:a9:f5:14:10:ec:8d:
                    94:71:9d:de:59:50:5b:47:0d:71:99:b5:e8:0f:64:
                    be:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:61:6D:A2:E4:2B:6D:D6:5D:B8:82:99:0B:42:72:34:81:30:B1:F6
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9mFtouQrbdZduIKZC0JyNIEwsfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:fe:03:c6:b4:5f:a1:fa:36:bf:1b:98:84:ee:c7:fe:9b:45:
         ad:90:3f:c4:08:98:aa:f5:24:f6:11:e1:88:6d:fd:1e:d2:e1:
         4d:f7:9e:7a:fc:f1:60:de:bc:d4:0b:fc:8b:72:9a:dc:6a:1b:
         a9:c9:44:87:25:68:5b:90:09:55:87:0e:16:b0:87:75:d4:24:
         05:62:ef:d5:d0:64:6f:a6:11:e1:c7:87:0b:3e:22:d9:07:90:
         d2:f7:4f:18:e0:83:5a:7b:cc:20:60:4e:8b:0c:7b:49:19:3b:
         c8:74:4d:49:c6:21:35:06:a3:28:af:40:a1:9e:78:7e:ee:59:
         ea:98:9a:39:fe:f1:35:63:c6:29:de:87:72:71:65:78:79:f0:
         b3:c4:12:b6:76:62:c4:5c:b4:1e:f2:af:7d:ea:86:4c:d0:95:
         08:db:60:f8:eb:20:ed:c0:a5:3d:de:8a:fe:cf:7b:f4:67:58:
         3c:81:a6:ca:26:c0:e7:6b:ae:b9:3a:97:df:89:7f:bb:2a:32:
         32:ff:96:bf:32:0a:f0:07:0e:ac:1a:ea:75:39:fe:64:33:17:
         72:b9:de:8f:33:83:8b:91:92:e0:90:46:e9:64:c7:37:53:61:
         a3:66:1e:3d:2f:46:2d:a7:40:65:3f:35:fa:7a:f0:16:8b:97:
         b1:a3:cf:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaOQnxG1UwR6ZyWKKXcVyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjYxNmRhMmU0MmI2ZGQ2NWRiODgyOTkwYjQyNzIzNDgxMzBiMWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pPdyBwDmups9NA5+flM0xJqiM7N
NGc9x8PUXUfXIkhQh8rz54oqTlAxQffD4qUrpFojwLRELRVMVVSf/L1w+gtQqnIf
XZwBXyL0fjCpXqVWT10EtzkFGZ5oxvVQMmDijRGvQ1n9HMjjEPT/0eD/iQ1VMzK0
l8sbIClResB2jCV4WFUeS/w2atiXwhHbgXW2i35sUq+ofYMC8PgCffhD1IirfXwW
WKkwkKn31LNtfPRlDJGG4IhO6B90DPSt92b8VlCXoIZhUWhuRRx8DHvFHwZbDV81
5GIdlaAeAwgf/GGKQ/l/idtsGU+p9RQQ7I2UcZ3eWVBbRw1xmbXoD2S+BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZhbaLkK23WXbiCmQtCcjSBMLH2MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOW1GdG91UXJiZFpkdUlLWkMwSnlOSUV3c2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dI6MA0G
CSqGSIb3DQEBCwUAA4IBAQAx/gPGtF+h+ja/G5iE7sf+m0WtkD/ECJiq9ST2EeGI
bf0e0uFN9556/PFg3rzUC/yLcprcahupyUSHJWhbkAlVhw4WsId11CQFYu/V0GRv
phHhx4cLPiLZB5DS908Y4INae8wgYE6LDHtJGTvIdE1JxiE1BqMor0Chnnh+7lnq
mJo5/vE1Y8Yp3odycWV4efCzxBK2dmLEXLQe8q996oZM0JUI22D46yDtwKU93or+
z3v0Z1g8gabKJsDna665OpffiX+7KjIy/5a/MgrwBw6sGup1Of5kMxdyud6PM4OL
kZLgkEbpZMc3U2GjZh49L0Ytp0BlPzX6evAWi5exo8+q
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:40 2026 by rpki-client