Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Cx-cc1MNf4_Z-iMnJGghRu46KVY.roa
File:                     Cx-cc1MNf4_Z-iMnJGghRu46KVY.roa (raw, json)
Hash identifier:          WZTez8d0b/R3Hwrbb06aJYpZBZ88fOIiMPMTaxoesCY=
Subject key identifier:   0B:1F:9C:73:53:0D:7F:8F:D9:FA:23:27:24:68:21:46:EE:3A:29:56
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2369181B0D41BAFB2F778671A41B3398
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Cx-cc1MNf4_Z-iMnJGghRu46KVY.roa
Signing time:             Thu 02 Jul 2026 15:18:37 +0000
ROA not before:           Thu 02 Jul 2026 15:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     262725
IP address blocks:        89.213.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:18:1b:0d:41:ba:fb:2f:77:86:71:a4:1b:33:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b1f9c73530d7f8fd9fa232724682146ee3a2956
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:08:84:c4:da:7d:ea:67:7f:8b:61:36:36:8b:
                    87:0e:2a:08:90:36:ab:16:b5:2b:31:c4:f2:b4:98:
                    3e:48:ad:73:06:e9:a7:1e:89:cd:8a:a5:30:bf:a3:
                    ea:76:8c:d8:f0:dc:0d:ad:ee:0e:a3:d1:ba:82:2b:
                    a7:2b:5c:75:be:a5:b1:b3:42:ca:b0:0f:40:38:da:
                    9b:16:1f:cc:7a:d5:bb:a9:d3:fb:4f:93:f8:fc:01:
                    00:17:3f:ae:7a:d0:cf:d6:e2:aa:cd:ad:d0:64:ed:
                    13:89:c8:4e:e1:47:29:72:c0:4f:bc:ed:03:d5:dd:
                    d5:b2:cf:f2:a9:42:df:c0:39:3f:ac:0f:f9:36:69:
                    7f:ab:96:97:a4:df:34:92:0a:c8:10:f1:d2:24:be:
                    43:c2:00:15:c6:44:ff:92:68:da:b8:27:4c:1f:39:
                    26:61:c6:ec:b6:5d:88:1d:8f:1c:9f:b6:79:89:03:
                    e9:68:63:b2:d5:1b:f5:cd:d0:f4:7f:6f:43:b2:3d:
                    98:88:f1:b6:64:3d:a0:7d:18:aa:46:ec:9e:bc:59:
                    34:0e:e5:53:da:c5:c5:40:d9:b8:b0:fe:0a:f2:a7:
                    aa:64:f7:8f:02:df:b4:d0:98:b7:04:24:24:5f:38:
                    48:f0:14:71:6c:1b:de:8d:15:9a:de:a2:93:c6:6c:
                    64:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:1F:9C:73:53:0D:7F:8F:D9:FA:23:27:24:68:21:46:EE:3A:29:56
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Cx-cc1MNf4_Z-iMnJGghRu46KVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:e4:e4:a0:42:d4:43:5a:25:a6:8b:4c:63:13:1d:10:ab:e9:
         5d:45:36:d2:7d:00:c9:7c:47:4d:3f:7f:29:89:15:b8:4f:80:
         72:bc:00:4d:32:f8:3e:e1:66:ee:78:78:ca:53:ca:b7:87:2d:
         92:68:ce:46:e3:cf:64:c4:9f:2f:a8:82:2d:47:ea:47:53:73:
         ae:c2:a7:ca:b9:6e:c6:3c:84:4f:e3:ac:4e:50:eb:7e:0e:ae:
         63:85:93:22:19:99:90:7b:7a:31:cc:b3:8e:a5:41:7c:67:6e:
         62:31:db:f5:fd:79:ce:b7:e8:cc:66:a1:df:4a:f8:eb:96:26:
         8d:28:d9:6d:83:bb:0d:04:16:42:6d:24:7b:f9:11:80:73:da:
         b4:31:32:8b:ea:a0:87:26:88:72:5b:a3:4f:b5:34:90:7b:3b:
         9e:0c:38:c0:12:d3:36:cf:b0:c6:cd:3c:1c:6b:1d:ac:e2:54:
         74:5b:be:05:6f:3f:28:ec:99:78:92:15:3a:5b:3d:27:07:bf:
         2e:b5:15:d3:f7:2d:d3:dd:5d:51:e9:c1:93:df:21:7d:ef:ee:
         fc:24:d8:fb:4a:5b:c5:54:54:01:9c:24:34:23:de:7c:0f:f5:
         31:db:54:de:18:84:e2:8d:77:5c:29:fa:80:35:11:00:12:1d:
         d7:b1:3d:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaRgbDUG6+y93hnGkGzOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjFmOWM3MzUzMGQ3ZjhmZDlmYTIzMjcyNDY4MjE0NmVlM2EyOTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwiExNp96md/i2E2NouHDioIkDar
FrUrMcTytJg+SK1zBumnHonNiqUwv6PqdozY8NwNre4Oo9G6giunK1x1vqWxs0LK
sA9AONqbFh/MetW7qdP7T5P4/AEAFz+uetDP1uKqza3QZO0TichO4UcpcsBPvO0D
1d3Vss/yqULfwDk/rA/5Nml/q5aXpN80kgrIEPHSJL5DwgAVxkT/kmjauCdMHzkm
Ycbstl2IHY8cn7Z5iQPpaGOy1Rv1zdD0f29Dsj2YiPG2ZD2gfRiqRuyevFk0DuVT
2sXFQNm4sP4K8qeqZPePAt+00Ji3BCQkXzhI8BRxbBvejRWa3qKTxmxkpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsfnHNTDX+P2fojJyRoIUbuOilWMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ3gtY2MxTU5mNF9aLWlNbkpHZ2hSdTQ2S1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUpMA0G
CSqGSIb3DQEBCwUAA4IBAQAh5OSgQtRDWiWmi0xjEx0Qq+ldRTbSfQDJfEdNP38p
iRW4T4ByvABNMvg+4WbueHjKU8q3hy2SaM5G489kxJ8vqIItR+pHU3OuwqfKuW7G
PIRP46xOUOt+Dq5jhZMiGZmQe3oxzLOOpUF8Z25iMdv1/XnOt+jMZqHfSvjrliaN
KNltg7sNBBZCbSR7+RGAc9q0MTKL6qCHJohyW6NPtTSQezueDDjAEtM2z7DGzTwc
ax2s4lR0W74Fbz8o7Jl4khU6Wz0nB78utRXT9y3T3V1R6cGT3yF97+78JNj7SlvF
VFQBnCQ0I958D/Ux21TeGITijXdcKfqANREAEh3XsT1b
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:12 2026 by rpki-client