Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Eb9v4x3a_P067vpX67DfxN0dMNY.roa
File:                     Eb9v4x3a_P067vpX67DfxN0dMNY.roa (raw, json)
Hash identifier:          tTpDaCefQmFgMw7SAwDC/V/1C8MC1pZGBhCeuOoGhyA=
Subject key identifier:   11:BF:6F:E3:1D:DA:FC:FD:3A:EE:FA:57:EB:B0:DF:C4:DD:1D:30:D6
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368FF8E4AFD98D07BB6D489DF10BD1D
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Eb9v4x3a_P067vpX67DfxN0dMNY.roa
Signing time:             Thu 02 Jul 2026 15:18:31 +0000
ROA not before:           Thu 02 Jul 2026 15:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213426
IP address blocks:        82.153.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:ff:8e:4a:fd:98:d0:7b:b6:d4:89:df:10:bd:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=11bf6fe31ddafcfd3aeefa57ebb0dfc4dd1d30d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:82:b7:79:82:e5:ff:38:4a:fd:fd:17:aa:ba:
                    40:73:07:34:f1:a5:e5:24:32:63:32:88:d9:ac:82:
                    f8:41:1e:21:53:91:f1:0a:52:ea:bc:17:ec:12:48:
                    be:f1:1d:38:01:ca:6f:47:b4:60:af:de:2f:84:6b:
                    61:e7:77:54:d2:78:4f:c7:2b:dd:70:be:df:a7:be:
                    6f:ac:04:a4:d2:71:e7:aa:2c:f8:9b:5d:18:af:b9:
                    ae:fb:5c:0f:1f:e6:a7:64:e1:0c:ab:5e:8c:88:89:
                    00:3c:6a:6e:55:48:d3:66:47:9a:b8:62:93:ae:62:
                    fa:d6:44:c8:ab:08:ce:3c:9b:b0:ae:f1:0a:4b:ab:
                    87:cf:d8:f7:96:64:32:a4:d2:48:47:46:7f:de:a1:
                    54:61:89:e6:c3:fe:0f:7d:d7:fa:36:e2:25:ac:a7:
                    c5:92:b3:f6:58:aa:56:8c:77:04:6a:81:07:13:76:
                    c4:55:d8:33:46:46:e7:10:60:a2:0a:f6:b2:a7:1e:
                    17:db:88:0f:3f:26:54:4d:e7:07:9c:94:2e:65:f5:
                    ae:cd:0c:15:75:bf:b8:00:68:37:37:04:d1:8e:a0:
                    1d:f2:b6:c6:1f:0e:7c:2c:df:c7:f2:00:9b:91:9f:
                    eb:b0:00:75:85:30:99:61:76:d4:44:34:13:c5:3a:
                    23:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:BF:6F:E3:1D:DA:FC:FD:3A:EE:FA:57:EB:B0:DF:C4:DD:1D:30:D6
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Eb9v4x3a_P067vpX67DfxN0dMNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:74:02:09:46:fe:1e:de:fa:8f:cc:27:48:a4:d1:ca:3f:c7:
         14:88:c8:a5:f8:5f:9b:21:2f:b6:4d:5c:41:7b:96:dd:ee:1f:
         47:98:bd:c6:50:68:cd:80:c5:e7:b4:ef:41:d5:3f:9d:af:d2:
         ce:70:4b:f2:f1:48:5e:7a:a1:b3:03:dc:00:91:48:fe:69:18:
         51:14:f9:90:19:19:65:71:6e:dc:bd:6e:a1:13:fe:34:71:24:
         2b:35:c1:40:5c:4b:a4:e7:0d:f2:8c:98:83:2c:98:4e:52:95:
         74:23:5c:2a:a8:0b:ea:4f:49:f8:7e:88:c2:5f:bc:cd:be:0b:
         dd:fa:ef:9e:15:a7:30:d0:16:99:a7:b9:15:9c:28:46:78:70:
         e0:e5:15:cc:08:0a:77:ea:e2:2c:14:35:0b:34:29:20:65:90:
         db:2f:07:d0:aa:75:ed:f4:40:c1:0a:e9:8b:de:e3:d2:61:61:
         1d:9c:5b:77:ef:7c:95:a6:fe:94:20:70:01:3e:16:7d:79:8a:
         b9:b0:93:57:63:78:38:f4:3b:81:b9:7c:21:cb:44:4d:f0:33:
         5c:dc:e6:db:2f:f3:2e:b2:5d:62:aa:00:bd:35:25:b5:d2:d2:
         65:d0:d8:e6:ed:56:d6:0c:d8:ef:ef:96:00:62:65:b2:cc:e3:
         5f:75:35:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaP+OSv2Y0Hu21InfEL0dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWJmNmZlMzFkZGFmY2ZkM2FlZWZhNTdlYmIwZGZjNGRkMWQzMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoK3eYLl/zhK/f0XqrpAcwc08aXl
JDJjMojZrIL4QR4hU5HxClLqvBfsEki+8R04AcpvR7Rgr94vhGth53dU0nhPxyvd
cL7fp75vrASk0nHnqiz4m10Yr7mu+1wPH+anZOEMq16MiIkAPGpuVUjTZkeauGKT
rmL61kTIqwjOPJuwrvEKS6uHz9j3lmQypNJIR0Z/3qFUYYnmw/4Pfdf6NuIlrKfF
krP2WKpWjHcEaoEHE3bEVdgzRkbnEGCiCvaypx4X24gPPyZUTecHnJQuZfWuzQwV
db+4AGg3NwTRjqAd8rbGHw58LN/H8gCbkZ/rsAB1hTCZYXbURDQTxTojkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBG/b+Md2vz9Ou76V+uw38TdHTDWMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRWI5djR4M2FfUDA2N3ZwWDY3RGZ4TjBkTU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnhMA0G
CSqGSIb3DQEBCwUAA4IBAQAkdAIJRv4e3vqPzCdIpNHKP8cUiMil+F+bIS+2TVxB
e5bd7h9HmL3GUGjNgMXntO9B1T+dr9LOcEvy8UheeqGzA9wAkUj+aRhRFPmQGRll
cW7cvW6hE/40cSQrNcFAXEuk5w3yjJiDLJhOUpV0I1wqqAvqT0n4fojCX7zNvgvd
+u+eFacw0BaZp7kVnChGeHDg5RXMCAp36uIsFDULNCkgZZDbLwfQqnXt9EDBCumL
3uPSYWEdnFt373yVpv6UIHABPhZ9eYq5sJNXY3g49DuBuXwhy0RN8DNc3ObbL/Mu
sl1iqgC9NSW10tJl0Njm7VbWDNjv75YAYmWyzONfdTU6
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:18:33 2026 by rpki-client