Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FCsrCopaW0B9htwkDeOkUZSz_kI.roa
File:                     FCsrCopaW0B9htwkDeOkUZSz_kI.roa (raw, json)
Hash identifier:          8NXrHpNl/COJzSp3fKq1eyp0oe1RcfPE/ABu9H2XPsQ=
Subject key identifier:   14:2B:2B:0A:8A:5A:5B:40:7D:86:DC:24:0D:E3:A4:51:94:B3:FE:42
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2369013CEFC42102C35A1385A31C70B3
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FCsrCopaW0B9htwkDeOkUZSz_kI.roa
Signing time:             Thu 02 Jul 2026 15:18:31 +0000
ROA not before:           Thu 02 Jul 2026 15:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213607
IP address blocks:        81.168.8.0/24 maxlen: 24
                          81.168.9.0/24 maxlen: 24
                          81.168.11.0/24 maxlen: 24
                          81.168.16.0/24 maxlen: 24
                          81.168.29.0/24 maxlen: 24
                          81.168.85.0/24 maxlen: 24
                          81.168.101.0/24 maxlen: 24
                          82.153.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:01:3c:ef:c4:21:02:c3:5a:13:85:a3:1c:70:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=142b2b0a8a5a5b407d86dc240de3a45194b3fe42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6a:10:df:24:4b:02:a8:b0:02:44:aa:4e:9a:
                    eb:17:ae:da:26:c7:03:6c:56:60:84:f8:06:a5:83:
                    31:07:4c:bc:8f:6e:0f:c1:a8:ab:cf:8f:9e:b9:7b:
                    13:93:e9:7b:ab:4c:c2:6a:c8:9a:5f:2d:4b:37:04:
                    0b:36:99:90:bc:bf:f3:a5:95:43:16:4d:8a:15:73:
                    90:49:84:58:28:dd:ff:30:17:10:61:27:fd:36:b5:
                    56:ff:0f:90:03:25:ea:bc:67:7a:f3:64:65:62:53:
                    1a:c2:fc:3a:bc:b6:d5:1f:e3:92:27:36:eb:3c:22:
                    be:9d:11:78:dd:93:f0:b2:35:ed:99:45:cf:15:50:
                    ff:2c:8f:fd:13:a0:cb:86:42:39:1b:b4:ba:42:d6:
                    2f:d1:3e:57:69:76:21:4e:d3:f6:58:42:fc:4d:36:
                    56:48:69:10:dd:03:21:87:ad:5b:a2:24:94:25:a0:
                    59:b1:56:83:b4:5d:2d:16:19:ce:15:7b:8a:73:41:
                    f5:4a:9d:61:bc:b4:7d:d0:0b:3c:d4:2a:59:a0:82:
                    49:d5:99:c7:0e:c9:07:03:54:db:ab:fc:e5:d4:0a:
                    57:09:52:44:29:11:8c:dc:4b:8d:3d:54:9b:56:cf:
                    43:89:3c:2f:bc:b6:d6:f1:f8:e8:f6:5a:a6:f6:0e:
                    ce:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:2B:2B:0A:8A:5A:5B:40:7D:86:DC:24:0D:E3:A4:51:94:B3:FE:42
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FCsrCopaW0B9htwkDeOkUZSz_kI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.8.0/23
                  81.168.11.0/24
                  81.168.16.0/24
                  81.168.29.0/24
                  81.168.85.0/24
                  81.168.101.0/24
                  82.153.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:f3:57:56:e2:2e:72:bb:57:72:f6:eb:50:6c:f8:19:81:a7:
         3d:bf:76:6c:24:d4:01:3e:ce:e1:2e:71:9e:e4:f8:08:ed:e2:
         ae:0e:5d:a9:7b:2d:67:01:df:00:38:d5:e9:7f:2c:f5:9e:c2:
         d4:61:79:0c:2b:45:a5:c0:30:7b:b7:44:c8:e1:1b:73:53:9e:
         91:97:23:52:96:e4:ca:01:16:8b:54:37:be:56:b2:2a:31:04:
         48:64:09:86:15:b4:bc:6b:44:ef:8d:63:ad:3b:9c:05:84:2f:
         ba:22:1e:0c:94:b7:74:9b:57:51:2c:81:f1:d9:c6:fc:39:bc:
         cb:4a:dc:be:11:85:42:72:dd:e0:30:18:0c:0f:c0:92:87:a9:
         41:2b:0f:30:87:52:b7:d5:4f:2f:26:1e:c8:f9:07:91:43:03:
         06:81:1d:64:92:d7:61:91:35:a6:7e:f3:d5:f6:d6:30:db:9d:
         1d:6a:b9:95:e9:f4:3b:e9:6b:2a:52:a0:84:28:c9:be:72:c7:
         68:da:66:e5:b7:18:db:c1:6d:a1:92:b2:ad:cc:e9:60:21:ce:
         a9:fd:d6:60:f9:71:cb:be:7a:d8:06:a6:65:57:e6:18:8c:bd:
         0b:8e:f7:c1:cf:00:95:06:7c:f5:2b:e7:5d:15:f2:e7:a8:4a:
         e7:2a:cd:92
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZ8jaQE878QhAsNaE4WjHHCzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDJiMmIwYThhNWE1YjQwN2Q4NmRjMjQwZGUzYTQ1MTk0YjNmZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWoQ3yRLAqiwAkSqTprrF67aJscD
bFZghPgGpYMxB0y8j24Pwairz4+euXsTk+l7q0zCasiaXy1LNwQLNpmQvL/zpZVD
Fk2KFXOQSYRYKN3/MBcQYSf9NrVW/w+QAyXqvGd682RlYlMawvw6vLbVH+OSJzbr
PCK+nRF43ZPwsjXtmUXPFVD/LI/9E6DLhkI5G7S6QtYv0T5XaXYhTtP2WEL8TTZW
SGkQ3QMhh61boiSUJaBZsVaDtF0tFhnOFXuKc0H1Sp1hvLR90As81CpZoIJJ1ZnH
DskHA1Tbq/zl1ApXCVJEKRGM3EuNPVSbVs9DiTwvvLbW8fjo9lqm9g7OZQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFBQrKwqKWltAfYbcJA3jpFGUs/5CMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRkNzckNvcGFXMEI5aHR3a0RlT2tVWlN6X2tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBUagIAwQA
UagLAwQAUagQAwQAUagdAwQAUahVAwQAUahlAwQAUpnsMA0GCSqGSIb3DQEBCwUA
A4IBAQAW81dW4i5yu1dy9utQbPgZgac9v3ZsJNQBPs7hLnGe5PgI7eKuDl2pey1n
Ad8AONXpfyz1nsLUYXkMK0WlwDB7t0TI4RtzU56RlyNSluTKARaLVDe+VrIqMQRI
ZAmGFbS8a0TvjWOtO5wFhC+6Ih4MlLd0m1dRLIHx2cb8ObzLSty+EYVCct3gMBgM
D8CSh6lBKw8wh1K31U8vJh7I+QeRQwMGgR1kktdhkTWmfvPV9tYw250darmV6fQ7
6WsqUqCEKMm+csdo2mbltxjbwW2hkrKtzOlgIc6p/dZg+XHLvnrYBqZlV+YYjL0L
jvfBzwCVBnz1K+ddFfLnqErnKs2S
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:37 2026 by rpki-client