Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FaNFZy9ku_UDpS0K8v90rh97UWY.roa
File:                     FaNFZy9ku_UDpS0K8v90rh97UWY.roa (raw, json)
Hash identifier:          erJ0y1IWFF+bc1QgYqPjpz7ly48HhTf1XI4rwQ+71AM=
Subject key identifier:   15:A3:45:67:2F:64:BB:F5:03:A5:2D:0A:F2:FF:74:AE:1F:7B:51:66
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368B58FAFEE5512421B7D31FB1C39A2
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FaNFZy9ku_UDpS0K8v90rh97UWY.roa
Signing time:             Thu 02 Jul 2026 15:18:12 +0000
ROA not before:           Thu 02 Jul 2026 15:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        82.152.57.0/24 maxlen: 24
                          82.152.58.0/24 maxlen: 24
                          82.152.73.0/24 maxlen: 24
                          82.152.75.0/24 maxlen: 24
                          82.152.76.0/23 maxlen: 24
                          82.152.79.0/24 maxlen: 24
                          82.152.86.0/23 maxlen: 24
                          82.152.88.0/24 maxlen: 24
                          82.152.109.0/24 maxlen: 24
                          82.152.226.0/24 maxlen: 24
                          82.152.240.0/24 maxlen: 24
                          82.152.243.0/24 maxlen: 24
                          82.153.38.0/24 maxlen: 24
                          82.153.56.0/24 maxlen: 24
                          82.153.61.0/24 maxlen: 24
                          82.153.79.0/24 maxlen: 24
                          82.153.83.0/24 maxlen: 24
                          82.153.84.0/24 maxlen: 24
                          82.153.132.0/24 maxlen: 24
                          82.153.186.0/24 maxlen: 24
                          82.153.201.0/24 maxlen: 24
                          82.153.239.0/24 maxlen: 24
                          89.213.98.0/24 maxlen: 24
                          89.213.232.0/23 maxlen: 24
                          89.213.234.0/23 maxlen: 24
                          89.213.236.0/23 maxlen: 24
                          109.176.27.0/24 maxlen: 24
                          109.176.32.0/21 maxlen: 24
                          109.176.40.0/21 maxlen: 24
                          109.176.48.0/21 maxlen: 24
                          109.176.56.0/21 maxlen: 24
                          109.176.235.0/24 maxlen: 24
                          109.176.247.0/24 maxlen: 24
                          109.176.251.0/24 maxlen: 24
                          213.130.130.0/24 maxlen: 24
                          213.130.149.0/24 maxlen: 24
                          213.218.214.0/24 maxlen: 24
                          213.218.231.0/24 maxlen: 24
                          213.218.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:b5:8f:af:ee:55:12:42:1b:7d:31:fb:1c:39:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15a345672f64bbf503a52d0af2ff74ae1f7b5166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:00:41:a3:68:cf:af:33:27:2c:da:5a:21:86:
                    fa:5a:f2:c9:33:7b:30:13:0a:22:21:63:4d:34:0f:
                    fa:1e:39:0a:fd:9d:0a:e6:3c:27:e1:23:ed:ec:d6:
                    5e:60:72:e9:fd:51:5f:47:fb:db:1e:dd:2f:b9:bb:
                    8e:0e:8e:43:1d:19:f7:d4:74:b5:f5:fb:6b:a4:36:
                    62:5c:1d:33:3a:fd:aa:2e:2b:db:23:1a:78:ac:59:
                    1a:68:0e:7b:f5:ae:84:c8:76:37:5e:b2:c7:24:51:
                    fb:ff:7b:ec:3b:14:91:92:46:de:56:21:70:6b:28:
                    af:84:7c:a3:2a:15:05:1e:ef:ce:85:6e:91:d1:10:
                    3c:6c:34:f1:30:a8:0d:70:4d:cb:5b:50:9c:7a:08:
                    ee:00:ba:4f:0a:bb:d9:97:7b:a3:e8:31:76:19:14:
                    d8:50:5f:55:46:2a:c0:50:77:73:0c:07:a1:78:dc:
                    7f:c0:b1:ba:ea:5b:e8:89:d2:48:ef:ca:a9:4b:a5:
                    73:f9:38:eb:7a:86:db:73:09:ca:bf:bc:46:40:c3:
                    90:55:b3:db:c2:07:84:c0:58:cc:ef:53:03:3d:e6:
                    bd:52:83:2f:b2:3c:54:92:7c:9f:65:83:55:d7:e5:
                    c6:71:7f:82:e4:f2:51:2f:7d:31:4e:3b:13:76:da:
                    04:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A3:45:67:2F:64:BB:F5:03:A5:2D:0A:F2:FF:74:AE:1F:7B:51:66
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FaNFZy9ku_UDpS0K8v90rh97UWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.57.0-82.152.58.255
                  82.152.73.0/24
                  82.152.75.0-82.152.77.255
                  82.152.79.0/24
                  82.152.86.0-82.152.88.255
                  82.152.109.0/24
                  82.152.226.0/24
                  82.152.240.0/24
                  82.152.243.0/24
                  82.153.38.0/24
                  82.153.56.0/24
                  82.153.61.0/24
                  82.153.79.0/24
                  82.153.83.0-82.153.84.255
                  82.153.132.0/24
                  82.153.186.0/24
                  82.153.201.0/24
                  82.153.239.0/24
                  89.213.98.0/24
                  89.213.232.0-89.213.237.255
                  109.176.27.0/24
                  109.176.32.0/19
                  109.176.235.0/24
                  109.176.247.0/24
                  109.176.251.0/24
                  213.130.130.0/24
                  213.130.149.0/24
                  213.218.214.0/24
                  213.218.231.0-213.218.232.255

    Signature Algorithm: sha256WithRSAEncryption
         33:d7:0f:28:97:d4:3e:eb:3b:cd:aa:18:bb:37:2e:6b:a2:b1:
         a1:f3:48:b7:9f:c4:bc:d5:6c:a1:a1:23:b6:5b:04:21:e5:07:
         9f:49:31:84:b7:50:5c:7c:52:b5:be:18:cc:d9:53:96:79:5b:
         6e:ce:3b:2c:3d:39:59:2f:a0:eb:78:1c:ba:d3:01:16:4d:5c:
         96:68:74:10:9a:e9:74:72:32:e1:a0:96:7e:e4:52:ce:4d:c7:
         5c:0e:22:40:e4:5f:dc:9b:db:76:53:88:f0:05:b2:9b:57:a9:
         76:9a:05:c7:9a:5d:29:14:df:eb:c3:e6:48:53:d9:c9:7e:0c:
         84:96:28:c6:e5:31:6e:db:9d:4c:b9:ec:8d:8e:f1:42:af:b3:
         83:f8:70:2c:29:10:ee:2b:a8:60:12:19:33:1e:12:fd:8e:c5:
         f9:3f:f4:4f:81:8f:44:1a:bd:ec:00:bc:01:65:0c:8b:1d:c6:
         7b:7b:4e:d5:59:2d:c6:c7:82:84:7a:a2:6d:be:ab:f5:e3:b9:
         3a:23:85:05:7f:93:16:5d:12:2d:03:a7:46:07:fe:c1:16:cf:
         fc:aa:c0:76:1b:21:de:58:90:c3:94:37:df:49:b4:2f:ff:2b:
         47:5f:bf:35:c7:6a:ac:17:72:12:a4:e4:70:39:99:40:52:f5:
         3f:2a:36:d8
-----BEGIN CERTIFICATE-----
MIIF2jCCBMKgAwIBAgISAZ8jaLWPr+5VEkIbfTH7HDmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWEzNDU2NzJmNjRiYmY1MDNhNTJkMGFmMmZmNzRhZTFmN2I1MTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwBBo2jPrzMnLNpaIYb6WvLJM3sw
EwoiIWNNNA/6HjkK/Z0K5jwn4SPt7NZeYHLp/VFfR/vbHt0vubuODo5DHRn31HS1
9ftrpDZiXB0zOv2qLivbIxp4rFkaaA579a6EyHY3XrLHJFH7/3vsOxSRkkbeViFw
ayivhHyjKhUFHu/OhW6R0RA8bDTxMKgNcE3LW1CcegjuALpPCrvZl3uj6DF2GRTY
UF9VRirAUHdzDAeheNx/wLG66lvoidJI78qpS6Vz+TjreobbcwnKv7xGQMOQVbPb
wgeEwFjM71MDPea9UoMvsjxUknyfZYNV1+XGcX+C5PJRL30xTjsTdtoEPwIDAQAB
o4IC5jCCAuIwHQYDVR0OBBYEFBWjRWcvZLv1A6UtCvL/dK4fe1FmMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRmFORlp5OWt1X1VEcFMwSzh2OTByaDk3VVdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH7BggrBgEFBQcBBwEB/wSB6zCB6DCB5QQCAAEwgd4wDAME
AFKYOQMEAFKYOgMEAFKYSTAMAwQAUphLAwQBUphMAwQAUphPMAwDBAFSmFYDBABS
mFgDBABSmG0DBABSmOIDBABSmPADBABSmPMDBABSmSYDBABSmTgDBABSmT0DBABS
mU8wDAMEAFKZUwMEAFKZVAMEAFKZhAMEAFKZugMEAFKZyQMEAFKZ7wMEAFnVYjAM
AwQDWdXoAwQBWdXsAwQAbbAbAwQFbbAgAwQAbbDrAwQAbbD3AwQAbbD7AwQA1YKC
AwQA1YKVAwQA1drWMAwDBADV2ucDBADV2ugwDQYJKoZIhvcNAQELBQADggEBADPX
DyiX1D7rO82qGLs3LmuisaHzSLefxLzVbKGhI7ZbBCHlB59JMYS3UFx8UrW+GMzZ
U5Z5W27OOyw9OVkvoOt4HLrTARZNXJZodBCa6XRyMuGgln7kUs5Nx1wOIkDkX9yb
23ZTiPAFsptXqXaaBceaXSkU3+vD5khT2cl+DISWKMblMW7bnUy57I2O8UKvs4P4
cCwpEO4rqGASGTMeEv2Oxfk/9E+Bj0QavewAvAFlDIsdxnt7TtVZLcbHgoR6om2+
q/XjuTojhQV/kxZdEi0Dp0YH/sEWz/yqwHYbId5YkMOUN99JtC//K0dfvzXHaqwX
chKk5HA5mUBS9T8qNtg=
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:28 2026 by rpki-client