Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IEaAIE4ATVrv5uvD72S1fCut6vQ.roa
File:                     IEaAIE4ATVrv5uvD72S1fCut6vQ.roa (raw, json)
Hash identifier:          cmbK3OHjZL4aQPYyOZqhn48k4FEGfUzsjqA80+wALBA=
Subject key identifier:   20:46:80:20:4E:00:4D:5A:EF:E6:EB:C3:EF:64:B5:7C:2B:AD:EA:F4
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368CB28493FB5FE0D977DFFA156AF40
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IEaAIE4ATVrv5uvD72S1fCut6vQ.roa
Signing time:             Thu 02 Jul 2026 15:18:18 +0000
ROA not before:           Thu 02 Jul 2026 15:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138997
IP address blocks:        77.107.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:cb:28:49:3f:b5:fe:0d:97:7d:ff:a1:56:af:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=204680204e004d5aefe6ebc3ef64b57c2badeaf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:b4:1f:9a:4c:26:21:5a:7c:79:76:60:31:d7:
                    cb:c7:3a:4e:22:4d:b4:da:92:da:4c:5a:d7:e3:ad:
                    35:6d:42:f4:96:a2:86:84:77:31:d4:97:61:5b:64:
                    98:b4:80:68:cb:1e:6e:cc:89:49:17:4a:15:81:e2:
                    40:2b:58:ba:02:26:94:91:f1:ee:7a:d7:af:6f:c1:
                    25:03:a0:ab:12:62:95:68:ba:f2:77:cc:6c:e5:ce:
                    a3:31:7a:a3:f3:26:b1:b8:1b:82:b8:80:b3:c2:83:
                    6b:74:5a:50:16:13:32:99:9f:a3:f3:7b:2d:52:af:
                    4c:02:93:94:3b:21:07:0f:19:11:8d:1f:a2:b4:c1:
                    1a:56:86:7f:0d:c6:a5:11:94:c5:97:5e:f8:44:87:
                    55:23:56:57:fa:72:fc:f7:42:9e:ed:51:33:21:34:
                    2f:6e:b0:70:f0:f0:9c:7c:14:bc:0d:2f:48:00:37:
                    48:74:48:d4:b9:95:d7:75:07:89:64:d3:c5:ff:9e:
                    60:01:3a:fb:07:0d:ab:d1:c3:88:40:cd:ae:41:f0:
                    5c:c6:20:00:e1:af:9c:17:6e:0c:48:12:8c:ed:0c:
                    d3:d2:79:cc:50:53:d2:e2:be:45:da:e8:da:e7:22:
                    2d:63:33:58:48:56:0b:7b:58:78:e1:ba:6e:2e:af:
                    b6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:46:80:20:4E:00:4D:5A:EF:E6:EB:C3:EF:64:B5:7C:2B:AD:EA:F4
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IEaAIE4ATVrv5uvD72S1fCut6vQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.107.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:a7:0e:a2:c2:30:31:d8:6b:f9:1f:4f:42:be:fb:f0:e9:38:
         8e:78:37:f4:0f:6f:1a:d6:7a:9e:a0:46:82:ed:9d:6f:cc:3e:
         05:e2:ce:65:6f:0c:86:78:e8:4e:31:5b:40:5d:2d:79:23:13:
         65:b4:b6:73:a9:39:2e:bf:d1:88:57:81:e9:8c:5a:f2:5f:c8:
         89:d2:27:e3:21:51:67:3d:3b:d3:9d:53:87:80:e6:d3:90:91:
         a8:e9:56:4c:b6:88:04:e6:94:01:5a:57:b6:31:44:a6:08:d0:
         0a:27:d3:92:0c:7d:1e:01:90:d9:bf:37:4f:b7:68:25:0b:2b:
         73:71:02:2d:e4:f2:f9:69:42:e6:84:03:1c:b9:0c:aa:2c:dd:
         71:a5:f9:0c:e7:fb:fd:f5:4a:e2:b2:07:14:83:32:e8:b8:32:
         cf:67:e1:11:21:02:0e:2b:40:5d:22:25:d2:48:bb:0f:15:42:
         30:bc:82:15:82:de:4d:03:87:8c:a5:d1:a2:22:44:26:bf:8a:
         c7:fc:09:b0:57:af:fb:a2:b0:8f:4b:3d:61:46:48:a9:5f:05:
         31:09:9e:4d:43:af:b1:94:9a:79:19:e0:67:5c:96:6c:82:0b:
         f8:f0:95:29:c9:2e:66:a5:96:7f:2f:c7:cb:a9:6a:9c:5d:e6:
         1c:58:b4:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaMsoST+1/g2Xff+hVq9AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDQ2ODAyMDRlMDA0ZDVhZWZlNmViYzNlZjY0YjU3YzJiYWRlYWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6LQfmkwmIVp8eXZgMdfLxzpOIk20
2pLaTFrX4601bUL0lqKGhHcx1JdhW2SYtIBoyx5uzIlJF0oVgeJAK1i6AiaUkfHu
etevb8ElA6CrEmKVaLryd8xs5c6jMXqj8yaxuBuCuICzwoNrdFpQFhMymZ+j83st
Uq9MApOUOyEHDxkRjR+itMEaVoZ/DcalEZTFl174RIdVI1ZX+nL890Ke7VEzITQv
brBw8PCcfBS8DS9IADdIdEjUuZXXdQeJZNPF/55gATr7Bw2r0cOIQM2uQfBcxiAA
4a+cF24MSBKM7QzT0nnMUFPS4r5F2uja5yItYzNYSFYLe1h44bpuLq+20QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBGgCBOAE1a7+brw+9ktXwrrer0MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSUVhQUlFNEFUVnJ2NXV2RDcyUzFmQ3V0NnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWtVMA0G
CSqGSIb3DQEBCwUAA4IBAQBUpw6iwjAx2Gv5H09Cvvvw6TiOeDf0D28a1nqeoEaC
7Z1vzD4F4s5lbwyGeOhOMVtAXS15IxNltLZzqTkuv9GIV4HpjFryX8iJ0ifjIVFn
PTvTnVOHgObTkJGo6VZMtogE5pQBWle2MUSmCNAKJ9OSDH0eAZDZvzdPt2glCytz
cQIt5PL5aULmhAMcuQyqLN1xpfkM5/v99UrisgcUgzLouDLPZ+ERIQIOK0BdIiXS
SLsPFUIwvIIVgt5NA4eMpdGiIkQmv4rH/AmwV6/7orCPSz1hRkipXwUxCZ5NQ6+x
lJp5GeBnXJZsggv48JUpyS5mpZZ/L8fLqWqcXeYcWLSI
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:11 2026 by rpki-client