Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ijnky4XMsmFPevCUZru2YLY8NDs.roa
File:                     Ijnky4XMsmFPevCUZru2YLY8NDs.roa (raw, json)
Hash identifier:          0C18gNnFBsz0XnZVgaGB3ZHA6CPg3mnO06OWqGWaFQg=
Subject key identifier:   22:39:E4:CB:85:CC:B2:61:4F:7A:F0:94:66:BB:B6:60:B6:3C:34:3B
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368DDC6A23BC01DC2D20132C0C8AA6F
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ijnky4XMsmFPevCUZru2YLY8NDs.roa
Signing time:             Thu 02 Jul 2026 15:18:22 +0000
ROA not before:           Thu 02 Jul 2026 15:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199415
IP address blocks:        217.145.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:dd:c6:a2:3b:c0:1d:c2:d2:01:32:c0:c8:aa:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2239e4cb85ccb2614f7af09466bbb660b63c343b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b8:06:91:61:3d:2b:11:bb:74:6c:6b:4d:0c:
                    3f:df:68:5a:5d:26:74:60:a4:dc:e2:10:31:7d:e9:
                    f8:c0:01:57:eb:39:e9:af:e7:6a:e3:ae:ee:5b:15:
                    28:58:3e:f0:88:4d:0e:dd:ee:c1:9c:12:50:90:b0:
                    57:92:3c:6a:ea:39:87:11:ec:59:51:d3:2f:bf:1e:
                    8b:fc:d2:1e:4c:53:f2:95:6f:7f:95:c5:d8:9b:83:
                    0e:08:f3:dc:9b:83:d9:49:fe:c1:42:ea:a6:a9:43:
                    b2:83:40:55:07:6e:11:dd:0e:06:f0:c6:ec:38:07:
                    74:54:12:da:a0:10:ce:19:82:40:58:56:9b:bc:ca:
                    92:0e:ff:d8:ff:a4:50:f1:eb:fb:24:2b:07:9c:dd:
                    6a:2b:a9:44:85:48:e1:4d:e0:3b:fe:6d:b0:9b:c4:
                    84:67:39:c7:72:bc:75:d5:7a:a4:74:01:9a:72:87:
                    3d:67:29:d0:dc:82:be:3b:c3:5b:0d:39:69:99:b6:
                    6c:56:82:19:00:74:dd:6e:4d:fd:8f:a3:b8:10:ab:
                    30:38:ed:fd:53:71:2a:ed:8d:e4:48:f5:71:d5:9a:
                    9f:bc:31:bc:07:0a:6e:8c:d1:86:50:c2:23:d8:48:
                    3d:a1:ce:c5:e5:7f:dd:2d:17:a7:2b:cb:6a:dc:dd:
                    41:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:39:E4:CB:85:CC:B2:61:4F:7A:F0:94:66:BB:B6:60:B6:3C:34:3B
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Ijnky4XMsmFPevCUZru2YLY8NDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:d1:a5:b8:6e:fb:85:93:87:ce:41:1a:a1:43:9d:bc:4b:e5:
         75:d2:08:54:f1:e2:41:13:e8:c5:f7:66:39:17:0b:84:87:37:
         64:67:31:08:df:d6:59:fb:88:3b:6a:db:20:7c:e8:c2:dd:6c:
         8c:63:a8:06:b0:e9:c7:d2:da:da:c7:08:26:e3:e3:e3:1a:6d:
         e8:5a:50:fc:1a:05:ac:0f:3c:69:4f:70:ca:df:20:73:77:f6:
         8a:59:ec:aa:7c:bd:db:58:e7:f1:c4:12:92:ea:ec:36:02:13:
         37:0b:3f:e4:75:39:39:66:1e:b2:22:21:f2:91:e1:d9:b4:2b:
         d7:fe:1e:40:a8:8b:c4:6d:65:0a:38:90:d3:ae:40:e6:0a:db:
         2c:72:fe:47:11:6a:9a:c1:5f:a8:cc:74:0c:36:89:36:1f:17:
         49:2a:56:f9:b6:ae:db:56:b1:c6:81:17:3a:91:ad:97:72:20:
         51:44:df:d8:6f:8c:83:ec:42:df:85:95:a9:5b:24:b8:21:38:
         63:ed:ca:34:48:e2:39:20:73:29:d4:63:c9:06:5b:b9:0e:48:
         da:5d:b2:d4:3b:85:21:fd:33:d9:37:ef:c5:a8:2c:4a:04:12:
         f6:55:a1:2d:61:05:fc:d2:91:c0:9c:d4:89:60:84:61:da:13:
         cc:e7:94:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaN3GojvAHcLSATLAyKpvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjM5ZTRjYjg1Y2NiMjYxNGY3YWYwOTQ2NmJiYjY2MGI2M2MzNDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLgGkWE9KxG7dGxrTQw/32haXSZ0
YKTc4hAxfen4wAFX6znpr+dq467uWxUoWD7wiE0O3e7BnBJQkLBXkjxq6jmHEexZ
UdMvvx6L/NIeTFPylW9/lcXYm4MOCPPcm4PZSf7BQuqmqUOyg0BVB24R3Q4G8Mbs
OAd0VBLaoBDOGYJAWFabvMqSDv/Y/6RQ8ev7JCsHnN1qK6lEhUjhTeA7/m2wm8SE
ZznHcrx11XqkdAGacoc9ZynQ3IK+O8NbDTlpmbZsVoIZAHTdbk39j6O4EKswOO39
U3Eq7Y3kSPVx1ZqfvDG8BwpujNGGUMIj2Eg9oc7F5X/dLRenK8tq3N1BwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCI55MuFzLJhT3rwlGa7tmC2PDQ7MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSWpua3k0WE1zbUZQZXZDVVpydTJZTFk4TkRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZFIMA0G
CSqGSIb3DQEBCwUAA4IBAQBK0aW4bvuFk4fOQRqhQ528S+V10ghU8eJBE+jF92Y5
FwuEhzdkZzEI39ZZ+4g7atsgfOjC3WyMY6gGsOnH0traxwgm4+PjGm3oWlD8GgWs
DzxpT3DK3yBzd/aKWeyqfL3bWOfxxBKS6uw2AhM3Cz/kdTk5Zh6yIiHykeHZtCvX
/h5AqIvEbWUKOJDTrkDmCtsscv5HEWqawV+ozHQMNok2HxdJKlb5tq7bVrHGgRc6
ka2XciBRRN/Yb4yD7ELfhZWpWyS4IThj7co0SOI5IHMp1GPJBlu5DkjaXbLUO4Uh
/TPZN+/FqCxKBBL2VaEtYQX80pHAnNSJYIRh2hPM55Sh
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:15:55 2026 by rpki-client