Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JO1E-1QHN8fRzNp8rFqZnEueSOw.roa
File:                     JO1E-1QHN8fRzNp8rFqZnEueSOw.roa (raw, json)
Hash identifier:          gtr8l9aPPMLC8Pl87jfffIJIbk+ozG/f3fToKPv1OuQ=
Subject key identifier:   24:ED:44:FB:54:07:37:C7:D1:CC:DA:7C:AC:5A:99:9C:4B:9E:48:EC
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368A80B608F510F893D91F3878E9503
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JO1E-1QHN8fRzNp8rFqZnEueSOw.roa
Signing time:             Thu 02 Jul 2026 15:18:09 +0000
ROA not before:           Thu 02 Jul 2026 15:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4637
IP address blocks:        89.213.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:a8:0b:60:8f:51:0f:89:3d:91:f3:87:8e:95:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=24ed44fb540737c7d1ccda7cac5a999c4b9e48ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:4a:86:08:db:4f:36:f4:20:73:28:bc:85:9b:
                    15:fd:7e:a3:de:2a:53:9c:3f:e6:93:ac:ac:47:86:
                    bf:e8:ca:fd:14:58:cd:f9:ff:c3:c6:4b:19:38:a1:
                    ac:57:ea:e1:17:2c:53:4b:97:ca:ae:8d:c2:fc:09:
                    f7:06:bc:6b:65:97:9e:db:67:0f:c3:44:b8:5f:10:
                    7f:7c:f3:12:2d:d3:d4:d2:6e:43:f6:c6:09:68:06:
                    6f:79:b4:40:35:f4:d3:1c:0b:74:a6:f2:f4:e6:6b:
                    48:85:4d:82:b1:19:4f:d1:76:69:af:e7:36:28:dc:
                    dd:3e:b7:6c:b4:49:39:5b:6a:b2:71:ce:03:24:ff:
                    4d:9f:ab:ca:bf:3d:7c:08:6e:73:18:73:e4:f3:f8:
                    81:01:49:d6:e0:ca:a9:b3:0f:0f:a0:f0:86:74:ea:
                    9b:90:1f:70:5b:ea:7c:02:55:e6:7c:f2:63:ee:af:
                    a3:49:d4:78:c5:ee:73:bb:36:00:88:1d:06:8f:1c:
                    b4:fd:51:8b:ce:ec:ca:3d:71:12:9a:67:cc:e1:be:
                    69:91:78:15:fb:0b:b8:21:10:8c:ef:50:7f:92:6c:
                    d1:91:af:ba:0c:3f:76:8a:75:d5:b1:54:27:81:f4:
                    ef:2a:c0:67:a7:65:37:3f:9d:fc:62:ce:f3:77:73:
                    08:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:ED:44:FB:54:07:37:C7:D1:CC:DA:7C:AC:5A:99:9C:4B:9E:48:EC
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JO1E-1QHN8fRzNp8rFqZnEueSOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:26:48:80:0a:ae:98:2b:12:4c:75:dd:ae:4d:bb:2d:3c:da:
         11:06:49:78:e0:75:6f:87:c3:c9:86:50:c1:e5:d0:52:c5:45:
         48:a8:f1:e0:ad:00:b9:56:a5:93:d1:17:8d:ad:8b:e5:a3:79:
         c9:9a:b5:5a:9a:6f:05:d0:63:18:1c:7c:d1:c8:db:10:fc:bf:
         44:40:4f:1d:f9:6f:29:f5:85:89:52:3d:00:60:0b:72:34:d2:
         0a:ad:ac:62:bc:c6:84:b1:72:05:f6:15:91:dd:3d:7c:42:39:
         df:85:2a:f5:58:f6:28:dc:e3:72:ca:fc:a3:a8:58:81:1b:de:
         d0:28:1f:bb:40:d1:c7:32:a3:5e:1d:03:96:b3:4e:a2:6c:aa:
         de:1e:b0:e6:d2:39:6a:42:0e:29:70:04:ff:e3:a0:26:41:45:
         ff:ba:d7:14:c7:f1:49:ba:d9:25:be:e0:f2:eb:66:6c:2c:b8:
         33:d1:be:82:b4:b7:d1:a8:6d:01:ef:31:e4:9f:7a:15:78:81:
         ea:4c:c4:ba:96:42:ef:60:17:4e:c4:05:44:64:47:49:13:5f:
         ae:8f:31:66:8f:42:db:b3:c9:b0:95:f6:e5:bd:67:33:00:10:
         c2:2f:bf:d2:5e:c9:ef:ce:36:70:94:d4:01:a1:80:59:1d:59:
         6e:44:fa:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaKgLYI9RD4k9kfOHjpUDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGVkNDRmYjU0MDczN2M3ZDFjY2RhN2NhYzVhOTk5YzRiOWU0OGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+UqGCNtPNvQgcyi8hZsV/X6j3ipT
nD/mk6ysR4a/6Mr9FFjN+f/DxksZOKGsV+rhFyxTS5fKro3C/An3BrxrZZee22cP
w0S4XxB/fPMSLdPU0m5D9sYJaAZvebRANfTTHAt0pvL05mtIhU2CsRlP0XZpr+c2
KNzdPrdstEk5W2qycc4DJP9Nn6vKvz18CG5zGHPk8/iBAUnW4Mqpsw8PoPCGdOqb
kB9wW+p8AlXmfPJj7q+jSdR4xe5zuzYAiB0Gjxy0/VGLzuzKPXESmmfM4b5pkXgV
+wu4IRCM71B/kmzRka+6DD92inXVsVQngfTvKsBnp2U3P538Ys7zd3MIJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTtRPtUBzfH0czafKxamZxLnkjsMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSk8xRS0xUUhOOGZSek5wOHJGcVpuRXVlU093LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWSMA0G
CSqGSIb3DQEBCwUAA4IBAQB8JkiACq6YKxJMdd2uTbstPNoRBkl44HVvh8PJhlDB
5dBSxUVIqPHgrQC5VqWT0ReNrYvlo3nJmrVamm8F0GMYHHzRyNsQ/L9EQE8d+W8p
9YWJUj0AYAtyNNIKraxivMaEsXIF9hWR3T18QjnfhSr1WPYo3ONyyvyjqFiBG97Q
KB+7QNHHMqNeHQOWs06ibKreHrDm0jlqQg4pcAT/46AmQUX/utcUx/FJutklvuDy
62ZsLLgz0b6CtLfRqG0B7zHkn3oVeIHqTMS6lkLvYBdOxAVEZEdJE1+ujzFmj0Lb
s8mwlfblvWczABDCL7/SXsnvzjZwlNQBoYBZHVluRPo8
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:21:31 2026 by rpki-client