Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JV3mqllwbYce9e2oaP1J8P5paqA.roa
File:                     JV3mqllwbYce9e2oaP1J8P5paqA.roa (raw, json)
Hash identifier:          TFsIaOdQUABPVZC6bSnP1CfbRcn3OCkgUq/zkiKJu0c=
Subject key identifier:   25:5D:E6:AA:59:70:6D:87:1E:F5:ED:A8:68:FD:49:F0:FE:69:6A:A0
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F236916EF74D2DD8DAE8E57C6045DD847
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JV3mqllwbYce9e2oaP1J8P5paqA.roa
Signing time:             Thu 02 Jul 2026 15:18:37 +0000
ROA not before:           Thu 02 Jul 2026 15:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219476
IP address blocks:        81.5.160.0/24 maxlen: 24
                          81.5.161.0/24 maxlen: 24
                          82.152.63.0/24 maxlen: 24
                          82.153.151.0/24 maxlen: 24
                          82.153.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:16:ef:74:d2:dd:8d:ae:8e:57:c6:04:5d:d8:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=255de6aa59706d871ef5eda868fd49f0fe696aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:24:b2:36:20:eb:62:dd:e7:a6:88:00:c3:92:
                    db:12:b7:0f:42:78:44:57:68:de:0e:1f:27:69:ac:
                    95:81:40:bb:1e:9e:1c:1d:26:06:6f:ed:c4:ab:33:
                    72:16:44:13:95:47:3f:49:eb:b5:a2:d2:3e:29:cf:
                    a0:8b:22:f9:bc:64:57:bf:58:55:00:3a:7a:32:74:
                    cc:31:8e:f1:b8:4f:01:e1:fb:90:97:c9:95:d8:96:
                    ff:94:3e:16:45:ca:3f:2f:83:60:55:62:86:0a:2d:
                    1d:35:a3:2a:d6:e2:c3:5d:b0:47:9c:bc:7d:c7:c0:
                    f9:d2:87:9a:42:55:aa:31:13:6f:b5:50:cc:ba:84:
                    d5:00:fa:c5:85:79:07:94:a4:90:f6:8b:3f:8a:b4:
                    8f:cf:6a:16:54:5b:7b:47:56:18:c5:95:c5:a6:72:
                    c6:67:29:aa:6d:69:30:79:71:9f:da:d5:7c:c5:84:
                    41:84:3b:a9:f7:1b:dd:81:b8:73:eb:6c:f9:14:10:
                    1e:7c:e1:1c:9f:2c:5c:26:32:9b:4c:c5:64:bf:81:
                    71:97:5d:35:42:b1:3a:38:53:94:8d:80:2a:01:43:
                    87:77:af:f6:68:bf:af:80:fd:96:d5:03:bd:2f:94:
                    c0:e4:70:08:4b:cc:38:f5:0a:ba:fd:a2:6f:92:ed:
                    73:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:5D:E6:AA:59:70:6D:87:1E:F5:ED:A8:68:FD:49:F0:FE:69:6A:A0
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JV3mqllwbYce9e2oaP1J8P5paqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.160.0/23
                  82.152.63.0/24
                  82.153.151.0/24
                  82.153.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:1a:05:53:24:ac:c9:24:81:6d:64:21:ed:58:5f:89:b8:00:
         38:e4:15:13:8a:96:86:da:a4:1b:94:10:3e:09:ab:4a:43:dc:
         91:a9:ae:10:84:6c:8f:34:3a:ae:56:4e:f8:23:6b:c7:8b:63:
         0b:b5:97:19:b5:06:9f:28:14:4a:c8:3b:30:4b:fa:a5:47:68:
         be:93:91:f6:ba:77:3d:b7:00:c8:0e:0e:f9:75:cf:24:16:6b:
         e9:42:5a:b9:1a:0a:7d:6d:86:b3:56:90:be:79:c9:b7:27:b4:
         33:d6:0e:8f:1a:04:ea:e9:49:af:7e:e6:de:e1:cf:db:b3:c5:
         03:e6:5d:fc:ea:1d:89:46:5e:b6:d3:d9:c3:3e:89:0f:04:b4:
         8e:1a:7d:75:0c:09:82:5b:9a:df:af:1a:8b:02:b9:e8:d4:80:
         3b:0b:61:ea:ca:a2:f3:69:ae:5f:b5:e4:ce:58:b3:89:97:ab:
         dc:d4:6b:52:27:3a:35:ac:8b:78:fa:46:da:52:28:39:b2:44:
         38:98:5e:34:94:a7:1c:d7:94:39:12:01:4f:21:aa:91:7b:73:
         35:b1:98:54:13:4a:fc:e0:fb:9c:97:77:b8:86:99:69:70:89:
         c5:62:21:f5:3d:95:02:56:7a:a8:c8:d5:c4:12:d6:26:77:c1:
         bc:0a:74:45
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ8jaRbvdNLdja6OV8YEXdhHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTVkZTZhYTU5NzA2ZDg3MWVmNWVkYTg2OGZkNDlmMGZlNjk2YWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSSyNiDrYt3npogAw5LbErcPQnhE
V2jeDh8naayVgUC7Hp4cHSYGb+3EqzNyFkQTlUc/Seu1otI+Kc+giyL5vGRXv1hV
ADp6MnTMMY7xuE8B4fuQl8mV2Jb/lD4WRco/L4NgVWKGCi0dNaMq1uLDXbBHnLx9
x8D50oeaQlWqMRNvtVDMuoTVAPrFhXkHlKSQ9os/irSPz2oWVFt7R1YYxZXFpnLG
ZymqbWkweXGf2tV8xYRBhDup9xvdgbhz62z5FBAefOEcnyxcJjKbTMVkv4Fxl101
QrE6OFOUjYAqAUOHd6/2aL+vgP2W1QO9L5TA5HAIS8w49Qq6/aJvku1zVQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCVd5qpZcG2HHvXtqGj9SfD+aWqgMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSlYzbXFsbHdiWWNlOWUyb2FQMUo4UDVwYXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBUQWgAwQA
Upg/AwQAUpmXAwQAUpnqMA0GCSqGSIb3DQEBCwUAA4IBAQAxGgVTJKzJJIFtZCHt
WF+JuAA45BUTipaG2qQblBA+CatKQ9yRqa4QhGyPNDquVk74I2vHi2MLtZcZtQaf
KBRKyDswS/qlR2i+k5H2unc9twDIDg75dc8kFmvpQlq5Ggp9bYazVpC+ecm3J7Qz
1g6PGgTq6Umvfube4c/bs8UD5l386h2JRl6209nDPokPBLSOGn11DAmCW5rfrxqL
Arno1IA7C2HqyqLzaa5fteTOWLOJl6vc1GtSJzo1rIt4+kbaUig5skQ4mF40lKcc
15Q5EgFPIaqRe3M1sZhUE0r84Pucl3e4hplpcInFYiH1PZUCVnqoyNXEEtYmd8G8
CnRF
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:01 2026 by rpki-client