Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/L5x9Ho6O8qiybJKLrzFpZPwDt4k.roa
File:                     L5x9Ho6O8qiybJKLrzFpZPwDt4k.roa (raw, json)
Hash identifier:          yT7YtREzY4oFaHTBpJ0fjnTMdZEZ9prFl6L5xeySRyI=
Subject key identifier:   2F:9C:7D:1E:8E:8E:F2:A8:B2:6C:92:8B:AF:31:69:64:FC:03:B7:89
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F23691B06A69A5648A40D1923582CB6FC
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/L5x9Ho6O8qiybJKLrzFpZPwDt4k.roa
Signing time:             Thu 02 Jul 2026 15:18:38 +0000
ROA not before:           Thu 02 Jul 2026 15:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395374
IP address blocks:        89.213.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:1b:06:a6:9a:56:48:a4:0d:19:23:58:2c:b6:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f9c7d1e8e8ef2a8b26c928baf316964fc03b789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:66:3f:30:83:78:49:62:4a:fe:c3:f2:77:84:
                    d8:c7:67:cf:04:41:81:cd:e5:c1:7f:8a:1e:7f:66:
                    af:76:60:fb:f2:99:49:5f:2d:c4:0e:91:d1:9e:c3:
                    6f:b1:d3:8a:64:61:26:16:d7:03:55:80:97:d3:61:
                    44:36:98:fd:21:ce:18:47:78:ab:60:8d:95:e6:9d:
                    66:58:47:56:72:a0:c1:de:39:77:9d:8b:f5:52:9f:
                    49:f2:da:2c:6b:fb:13:3f:cd:da:ab:2b:78:3d:40:
                    29:a0:c2:5a:a6:f7:9f:d5:ed:bc:57:c7:9e:b2:2c:
                    21:20:60:23:3c:f8:20:c7:dd:82:23:7b:72:53:93:
                    3b:f5:46:8a:87:71:ef:7b:04:1c:ca:fa:35:80:5e:
                    00:1b:4a:ba:ec:d3:e0:35:6f:12:16:fb:cf:02:ec:
                    6e:7a:ae:81:f8:86:07:9e:a4:24:67:e3:5c:84:52:
                    f3:f5:be:e3:a6:e2:bf:eb:82:7c:f7:27:30:29:15:
                    39:3a:e3:e2:7a:75:0f:1a:7c:ec:0c:a8:cc:20:12:
                    e2:a3:ea:ec:ea:db:ad:c7:77:6d:a3:ba:46:68:5b:
                    83:15:fe:fa:37:be:6c:41:62:13:74:17:63:58:56:
                    fa:95:f2:8e:a8:9a:1d:d0:ea:87:90:75:b1:34:90:
                    d1:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:9C:7D:1E:8E:8E:F2:A8:B2:6C:92:8B:AF:31:69:64:FC:03:B7:89
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/L5x9Ho6O8qiybJKLrzFpZPwDt4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:63:f5:f0:96:f6:56:d7:50:e0:06:04:36:54:5c:d0:da:0c:
         c3:1a:2a:cd:de:54:b3:bb:75:86:ae:5f:a4:2c:cf:12:ec:4d:
         c4:cf:69:0e:44:3c:5f:a3:fe:35:3e:be:05:96:43:b7:7a:dc:
         91:f8:c0:4c:b3:a3:9d:8c:b0:aa:25:94:c4:0a:75:cc:3f:6f:
         8d:0a:5c:64:b1:6d:2d:4e:5b:3b:a4:2e:96:24:ca:4c:d3:5d:
         43:5e:0d:07:ad:5e:88:b5:55:56:e2:7a:e5:b1:19:9a:57:56:
         ae:56:da:03:23:60:5c:77:6c:41:8f:36:49:7f:b1:50:9e:26:
         55:ae:be:f8:fb:b8:03:e2:3b:e0:f4:0d:44:20:47:ba:e5:66:
         26:92:80:2f:bf:62:23:77:87:34:28:ec:f5:c5:ff:53:ff:7e:
         31:e9:62:b7:79:ed:aa:b2:2b:03:d5:97:64:4f:83:9d:f1:2b:
         93:c1:8c:4d:55:35:aa:3f:fb:0e:cc:20:ce:e0:97:e0:3b:7e:
         0a:ab:b4:a0:b3:fc:ff:2c:f7:1b:ae:a1:3d:51:7b:a3:7e:f4:
         17:96:bd:81:67:65:92:03:68:a6:42:eb:0a:93:21:84:63:db:
         c2:3f:9f:da:1f:c6:b0:24:3a:21:2d:16:e3:0e:a2:d5:51:75:
         7f:72:00:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaRsGpppWSKQNGSNYLLb8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjljN2QxZThlOGVmMmE4YjI2YzkyOGJhZjMxNjk2NGZjMDNiNzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmY/MIN4SWJK/sPyd4TYx2fPBEGB
zeXBf4oef2avdmD78plJXy3EDpHRnsNvsdOKZGEmFtcDVYCX02FENpj9Ic4YR3ir
YI2V5p1mWEdWcqDB3jl3nYv1Up9J8tosa/sTP83aqyt4PUApoMJapvef1e28V8ee
siwhIGAjPPggx92CI3tyU5M79UaKh3HvewQcyvo1gF4AG0q67NPgNW8SFvvPAuxu
eq6B+IYHnqQkZ+NchFLz9b7jpuK/64J89ycwKRU5OuPienUPGnzsDKjMIBLio+rs
6tutx3dto7pGaFuDFf76N75sQWITdBdjWFb6lfKOqJod0OqHkHWxNJDRjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+cfR6OjvKosmySi68xaWT8A7eJMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTDV4OUhvNk84cWl5YkpLTHJ6RnBaUHdEdDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdVBMA0G
CSqGSIb3DQEBCwUAA4IBAQAGY/XwlvZW11DgBgQ2VFzQ2gzDGirN3lSzu3WGrl+k
LM8S7E3Ez2kORDxfo/41Pr4FlkO3etyR+MBMs6OdjLCqJZTECnXMP2+NClxksW0t
Tls7pC6WJMpM011DXg0HrV6ItVVW4nrlsRmaV1auVtoDI2Bcd2xBjzZJf7FQniZV
rr74+7gD4jvg9A1EIEe65WYmkoAvv2Ijd4c0KOz1xf9T/34x6WK3ee2qsisD1Zdk
T4Od8SuTwYxNVTWqP/sOzCDO4JfgO34Kq7Sgs/z/LPcbrqE9UXujfvQXlr2BZ2WS
A2imQusKkyGEY9vCP5/aH8awJDohLRbjDqLVUXV/cgBP
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:29 2026 by rpki-client