Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LUfpm9emMYOoObmfPuPCI5eteDc.roa
File:                     LUfpm9emMYOoObmfPuPCI5eteDc.roa (raw, json)
Hash identifier:          981pcJVNgsQhqxjTlCWPHH79epBM091fHXtlVnBMP6M=
Subject key identifier:   2D:47:E9:9B:D7:A6:31:83:A8:39:B9:9F:3E:E3:C2:23:97:AD:78:37
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368B4714DE49A6F9C19757F5340B80B
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LUfpm9emMYOoObmfPuPCI5eteDc.roa
Signing time:             Thu 02 Jul 2026 15:18:12 +0000
ROA not before:           Thu 02 Jul 2026 15:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        81.5.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:b4:71:4d:e4:9a:6f:9c:19:75:7f:53:40:b8:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d47e99bd7a63183a839b99f3ee3c22397ad7837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c4:ab:d2:be:4f:a5:52:c0:3a:c0:77:a4:9b:
                    b4:75:f8:4b:ee:51:f0:ad:ff:c7:28:9b:54:c9:3f:
                    4f:96:d9:56:19:70:b9:a1:78:9d:a3:d2:e8:f2:80:
                    c4:67:b1:f7:50:f9:41:73:99:ec:f0:1d:dd:d2:e3:
                    3d:c9:29:e6:52:77:f8:c1:16:b8:2f:ee:99:15:e6:
                    bf:76:04:bc:4a:b8:b7:c1:ac:03:54:e2:e6:51:1b:
                    93:74:72:5d:53:34:1e:63:5f:5d:e2:e6:ad:75:74:
                    e0:9b:c6:e5:61:31:fb:28:34:fd:b9:cd:c6:c2:65:
                    e8:b1:f5:ad:34:d6:a2:ce:fd:03:43:27:29:03:20:
                    43:e7:17:05:ce:d9:66:a2:c5:ca:e8:b1:f5:a4:7f:
                    7e:6d:82:3f:25:28:6b:12:1e:7a:45:3e:14:76:83:
                    a7:9b:d4:16:36:f8:d2:28:bc:f6:9f:fc:43:6e:69:
                    b2:21:51:e0:14:32:48:fb:ef:66:3e:3b:73:21:bd:
                    35:7a:6f:e3:30:49:d6:60:c8:80:30:d6:19:82:24:
                    c8:30:83:86:00:e2:5b:66:9e:de:0a:64:51:81:ab:
                    c3:a4:17:1b:b7:e0:6e:91:c4:92:c3:03:ad:88:f0:
                    45:86:07:24:ec:96:be:1a:d9:1d:43:ed:87:4d:a2:
                    94:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:47:E9:9B:D7:A6:31:83:A8:39:B9:9F:3E:E3:C2:23:97:AD:78:37
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LUfpm9emMYOoObmfPuPCI5eteDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:c3:c2:3c:e0:67:45:5a:7b:0d:52:47:78:e2:ee:1a:5a:9b:
         10:ba:ea:7f:0d:72:d7:bb:f7:6f:c4:a4:1f:78:25:42:f3:a4:
         91:6b:46:22:d9:e2:30:4e:1c:28:9f:b8:41:ba:37:b4:ab:1d:
         9c:1f:7e:ee:69:af:bb:65:a9:b6:33:36:1b:f5:08:57:05:54:
         ba:0a:9b:e1:85:50:9a:66:c3:66:b4:fb:12:d2:6e:36:c4:19:
         1c:6f:f3:00:03:84:73:84:f3:27:bd:9d:67:4d:b8:fd:3c:84:
         7a:98:a2:0f:04:a7:1f:59:e0:fc:ad:15:16:7c:82:69:bd:99:
         f8:58:67:c2:ca:3a:af:5f:84:59:87:7b:02:65:ce:d0:f1:91:
         b3:cc:16:00:d8:10:7f:f7:6d:f3:f8:3a:07:44:a4:1e:63:73:
         70:e5:45:ac:d6:d9:9b:5d:2a:37:f3:2d:fb:fb:aa:96:c6:6b:
         a5:e4:0c:d8:75:be:11:cb:51:27:37:b4:56:25:07:1e:fc:ce:
         68:f7:98:21:60:6d:9e:6b:ab:c9:aa:a0:97:5b:06:6c:02:6d:
         1f:0f:76:e3:71:10:94:96:94:a8:4a:18:43:bb:e1:5a:96:75:
         ce:a0:91:c1:15:bc:44:5f:12:a4:33:12:d1:24:e3:20:b3:fb:
         99:d1:2e:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaLRxTeSab5wZdX9TQLgLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDQ3ZTk5YmQ3YTYzMTgzYTgzOWI5OWYzZWUzYzIyMzk3YWQ3ODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsSr0r5PpVLAOsB3pJu0dfhL7lHw
rf/HKJtUyT9PltlWGXC5oXido9Lo8oDEZ7H3UPlBc5ns8B3d0uM9ySnmUnf4wRa4
L+6ZFea/dgS8Sri3wawDVOLmURuTdHJdUzQeY19d4uatdXTgm8blYTH7KDT9uc3G
wmXosfWtNNaizv0DQycpAyBD5xcFztlmosXK6LH1pH9+bYI/JShrEh56RT4UdoOn
m9QWNvjSKLz2n/xDbmmyIVHgFDJI++9mPjtzIb01em/jMEnWYMiAMNYZgiTIMIOG
AOJbZp7eCmRRgavDpBcbt+BukcSSwwOtiPBFhgck7Ja+GtkdQ+2HTaKUkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1H6ZvXpjGDqDm5nz7jwiOXrXg3MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTFVmcG05ZW1NWU9vT2JtZlB1UENJNWV0ZURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQW9MA0G
CSqGSIb3DQEBCwUAA4IBAQAnw8I84GdFWnsNUkd44u4aWpsQuup/DXLXu/dvxKQf
eCVC86SRa0Yi2eIwThwon7hBuje0qx2cH37uaa+7Zam2MzYb9QhXBVS6CpvhhVCa
ZsNmtPsS0m42xBkcb/MAA4RzhPMnvZ1nTbj9PIR6mKIPBKcfWeD8rRUWfIJpvZn4
WGfCyjqvX4RZh3sCZc7Q8ZGzzBYA2BB/923z+DoHRKQeY3Nw5UWs1tmbXSo38y37
+6qWxmul5AzYdb4Ry1EnN7RWJQce/M5o95ghYG2ea6vJqqCXWwZsAm0fD3bjcRCU
lpSoShhDu+FalnXOoJHBFbxEXxKkMxLRJOMgs/uZ0S4E
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:27 2026 by rpki-client