Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Lt7ktd6hzbsO6p64-HVXE9dtLeo.roa
File:                     Lt7ktd6hzbsO6p64-HVXE9dtLeo.roa (raw, json)
Hash identifier:          NbCYh6NRb2z3HVUQAlCsSur0u6OMJCB/0BPxfuQox9U=
Subject key identifier:   2E:DE:E4:B5:DE:A1:CD:BB:0E:EA:9E:B8:F8:75:57:13:D7:6D:2D:EA
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368D378A225A2014598595E66CB86D1
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Lt7ktd6hzbsO6p64-HVXE9dtLeo.roa
Signing time:             Thu 02 Jul 2026 15:18:20 +0000
ROA not before:           Thu 02 Jul 2026 15:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154612
IP address blocks:        81.168.63.0/24 maxlen: 24
                          89.213.46.0/24 maxlen: 24
                          89.213.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:d3:78:a2:25:a2:01:45:98:59:5e:66:cb:86:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2edee4b5dea1cdbb0eea9eb8f8755713d76d2dea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:3d:b9:3e:85:17:27:2b:58:bc:cb:4f:9f:64:
                    f7:2e:c9:25:d5:51:58:b6:ce:70:61:0e:02:5e:e7:
                    41:02:2d:ee:70:3d:39:26:6a:6e:f0:05:b2:b9:82:
                    bb:1c:82:64:83:33:27:5c:91:13:b1:ca:6a:33:03:
                    86:36:88:66:de:8f:ee:f9:e8:7b:6a:df:96:9f:d0:
                    75:ea:5d:5a:35:4e:2f:5a:d4:f9:39:62:ca:d4:b4:
                    81:b2:bc:f8:13:56:f2:0f:9a:ff:22:32:9c:9e:3a:
                    0d:f2:57:37:d0:91:a8:57:da:ad:59:4c:fe:d4:54:
                    86:c6:c3:67:b1:bc:51:e8:b6:42:29:29:97:91:92:
                    32:e8:94:fa:98:e6:96:32:5a:05:04:1d:5c:df:07:
                    d6:15:fa:0d:f3:d4:22:47:24:1e:8e:27:e9:fb:d3:
                    56:7b:42:69:63:bd:d6:53:b5:56:61:0d:60:1e:ad:
                    c6:e3:09:db:80:fc:af:fa:47:a0:75:9a:b8:c0:99:
                    3a:12:16:04:e8:96:89:24:e5:92:42:0b:5e:3a:0e:
                    eb:58:94:df:df:9c:03:af:4a:4d:04:8c:c6:72:e5:
                    88:ad:1a:e7:7a:0a:da:c0:28:f4:bc:98:d4:76:4d:
                    0a:6b:a9:b8:5c:54:62:96:e7:41:31:94:00:81:c7:
                    c7:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:DE:E4:B5:DE:A1:CD:BB:0E:EA:9E:B8:F8:75:57:13:D7:6D:2D:EA
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Lt7ktd6hzbsO6p64-HVXE9dtLeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.63.0/24
                  89.213.46.0/24
                  89.213.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:27:fa:3f:b4:d1:62:ba:f2:87:1e:3e:0f:63:38:e5:dc:fd:
         4e:c8:e9:aa:37:cd:27:d2:18:0e:a4:57:40:2b:39:78:79:34:
         10:67:9e:82:a5:3d:6d:2f:0d:e9:eb:59:a0:c1:c3:f0:82:c3:
         6d:6b:20:44:25:ca:37:ba:18:22:9f:91:73:c0:04:63:6d:b3:
         5f:3e:01:59:d9:0e:a6:3c:4f:2f:a0:2f:3d:81:07:88:de:48:
         61:c6:26:4e:c5:05:2a:85:ba:d9:fd:64:17:e0:dd:af:39:66:
         3a:53:50:df:dd:0d:de:47:20:78:77:c8:9a:e2:05:52:44:d8:
         a2:cf:2a:21:64:da:96:d9:80:68:a6:21:1d:07:39:a2:3b:a4:
         35:48:87:33:29:1a:f3:7b:38:04:8b:06:8f:e7:1b:07:d6:40:
         85:67:3c:20:2a:ef:b1:7c:df:8b:62:3b:26:b8:7c:63:65:f8:
         85:c5:fe:0e:72:f4:fd:19:7e:b5:00:79:dc:60:96:1c:6d:db:
         16:1f:c7:90:39:00:ed:00:e1:0f:be:d5:18:d9:bb:0a:25:e1:
         e7:76:46:b3:c7:a8:62:69:b4:49:ee:48:a5:01:0b:92:d7:c3:
         c5:9d:b9:7d:65:51:d0:cc:f3:2c:60:42:b4:09:16:82:84:12:
         11:c1:f0:10
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ8jaNN4oiWiAUWYWV5my4bRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWRlZTRiNWRlYTFjZGJiMGVlYTllYjhmODc1NTcxM2Q3NmQyZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+T25PoUXJytYvMtPn2T3Lskl1VFY
ts5wYQ4CXudBAi3ucD05Jmpu8AWyuYK7HIJkgzMnXJETscpqMwOGNohm3o/u+eh7
at+Wn9B16l1aNU4vWtT5OWLK1LSBsrz4E1byD5r/IjKcnjoN8lc30JGoV9qtWUz+
1FSGxsNnsbxR6LZCKSmXkZIy6JT6mOaWMloFBB1c3wfWFfoN89QiRyQejifp+9NW
e0JpY73WU7VWYQ1gHq3G4wnbgPyv+kegdZq4wJk6EhYE6JaJJOWSQgteOg7rWJTf
35wDr0pNBIzGcuWIrRrnegrawCj0vJjUdk0Ka6m4XFRiludBMZQAgcfH7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC7e5LXeoc27DuqeuPh1VxPXbS3qMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTHQ3a3RkNmh6YnNPNnA2NC1IVlhFOWR0TGVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUag/AwQA
WdUuAwQAWdVEMA0GCSqGSIb3DQEBCwUAA4IBAQBcJ/o/tNFiuvKHHj4PYzjl3P1O
yOmqN80n0hgOpFdAKzl4eTQQZ56CpT1tLw3p61mgwcPwgsNtayBEJco3uhgin5Fz
wARjbbNfPgFZ2Q6mPE8voC89gQeI3khhxiZOxQUqhbrZ/WQX4N2vOWY6U1Df3Q3e
RyB4d8ia4gVSRNiizyohZNqW2YBopiEdBzmiO6Q1SIczKRrzezgEiwaP5xsH1kCF
ZzwgKu+xfN+LYjsmuHxjZfiFxf4OcvT9GX61AHncYJYcbdsWH8eQOQDtAOEPvtUY
2bsKJeHndkazx6hiabRJ7kilAQuS18PFnbl9ZVHQzPMsYEK0CRaChBIRwfAQ
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:21:52 2026 by rpki-client