Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NOwcD_lTr2yz_0qUCIiyCdzOWzs.roa
File:                     NOwcD_lTr2yz_0qUCIiyCdzOWzs.roa (raw, json)
Hash identifier:          XCJ2WBm9v1+zTuxh/KaOcUgkGJrFl0AWMZl1cZWH2Yo=
Subject key identifier:   34:EC:1C:0F:F9:53:AF:6C:B3:FF:4A:94:08:88:B2:09:DC:CE:5B:3B
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368DD807F943CFEEEBF062FCB27A669
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NOwcD_lTr2yz_0qUCIiyCdzOWzs.roa
Signing time:             Thu 02 Jul 2026 15:18:22 +0000
ROA not before:           Thu 02 Jul 2026 15:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199058
IP address blocks:        213.218.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:dd:80:7f:94:3c:fe:ee:bf:06:2f:cb:27:a6:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34ec1c0ff953af6cb3ff4a940888b209dcce5b3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:55:a0:ff:61:91:eb:24:8b:02:78:0e:ed:77:
                    e8:b4:d1:34:a6:d3:ea:e1:a0:9c:34:1c:6f:97:c9:
                    98:fd:ae:00:17:75:e6:d9:6f:50:71:08:30:0b:b1:
                    24:9d:f6:b8:da:89:46:03:36:87:75:55:f2:7a:cc:
                    0f:29:24:81:6f:81:8a:58:c4:0f:32:6f:3c:88:7d:
                    e5:ba:0e:60:f7:ea:dd:d3:e1:34:0a:c0:24:0a:28:
                    20:70:19:6e:b0:d6:43:ce:69:de:29:c1:ae:46:a1:
                    8e:27:c2:2d:a6:b9:43:6c:42:18:31:3b:99:cb:e2:
                    fe:87:a5:af:cf:e5:70:92:63:d7:aa:55:b0:0f:11:
                    a9:12:f4:e0:7c:c5:9e:d8:e4:d1:5a:87:14:9c:40:
                    7b:88:b1:e3:d5:78:a7:ec:e7:f4:e5:14:3b:98:12:
                    02:1f:f0:a1:f4:4a:9d:e6:ec:b2:f9:94:67:67:92:
                    07:37:45:d7:37:73:61:45:fc:32:bf:23:a5:88:db:
                    7f:e6:ff:22:46:7e:11:f8:0e:f4:c7:be:c1:d4:94:
                    e0:7d:a2:3a:5f:7e:3b:be:b2:b9:b1:f8:2d:db:fd:
                    ff:e3:8a:ba:dc:04:32:c1:5e:4d:37:96:8a:7b:59:
                    bc:36:c6:f1:b5:20:86:c4:3e:ea:f2:25:45:31:ef:
                    37:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:EC:1C:0F:F9:53:AF:6C:B3:FF:4A:94:08:88:B2:09:DC:CE:5B:3B
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NOwcD_lTr2yz_0qUCIiyCdzOWzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:fc:c6:55:62:e1:ae:a0:fe:d5:d9:94:ac:fe:3b:aa:f0:a3:
         26:02:d8:15:4d:17:71:d9:c0:e7:7f:d1:77:30:48:d9:cf:22:
         4d:97:e1:8f:6a:0a:06:6a:12:76:8f:e3:d9:21:c3:47:15:be:
         2a:4f:7d:39:d3:78:d5:01:b2:10:0d:ae:5e:ed:68:ee:f9:10:
         8c:49:7d:31:ef:1e:73:b6:df:60:8f:75:ec:2e:14:a1:e1:5c:
         89:c9:ef:96:13:66:3b:63:7e:6f:c6:5d:e9:70:5d:19:df:4f:
         5a:4e:81:3f:3b:5b:85:c8:c2:78:97:65:66:10:46:5f:a9:00:
         2f:a7:88:2c:71:68:52:3d:1f:74:5e:38:b5:a5:f5:f0:05:ba:
         67:30:a7:5f:57:6a:e8:c8:dd:68:67:a3:d2:0f:9f:a3:b1:fa:
         54:ea:bc:d5:48:66:0c:38:f8:1b:02:16:18:7a:9f:07:40:60:
         37:97:90:3e:09:bf:d8:7c:3e:f4:ad:61:67:d0:48:76:95:74:
         87:b0:32:0e:2b:fd:23:37:ce:fa:8d:ac:a3:10:08:00:57:4e:
         19:cb:61:3a:9a:0b:09:78:2f:01:ea:bc:3d:56:75:2c:0c:a2:
         13:7f:f1:59:e4:23:a6:e1:e1:f5:6c:b7:e7:30:e1:68:19:d5:
         4e:61:32:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaN2Af5Q8/u6/Bi/LJ6ZpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGVjMWMwZmY5NTNhZjZjYjNmZjRhOTQwODg4YjIwOWRjY2U1YjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVWg/2GR6ySLAngO7XfotNE0ptPq
4aCcNBxvl8mY/a4AF3Xm2W9QcQgwC7Eknfa42olGAzaHdVXyeswPKSSBb4GKWMQP
Mm88iH3lug5g9+rd0+E0CsAkCiggcBlusNZDzmneKcGuRqGOJ8ItprlDbEIYMTuZ
y+L+h6Wvz+VwkmPXqlWwDxGpEvTgfMWe2OTRWocUnEB7iLHj1Xin7Of05RQ7mBIC
H/Ch9Eqd5uyy+ZRnZ5IHN0XXN3NhRfwyvyOliNt/5v8iRn4R+A70x77B1JTgfaI6
X347vrK5sfgt2/3/44q63AQywV5NN5aKe1m8NsbxtSCGxD7q8iVFMe83hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTsHA/5U69ss/9KlAiIsgnczls7MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTk93Y0RfbFRyMnl6XzBxVUNJaXlDZHpPV3pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1drUMA0G
CSqGSIb3DQEBCwUAA4IBAQA6/MZVYuGuoP7V2ZSs/juq8KMmAtgVTRdx2cDnf9F3
MEjZzyJNl+GPagoGahJ2j+PZIcNHFb4qT30503jVAbIQDa5e7Wju+RCMSX0x7x5z
tt9gj3XsLhSh4VyJye+WE2Y7Y35vxl3pcF0Z309aToE/O1uFyMJ4l2VmEEZfqQAv
p4gscWhSPR90Xji1pfXwBbpnMKdfV2royN1oZ6PSD5+jsfpU6rzVSGYMOPgbAhYY
ep8HQGA3l5A+Cb/YfD70rWFn0Eh2lXSHsDIOK/0jN876jayjEAgAV04Zy2E6mgsJ
eC8B6rw9VnUsDKITf/FZ5COm4eH1bLfnMOFoGdVOYTLP
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:20:06 2026 by rpki-client