Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NQ40bMibwT0a11IYc0uLWXxFaxs.roa
File:                     NQ40bMibwT0a11IYc0uLWXxFaxs.roa (raw, json)
Hash identifier:          ytcccO5HeK+wHfAn0WM607U+GFVVLqLnhP131aH+3hM=
Subject key identifier:   35:0E:34:6C:C8:9B:C1:3D:1A:D7:52:18:73:4B:8B:59:7C:45:6B:1B
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368C694AA6B5BA232DBABA0E4796B6C
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NQ40bMibwT0a11IYc0uLWXxFaxs.roa
Signing time:             Thu 02 Jul 2026 15:18:16 +0000
ROA not before:           Thu 02 Jul 2026 15:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        82.153.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:c6:94:aa:6b:5b:a2:32:db:ab:a0:e4:79:6b:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=350e346cc89bc13d1ad75218734b8b597c456b1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:15:f0:6c:79:c5:5e:ae:a9:55:67:3a:fd:90:
                    9c:9e:eb:00:59:9e:1c:fb:99:f6:49:fe:a8:db:ef:
                    b5:cd:a7:1c:a4:49:43:2b:94:45:98:cc:eb:b3:69:
                    eb:f1:70:22:81:6e:3f:5a:78:3c:df:5b:57:d9:74:
                    71:b1:98:d8:00:8f:40:48:eb:b0:b0:74:3d:02:4a:
                    a5:f8:9b:37:c8:e6:f3:1f:bb:bb:df:15:de:f8:73:
                    68:5a:b5:cb:a6:51:49:11:9c:63:3b:d3:11:13:89:
                    b4:4f:e6:b1:ce:76:10:c6:e7:b6:bc:cb:ea:c3:a8:
                    9d:e8:25:ec:da:84:a6:c9:d7:9b:3f:e0:f9:c8:79:
                    94:05:ca:5b:4e:b2:10:43:3e:0e:b2:c3:a4:9c:aa:
                    11:b1:8d:8e:51:de:dc:15:97:b6:a9:a2:8e:6d:41:
                    99:f6:34:32:7a:40:70:c8:bb:b1:de:52:04:43:72:
                    b4:08:7f:61:cb:11:07:74:c6:02:91:40:7f:69:f2:
                    15:75:7f:c9:30:04:ef:47:d8:3f:cd:b9:38:52:b4:
                    5b:8d:14:da:81:18:36:9e:61:36:22:41:19:b5:5d:
                    7b:d3:aa:71:cd:4f:9e:1b:a7:7c:5c:c2:fe:47:f7:
                    e6:5d:d4:3d:40:80:4f:44:87:5d:c8:86:04:2d:ea:
                    0e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:0E:34:6C:C8:9B:C1:3D:1A:D7:52:18:73:4B:8B:59:7C:45:6B:1B
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NQ40bMibwT0a11IYc0uLWXxFaxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:33:9f:91:2c:1c:c0:7f:85:74:f0:04:8d:43:c7:c4:6e:59:
         0b:ee:ff:67:af:e4:8d:88:ca:d2:5c:d0:d3:4b:2a:d7:fc:b9:
         d5:85:fc:a7:9c:56:0f:15:c5:9a:c1:f1:57:a9:7f:02:09:e1:
         91:aa:cc:fd:99:96:b9:07:68:ab:43:1b:7f:80:7a:8c:f1:94:
         55:f2:19:0f:21:7c:d1:b2:8a:e8:db:12:76:72:98:29:07:fa:
         8b:06:9e:8f:4d:2f:c4:f5:c7:3b:cf:71:10:55:67:6d:3e:81:
         d6:e1:89:f4:57:d9:56:3c:3f:1b:4f:4d:61:c2:4d:14:c0:98:
         87:41:1c:3a:44:67:f5:3b:1f:97:ef:54:4a:7e:bb:e0:21:fc:
         17:08:a1:32:12:e7:7b:16:0f:c6:c1:6e:a3:15:34:2f:98:dc:
         2c:fa:e6:48:be:10:cc:af:24:a3:4f:68:6a:eb:d3:fa:5f:85:
         67:6f:11:01:88:44:d2:f3:86:03:f1:fd:8e:0d:21:1e:62:d7:
         3b:0f:29:8f:5d:26:28:45:b7:44:ca:a3:55:dc:59:e4:75:e1:
         91:4e:b0:fa:f9:4a:d2:82:2f:4a:64:f2:f2:f3:a1:18:ef:1f:
         f0:af:4d:82:f2:84:3d:a7:94:67:92:ce:5a:49:59:12:a5:a5:
         a6:e0:13:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaMaUqmtbojLbq6DkeWtsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTBlMzQ2Y2M4OWJjMTNkMWFkNzUyMTg3MzRiOGI1OTdjNDU2YjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRXwbHnFXq6pVWc6/ZCcnusAWZ4c
+5n2Sf6o2++1zaccpElDK5RFmMzrs2nr8XAigW4/Wng831tX2XRxsZjYAI9ASOuw
sHQ9Akql+Js3yObzH7u73xXe+HNoWrXLplFJEZxjO9MRE4m0T+axznYQxue2vMvq
w6id6CXs2oSmydebP+D5yHmUBcpbTrIQQz4OssOknKoRsY2OUd7cFZe2qaKObUGZ
9jQyekBwyLux3lIEQ3K0CH9hyxEHdMYCkUB/afIVdX/JMATvR9g/zbk4UrRbjRTa
gRg2nmE2IkEZtV1706pxzU+eG6d8XML+R/fmXdQ9QIBPRIddyIYELeoO3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUONGzIm8E9GtdSGHNLi1l8RWsbMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTlE0MGJNaWJ3VDBhMTFJWWMwdUxXWHhGYXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnYMA0G
CSqGSIb3DQEBCwUAA4IBAQBsM5+RLBzAf4V08ASNQ8fEblkL7v9nr+SNiMrSXNDT
SyrX/LnVhfynnFYPFcWawfFXqX8CCeGRqsz9mZa5B2irQxt/gHqM8ZRV8hkPIXzR
soro2xJ2cpgpB/qLBp6PTS/E9cc7z3EQVWdtPoHW4Yn0V9lWPD8bT01hwk0UwJiH
QRw6RGf1Ox+X71RKfrvgIfwXCKEyEud7Fg/GwW6jFTQvmNws+uZIvhDMrySjT2hq
69P6X4VnbxEBiETS84YD8f2ODSEeYtc7DymPXSYoRbdEyqNV3FnkdeGRTrD6+UrS
gi9KZPLy86EY7x/wr02C8oQ9p5Rnks5aSVkSpaWm4BNr
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:58 2026 by rpki-client