Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NfOcKUQjrrY1X7X7K1CJSZuSdIM.roa
File:                     NfOcKUQjrrY1X7X7K1CJSZuSdIM.roa (raw, json)
Hash identifier:          pRPDxSQ5mkJXNoh9cCoVd+q7e87/CgNwvWchLBtZLGU=
Subject key identifier:   35:F3:9C:29:44:23:AE:B6:35:5F:B5:FB:2B:50:89:49:9B:92:74:83
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F23690398370CFDDC17E7B963AEAC7415
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NfOcKUQjrrY1X7X7K1CJSZuSdIM.roa
Signing time:             Thu 02 Jul 2026 15:18:32 +0000
ROA not before:           Thu 02 Jul 2026 15:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213734
IP address blocks:        82.152.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:03:98:37:0c:fd:dc:17:e7:b9:63:ae:ac:74:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35f39c294423aeb6355fb5fb2b5089499b927483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e7:87:96:ce:2c:ab:a6:41:54:c6:6a:80:ef:
                    99:8b:bc:33:03:ba:a7:4b:96:91:71:3c:98:e2:4b:
                    32:4b:61:84:68:5c:47:2e:d8:c3:fd:6b:e1:04:e7:
                    68:eb:8d:1a:6f:18:a3:b3:59:1e:57:e9:55:aa:31:
                    da:37:45:40:c9:ea:fe:e8:93:a4:b2:2d:4f:18:76:
                    9f:52:60:de:f2:2f:59:a1:c3:52:70:f7:24:ab:5a:
                    02:d1:8c:40:41:e1:6e:bd:74:9a:22:1d:9f:02:64:
                    0e:01:ac:96:47:41:04:41:83:38:c3:b5:e9:46:8b:
                    30:b5:7d:5e:69:32:08:b3:e9:e8:27:23:56:f9:cb:
                    f9:05:d0:34:2f:da:df:f7:28:6e:1c:0f:d2:0f:19:
                    a7:bf:ae:c6:c5:f9:86:09:ed:3c:5c:fb:23:f7:0f:
                    19:41:40:49:0d:6c:93:67:77:73:17:de:ba:80:0f:
                    4e:f1:8b:7c:fd:f8:42:12:d5:30:ce:99:76:39:cd:
                    bf:d3:a7:7b:81:e1:fa:a8:1a:13:49:13:50:83:a7:
                    57:98:f0:54:10:0c:a4:3a:c3:7d:20:a2:51:b9:dc:
                    f5:33:d6:d8:63:93:bc:c5:61:66:98:14:3b:ec:f3:
                    f1:1f:15:aa:25:8b:f4:5a:db:32:26:d8:ee:4e:61:
                    3d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:F3:9C:29:44:23:AE:B6:35:5F:B5:FB:2B:50:89:49:9B:92:74:83
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NfOcKUQjrrY1X7X7K1CJSZuSdIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:e8:92:1d:2a:3a:1d:36:02:2e:c0:a9:a4:15:c3:ef:2c:68:
         e7:3f:b7:2d:51:6b:cb:3e:fa:ef:07:61:8e:c1:72:b6:a8:8d:
         c9:75:fd:72:0e:67:31:c0:88:1e:da:b7:67:6d:ce:24:bd:ed:
         58:49:03:7b:f1:ca:c0:d4:95:c9:c6:31:78:10:b3:f5:c3:76:
         ce:5c:b5:df:80:f9:71:a8:07:a1:94:64:3e:9f:f3:12:55:f5:
         b4:b2:54:45:28:57:ba:8e:d7:14:2f:02:29:f3:93:ac:11:bf:
         f2:b3:4b:a9:43:a9:1c:ff:97:74:d4:75:29:39:35:4b:30:77:
         58:60:14:d8:31:81:c6:de:20:b7:07:9e:e4:c4:72:87:7b:b5:
         19:2c:12:6d:57:b7:df:25:e3:90:3d:8b:4b:de:39:a7:30:ef:
         d5:d0:08:11:eb:c7:ff:02:82:c2:85:56:0c:be:4c:58:d2:4b:
         3e:87:db:2a:2a:0b:54:ab:f8:27:e5:bb:83:53:7b:2c:cc:ab:
         83:fe:ef:5e:41:54:e8:a1:39:05:d5:c9:76:5b:d1:27:61:f9:
         a3:04:1a:c1:2b:c7:3a:9c:71:7b:cd:f4:2f:9a:cb:6e:3b:c4:
         c3:c0:41:bd:1d:81:89:48:da:f9:39:1c:16:2c:88:f5:5c:9e:
         d8:47:e0:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaQOYNwz93BfnuWOurHQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWYzOWMyOTQ0MjNhZWI2MzU1ZmI1ZmIyYjUwODk0OTliOTI3NDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+eHls4sq6ZBVMZqgO+Zi7wzA7qn
S5aRcTyY4ksyS2GEaFxHLtjD/WvhBOdo640abxijs1keV+lVqjHaN0VAyer+6JOk
si1PGHafUmDe8i9ZocNScPckq1oC0YxAQeFuvXSaIh2fAmQOAayWR0EEQYM4w7Xp
RoswtX1eaTIIs+noJyNW+cv5BdA0L9rf9yhuHA/SDxmnv67GxfmGCe08XPsj9w8Z
QUBJDWyTZ3dzF966gA9O8Yt8/fhCEtUwzpl2Oc2/06d7geH6qBoTSRNQg6dXmPBU
EAykOsN9IKJRudz1M9bYY5O8xWFmmBQ77PPxHxWqJYv0WtsyJtjuTmE9hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXznClEI662NV+1+ytQiUmbknSDMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTmZPY0tVUWpyclkxWDdYN0sxQ0pTWnVTZElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpjBMA0G
CSqGSIb3DQEBCwUAA4IBAQAM6JIdKjodNgIuwKmkFcPvLGjnP7ctUWvLPvrvB2GO
wXK2qI3Jdf1yDmcxwIge2rdnbc4kve1YSQN78crA1JXJxjF4ELP1w3bOXLXfgPlx
qAehlGQ+n/MSVfW0slRFKFe6jtcULwIp85OsEb/ys0upQ6kc/5d01HUpOTVLMHdY
YBTYMYHG3iC3B57kxHKHe7UZLBJtV7ffJeOQPYtL3jmnMO/V0AgR68f/AoLChVYM
vkxY0ks+h9sqKgtUq/gn5buDU3sszKuD/u9eQVTooTkF1cl2W9EnYfmjBBrBK8c6
nHF7zfQvmstuO8TDwEG9HYGJSNr5ORwWLIj1XJ7YR+D5
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:32 2026 by rpki-client