Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QQgln8kkNDxJwUsDVHeK5hcD2HY.roa
File:                     QQgln8kkNDxJwUsDVHeK5hcD2HY.roa (raw, json)
Hash identifier:          Nnaf6sJ+OOSsxN19BKyRWenLFZh97RiJXF28pPF1kYw=
Subject key identifier:   41:08:25:9F:C9:24:34:3C:49:C1:4B:03:54:77:8A:E6:17:03:D8:76
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368A84C9C25A9A09C94879713BA6DB9
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QQgln8kkNDxJwUsDVHeK5hcD2HY.roa
Signing time:             Thu 02 Jul 2026 15:18:09 +0000
ROA not before:           Thu 02 Jul 2026 15:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        82.152.52.0/23 maxlen: 24
                          82.152.89.0/24 maxlen: 24
                          82.153.44.0/24 maxlen: 24
                          82.153.46.0/24 maxlen: 24
                          109.176.75.0/24 maxlen: 24
                          213.130.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:a8:4c:9c:25:a9:a0:9c:94:87:97:13:ba:6d:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4108259fc924343c49c14b0354778ae61703d876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3f:57:b7:15:3d:7e:b3:c1:8c:6e:e3:ed:9e:
                    31:3a:ad:ca:fc:41:3c:89:a6:f1:b5:7b:14:bf:e7:
                    55:56:e4:58:46:af:67:05:88:0d:b7:2c:a2:83:74:
                    a3:fc:3c:e5:69:6d:6c:66:9d:e8:c0:3c:f5:ce:f9:
                    42:a2:70:3d:1b:d2:48:dc:f8:26:5d:8d:71:ee:5a:
                    a0:c0:f7:37:b5:d5:36:ee:e4:8a:6b:f5:bb:3f:1f:
                    6a:b1:69:b1:c4:8d:59:ed:ae:b0:0b:36:9e:b0:6c:
                    48:5b:7e:6a:88:ca:a3:f4:85:5f:ba:2c:e6:1d:a7:
                    9b:30:f1:35:59:c9:55:a5:48:66:f7:0a:87:22:52:
                    a5:5b:35:91:05:6c:9a:2a:42:75:b2:ad:02:21:fa:
                    c1:e6:96:a7:6a:8d:f7:79:80:80:c6:15:1a:6d:30:
                    3f:bf:8d:02:3b:4d:3e:d9:fd:ea:0c:ae:38:d5:41:
                    f1:e2:72:91:38:ce:53:fc:d2:e9:4e:25:48:82:34:
                    da:d2:41:a2:82:33:26:3f:e7:17:5c:3d:db:15:c6:
                    21:56:24:3e:79:a5:86:99:70:e5:11:b1:2d:de:ae:
                    03:c4:40:20:97:9c:32:3c:d3:c2:d3:dd:77:11:bb:
                    03:8c:6c:2e:49:9b:ca:d1:49:2d:ea:ac:7c:49:6c:
                    98:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:08:25:9F:C9:24:34:3C:49:C1:4B:03:54:77:8A:E6:17:03:D8:76
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QQgln8kkNDxJwUsDVHeK5hcD2HY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.52.0/23
                  82.152.89.0/24
                  82.153.44.0/24
                  82.153.46.0/24
                  109.176.75.0/24
                  213.130.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:37:59:8e:31:bb:7d:7c:cb:b4:16:c4:58:17:7e:b9:f8:b8:
         ec:4b:d1:62:b5:bf:fc:3f:ba:a3:66:33:af:95:fe:ae:0a:fb:
         8d:3c:ab:f8:23:8c:9d:f9:4d:44:43:3c:c8:ba:f5:fb:dd:f0:
         d7:29:d8:37:8a:3a:27:96:c2:19:8d:b9:60:8f:5d:70:76:cd:
         89:0f:62:85:a7:f5:85:d7:58:e6:c6:8b:e6:5d:47:32:00:6b:
         1e:e9:31:33:2c:14:a1:5c:1e:67:0d:37:1f:65:02:ce:24:1f:
         4b:f7:97:71:1b:4f:26:25:42:d0:40:79:28:8e:b8:21:19:72:
         4a:c2:f7:c8:2b:ab:19:0d:26:7b:16:b3:85:a2:05:18:91:13:
         82:22:5c:be:d4:92:ca:ff:e5:b4:30:98:9b:e0:fd:ce:ed:48:
         c7:5f:58:0d:ac:2f:e4:00:14:b4:87:40:6e:72:ac:1f:75:e5:
         1e:7c:d3:ff:55:97:cb:86:ec:b9:70:ab:97:cb:06:7c:ff:a7:
         2d:10:a7:93:16:d9:4f:6c:ad:8b:e5:a9:6e:bb:0c:e2:d4:99:
         b6:ea:f2:79:42:7a:6e:c5:be:f2:de:99:2f:78:24:e2:3c:09:
         5c:32:7a:86:11:d2:8f:5b:0b:98:51:c8:c8:76:b3:09:a1:80:
         1f:d7:4f:86
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ8jaKhMnCWpoJyUh5cTum25MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTA4MjU5ZmM5MjQzNDNjNDljMTRiMDM1NDc3OGFlNjE3MDNkODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArj9XtxU9frPBjG7j7Z4xOq3K/EE8
iabxtXsUv+dVVuRYRq9nBYgNtyyig3Sj/DzlaW1sZp3owDz1zvlConA9G9JI3Pgm
XY1x7lqgwPc3tdU27uSKa/W7Px9qsWmxxI1Z7a6wCzaesGxIW35qiMqj9IVfuizm
HaebMPE1WclVpUhm9wqHIlKlWzWRBWyaKkJ1sq0CIfrB5panao33eYCAxhUabTA/
v40CO00+2f3qDK441UHx4nKROM5T/NLpTiVIgjTa0kGigjMmP+cXXD3bFcYhViQ+
eaWGmXDlEbEt3q4DxEAgl5wyPNPC0913EbsDjGwuSZvK0Ukt6qx8SWyY+wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFEEIJZ/JJDQ8ScFLA1R3iuYXA9h2MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUVFnbG44a2tORHhKd1VzRFZIZUs1aGNEMkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBUpg0AwQA
UphZAwQAUpksAwQAUpkuAwQAbbBLAwQA1YKWMA0GCSqGSIb3DQEBCwUAA4IBAQAC
N1mOMbt9fMu0FsRYF365+LjsS9Fitb/8P7qjZjOvlf6uCvuNPKv4I4yd+U1EQzzI
uvX73fDXKdg3ijonlsIZjblgj11wds2JD2KFp/WF11jmxovmXUcyAGse6TEzLBSh
XB5nDTcfZQLOJB9L95dxG08mJULQQHkojrghGXJKwvfIK6sZDSZ7FrOFogUYkROC
Ily+1JLK/+W0MJib4P3O7UjHX1gNrC/kABS0h0BucqwfdeUefNP/VZfLhuy5cKuX
ywZ8/6ctEKeTFtlPbK2L5aluuwzi1Jm26vJ5Qnpuxb7y3pkveCTiPAlcMnqGEdKP
WwuYUcjIdrMJoYAf10+G
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:22:22 2026 by rpki-client