Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RBET8AGM3lYUjopx2Pvj1Njr3rA.roa
File:                     RBET8AGM3lYUjopx2Pvj1Njr3rA.roa (raw, json)
Hash identifier:          DgEHw/P1Jxngz3WMgzdWtKzoX49Ntl303PbE9kIuN5k=
Subject key identifier:   44:11:13:F0:01:8C:DE:56:14:8E:8A:71:D8:FB:E3:D4:D8:EB:DE:B0
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F23690F52DD24024DC0710AF1366E1E88
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RBET8AGM3lYUjopx2Pvj1Njr3rA.roa
Signing time:             Thu 02 Jul 2026 15:18:35 +0000
ROA not before:           Thu 02 Jul 2026 15:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215599
IP address blocks:        82.152.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:0f:52:dd:24:02:4d:c0:71:0a:f1:36:6e:1e:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=441113f0018cde56148e8a71d8fbe3d4d8ebdeb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:c2:3f:dd:dd:22:f8:a0:4e:f4:ae:d6:d0:92:
                    b4:85:44:4c:cc:4a:c7:ba:53:c3:ec:de:e2:fb:56:
                    e5:6d:d2:ca:b8:e1:33:05:88:b0:fb:84:96:f0:4d:
                    39:98:f9:cd:49:8e:81:4c:b0:9d:62:5c:67:33:07:
                    a3:3f:17:74:2c:c8:e5:44:47:2c:e6:e3:50:5e:70:
                    6c:30:cd:ca:b5:5f:df:a4:46:5a:3f:c0:68:db:e1:
                    34:38:ef:12:84:9f:72:52:c0:b9:80:56:69:cd:64:
                    f5:06:c4:f4:e4:7f:ca:76:37:00:5b:1c:5f:9c:60:
                    40:e5:e7:e4:77:0b:fe:d6:7e:27:f2:44:d2:2f:ff:
                    c9:f8:13:2b:57:7c:ca:f1:fa:88:22:a0:cb:0d:ed:
                    20:d0:82:73:e7:8c:1f:4f:a7:c5:d1:1d:1c:01:84:
                    b2:92:15:6c:ec:5d:a8:89:ec:f2:90:f3:ad:2b:8a:
                    a3:7c:69:4f:2a:9b:e5:14:87:3d:6b:9d:c2:18:5f:
                    46:03:80:8f:23:5d:35:80:cb:f2:d3:2f:2a:75:b0:
                    1c:c3:3e:45:d7:af:18:9b:e2:74:15:e4:fd:3b:e0:
                    61:d8:10:91:eb:05:7b:8b:5f:80:03:5d:b8:ea:1e:
                    8f:b1:44:9d:6b:4e:29:ef:6a:d8:f0:87:2d:3a:94:
                    01:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:11:13:F0:01:8C:DE:56:14:8E:8A:71:D8:FB:E3:D4:D8:EB:DE:B0
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/RBET8AGM3lYUjopx2Pvj1Njr3rA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:75:a2:23:0c:27:7f:9d:19:42:62:c3:68:93:cf:38:67:d3:
         38:4f:5c:04:bd:90:f7:c4:b4:bf:a2:1c:a1:4b:16:95:14:c7:
         63:82:1e:39:bd:97:23:c9:71:df:e3:98:e2:ae:8d:f7:fd:c7:
         e9:31:48:c9:81:42:d2:5c:8f:7d:ce:d5:63:80:94:62:18:5e:
         eb:1e:2e:6b:07:20:24:35:34:78:33:ff:91:92:c5:87:11:02:
         e4:3d:c4:9a:82:53:1f:d4:1a:38:de:29:af:29:a3:72:4f:25:
         98:9b:c0:60:4e:8d:8f:b6:0f:b2:7f:dc:87:24:06:5a:96:be:
         6f:0c:30:c3:25:a9:96:1c:37:97:7c:0d:43:f5:9e:d7:23:48:
         85:98:2e:60:4e:4f:87:3e:f8:c1:74:3d:2e:2c:e5:4a:a6:67:
         93:c5:f3:fb:4a:cd:53:fe:60:e2:c6:2e:d1:62:13:47:4c:0c:
         ed:5b:37:9f:68:ff:ed:fe:a9:15:29:58:ee:eb:a4:ac:2e:d0:
         0e:ae:1b:e2:85:6e:b7:63:44:25:ca:63:46:7f:78:c8:b2:69:
         10:27:a4:29:2e:4a:9f:73:2e:62:7a:cf:74:bd:0a:d3:bd:0c:
         b2:23:24:da:13:cf:fd:13:03:a1:8e:cb:d5:fe:81:5e:4b:60:
         9c:87:74:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaQ9S3SQCTcBxCvE2bh6IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDExMTNmMDAxOGNkZTU2MTQ4ZThhNzFkOGZiZTNkNGQ4ZWJkZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MI/3d0i+KBO9K7W0JK0hURMzErH
ulPD7N7i+1blbdLKuOEzBYiw+4SW8E05mPnNSY6BTLCdYlxnMwejPxd0LMjlREcs
5uNQXnBsMM3KtV/fpEZaP8Bo2+E0OO8ShJ9yUsC5gFZpzWT1BsT05H/KdjcAWxxf
nGBA5efkdwv+1n4n8kTSL//J+BMrV3zK8fqIIqDLDe0g0IJz54wfT6fF0R0cAYSy
khVs7F2oiezykPOtK4qjfGlPKpvlFIc9a53CGF9GA4CPI101gMvy0y8qdbAcwz5F
168Ym+J0FeT9O+Bh2BCR6wV7i1+AA1246h6PsUSda04p72rY8IctOpQBWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQRE/ABjN5WFI6Kcdj749TY696wMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUkJFVDhBR00zbFlVam9weDJQdmoxTmpyM3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpg2MA0G
CSqGSIb3DQEBCwUAA4IBAQAYdaIjDCd/nRlCYsNok884Z9M4T1wEvZD3xLS/ohyh
SxaVFMdjgh45vZcjyXHf45jiro33/cfpMUjJgULSXI99ztVjgJRiGF7rHi5rByAk
NTR4M/+RksWHEQLkPcSaglMf1Bo43imvKaNyTyWYm8BgTo2Ptg+yf9yHJAZalr5v
DDDDJamWHDeXfA1D9Z7XI0iFmC5gTk+HPvjBdD0uLOVKpmeTxfP7Ss1T/mDixi7R
YhNHTAztWzefaP/t/qkVKVju66SsLtAOrhvihW63Y0QlymNGf3jIsmkQJ6QpLkqf
cy5ies90vQrTvQyyIyTaE8/9EwOhjsvV/oFeS2Cch3S5
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:20:47 2026 by rpki-client