Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SarP5MAytUJZOjo2HSqC-ikIOV4.roa
File:                     SarP5MAytUJZOjo2HSqC-ikIOV4.roa (raw, json)
Hash identifier:          nP+m9K+0F1BEwv5fGXVzuYMYvcRL8Egpm9c7NGwPkm4=
Subject key identifier:   49:AA:CF:E4:C0:32:B5:42:59:3A:3A:36:1D:2A:82:FA:29:08:39:5E
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368B027284AE630A66438FDF07D4087
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SarP5MAytUJZOjo2HSqC-ikIOV4.roa
Signing time:             Thu 02 Jul 2026 15:18:11 +0000
ROA not before:           Thu 02 Jul 2026 15:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16125
IP address blocks:        89.213.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:b0:27:28:4a:e6:30:a6:64:38:fd:f0:7d:40:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=49aacfe4c032b542593a3a361d2a82fa2908395e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c5:cd:2e:27:9e:ba:41:7a:44:b0:6a:6e:7c:
                    5b:e0:1f:f4:ee:08:c7:4a:8e:9b:91:63:bb:1b:59:
                    85:b3:8f:0f:a7:27:66:fe:d0:c4:a1:3d:3b:6f:9c:
                    d4:6b:0c:e2:c6:51:17:e6:82:42:a2:c4:67:3d:03:
                    7b:5e:eb:16:df:3a:1f:59:9a:12:78:52:d2:a3:e6:
                    a3:f3:ee:56:47:e1:27:66:74:0b:97:93:c7:d2:07:
                    4b:ea:3e:d5:51:68:cd:1e:9f:63:12:29:36:27:68:
                    a8:9d:08:d7:b1:70:aa:db:ed:c3:53:35:c4:f1:0d:
                    9c:dc:92:92:4e:27:d8:2b:07:01:e7:eb:36:76:31:
                    c2:2d:86:20:c1:7e:b0:82:b0:b3:d2:14:2c:c5:d1:
                    26:b9:c0:c8:3f:83:80:63:1c:e0:d6:a0:e3:03:0a:
                    0e:90:f0:72:eb:57:da:ee:08:d7:31:3c:09:e1:75:
                    4d:e6:7c:4f:12:df:8f:36:e6:1b:9d:60:c9:d7:8c:
                    1a:93:5b:5a:e0:73:9e:23:70:5c:6f:05:82:02:ba:
                    30:44:c9:5e:4d:e3:88:13:e2:8b:bd:77:76:d8:b2:
                    c1:a8:df:96:40:4a:43:e4:6a:d2:b2:2e:77:f0:0d:
                    22:61:9a:15:0b:42:72:c5:47:53:d9:63:bf:2a:bf:
                    88:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:AA:CF:E4:C0:32:B5:42:59:3A:3A:36:1D:2A:82:FA:29:08:39:5E
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SarP5MAytUJZOjo2HSqC-ikIOV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:91:4b:6b:bb:0b:cb:ab:da:ac:ed:83:9d:d5:57:d7:c7:fb:
         7b:8d:32:2e:16:ac:b0:89:f1:73:a6:2d:0c:7d:c5:a4:fb:ae:
         dc:e6:c8:40:1a:ff:63:94:6b:66:9a:4c:5d:25:39:f5:74:0d:
         db:e7:fb:87:71:50:ec:b3:fb:e0:fa:7e:65:95:f1:68:f1:d6:
         ce:3c:57:c5:ec:96:05:26:34:33:f7:ac:67:b1:cf:cc:06:d6:
         eb:6e:1c:09:f8:13:35:ea:8c:ad:d6:07:b5:ba:64:09:d9:7c:
         b3:02:bd:7f:9f:a1:a2:d2:cf:99:71:dd:bc:d2:67:ac:08:5e:
         b4:2a:55:37:27:b5:8d:0e:9d:2d:62:ab:53:50:ac:f7:a8:3e:
         44:66:9f:2a:1a:f9:e7:58:ce:57:a8:76:ae:5b:97:2b:6e:40:
         04:71:ca:e3:fb:c4:47:06:ea:89:5e:26:bb:ec:4f:ce:2b:ea:
         11:ba:6b:b5:c9:c2:db:b6:23:2a:14:24:13:0b:ac:6e:cb:15:
         bb:d6:a3:b7:98:ae:b0:cf:a4:dc:33:a4:01:b4:b3:0d:b3:39:
         cd:71:7e:60:7d:b1:c3:1a:0a:47:62:b3:a2:80:2c:bd:df:e3:
         4c:1e:55:de:20:5f:d7:90:18:4b:0e:be:13:0a:91:9e:ef:86:
         16:5c:83:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaLAnKErmMKZkOP3wfUCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWFhY2ZlNGMwMzJiNTQyNTkzYTNhMzYxZDJhODJmYTI5MDgzOTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysXNLieeukF6RLBqbnxb4B/07gjH
So6bkWO7G1mFs48Ppydm/tDEoT07b5zUawzixlEX5oJCosRnPQN7XusW3zofWZoS
eFLSo+aj8+5WR+EnZnQLl5PH0gdL6j7VUWjNHp9jEik2J2ionQjXsXCq2+3DUzXE
8Q2c3JKSTifYKwcB5+s2djHCLYYgwX6wgrCz0hQsxdEmucDIP4OAYxzg1qDjAwoO
kPBy61fa7gjXMTwJ4XVN5nxPEt+PNuYbnWDJ14wak1ta4HOeI3BcbwWCArowRMle
TeOIE+KLvXd22LLBqN+WQEpD5GrSsi538A0iYZoVC0JyxUdT2WO/Kr+ILQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmqz+TAMrVCWTo6Nh0qgvopCDleMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvU2FyUDVNQXl0VUpaT2pvMkhTcUMtaWtJT1Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWdX+MA0G
CSqGSIb3DQEBCwUAA4IBAQBckUtruwvLq9qs7YOd1VfXx/t7jTIuFqywifFzpi0M
fcWk+67c5shAGv9jlGtmmkxdJTn1dA3b5/uHcVDss/vg+n5llfFo8dbOPFfF7JYF
JjQz96xnsc/MBtbrbhwJ+BM16oyt1ge1umQJ2XyzAr1/n6Gi0s+Zcd280mesCF60
KlU3J7WNDp0tYqtTUKz3qD5EZp8qGvnnWM5XqHauW5crbkAEccrj+8RHBuqJXia7
7E/OK+oRumu1ycLbtiMqFCQTC6xuyxW71qO3mK6wz6TcM6QBtLMNsznNcX5gfbHD
GgpHYrOigCy93+NMHlXeIF/XkBhLDr4TCpGe74YWXIPv
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:28 2026 by rpki-client