Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TCe1SrWZcHPvnqZYN86N6h-MzPY.roa
File:                     TCe1SrWZcHPvnqZYN86N6h-MzPY.roa (raw, json)
Hash identifier:          /qfwEGNYoPD+DWmbMiCuodK8Z/x4ONeREntDUSQ/ZC8=
Subject key identifier:   4C:27:B5:4A:B5:99:70:73:EF:9E:A6:58:37:CE:8D:EA:1F:8C:CC:F6
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2369108DF43A00CD40B29CF55400A370
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TCe1SrWZcHPvnqZYN86N6h-MzPY.roa
Signing time:             Thu 02 Jul 2026 15:18:35 +0000
ROA not before:           Thu 02 Jul 2026 15:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215703
IP address blocks:        109.176.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:10:8d:f4:3a:00:cd:40:b2:9c:f5:54:00:a3:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c27b54ab5997073ef9ea65837ce8dea1f8cccf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:55:b7:86:1d:44:b5:f6:5e:77:6b:d1:4a:35:
                    44:fb:d8:d6:8b:d2:81:37:33:d1:31:7f:e5:84:82:
                    b8:ce:05:55:1b:e7:7f:70:46:f7:cd:b3:68:ce:a6:
                    81:e3:5c:b6:0d:7b:e1:8d:85:7d:46:7e:fb:9e:34:
                    93:aa:89:95:77:dc:96:86:b5:0a:04:62:fc:fa:a1:
                    3b:e3:ad:cf:55:45:4d:43:0f:17:6b:35:3c:98:2f:
                    6b:cc:12:be:6e:40:41:37:92:31:99:c7:7f:a3:6e:
                    ad:7e:ed:5c:78:1e:bb:19:a4:5f:48:ca:c1:32:cb:
                    79:8c:54:27:df:2b:91:a9:a0:06:3f:c4:09:a5:19:
                    b3:e5:3b:f6:f8:c5:9e:d0:08:33:ba:54:32:84:ee:
                    e8:cf:7e:13:95:0f:2a:a3:de:80:21:84:ca:26:82:
                    54:98:2c:df:9c:ff:d7:b4:5c:21:b8:46:8b:a4:c8:
                    5c:d2:46:18:ff:61:00:62:8c:35:76:3e:92:48:54:
                    64:37:66:53:27:c1:31:94:19:7b:95:92:73:61:3e:
                    eb:00:81:d5:77:15:07:60:42:5d:01:1d:2b:1c:9e:
                    5b:b2:86:82:8e:49:d8:39:d4:85:75:0b:0a:cd:3f:
                    81:4b:d9:28:49:81:c9:65:6d:15:a9:d5:78:2c:38:
                    c1:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:27:B5:4A:B5:99:70:73:EF:9E:A6:58:37:CE:8D:EA:1F:8C:CC:F6
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TCe1SrWZcHPvnqZYN86N6h-MzPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:a5:27:c1:cc:d1:20:13:c7:d9:bf:9d:14:c2:41:62:78:39:
         3d:2c:dd:d6:8c:f3:35:36:3b:a0:d2:e0:20:a9:bf:52:02:b6:
         f0:af:9b:8e:b3:6f:06:6d:52:d2:66:91:69:61:70:33:1b:e0:
         47:b5:fd:ea:01:7f:26:ee:7c:ce:8f:b0:62:21:b1:8c:1a:b2:
         12:fa:73:44:0d:66:15:a3:49:06:f7:90:6e:af:81:8c:33:be:
         4c:ed:69:42:cc:b2:a5:19:64:e7:1d:6b:c0:0a:df:36:58:f7:
         20:70:12:72:47:c2:a2:76:cc:38:ce:ab:bb:dc:fc:08:2e:3d:
         81:ec:64:fe:9e:a2:6b:ea:fc:50:c6:6a:3f:2a:e8:ce:26:dd:
         0e:7e:d2:d5:87:12:9a:47:56:50:78:5a:ef:9d:35:c3:94:6e:
         d8:6f:1c:c4:5e:ac:a9:57:bf:43:ad:29:73:52:87:cc:63:2b:
         09:ff:66:f6:d2:a4:13:8e:ed:85:3f:92:fb:17:72:cb:28:56:
         0c:52:78:92:e6:0e:3f:ad:90:01:2e:ad:a2:ea:68:f1:1a:b0:
         23:61:f2:c2:59:3f:cd:72:05:3d:07:47:a1:5c:7a:86:98:0c:
         f5:d6:f7:e8:98:ef:b0:19:f2:ae:78:c3:b2:57:be:df:36:be:
         54:4b:51:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaRCN9DoAzUCynPVUAKNwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzI3YjU0YWI1OTk3MDczZWY5ZWE2NTgzN2NlOGRlYTFmOGNjY2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1W3hh1EtfZed2vRSjVE+9jWi9KB
NzPRMX/lhIK4zgVVG+d/cEb3zbNozqaB41y2DXvhjYV9Rn77njSTqomVd9yWhrUK
BGL8+qE7463PVUVNQw8XazU8mC9rzBK+bkBBN5Ixmcd/o26tfu1ceB67GaRfSMrB
Mst5jFQn3yuRqaAGP8QJpRmz5Tv2+MWe0AgzulQyhO7oz34TlQ8qo96AIYTKJoJU
mCzfnP/XtFwhuEaLpMhc0kYY/2EAYow1dj6SSFRkN2ZTJ8ExlBl7lZJzYT7rAIHV
dxUHYEJdAR0rHJ5bsoaCjknYOdSFdQsKzT+BS9koSYHJZW0VqdV4LDjBIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwntUq1mXBz756mWDfOjeofjMz2MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVENlMVNyV1pjSFB2bnFaWU44Nk42aC1NelBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDlMA0G
CSqGSIb3DQEBCwUAA4IBAQBTpSfBzNEgE8fZv50UwkFieDk9LN3WjPM1Njug0uAg
qb9SArbwr5uOs28GbVLSZpFpYXAzG+BHtf3qAX8m7nzOj7BiIbGMGrIS+nNEDWYV
o0kG95Bur4GMM75M7WlCzLKlGWTnHWvACt82WPcgcBJyR8Kidsw4zqu73PwILj2B
7GT+nqJr6vxQxmo/KujOJt0OftLVhxKaR1ZQeFrvnTXDlG7YbxzEXqypV79DrSlz
UofMYysJ/2b20qQTju2FP5L7F3LLKFYMUniS5g4/rZABLq2i6mjxGrAjYfLCWT/N
cgU9B0ehXHqGmAz11vfomO+wGfKueMOyV77fNr5US1HR
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:27 2026 by rpki-client