Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/X8K824HLtp8CG0zSydRqDZ--LLk.roa
File:                     X8K824HLtp8CG0zSydRqDZ--LLk.roa (raw, json)
Hash identifier:          6N+wAfNFNH6se3mmUpAnS7VkaVUZwN90GiqX7EgeQl8=
Subject key identifier:   5F:C2:BC:DB:81:CB:B6:9F:02:1B:4C:D2:C9:D4:6A:0D:9F:BE:2C:B9
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368F9AC985CFBB3C388E7E7B24FB52E
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/X8K824HLtp8CG0zSydRqDZ--LLk.roa
Signing time:             Thu 02 Jul 2026 15:18:30 +0000
ROA not before:           Thu 02 Jul 2026 15:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212609
IP address blocks:        213.218.248.0/24 maxlen: 24
                          213.218.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:f9:ac:98:5c:fb:b3:c3:88:e7:e7:b2:4f:b5:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fc2bcdb81cbb69f021b4cd2c9d46a0d9fbe2cb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:84:56:92:a5:b8:42:4f:53:d0:24:57:29:35:
                    7e:fa:a9:ae:a7:3e:6d:9d:1a:d1:67:94:f1:74:25:
                    04:b4:2f:20:23:44:96:fa:c4:29:70:20:8d:6b:77:
                    4c:7b:b9:8a:40:c9:dd:c3:a2:28:0a:3e:12:08:cd:
                    ed:27:2e:c3:26:b1:42:4a:f5:21:02:1e:1e:90:84:
                    ff:06:e7:52:ab:1b:f0:0e:32:20:0a:d3:22:6e:d7:
                    31:48:49:83:8f:a2:e0:06:bf:13:02:a2:27:9e:d2:
                    f6:98:87:b3:92:47:32:7e:bb:b8:c0:d1:da:69:db:
                    5a:35:0c:99:ac:e7:06:ac:03:3b:d1:25:b9:c4:98:
                    77:85:c9:02:9b:ca:6a:5b:0f:80:a8:e6:03:6a:1a:
                    07:4b:09:28:d8:3f:6f:83:5c:9f:69:bc:bc:46:bf:
                    c6:2d:63:92:6a:64:40:03:ab:c5:6b:3a:72:5b:3d:
                    d3:da:a8:ce:b4:a5:8b:92:3e:b7:b0:d3:52:27:ec:
                    8a:14:07:05:72:59:3a:a0:9f:a4:c7:62:e9:05:86:
                    38:e4:68:80:93:36:8c:6f:3f:05:4a:0e:a1:56:f2:
                    90:70:be:3d:39:62:a1:47:8c:38:c3:38:5b:89:5e:
                    6d:e9:8a:f7:32:24:70:9e:e4:e5:a7:05:9c:f7:7c:
                    e1:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C2:BC:DB:81:CB:B6:9F:02:1B:4C:D2:C9:D4:6A:0D:9F:BE:2C:B9
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/X8K824HLtp8CG0zSydRqDZ--LLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:a4:47:28:09:19:b3:17:d6:bd:1e:e2:92:c9:5b:19:f7:f9:
         29:d1:fe:95:db:ec:6b:da:64:6d:9a:26:6f:bd:53:b1:db:9c:
         db:46:37:0d:89:0e:c1:56:8d:10:34:3c:7e:1d:64:90:d2:f2:
         ae:9e:79:6e:3e:02:a9:f3:f2:eb:15:2b:e0:d2:22:6d:57:35:
         f1:57:32:06:08:b6:43:07:f8:81:e7:a3:a5:3b:4c:a9:64:dd:
         40:76:03:c1:c2:da:0a:20:64:6a:e0:6f:e2:f1:d3:38:f7:b4:
         2e:f1:33:3c:49:b5:f8:97:1d:fa:6c:5a:32:78:38:6f:da:fc:
         93:65:47:5b:c9:58:c1:41:98:61:0b:2f:05:8d:b8:cd:79:8a:
         2c:a4:dd:0c:9e:13:1b:c1:38:88:f4:8a:de:61:a8:26:80:98:
         67:96:41:ad:6a:ad:5a:5d:e5:09:56:d7:c0:38:aa:bc:a1:59:
         98:69:d8:5d:ad:02:ce:41:53:8a:ed:77:55:95:e4:0d:83:a5:
         b5:7e:44:eb:84:f7:e3:d9:47:56:ae:b8:a0:fe:2a:f4:71:78:
         2d:fa:7c:dc:93:1d:56:14:e9:e3:12:22:08:84:ab:76:e9:3c:
         fd:9b:34:97:08:c0:ab:72:82:53:55:8c:1a:42:d6:0c:98:25:
         9a:c5:89:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaPmsmFz7s8OI5+eyT7UuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmMyYmNkYjgxY2JiNjlmMDIxYjRjZDJjOWQ0NmEwZDlmYmUyY2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoRWkqW4Qk9T0CRXKTV++qmupz5t
nRrRZ5TxdCUEtC8gI0SW+sQpcCCNa3dMe7mKQMndw6IoCj4SCM3tJy7DJrFCSvUh
Ah4ekIT/BudSqxvwDjIgCtMibtcxSEmDj6LgBr8TAqInntL2mIezkkcyfru4wNHa
adtaNQyZrOcGrAM70SW5xJh3hckCm8pqWw+AqOYDahoHSwko2D9vg1yfaby8Rr/G
LWOSamRAA6vFazpyWz3T2qjOtKWLkj63sNNSJ+yKFAcFclk6oJ+kx2LpBYY45GiA
kzaMbz8FSg6hVvKQcL49OWKhR4w4wzhbiV5t6Yr3MiRwnuTlpwWc93zh9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/CvNuBy7afAhtM0snUag2fviy5MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWDhLODI0SEx0cDhDRzB6U3lkUnFEWi0tTExrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1dr4MA0G
CSqGSIb3DQEBCwUAA4IBAQBWpEcoCRmzF9a9HuKSyVsZ9/kp0f6V2+xr2mRtmiZv
vVOx25zbRjcNiQ7BVo0QNDx+HWSQ0vKunnluPgKp8/LrFSvg0iJtVzXxVzIGCLZD
B/iB56OlO0ypZN1AdgPBwtoKIGRq4G/i8dM497Qu8TM8SbX4lx36bFoyeDhv2vyT
ZUdbyVjBQZhhCy8FjbjNeYospN0MnhMbwTiI9IreYagmgJhnlkGtaq1aXeUJVtfA
OKq8oVmYadhdrQLOQVOK7XdVleQNg6W1fkTrhPfj2UdWrrig/ir0cXgt+nzckx1W
FOnjEiIIhKt26Tz9mzSXCMCrcoJTVYwaQtYMmCWaxYnl
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:02 2026 by rpki-client