Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xoyxf5ZbockFsd7gsJyL2_S0nII.roa
File:                     Xoyxf5ZbockFsd7gsJyL2_S0nII.roa (raw, json)
Hash identifier:          exlDfIVksvcQhnqGgTOapogvqmSuPmeBXjAPD/UZgqs=
Subject key identifier:   5E:8C:B1:7F:96:5B:A1:C9:05:B1:DE:E0:B0:9C:8B:DB:F4:B4:9C:82
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368CD05E8EA7C911E63E94B3FE21479
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xoyxf5ZbockFsd7gsJyL2_S0nII.roa
Signing time:             Thu 02 Jul 2026 15:18:18 +0000
ROA not before:           Thu 02 Jul 2026 15:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     141738
IP address blocks:        82.163.28.0/24 maxlen: 24
                          82.163.29.0/24 maxlen: 24
                          82.163.30.0/24 maxlen: 24
                          82.163.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:cd:05:e8:ea:7c:91:1e:63:e9:4b:3f:e2:14:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e8cb17f965ba1c905b1dee0b09c8bdbf4b49c82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ea:04:ba:b5:28:f1:85:7b:79:f4:9f:aa:36:
                    44:a0:d8:0d:13:da:3d:c8:42:5f:de:c2:05:f8:af:
                    7c:fe:21:d4:ac:1e:6c:2f:ef:60:19:5e:54:8f:f5:
                    0c:ef:96:1d:f7:f1:ee:1f:f1:33:4f:ba:d4:b6:ec:
                    f6:44:2a:70:f9:d8:f1:3b:3a:42:2d:37:80:57:9e:
                    45:52:c0:52:49:b5:9d:a3:13:0d:22:b8:99:e3:27:
                    20:45:bd:a4:61:f2:66:4d:26:ea:39:e0:d7:7c:86:
                    9c:e4:c9:17:5a:fa:b7:2f:bc:52:ba:7d:eb:4d:6e:
                    ba:76:ce:f8:03:50:d9:df:12:a7:8c:2b:6b:5e:7f:
                    f8:47:f8:f9:7d:47:19:b9:4f:f0:ae:00:79:86:56:
                    e6:79:d7:cb:7b:84:75:29:89:e5:65:e1:e0:bf:66:
                    48:f8:e5:8b:1f:cf:22:3e:f3:3b:60:a6:5c:c7:80:
                    53:34:8e:e2:c2:a5:de:c0:40:b7:20:a3:96:2b:e1:
                    9d:00:b0:6a:b6:b1:b2:18:86:b7:3e:35:68:33:28:
                    54:3e:d2:ea:32:39:81:48:77:8f:8d:8a:9d:49:b2:
                    38:c1:fd:a5:78:ed:a6:bd:2b:70:ea:ea:ea:b6:f6:
                    26:14:47:52:c2:39:1f:fd:3b:c3:32:b8:26:3f:2e:
                    29:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:8C:B1:7F:96:5B:A1:C9:05:B1:DE:E0:B0:9C:8B:DB:F4:B4:9C:82
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xoyxf5ZbockFsd7gsJyL2_S0nII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:fe:ad:20:3b:87:75:38:04:c7:a7:04:55:2e:c5:4a:53:db:
         2a:5b:f9:32:73:3d:4b:2d:cd:bf:9e:a6:6f:c3:c3:39:cd:0c:
         3a:0c:ba:12:1c:05:aa:22:08:e2:65:c3:99:68:03:96:74:2e:
         f9:d2:fe:2d:bc:65:78:86:4e:3b:4c:76:af:2e:4a:8a:28:dc:
         46:49:f7:00:5b:66:81:4a:ff:3b:e5:a9:e8:17:a2:1c:db:68:
         80:cd:36:87:52:8e:fb:24:be:7e:70:be:20:bf:bb:13:68:21:
         ba:95:6a:da:00:08:9f:62:ec:6e:c1:25:81:8a:57:26:a6:fc:
         a4:ff:ec:79:ce:b4:0e:51:02:28:89:9c:f8:80:ba:27:cd:54:
         dc:c9:d9:83:0b:82:64:1c:e7:f6:03:1d:af:1a:86:7a:01:fa:
         12:48:2d:5e:23:a7:74:e2:7c:48:96:ad:f2:54:12:9d:a9:9f:
         87:2b:46:80:e3:61:ee:93:35:7c:af:75:bc:3e:d5:52:2b:fc:
         8e:bb:b8:5b:6a:94:07:98:8b:8e:6a:3d:ff:01:ed:d3:98:aa:
         45:b8:e5:0e:e5:ae:60:dc:85:56:bb:9d:e4:94:25:40:62:63:
         1c:2a:89:0e:07:db:42:c7:b3:5b:4f:57:4a:94:e1:11:e4:06:
         48:79:5b:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaM0F6Op8kR5j6Us/4hR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZThjYjE3Zjk2NWJhMWM5MDViMWRlZTBiMDljOGJkYmY0YjQ5YzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eoEurUo8YV7efSfqjZEoNgNE9o9
yEJf3sIF+K98/iHUrB5sL+9gGV5Uj/UM75Yd9/HuH/EzT7rUtuz2RCpw+djxOzpC
LTeAV55FUsBSSbWdoxMNIriZ4ycgRb2kYfJmTSbqOeDXfIac5MkXWvq3L7xSun3r
TW66ds74A1DZ3xKnjCtrXn/4R/j5fUcZuU/wrgB5hlbmedfLe4R1KYnlZeHgv2ZI
+OWLH88iPvM7YKZcx4BTNI7iwqXewEC3IKOWK+GdALBqtrGyGIa3PjVoMyhUPtLq
MjmBSHePjYqdSbI4wf2leO2mvStw6urqtvYmFEdSwjkf/TvDMrgmPy4pFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6MsX+WW6HJBbHe4LCci9v0tJyCMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWG95eGY1WmJvY2tGc2Q3Z3NKeUwyX1MwbklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUqMcMA0G
CSqGSIb3DQEBCwUAA4IBAQBd/q0gO4d1OATHpwRVLsVKU9sqW/kycz1LLc2/nqZv
w8M5zQw6DLoSHAWqIgjiZcOZaAOWdC750v4tvGV4hk47THavLkqKKNxGSfcAW2aB
Sv875anoF6Ic22iAzTaHUo77JL5+cL4gv7sTaCG6lWraAAifYuxuwSWBilcmpvyk
/+x5zrQOUQIoiZz4gLonzVTcydmDC4JkHOf2Ax2vGoZ6AfoSSC1eI6d04nxIlq3y
VBKdqZ+HK0aA42HukzV8r3W8PtVSK/yOu7hbapQHmIuOaj3/Ae3TmKpFuOUO5a5g
3IVWu53klCVAYmMcKokOB9tCx7NbT1dKlOER5AZIeVve
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:10 2026 by rpki-client