Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XsO9iAU_gUlQHmh_udNEV0fDxbo.roa
File:                     XsO9iAU_gUlQHmh_udNEV0fDxbo.roa (raw, json)
Hash identifier:          r+NG0eFiQGMPnZojOr3Hh+/aK50SV5Q0S7JjuRyls9I=
Subject key identifier:   5E:C3:BD:88:05:3F:81:49:50:1E:68:7F:B9:D3:44:57:47:C3:C5:BA
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F23692056F68C5F7D750D66703A777518
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XsO9iAU_gUlQHmh_udNEV0fDxbo.roa
Signing time:             Thu 02 Jul 2026 15:18:39 +0000
ROA not before:           Thu 02 Jul 2026 15:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399989
IP address blocks:        109.176.25.0/24 maxlen: 24
                          109.176.215.0/24 maxlen: 24
                          109.176.255.0/24 maxlen: 24
                          213.218.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:20:56:f6:8c:5f:7d:75:0d:66:70:3a:77:75:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ec3bd88053f8149501e687fb9d3445747c3c5ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:09:22:53:27:c8:9d:4b:59:a1:12:3f:22:5e:
                    34:4e:15:4b:d4:58:a6:e8:65:5f:c4:30:01:79:d0:
                    0c:64:78:a3:61:dd:4f:b7:77:13:9a:a9:33:e5:45:
                    e2:0d:53:97:e1:82:6b:16:7f:ce:31:d8:c9:ef:57:
                    32:6a:68:55:90:4f:d9:86:0e:64:92:3a:7b:6f:45:
                    c8:0d:e1:4e:ea:b0:69:d9:2f:cc:65:74:08:68:fb:
                    3a:a9:62:3f:5a:fd:19:bf:a1:a5:c7:6e:77:7d:75:
                    f4:af:1d:20:10:ae:2e:19:75:17:fc:1c:4f:31:98:
                    a9:5b:8d:1d:b6:76:98:28:9c:cf:94:1b:93:52:86:
                    12:11:11:db:9d:7c:92:6d:78:ee:f9:17:c0:fc:37:
                    3c:57:67:0c:cc:cc:9e:50:48:22:0e:f2:78:68:08:
                    75:4a:4c:61:2e:b9:3f:91:81:15:c6:bc:64:a1:ed:
                    4c:cd:17:e9:c1:cc:9a:44:93:b4:1a:60:4b:1d:da:
                    34:87:73:75:26:e5:62:98:66:b4:91:f6:71:8d:ee:
                    54:9a:45:4c:47:66:71:5d:f8:65:51:cf:f3:37:ef:
                    07:c1:cb:75:6f:eb:53:5c:e0:ee:ae:40:7b:f3:84:
                    4c:66:05:c8:6e:25:4c:41:b6:19:fe:58:07:46:fe:
                    c6:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:C3:BD:88:05:3F:81:49:50:1E:68:7F:B9:D3:44:57:47:C3:C5:BA
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XsO9iAU_gUlQHmh_udNEV0fDxbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.25.0/24
                  109.176.215.0/24
                  109.176.255.0/24
                  213.218.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:41:fa:24:99:b5:10:4e:f0:51:99:9a:a6:33:3b:7a:3e:ae:
         9a:0f:ff:51:99:06:11:36:0f:95:c2:07:a4:b2:66:1a:03:d8:
         da:3c:7c:e1:f2:f0:fe:4d:d1:63:a5:7b:ce:f1:2d:8b:a4:90:
         a9:cd:dd:57:46:49:1e:aa:fc:df:aa:bf:ef:24:3c:b3:90:16:
         60:f0:d9:9e:2d:91:9c:98:e1:cc:bf:7e:1c:8c:94:f9:07:1f:
         7c:02:cb:9f:c8:39:86:7c:58:64:40:88:76:c5:dd:b1:ee:11:
         a7:c4:d0:79:8f:69:27:2c:71:41:d9:c7:43:6b:7e:90:4f:b5:
         ee:55:97:a2:7c:cb:7e:81:34:b4:21:3f:90:d0:fb:d2:a3:ed:
         a4:e0:4d:e1:3e:6c:7e:fb:5e:37:11:07:7b:eb:11:89:c3:26:
         58:37:53:02:cf:3b:28:5c:52:bc:03:89:39:47:0b:b9:f5:2e:
         61:66:84:58:c4:e3:60:ac:a9:92:14:ba:dc:0f:df:8a:c5:ad:
         9f:32:c6:28:ca:9a:d0:06:0a:2a:6d:b9:d4:b5:7f:34:2a:9e:
         d7:49:ba:75:4d:1f:30:41:61:da:c6:ab:6d:20:d2:d9:3b:97:
         51:6a:29:1d:47:e0:8e:c5:25:48:0f:96:f9:65:28:68:4b:3a:
         af:b0:85:86
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ8jaSBW9oxffXUNZnA6d3UYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWMzYmQ4ODA1M2Y4MTQ5NTAxZTY4N2ZiOWQzNDQ1NzQ3YzNjNWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAkiUyfInUtZoRI/Il40ThVL1Fim
6GVfxDABedAMZHijYd1Pt3cTmqkz5UXiDVOX4YJrFn/OMdjJ71cyamhVkE/Zhg5k
kjp7b0XIDeFO6rBp2S/MZXQIaPs6qWI/Wv0Zv6Glx253fXX0rx0gEK4uGXUX/BxP
MZipW40dtnaYKJzPlBuTUoYSERHbnXySbXju+RfA/Dc8V2cMzMyeUEgiDvJ4aAh1
SkxhLrk/kYEVxrxkoe1MzRfpwcyaRJO0GmBLHdo0h3N1JuVimGa0kfZxje5UmkVM
R2ZxXfhlUc/zN+8Hwct1b+tTXODurkB784RMZgXIbiVMQbYZ/lgHRv7GfQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFF7DvYgFP4FJUB5of7nTRFdHw8W6MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWHNPOWlBVV9nVWxRSG1oX3VkTkVWMGZEeGJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbbAZAwQA
bbDXAwQAbbD/AwQA1drjMA0GCSqGSIb3DQEBCwUAA4IBAQBzQfokmbUQTvBRmZqm
Mzt6Pq6aD/9RmQYRNg+VwgeksmYaA9jaPHzh8vD+TdFjpXvO8S2LpJCpzd1XRkke
qvzfqr/vJDyzkBZg8NmeLZGcmOHMv34cjJT5Bx98AsufyDmGfFhkQIh2xd2x7hGn
xNB5j2knLHFB2cdDa36QT7XuVZeifMt+gTS0IT+Q0PvSo+2k4E3hPmx++143EQd7
6xGJwyZYN1MCzzsoXFK8A4k5Rwu59S5hZoRYxONgrKmSFLrcD9+Kxa2fMsYoyprQ
BgoqbbnUtX80Kp7XSbp1TR8wQWHaxqttINLZO5dRaikdR+COxSVID5b5ZShoSzqv
sIWG
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:22:22 2026 by rpki-client