Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z5fbLs_RuCnti6lLEhd09OqQb_I.roa
File:                     Z5fbLs_RuCnti6lLEhd09OqQb_I.roa (raw, json)
Hash identifier:          5+ewo0qRt5P9vU8pWIa9XJrFBXUIEMeuddmy7XlOCoA=
Subject key identifier:   67:97:DB:2E:CF:D1:B8:29:ED:8B:A9:4B:12:17:74:F4:EA:90:6F:F2
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368CD61546B8A514CF8A82630333A55
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z5fbLs_RuCnti6lLEhd09OqQb_I.roa
Signing time:             Thu 02 Jul 2026 15:18:18 +0000
ROA not before:           Thu 02 Jul 2026 15:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142111
IP address blocks:        82.153.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:cd:61:54:6b:8a:51:4c:f8:a8:26:30:33:3a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6797db2ecfd1b829ed8ba94b121774f4ea906ff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2e:72:7b:5e:c8:a7:2a:ec:a0:2b:c7:ea:6f:
                    19:88:22:54:64:6f:5c:09:a6:9d:79:b3:ff:b2:34:
                    fd:1a:fb:3f:d6:52:39:6c:d2:f1:a7:7c:f1:04:e5:
                    87:78:49:25:1f:32:e7:36:15:e5:31:a8:31:2c:9a:
                    0b:b5:58:c7:f0:b7:cb:25:85:eb:56:84:cb:f3:db:
                    63:1a:c5:52:cc:ff:0b:73:1d:fc:04:7f:47:85:44:
                    23:d6:c1:4f:a4:4b:b5:db:3a:8b:db:a4:db:05:1e:
                    f3:61:da:18:18:4c:ea:44:c7:d1:10:bf:48:57:f4:
                    14:99:ee:ea:9a:8c:a8:43:3c:bb:3e:4b:65:d6:ec:
                    2e:bd:ea:18:1b:74:18:0c:f8:3b:10:63:3a:a8:04:
                    a0:5b:d1:37:f3:19:f5:fd:b9:f7:55:db:d1:65:52:
                    ad:b6:fd:f3:3b:c1:cd:d4:b0:61:90:39:34:22:da:
                    0f:19:1a:8c:bf:99:ed:8a:ae:37:33:6d:e9:5f:0c:
                    22:8f:c8:b7:da:77:7a:0e:03:b3:9e:2e:77:6b:cf:
                    4d:67:b5:9d:b0:45:ea:86:7c:6f:60:07:12:32:3b:
                    39:e9:f6:8d:dd:a1:6a:2d:a6:be:44:11:63:5b:de:
                    6b:2f:0f:1f:86:a5:08:00:28:3d:df:f7:01:5d:97:
                    c3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:97:DB:2E:CF:D1:B8:29:ED:8B:A9:4B:12:17:74:F4:EA:90:6F:F2
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z5fbLs_RuCnti6lLEhd09OqQb_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:3c:2d:a9:2a:83:23:44:5e:47:05:27:6e:1a:ad:7a:ff:4c:
         c7:56:85:95:9d:c9:f3:b3:88:de:01:ab:35:a6:ec:e6:dc:9b:
         5b:51:13:b6:ce:70:48:d4:8e:8d:61:bc:4f:57:ff:31:c7:ef:
         5a:69:f4:20:cb:7f:82:a3:58:f1:a8:7e:42:5d:2e:ab:f4:ed:
         b2:8e:2c:21:b5:0a:0d:f6:cf:f9:66:5c:31:11:8d:74:cd:e8:
         30:61:f8:54:d9:75:00:31:3b:80:e1:ed:29:7e:62:91:22:69:
         c1:b6:43:0c:6b:12:b6:57:ec:d8:70:48:e4:15:1f:94:72:0e:
         b8:d7:d1:29:e7:5d:b4:cd:16:4c:31:93:e1:25:91:6a:13:bd:
         9e:9d:6d:3c:26:25:4f:84:3e:a9:79:85:b8:11:cd:6c:2f:6e:
         3d:c6:ae:0d:e8:58:53:fd:2c:94:89:2b:68:1b:60:7c:1a:ee:
         52:ce:be:77:1d:62:ab:9c:dd:b5:ef:5b:ba:ef:80:bd:fa:00:
         e7:5f:3f:ba:13:cb:a6:8f:c1:fb:0a:c9:c4:b4:b3:35:f4:bf:
         9e:20:b5:53:ea:e1:c1:e4:0f:a2:9a:99:64:24:08:97:fa:c4:
         f5:7b:7b:3e:43:b0:4a:02:18:53:3d:57:1a:bb:61:cc:58:d7:
         77:b4:a4:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaM1hVGuKUUz4qCYwMzpVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzk3ZGIyZWNmZDFiODI5ZWQ4YmE5NGIxMjE3NzRmNGVhOTA2ZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqC5ye17IpyrsoCvH6m8ZiCJUZG9c
CaadebP/sjT9Gvs/1lI5bNLxp3zxBOWHeEklHzLnNhXlMagxLJoLtVjH8LfLJYXr
VoTL89tjGsVSzP8Lcx38BH9HhUQj1sFPpEu12zqL26TbBR7zYdoYGEzqRMfREL9I
V/QUme7qmoyoQzy7Pktl1uwuveoYG3QYDPg7EGM6qASgW9E38xn1/bn3VdvRZVKt
tv3zO8HN1LBhkDk0ItoPGRqMv5ntiq43M23pXwwij8i32nd6DgOzni53a89NZ7Wd
sEXqhnxvYAcSMjs56faN3aFqLaa+RBFjW95rLw8fhqUIACg93/cBXZfDVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeX2y7P0bgp7YupSxIXdPTqkG/yMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWjVmYkxzX1J1Q250aTZsTEVoZDA5T3FRYl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnYMA0G
CSqGSIb3DQEBCwUAA4IBAQAGPC2pKoMjRF5HBSduGq16/0zHVoWVncnzs4jeAas1
puzm3JtbURO2znBI1I6NYbxPV/8xx+9aafQgy3+Co1jxqH5CXS6r9O2yjiwhtQoN
9s/5ZlwxEY10zegwYfhU2XUAMTuA4e0pfmKRImnBtkMMaxK2V+zYcEjkFR+Ucg64
19Ep5120zRZMMZPhJZFqE72enW08JiVPhD6peYW4Ec1sL249xq4N6FhT/SyUiSto
G2B8Gu5Szr53HWKrnN2171u674C9+gDnXz+6E8umj8H7CsnEtLM19L+eILVT6uHB
5A+implkJAiX+sT1e3s+Q7BKAhhTPVcau2HMWNd3tKTO
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:23 2026 by rpki-client