Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z_rg6LP9XumrvUd_Dp4Tc7p6E-8.roa
File:                     Z_rg6LP9XumrvUd_Dp4Tc7p6E-8.roa (raw, json)
Hash identifier:          FYOBPmYPvDAwzXqkNdyntG5DtJ5Pw7mdgrUXnVVblPY=
Subject key identifier:   67:FA:E0:E8:B3:FD:5E:E9:AB:BD:47:7F:0E:9E:13:73:BA:7A:13:EF
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368E4F0EFDDB613A7785604EF4E4608
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z_rg6LP9XumrvUd_Dp4Tc7p6E-8.roa
Signing time:             Thu 02 Jul 2026 15:18:24 +0000
ROA not before:           Thu 02 Jul 2026 15:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204770
IP address blocks:        109.176.236.0/24 maxlen: 24
                          109.176.237.0/24 maxlen: 24
                          109.176.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:e4:f0:ef:dd:b6:13:a7:78:56:04:ef:4e:46:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67fae0e8b3fd5ee9abbd477f0e9e1373ba7a13ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8b:fc:85:42:94:96:f2:76:19:9e:54:11:06:
                    75:16:c9:83:f6:4d:05:4b:aa:59:60:10:50:4c:0a:
                    69:03:f9:ab:0d:03:9f:6c:cd:45:b3:33:c5:ae:eb:
                    58:d0:12:4d:69:ef:d6:49:cd:70:44:87:47:be:19:
                    ca:64:a2:2b:32:db:2f:bc:bc:49:2e:ca:1c:0c:d0:
                    7a:19:41:1d:95:55:a4:98:00:81:26:11:d8:8b:97:
                    e0:c8:a1:a6:10:6d:7d:8b:d6:8b:bc:60:52:1c:ef:
                    88:7a:72:a6:60:7a:b6:ae:bf:d0:b7:0f:3a:6d:f7:
                    09:14:b6:de:51:2d:4b:c5:dc:d9:6e:20:29:f9:f7:
                    57:f1:38:5b:58:be:75:d1:95:7e:97:e2:dc:d9:34:
                    7c:ee:fb:53:cd:09:45:f0:c9:84:2c:fb:3c:43:95:
                    3c:62:8e:a2:95:b8:47:95:bc:b5:d5:c0:46:b4:9d:
                    a9:cc:3e:1d:e7:c6:90:f1:db:42:06:de:39:a5:80:
                    f9:62:6d:65:3d:68:15:b1:dc:b1:3c:35:86:3f:9a:
                    18:cf:fb:a3:3b:4a:54:85:fc:bb:3b:93:5d:48:3a:
                    1f:27:30:67:0d:64:14:a1:4b:18:d7:63:94:b9:6d:
                    47:05:79:90:9c:3c:b4:09:37:ba:33:86:3d:43:9b:
                    34:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:FA:E0:E8:B3:FD:5E:E9:AB:BD:47:7F:0E:9E:13:73:BA:7A:13:EF
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z_rg6LP9XumrvUd_Dp4Tc7p6E-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.236.0-109.176.238.255

    Signature Algorithm: sha256WithRSAEncryption
         17:6e:ab:27:58:47:f7:45:be:42:8d:45:c0:be:88:fc:63:59:
         53:6b:11:bf:07:89:f5:cd:8a:af:17:f4:e5:a0:85:ce:ad:83:
         8f:c7:be:5f:39:f7:ee:a3:c7:a6:fd:21:b3:76:61:7c:29:65:
         ac:3d:90:30:38:26:12:32:8d:a2:1f:f6:5c:c5:68:15:02:79:
         d7:a3:b4:dd:b9:7d:64:3e:4b:9d:16:97:9d:c1:b8:50:de:d4:
         d2:48:64:20:40:b7:5f:e3:7e:9e:98:41:90:49:61:e3:c5:d5:
         5f:3c:4c:67:58:84:e1:c5:e4:32:86:a4:3c:d1:cf:23:7a:6b:
         35:a6:f0:d5:78:4c:34:17:26:8e:88:d9:df:74:3b:8e:a5:d2:
         1e:a7:fe:02:be:c9:09:c5:25:29:8c:2b:d4:61:3b:03:b0:d9:
         e6:30:ce:c4:2e:b6:e3:36:91:8f:d6:0f:57:1d:39:47:22:fe:
         d7:77:12:4d:33:88:54:30:f6:f8:6d:04:ac:90:47:b5:7c:5d:
         93:cf:62:3d:b2:b9:61:6d:7b:8b:c0:a1:3e:77:f0:fd:1a:cd:
         e0:50:72:16:cc:2a:07:d7:0b:a2:7a:61:dc:64:56:5c:6d:23:
         b2:5d:e4:61:f4:69:16:3c:b6:b6:e9:f2:2c:c6:2c:44:8a:3b:
         27:6b:5d:5a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ8jaOTw7922E6d4VgTvTkYIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2ZhZTBlOGIzZmQ1ZWU5YWJiZDQ3N2YwZTllMTM3M2JhN2ExM2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYv8hUKUlvJ2GZ5UEQZ1FsmD9k0F
S6pZYBBQTAppA/mrDQOfbM1FszPFrutY0BJNae/WSc1wRIdHvhnKZKIrMtsvvLxJ
LsocDNB6GUEdlVWkmACBJhHYi5fgyKGmEG19i9aLvGBSHO+IenKmYHq2rr/Qtw86
bfcJFLbeUS1LxdzZbiAp+fdX8ThbWL510ZV+l+Lc2TR87vtTzQlF8MmELPs8Q5U8
Yo6ilbhHlby11cBGtJ2pzD4d58aQ8dtCBt45pYD5Ym1lPWgVsdyxPDWGP5oYz/uj
O0pUhfy7O5NdSDofJzBnDWQUoUsY12OUuW1HBXmQnDy0CTe6M4Y9Q5s03QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGf64Oiz/V7pq71Hfw6eE3O6ehPvMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWl9yZzZMUDlYdW1ydlVkX0RwNFRjN3A2RS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJtsOwD
BABtsO4wDQYJKoZIhvcNAQELBQADggEBABduqydYR/dFvkKNRcC+iPxjWVNrEb8H
ifXNiq8X9OWghc6tg4/Hvl859+6jx6b9IbN2YXwpZaw9kDA4JhIyjaIf9lzFaBUC
edejtN25fWQ+S50Wl53BuFDe1NJIZCBAt1/jfp6YQZBJYePF1V88TGdYhOHF5DKG
pDzRzyN6azWm8NV4TDQXJo6I2d90O46l0h6n/gK+yQnFJSmMK9RhOwOw2eYwzsQu
tuM2kY/WD1cdOUci/td3Ek0ziFQw9vhtBKyQR7V8XZPPYj2yuWFte4vAoT538P0a
zeBQchbMKgfXC6J6YdxkVlxtI7Jd5GH0aRY8trbp8izGLESKOydrXVo=
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:28 2026 by rpki-client