Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_5IfhFnKm23PsnsMkJ03QbZcYlQ.roa
File:                     _5IfhFnKm23PsnsMkJ03QbZcYlQ.roa (raw, json)
Hash identifier:          M1JAlJggmDOx3AQjDeSAeUnxLfch+VuC+IXEGBLxTNU=
Subject key identifier:   FF:92:1F:84:59:CA:9B:6D:CF:B2:7B:0C:90:9D:37:41:B6:5C:62:54
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F236913969191A9FB6F9547910AB5D6B0
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_5IfhFnKm23PsnsMkJ03QbZcYlQ.roa
Signing time:             Thu 02 Jul 2026 15:18:36 +0000
ROA not before:           Thu 02 Jul 2026 15:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216138
IP address blocks:        82.152.114.0/24 maxlen: 24
                          82.152.143.0/24 maxlen: 24
                          82.152.186.0/24 maxlen: 24
                          82.153.114.0/24 maxlen: 24
                          82.153.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:13:96:91:91:a9:fb:6f:95:47:91:0a:b5:d6:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff921f8459ca9b6dcfb27b0c909d3741b65c6254
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:69:5c:12:cf:1c:ff:59:84:45:c0:3d:85:df:
                    0b:88:be:77:19:88:33:5c:3c:cc:ca:df:b1:a9:10:
                    10:52:57:8d:7f:48:10:a5:d5:12:9a:be:7b:94:b2:
                    4f:32:7e:49:60:04:eb:3e:dd:10:61:bb:30:f7:18:
                    54:a5:12:9a:23:2b:c1:a8:18:9b:92:9b:eb:f9:72:
                    f3:c3:1d:a5:fc:3e:19:c3:d1:76:67:76:01:38:c6:
                    bf:d5:8b:17:0f:a3:e9:c2:db:77:39:ec:e5:2f:2a:
                    ec:11:f0:21:62:fd:a6:ea:44:ac:58:59:59:29:86:
                    91:8b:83:78:9d:4b:ce:ac:2f:ac:62:30:09:5b:39:
                    f9:43:85:36:cd:a6:7c:2a:f9:ac:8e:23:4c:41:5a:
                    8b:79:be:e6:29:68:73:cf:57:a6:7f:9f:0d:ca:30:
                    e1:c2:a9:35:b6:3d:8c:f4:c0:4b:ef:f5:97:95:f0:
                    1a:3c:78:8f:e5:33:fc:3f:f5:61:42:8e:70:a5:78:
                    85:ec:76:4a:dd:46:20:7c:2f:af:1b:0c:9f:c9:da:
                    fc:58:7c:d1:1c:d2:c7:24:60:dc:22:11:d5:9e:fb:
                    20:dc:df:94:83:a6:05:f2:61:b8:7b:96:13:18:49:
                    9c:57:7b:5c:a9:b1:0d:52:08:fc:3a:85:5a:a5:9e:
                    a0:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:92:1F:84:59:CA:9B:6D:CF:B2:7B:0C:90:9D:37:41:B6:5C:62:54
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_5IfhFnKm23PsnsMkJ03QbZcYlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.114.0/24
                  82.152.143.0/24
                  82.152.186.0/24
                  82.153.114.0/24
                  82.153.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:e1:26:6d:05:3f:79:6a:c8:ff:02:98:c2:e0:ef:da:e5:81:
         10:81:c3:23:20:86:83:f6:21:80:5f:c2:37:d7:c0:a0:fe:de:
         0b:e4:5b:60:d7:d9:fc:25:04:5f:c4:21:bd:45:dc:f9:8c:ac:
         3e:df:a6:71:1c:de:23:37:f2:5a:d5:c6:f0:8b:85:5c:cb:5c:
         2c:7a:8b:e6:72:57:3c:1a:36:1c:56:e2:4a:d8:01:3b:f6:13:
         1c:72:19:16:0b:90:2a:10:52:54:52:4c:5d:7a:56:db:fb:43:
         f5:80:6a:87:6b:12:d4:8a:72:f6:a5:e3:2f:6a:53:a0:0e:2a:
         42:ae:39:23:dd:ff:e2:1f:bb:d8:2d:ee:9e:de:6c:a5:9b:8f:
         23:b5:c7:31:ba:79:7c:61:fa:92:9a:6e:1b:bf:52:a8:c1:d6:
         43:84:f0:58:31:f3:57:b5:04:52:1b:9e:ea:0b:67:11:c6:0e:
         46:c5:09:99:92:02:a7:50:fd:6f:ac:9d:6d:7a:92:e3:31:2a:
         f3:be:fd:d2:80:ca:60:8b:c5:89:99:34:09:5e:77:11:80:9f:
         dc:76:71:b9:bd:a5:c3:6d:12:7f:5a:f5:42:b8:e1:7b:58:43:
         35:2d:9f:b4:42:df:c5:d5:ed:4c:d7:56:aa:51:a2:98:93:5b:
         66:fd:ca:6b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZ8jaROWkZGp+2+VR5EKtdawMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjkyMWY4NDU5Y2E5YjZkY2ZiMjdiMGM5MDlkMzc0MWI2NWM2MjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGlcEs8c/1mERcA9hd8LiL53GYgz
XDzMyt+xqRAQUleNf0gQpdUSmr57lLJPMn5JYATrPt0QYbsw9xhUpRKaIyvBqBib
kpvr+XLzwx2l/D4Zw9F2Z3YBOMa/1YsXD6Ppwtt3OezlLyrsEfAhYv2m6kSsWFlZ
KYaRi4N4nUvOrC+sYjAJWzn5Q4U2zaZ8KvmsjiNMQVqLeb7mKWhzz1emf58NyjDh
wqk1tj2M9MBL7/WXlfAaPHiP5TP8P/VhQo5wpXiF7HZK3UYgfC+vGwyfydr8WHzR
HNLHJGDcIhHVnvsg3N+Ug6YF8mG4e5YTGEmcV3tcqbENUgj8OoVapZ6gRQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFP+SH4RZypttz7J7DJCdN0G2XGJUMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvXzVJZmhGbkttMjNQc25zTWtKMDNRYlpjWWxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAUphyAwQA
UpiPAwQAUpi6AwQAUplyAwQAUpnUMA0GCSqGSIb3DQEBCwUAA4IBAQBV4SZtBT95
asj/ApjC4O/a5YEQgcMjIIaD9iGAX8I318Cg/t4L5Ftg19n8JQRfxCG9Rdz5jKw+
36ZxHN4jN/Ja1cbwi4Vcy1wseovmclc8GjYcVuJK2AE79hMcchkWC5AqEFJUUkxd
elbb+0P1gGqHaxLUinL2peMvalOgDipCrjkj3f/iH7vYLe6e3mylm48jtccxunl8
YfqSmm4bv1KowdZDhPBYMfNXtQRSG57qC2cRxg5GxQmZkgKnUP1vrJ1tepLjMSrz
vv3SgMpgi8WJmTQJXncRgJ/cdnG5vaXDbRJ/WvVCuOF7WEM1LZ+0Qt/F1e1M11aq
UaKYk1tm/cpr
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:01 2026 by rpki-client