Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/abtgse1Zve0X6CftDBa6FosfNV4.roa
File:                     abtgse1Zve0X6CftDBa6FosfNV4.roa (raw, json)
Hash identifier:          W+apx3M3jIICUpiz+cGvgURICULP7B8C8T7HULCG5fQ=
Subject key identifier:   69:BB:60:B1:ED:59:BD:ED:17:E8:27:ED:0C:16:BA:16:8B:1F:35:5E
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F236906CD3FAB02FEF57767DC37704C67
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/abtgse1Zve0X6CftDBa6FosfNV4.roa
Signing time:             Thu 02 Jul 2026 15:18:33 +0000
ROA not before:           Thu 02 Jul 2026 15:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214271
IP address blocks:        77.93.158.0/24 maxlen: 24
                          82.152.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:06:cd:3f:ab:02:fe:f5:77:67:dc:37:70:4c:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69bb60b1ed59bded17e827ed0c16ba168b1f355e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:28:6f:b4:ce:51:0c:2a:a7:d9:31:38:4e:03:
                    ac:f8:fd:b3:2d:ac:39:8f:3f:10:73:ad:c1:e6:15:
                    7f:28:e3:74:12:41:59:f0:dd:ec:0b:e8:53:ef:5a:
                    fd:fc:c5:ef:eb:1e:32:0d:17:f7:30:47:8b:37:d5:
                    57:41:bc:3e:b8:cf:d8:dc:5a:29:3e:28:be:94:ae:
                    4e:f6:77:00:5e:11:f2:55:37:cb:03:2b:71:fc:8b:
                    b8:1f:0f:b2:ad:0e:0c:63:8b:87:2e:ac:7d:98:60:
                    d9:dd:e3:df:55:ed:f8:b5:d9:c5:88:c9:63:b1:e7:
                    37:3a:bf:22:49:c4:65:0c:08:f6:c1:03:15:dc:87:
                    47:0d:9e:7e:8d:c5:f1:28:59:46:c0:14:e1:53:7a:
                    38:c8:4b:d2:97:1a:a7:cf:bf:7a:ed:0f:fd:cd:5c:
                    ae:02:0e:9d:f3:cf:fe:94:fd:84:19:43:c0:ce:99:
                    8d:14:17:c7:d5:a5:f2:e5:52:ae:eb:1b:2b:b1:67:
                    6e:43:f7:09:b0:de:a4:4a:a4:e3:9c:6b:45:a1:61:
                    2e:55:9d:c2:25:81:ba:70:96:0e:80:3b:25:3f:bb:
                    bb:f7:99:8b:d4:04:ee:02:3c:4a:bd:6f:2e:e7:3c:
                    6c:fb:3e:52:98:be:82:2c:86:d0:25:56:49:75:e5:
                    af:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:BB:60:B1:ED:59:BD:ED:17:E8:27:ED:0C:16:BA:16:8B:1F:35:5E
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/abtgse1Zve0X6CftDBa6FosfNV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.158.0/24
                  82.152.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:ba:3a:54:56:95:fa:04:00:08:46:88:aa:02:b5:17:e0:ab:
         af:53:28:3a:85:ec:bf:ea:1e:e8:c6:52:93:ae:d3:d2:e7:f4:
         b5:5d:42:73:05:5c:0d:f1:3e:14:3d:6b:b3:c0:99:05:0e:0e:
         51:9d:f7:91:01:d8:35:dc:1a:5f:06:01:d1:aa:07:0c:ff:26:
         29:66:f6:95:66:58:2a:9f:ee:3e:48:21:c4:b6:22:c3:8e:f9:
         31:11:3e:27:79:b0:87:e4:3f:7c:68:06:45:32:62:3d:07:77:
         ef:22:f2:07:7a:dd:60:ac:52:93:f6:a6:fa:0d:43:c2:da:ec:
         a4:6c:56:0f:0d:0d:cd:a8:2e:44:64:41:01:9e:4d:d1:ba:27:
         db:9d:f7:f8:b9:c6:ef:26:b1:ad:fb:e2:20:fb:8d:c7:db:f0:
         07:85:2f:58:5f:9d:87:5a:33:9a:3a:f4:e9:60:b1:8e:e0:b1:
         e2:7e:16:39:9b:b9:1a:3c:94:83:fe:6b:1d:d4:c1:e8:2c:16:
         93:a9:07:2b:71:f6:f9:ed:14:dc:56:16:0b:a7:41:fd:67:b5:
         50:55:39:b3:7c:69:1e:d0:e1:1f:93:f5:87:62:3b:09:55:85:
         15:82:44:5e:ee:8a:95:f9:0a:c3:2b:a2:f3:54:40:65:48:fe:
         14:83:25:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8jaQbNP6sC/vV3Z9w3cExnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWJiNjBiMWVkNTliZGVkMTdlODI3ZWQwYzE2YmExNjhiMWYzNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlShvtM5RDCqn2TE4TgOs+P2zLaw5
jz8Qc63B5hV/KON0EkFZ8N3sC+hT71r9/MXv6x4yDRf3MEeLN9VXQbw+uM/Y3Fop
Pii+lK5O9ncAXhHyVTfLAytx/Iu4Hw+yrQ4MY4uHLqx9mGDZ3ePfVe34tdnFiMlj
sec3Or8iScRlDAj2wQMV3IdHDZ5+jcXxKFlGwBThU3o4yEvSlxqnz7967Q/9zVyu
Ag6d88/+lP2EGUPAzpmNFBfH1aXy5VKu6xsrsWduQ/cJsN6kSqTjnGtFoWEuVZ3C
JYG6cJYOgDslP7u795mL1ATuAjxKvW8u5zxs+z5SmL6CLIbQJVZJdeWv0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGm7YLHtWb3tF+gn7QwWuhaLHzVeMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYWJ0Z3NlMVp2ZTBYNkNmdERCYTZGb3NmTlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATV2eAwQA
UpiyMA0GCSqGSIb3DQEBCwUAA4IBAQByujpUVpX6BAAIRoiqArUX4KuvUyg6hey/
6h7oxlKTrtPS5/S1XUJzBVwN8T4UPWuzwJkFDg5RnfeRAdg13BpfBgHRqgcM/yYp
ZvaVZlgqn+4+SCHEtiLDjvkxET4nebCH5D98aAZFMmI9B3fvIvIHet1grFKT9qb6
DUPC2uykbFYPDQ3NqC5EZEEBnk3Ruifbnff4ucbvJrGt++Ig+43H2/AHhS9YX52H
WjOaOvTpYLGO4LHifhY5m7kaPJSD/msd1MHoLBaTqQcrcfb57RTcVhYLp0H9Z7VQ
VTmzfGke0OEfk/WHYjsJVYUVgkRe7oqV+QrDK6LzVEBlSP4UgyVl
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:53 2026 by rpki-client