Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ap0Pu8wz-FG8m2tlH-c_9fx5Ebc.roa
File:                     ap0Pu8wz-FG8m2tlH-c_9fx5Ebc.roa (raw, json)
Hash identifier:          OQWhCcGZ56VsQA5zy7JQUp33U8fqlefVahKC5dBA0lA=
Subject key identifier:   6A:9D:0F:BB:CC:33:F8:51:BC:9B:6B:65:1F:E7:3F:F5:FC:79:11:B7
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368E9DCDC6E52DE39B4CCAAB4C4A3A6
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ap0Pu8wz-FG8m2tlH-c_9fx5Ebc.roa
Signing time:             Thu 02 Jul 2026 15:18:25 +0000
ROA not before:           Thu 02 Jul 2026 15:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208024
IP address blocks:        109.176.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:e9:dc:dc:6e:52:de:39:b4:cc:aa:b4:c4:a3:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a9d0fbbcc33f851bc9b6b651fe73ff5fc7911b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e9:f2:c1:33:80:46:e6:29:6f:8c:6d:61:35:
                    f0:a8:d9:ce:35:32:86:5c:f5:68:fd:43:ca:ff:f3:
                    00:30:a3:5f:c5:e1:22:78:84:76:f2:d5:5a:5d:b0:
                    0d:94:02:3c:e6:cb:c1:42:3f:3f:86:b5:f6:ff:53:
                    29:70:de:a1:86:ae:5d:e1:55:a6:01:98:55:41:30:
                    07:9b:19:43:d7:23:a5:64:70:21:9b:cd:5a:7c:c2:
                    0a:ec:b9:22:17:55:d6:09:06:6e:56:54:6f:6f:aa:
                    72:28:83:45:ea:84:32:10:ac:c8:06:46:7b:8b:df:
                    43:e3:9f:28:7e:cc:14:63:14:0d:b0:3d:ca:f7:fc:
                    12:d7:0b:b0:76:64:05:4c:fa:1c:49:86:d8:6e:80:
                    05:49:1e:83:88:3f:92:b2:f6:68:2d:bf:fa:76:e5:
                    fb:46:36:e4:e7:85:9c:d5:28:2c:e8:ae:16:26:30:
                    43:b0:c7:cf:1b:97:ae:be:56:0d:d2:51:b8:0f:26:
                    d3:f9:d0:18:02:c8:02:04:24:5c:2f:5f:67:d9:2d:
                    28:51:91:f6:23:8d:36:79:5f:f0:e2:0b:02:aa:d0:
                    55:67:9a:e7:c4:6c:cd:5e:3c:ac:64:f5:ad:ee:fd:
                    d2:92:64:b9:c2:56:ff:d3:9f:c7:aa:13:72:52:ed:
                    a0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:9D:0F:BB:CC:33:F8:51:BC:9B:6B:65:1F:E7:3F:F5:FC:79:11:B7
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ap0Pu8wz-FG8m2tlH-c_9fx5Ebc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:3a:68:e9:d0:b2:e5:07:0e:0f:cb:ba:6a:53:06:fd:1d:d7:
         38:ba:49:82:5b:01:86:f9:54:43:06:87:23:03:56:8e:0e:d3:
         d5:ba:ff:42:e3:f1:ee:94:42:3b:30:ac:0a:c3:52:21:86:71:
         59:28:9a:1c:b4:5f:88:5f:c4:45:40:7d:a9:84:2e:37:9b:9b:
         09:bf:df:5c:3a:b6:26:6f:a6:b7:de:ac:fc:bf:41:6d:91:bd:
         44:c2:68:0e:12:c0:40:52:6d:33:11:6c:da:1c:2f:e3:66:68:
         0f:74:70:83:fc:03:38:77:be:46:44:38:a9:83:a4:df:9d:1c:
         3d:c3:04:26:23:3a:2a:85:a3:33:e6:b9:c6:9a:0a:58:67:df:
         0a:99:57:0b:99:90:70:4d:a3:33:2a:76:36:ee:76:6a:b7:ad:
         8a:bc:fd:ee:3f:cd:aa:4e:85:bc:3c:4e:cc:58:d5:48:64:db:
         c8:fd:9c:9c:73:c6:b3:80:17:1f:e4:81:e8:88:91:9a:aa:a6:
         62:6d:9b:82:f9:05:16:7c:85:7b:d6:37:5f:f4:c7:08:31:87:
         d2:fc:87:91:af:74:12:65:d3:2d:3e:02:f1:35:3c:0b:02:ee:
         c3:27:ab:75:78:a4:08:4d:9e:14:4a:d9:42:55:65:f3:9b:30:
         11:6a:da:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaOnc3G5S3jm0zKq0xKOmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTlkMGZiYmNjMzNmODUxYmM5YjZiNjUxZmU3M2ZmNWZjNzkxMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOnywTOARuYpb4xtYTXwqNnONTKG
XPVo/UPK//MAMKNfxeEieIR28tVaXbANlAI85svBQj8/hrX2/1MpcN6hhq5d4VWm
AZhVQTAHmxlD1yOlZHAhm81afMIK7LkiF1XWCQZuVlRvb6pyKINF6oQyEKzIBkZ7
i99D458ofswUYxQNsD3K9/wS1wuwdmQFTPocSYbYboAFSR6DiD+SsvZoLb/6duX7
Rjbk54Wc1Sgs6K4WJjBDsMfPG5euvlYN0lG4DybT+dAYAsgCBCRcL19n2S0oUZH2
I402eV/w4gsCqtBVZ5rnxGzNXjysZPWt7v3SkmS5wlb/05/HqhNyUu2gvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqdD7vMM/hRvJtrZR/nP/X8eRG3MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYXAwUHU4d3otRkc4bTJ0bEgtY185Zng1RWJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbD6MA0G
CSqGSIb3DQEBCwUAA4IBAQAxOmjp0LLlBw4Py7pqUwb9Hdc4ukmCWwGG+VRDBocj
A1aODtPVuv9C4/HulEI7MKwKw1IhhnFZKJoctF+IX8RFQH2phC43m5sJv99cOrYm
b6a33qz8v0Ftkb1EwmgOEsBAUm0zEWzaHC/jZmgPdHCD/AM4d75GRDipg6TfnRw9
wwQmIzoqhaMz5rnGmgpYZ98KmVcLmZBwTaMzKnY27nZqt62KvP3uP82qToW8PE7M
WNVIZNvI/Zycc8azgBcf5IHoiJGaqqZibZuC+QUWfIV71jdf9McIMYfS/IeRr3QS
ZdMtPgLxNTwLAu7DJ6t1eKQITZ4UStlCVWXzmzARatpo
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:28 2026 by rpki-client