Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bqHHCNHwj42hv5dFNQw6E7IIQHQ.roa
File:                     bqHHCNHwj42hv5dFNQw6E7IIQHQ.roa (raw, json)
Hash identifier:          dpbU695AzSXkpIYVl+bLPZ8Bzt0i2w4ja6Mr1uau2XY=
Subject key identifier:   6E:A1:C7:08:D1:F0:8F:8D:A1:BF:97:45:35:0C:3A:13:B2:08:40:74
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F236914B1C1A9FE7E6F34E1889DA5DD40
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bqHHCNHwj42hv5dFNQw6E7IIQHQ.roa
Signing time:             Thu 02 Jul 2026 15:18:36 +0000
ROA not before:           Thu 02 Jul 2026 15:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219393
IP address blocks:        81.5.160.0/24 maxlen: 24
                          81.5.161.0/24 maxlen: 24
                          82.152.63.0/24 maxlen: 24
                          82.152.220.0/24 maxlen: 24
                          82.152.223.0/24 maxlen: 24
                          82.153.151.0/24 maxlen: 24
                          82.153.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:14:b1:c1:a9:fe:7e:6f:34:e1:88:9d:a5:dd:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ea1c708d1f08f8da1bf9745350c3a13b2084074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:52:9e:61:e9:15:f7:eb:b0:47:47:66:98:c6:
                    08:67:46:0a:40:1c:26:70:d7:21:94:81:56:7b:51:
                    03:ff:e0:33:17:4b:81:d2:37:71:6f:3d:9b:fd:d1:
                    f4:65:c4:49:c6:7b:0d:53:25:72:83:59:d1:b9:5b:
                    3f:50:0e:16:4d:e8:68:44:ee:91:68:ca:7b:3a:dc:
                    bc:72:a3:65:79:58:d4:bf:94:80:81:72:f7:83:cb:
                    fd:99:03:2b:fc:18:cb:f3:3e:0d:92:9e:6a:a5:91:
                    ad:10:a9:63:f3:a1:cc:43:17:89:58:bb:61:2c:5e:
                    35:ae:28:a9:fe:db:42:40:89:f7:15:0b:63:0a:f3:
                    ce:c0:21:ac:8e:8d:2e:00:5c:16:9a:2c:82:9a:67:
                    1d:4a:2e:3b:a1:fb:05:dd:6c:b2:ba:64:d2:d1:c3:
                    f1:ae:a8:04:be:11:7d:c1:48:79:8c:e8:36:a1:78:
                    58:fc:27:84:16:c4:a2:bb:a4:ba:30:f1:39:5a:e8:
                    4a:fe:49:9f:d6:1d:b7:9a:cf:c3:98:6d:ab:3e:d6:
                    f9:ea:19:3b:7a:3a:f6:a0:2c:43:b2:d0:30:bb:83:
                    ef:0a:2e:2d:3b:c0:cc:7c:ac:22:b3:ad:02:6b:4a:
                    fa:d2:00:46:39:7a:e5:31:28:45:3c:7f:4e:5a:25:
                    c1:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:A1:C7:08:D1:F0:8F:8D:A1:BF:97:45:35:0C:3A:13:B2:08:40:74
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bqHHCNHwj42hv5dFNQw6E7IIQHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.160.0/23
                  82.152.63.0/24
                  82.152.220.0/24
                  82.152.223.0/24
                  82.153.151.0/24
                  82.153.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:7a:8d:90:39:89:f7:34:d9:89:a6:61:27:56:ea:eb:e4:7e:
         49:9f:5b:85:65:99:78:ce:22:d1:c5:26:b6:f5:e3:08:ba:8d:
         7e:17:a3:05:6b:98:82:b1:07:f1:e5:63:a1:e0:85:f1:b0:f4:
         96:47:8c:88:2c:6d:68:3f:d5:07:f3:aa:ef:91:b6:d0:a6:97:
         00:4a:8b:a1:f8:ea:8c:21:cc:53:70:db:5a:a3:c3:97:0a:da:
         45:4b:0d:08:3a:0f:ed:a0:90:b0:c5:9f:d3:52:32:34:e8:83:
         26:b8:73:f2:8a:62:8f:7f:5b:37:29:01:b6:95:19:91:a8:79:
         87:c2:e4:1b:8f:69:f5:7e:9b:ac:9f:1a:eb:46:14:83:ff:35:
         19:05:e4:f9:2d:b8:d2:c0:36:d7:c7:13:b9:e1:d0:d4:2b:56:
         9e:45:1d:cc:3e:01:43:66:9b:a7:64:b1:86:7b:26:b2:36:ba:
         5e:77:26:23:29:42:84:68:14:a4:aa:5a:b2:bc:d1:53:3c:d1:
         7d:56:67:2b:ef:db:40:af:64:19:f4:3b:78:b4:17:e5:58:35:
         fa:73:78:06:81:cc:ee:67:6b:52:4d:db:8c:35:b3:6e:1c:2c:
         57:af:2c:63:40:5d:4d:56:4c:f1:fe:23:10:08:63:6e:5c:e6:
         a0:0a:eb:68
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZ8jaRSxwan+fm804Yidpd1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWExYzcwOGQxZjA4ZjhkYTFiZjk3NDUzNTBjM2ExM2IyMDg0MDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplKeYekV9+uwR0dmmMYIZ0YKQBwm
cNchlIFWe1ED/+AzF0uB0jdxbz2b/dH0ZcRJxnsNUyVyg1nRuVs/UA4WTehoRO6R
aMp7Oty8cqNleVjUv5SAgXL3g8v9mQMr/BjL8z4Nkp5qpZGtEKlj86HMQxeJWLth
LF41riip/ttCQIn3FQtjCvPOwCGsjo0uAFwWmiyCmmcdSi47ofsF3WyyumTS0cPx
rqgEvhF9wUh5jOg2oXhY/CeEFsSiu6S6MPE5WuhK/kmf1h23ms/DmG2rPtb56hk7
ejr2oCxDstAwu4PvCi4tO8DMfKwis60Ca0r60gBGOXrlMShFPH9OWiXBUwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFG6hxwjR8I+Nob+XRTUMOhOyCEB0MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYnFISENOSHdqNDJodjVkRk5RdzZFN0lJUUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBUQWgAwQA
Upg/AwQAUpjcAwQAUpjfAwQAUpmXAwQAUpnqMA0GCSqGSIb3DQEBCwUAA4IBAQCD
eo2QOYn3NNmJpmEnVurr5H5Jn1uFZZl4ziLRxSa29eMIuo1+F6MFa5iCsQfx5WOh
4IXxsPSWR4yILG1oP9UH86rvkbbQppcASouh+OqMIcxTcNtao8OXCtpFSw0IOg/t
oJCwxZ/TUjI06IMmuHPyimKPf1s3KQG2lRmRqHmHwuQbj2n1fpusnxrrRhSD/zUZ
BeT5LbjSwDbXxxO54dDUK1aeRR3MPgFDZpunZLGGeyayNrpedyYjKUKEaBSkqlqy
vNFTPNF9Vmcr79tAr2QZ9Dt4tBflWDX6c3gGgczuZ2tSTduMNbNuHCxXryxjQF1N
Vkzx/iMQCGNuXOagCuto
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:18:33 2026 by rpki-client