Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bwyyR1wvxKWLO6EiHoz-3TJian4.roa
File:                     bwyyR1wvxKWLO6EiHoz-3TJian4.roa (raw, json)
Hash identifier:          GKlTFhdpihXfWQSYEjin7xxlRF+e3lzQAmdlfkd2r2E=
Subject key identifier:   6F:0C:B2:47:5C:2F:C4:A5:8B:3B:A1:22:1E:8C:FE:DD:32:62:6A:7E
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368AA266320970089A5DA14AC5AE39E
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bwyyR1wvxKWLO6EiHoz-3TJian4.roa
Signing time:             Thu 02 Jul 2026 15:18:09 +0000
ROA not before:           Thu 02 Jul 2026 15:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7346
IP address blocks:        82.152.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:aa:26:63:20:97:00:89:a5:da:14:ac:5a:e3:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f0cb2475c2fc4a58b3ba1221e8cfedd32626a7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:8a:12:6a:30:24:43:f6:d4:8a:5b:71:77:d6:
                    b9:cc:6a:be:2d:79:c4:bf:74:08:7a:95:42:fb:13:
                    3b:ec:ca:fe:2f:99:a3:63:63:10:57:ac:bb:c9:ef:
                    70:32:f5:38:f8:0b:78:b7:d7:cb:13:47:47:45:2e:
                    78:a8:40:2b:8a:70:91:b9:e7:78:cf:c4:0f:7b:d8:
                    12:3f:ab:18:9e:de:a9:1a:bf:f4:1a:fa:36:aa:f1:
                    ff:82:01:c9:39:6b:54:e3:f2:e7:aa:15:cc:1e:1b:
                    34:cb:31:27:da:d5:cb:a9:b5:7d:a5:25:02:2e:92:
                    6d:15:21:88:b9:bf:b9:94:39:05:e6:5d:fd:71:b8:
                    44:0a:39:85:46:0b:7e:c6:94:d7:df:86:f4:97:77:
                    7e:d5:f9:80:c4:f7:7a:e2:07:04:a0:ff:18:bc:85:
                    ae:51:bb:4f:c0:4e:03:f7:8c:98:9a:eb:db:09:31:
                    88:55:79:39:93:66:7b:cb:2d:ea:b9:14:2a:1e:14:
                    b1:33:0b:de:b0:3d:ac:6c:35:c5:6b:a9:90:5d:df:
                    d3:5c:1f:79:cc:b1:23:cb:0b:49:b7:03:d2:90:f5:
                    c6:ef:85:a0:cf:53:f7:a3:fd:c0:74:6b:d3:0d:a9:
                    50:99:1d:0e:c3:5d:8a:38:d5:21:3c:a4:a1:1c:c1:
                    48:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:0C:B2:47:5C:2F:C4:A5:8B:3B:A1:22:1E:8C:FE:DD:32:62:6A:7E
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/bwyyR1wvxKWLO6EiHoz-3TJian4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:9b:96:91:cd:08:f1:4b:af:a0:b4:73:f7:f9:e2:a0:40:84:
         7a:d4:14:58:98:ea:dd:bb:0e:68:db:35:b2:4a:13:b9:78:0b:
         0f:1e:e6:ab:57:9b:60:0c:e0:1a:20:f4:fe:44:fd:7b:a3:5b:
         25:2b:98:6f:12:5a:aa:bb:1b:2f:8a:3f:9c:0a:1a:f1:ba:04:
         50:41:dc:e1:e8:14:52:6c:59:2b:63:2d:ac:c1:f6:5f:f7:28:
         98:d1:6e:79:87:32:ae:b6:23:c9:5b:b0:bd:6f:09:75:dd:70:
         85:f2:31:fe:5a:89:73:e3:30:fc:2d:99:c4:0b:b3:ed:10:a0:
         30:f2:33:d8:2c:d8:4a:68:1c:c1:97:43:a4:7e:91:1b:16:9c:
         35:e2:41:90:62:14:b9:3c:1f:65:a4:e3:01:82:cc:58:76:a6:
         8f:b1:12:70:46:19:f9:9c:49:f6:23:c0:de:82:20:0a:b4:9d:
         25:30:bb:e5:76:da:09:87:de:e6:52:64:4e:fc:a0:a8:9a:d1:
         60:6a:5f:7a:e1:4c:f5:38:d6:ea:4d:f8:a3:78:0d:93:92:e8:
         2d:ba:19:37:81:54:50:d2:46:29:78:3c:43:79:8e:3e:19:4d:
         19:9e:07:1a:b4:cf:48:5a:2d:5c:d4:6c:3e:89:fe:9c:51:bf:
         6e:ff:fc:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaKomYyCXAIml2hSsWuOeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjBjYjI0NzVjMmZjNGE1OGIzYmExMjIxZThjZmVkZDMyNjI2YTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIoSajAkQ/bUiltxd9a5zGq+LXnE
v3QIepVC+xM77Mr+L5mjY2MQV6y7ye9wMvU4+At4t9fLE0dHRS54qEArinCRued4
z8QPe9gSP6sYnt6pGr/0Gvo2qvH/ggHJOWtU4/LnqhXMHhs0yzEn2tXLqbV9pSUC
LpJtFSGIub+5lDkF5l39cbhECjmFRgt+xpTX34b0l3d+1fmAxPd64gcEoP8YvIWu
UbtPwE4D94yYmuvbCTGIVXk5k2Z7yy3quRQqHhSxMwvesD2sbDXFa6mQXd/TXB95
zLEjywtJtwPSkPXG74Wgz1P3o/3AdGvTDalQmR0Ow12KONUhPKShHMFIxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8MskdcL8SlizuhIh6M/t0yYmp+MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYnd5eVIxd3Z4S1dMTzZFaUhvei0zVEppYW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpj4MA0G
CSqGSIb3DQEBCwUAA4IBAQASm5aRzQjxS6+gtHP3+eKgQIR61BRYmOrduw5o2zWy
ShO5eAsPHuarV5tgDOAaIPT+RP17o1slK5hvElqquxsvij+cChrxugRQQdzh6BRS
bFkrYy2swfZf9yiY0W55hzKutiPJW7C9bwl13XCF8jH+Wolz4zD8LZnEC7PtEKAw
8jPYLNhKaBzBl0OkfpEbFpw14kGQYhS5PB9lpOMBgsxYdqaPsRJwRhn5nEn2I8De
giAKtJ0lMLvldtoJh97mUmRO/KComtFgal964Uz1ONbqTfijeA2Tkugtuhk3gVRQ
0kYpeDxDeY4+GU0ZngcatM9IWi1c1Gw+if6cUb9u//xk
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:20:05 2026 by rpki-client