Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/d21Jd5ImLtT8UnPVTC6Opz-1B8Y.roa
File:                     d21Jd5ImLtT8UnPVTC6Opz-1B8Y.roa (raw, json)
Hash identifier:          B0eb2V6iNY/iBcnqRQMtyKxfHC/3m8WTHmtJRRBqEdM=
Subject key identifier:   77:6D:49:77:92:26:2E:D4:FC:52:73:D5:4C:2E:8E:A7:3F:B5:07:C6
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368D2516A0347CC0D2BC80EDFB95B62
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/d21Jd5ImLtT8UnPVTC6Opz-1B8Y.roa
Signing time:             Thu 02 Jul 2026 15:18:19 +0000
ROA not before:           Thu 02 Jul 2026 15:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154132
IP address blocks:        81.168.63.0/24 maxlen: 24
                          82.152.102.0/24 maxlen: 24
                          89.213.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:d2:51:6a:03:47:cc:0d:2b:c8:0e:df:b9:5b:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=776d497792262ed4fc5273d54c2e8ea73fb507c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e7:64:ef:7f:3e:88:e3:ae:ea:a2:56:94:da:
                    81:e3:5c:c4:11:a1:fe:56:a1:ea:a1:21:d6:b5:8f:
                    2b:80:3e:79:53:64:5c:fd:b1:af:28:b7:d4:70:0a:
                    4c:ef:f9:8c:1a:7f:ce:d9:a7:f0:b6:94:e0:52:6b:
                    73:53:c6:31:68:0a:73:80:bc:24:bf:97:0f:1f:e3:
                    ba:1f:69:f8:af:d8:d6:4b:05:1b:0f:15:cb:b2:e1:
                    c7:ca:c6:54:a5:31:79:cd:3a:e7:5c:98:d8:d7:b6:
                    43:59:69:a3:85:f5:6c:12:1d:b0:c1:5c:89:6b:09:
                    ff:04:28:e0:53:0d:22:bf:fb:96:b4:af:64:c3:9d:
                    17:0a:8a:06:58:19:b1:6e:ff:00:2d:e7:b1:96:1a:
                    3e:f7:dc:04:83:48:63:e7:c6:41:4e:9b:49:f5:be:
                    44:7b:ec:ce:33:56:bb:c5:1d:46:35:d5:f8:15:88:
                    e0:ce:f9:a1:52:29:15:ec:60:54:14:02:41:ad:3c:
                    d9:b2:b1:95:16:3e:d3:9e:7c:3e:a5:3f:9f:9d:a8:
                    4f:0b:b9:74:cb:66:4e:ed:80:8c:26:ae:f2:a6:2c:
                    1e:73:74:fc:d8:71:2a:b9:f6:09:dc:d6:8e:c0:6a:
                    31:dc:d4:72:9b:fa:8c:a1:d4:e9:1c:65:ed:f2:ba:
                    ad:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:6D:49:77:92:26:2E:D4:FC:52:73:D5:4C:2E:8E:A7:3F:B5:07:C6
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/d21Jd5ImLtT8UnPVTC6Opz-1B8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.63.0/24
                  82.152.102.0/24
                  89.213.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:c4:6b:39:2d:d3:d9:be:3b:20:ac:bf:ea:61:d5:72:66:d3:
         14:61:fb:27:74:0d:a0:68:c4:83:c7:d6:99:03:b7:26:ba:eb:
         18:b7:3d:1a:1b:1f:f2:ad:32:cf:1e:69:7e:e5:b9:d8:f3:b3:
         8f:a5:4f:01:63:67:95:2f:48:45:1e:ff:10:3a:4f:d1:7d:8b:
         a9:d9:61:e0:6f:c5:43:67:ab:f1:de:0e:ba:c7:b3:eb:d2:98:
         11:9c:ae:13:10:1e:8a:c4:4e:7b:73:a1:b4:f6:5a:ba:4a:be:
         f8:4d:0f:56:06:dd:fa:06:d7:7c:cf:c4:8e:cd:65:86:f9:ec:
         dc:03:d1:ea:1f:27:8e:45:a5:ce:f4:1f:dc:9f:3b:7f:5b:17:
         bb:38:dd:c3:bd:d9:45:8f:f3:f7:14:6d:fb:23:fd:0a:1a:55:
         e8:fc:6c:9c:ef:99:60:ee:dd:17:62:cc:d7:38:26:b9:cd:9c:
         7b:04:d4:90:63:4d:4c:6b:2b:2f:04:0a:fe:3a:86:c5:17:ad:
         f5:2d:61:d2:4a:85:65:93:ad:bf:ff:4d:4c:4f:dd:9a:f1:c7:
         bc:ee:31:98:b4:52:a1:52:36:f9:73:e0:93:26:5d:aa:a4:1f:
         d8:ba:50:ce:97:60:5d:eb:59:bc:37:06:3e:52:23:73:2c:d8:
         7f:43:1e:33
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ8jaNJRagNHzA0ryA7fuVtiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzZkNDk3NzkyMjYyZWQ0ZmM1MjczZDU0YzJlOGVhNzNmYjUwN2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOdk738+iOOu6qJWlNqB41zEEaH+
VqHqoSHWtY8rgD55U2Rc/bGvKLfUcApM7/mMGn/O2afwtpTgUmtzU8YxaApzgLwk
v5cPH+O6H2n4r9jWSwUbDxXLsuHHysZUpTF5zTrnXJjY17ZDWWmjhfVsEh2wwVyJ
awn/BCjgUw0iv/uWtK9kw50XCooGWBmxbv8ALeexlho+99wEg0hj58ZBTptJ9b5E
e+zOM1a7xR1GNdX4FYjgzvmhUikV7GBUFAJBrTzZsrGVFj7Tnnw+pT+fnahPC7l0
y2ZO7YCMJq7ypiwec3T82HEqufYJ3NaOwGox3NRym/qModTpHGXt8rqtswIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHdtSXeSJi7U/FJz1Uwujqc/tQfGMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZDIxSmQ1SW1MdFQ4VW5QVlRDNk9wei0xQjhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUag/AwQA
UphmAwQAWdVEMA0GCSqGSIb3DQEBCwUAA4IBAQBTxGs5LdPZvjsgrL/qYdVyZtMU
YfsndA2gaMSDx9aZA7cmuusYtz0aGx/yrTLPHml+5bnY87OPpU8BY2eVL0hFHv8Q
Ok/RfYup2WHgb8VDZ6vx3g66x7Pr0pgRnK4TEB6KxE57c6G09lq6Sr74TQ9WBt36
Btd8z8SOzWWG+ezcA9HqHyeORaXO9B/cnzt/Wxe7ON3DvdlFj/P3FG37I/0KGlXo
/Gyc75lg7t0XYszXOCa5zZx7BNSQY01MaysvBAr+OobFF631LWHSSoVlk62//01M
T92a8ce87jGYtFKhUjb5c+CTJl2qpB/YulDOl2Bd61m8NwY+UiNzLNh/Qx4z
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:23 2026 by rpki-client