Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fCC7lXu2R90Zs_w4Ph3JL_Vsh7Q.roa
File:                     fCC7lXu2R90Zs_w4Ph3JL_Vsh7Q.roa (raw, json)
Hash identifier:          Lpr8Xt0tktBswz4ttSdnxd0QRlNgpOrwGve82DEWfto=
Subject key identifier:   7C:20:BB:95:7B:B6:47:DD:19:B3:FC:38:3E:1D:C9:2F:F5:6C:87:B4
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368FAA551C3DD0C6C4504882B205D78
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fCC7lXu2R90Zs_w4Ph3JL_Vsh7Q.roa
Signing time:             Thu 02 Jul 2026 15:18:30 +0000
ROA not before:           Thu 02 Jul 2026 15:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212762
IP address blocks:        109.176.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:fa:a5:51:c3:dd:0c:6c:45:04:88:2b:20:5d:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c20bb957bb647dd19b3fc383e1dc92ff56c87b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:99:a2:a3:43:5c:40:f1:b4:91:78:68:14:f2:
                    df:d7:83:16:97:f3:af:0d:42:cb:bb:a1:74:be:60:
                    73:de:d3:d7:d7:9a:1e:5c:40:63:cc:8d:53:10:d0:
                    fa:e6:6c:ad:ef:4c:d4:74:61:1b:64:7e:82:a7:47:
                    75:52:83:42:b5:aa:8e:24:a5:7f:fa:82:4b:49:4c:
                    22:56:73:16:01:42:b4:2b:7d:65:72:a5:85:1f:c6:
                    7a:56:15:ee:bc:bf:7a:05:7c:23:52:3a:d6:d6:c9:
                    d8:d5:5a:c7:32:48:a8:c5:1e:bd:6b:aa:ce:58:04:
                    a8:60:20:24:40:46:dc:7a:b1:29:0a:32:40:c3:41:
                    27:01:b1:1d:f0:f9:6b:5f:7c:e2:16:7d:32:b3:28:
                    4f:9b:b8:5f:1b:ad:1e:7a:f9:fc:25:11:f7:1d:e7:
                    1b:1e:67:bb:8d:37:b3:9d:03:f7:0b:47:f3:f7:59:
                    c7:0f:e1:c9:7f:f1:4d:1d:5a:7f:18:42:8e:af:4b:
                    74:5b:fe:a3:fa:fc:b9:ab:ed:d9:ac:b9:c8:d5:64:
                    3e:ed:9c:67:df:67:f7:b3:ff:56:d6:13:42:d8:04:
                    bf:e8:9d:7e:88:d4:83:7e:7e:e1:c4:04:62:5f:38:
                    56:81:63:63:7e:1c:f2:80:98:ca:d6:b9:f6:89:e8:
                    a2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:20:BB:95:7B:B6:47:DD:19:B3:FC:38:3E:1D:C9:2F:F5:6C:87:B4
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fCC7lXu2R90Zs_w4Ph3JL_Vsh7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:ef:6b:50:3f:05:fb:a7:93:04:4b:b5:93:98:d9:30:98:79:
         9c:ca:82:51:57:f8:be:2e:a0:3e:32:ac:d8:75:73:c3:bc:78:
         95:45:d6:4f:88:3a:74:b0:c5:e8:31:68:a8:ee:79:e7:a1:ef:
         10:db:20:a2:2e:e1:da:eb:ae:55:f1:cf:7e:72:75:2d:1f:87:
         fc:1a:bd:76:1e:e3:a2:2d:7b:2d:e6:72:42:7e:ca:af:a7:fb:
         ba:04:81:5e:be:11:1c:9d:cd:35:76:2e:c3:5b:22:0a:e9:a2:
         2b:b7:47:fc:dc:32:19:77:f6:a4:45:15:a3:67:ef:2b:af:ca:
         5e:69:dc:ab:79:5e:1f:0d:f0:d4:b4:68:4f:25:86:06:84:a0:
         77:5b:94:4e:70:83:f2:ee:6f:8e:f2:d1:42:aa:18:87:e9:5f:
         d7:14:52:ef:5c:b7:b7:bd:26:63:1e:64:10:61:3a:41:7c:0d:
         ad:53:23:4d:35:a9:ac:52:92:04:1d:eb:54:79:f9:99:fd:2f:
         87:ce:23:7f:44:a3:d4:6a:ae:6d:0e:b6:94:6c:e9:91:9e:84:
         98:38:d7:06:d3:7b:13:15:47:97:86:c4:39:65:8f:e5:52:cc:
         b3:81:92:4a:87:f6:b4:f4:0e:a4:95:30:9f:4f:b2:3c:a8:3c:
         37:c2:d0:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaPqlUcPdDGxFBIgrIF14MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzIwYmI5NTdiYjY0N2RkMTliM2ZjMzgzZTFkYzkyZmY1NmM4N2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZmio0NcQPG0kXhoFPLf14MWl/Ov
DULLu6F0vmBz3tPX15oeXEBjzI1TEND65myt70zUdGEbZH6Cp0d1UoNCtaqOJKV/
+oJLSUwiVnMWAUK0K31lcqWFH8Z6VhXuvL96BXwjUjrW1snY1VrHMkioxR69a6rO
WASoYCAkQEbcerEpCjJAw0EnAbEd8PlrX3ziFn0ysyhPm7hfG60eevn8JRH3Hecb
Hme7jTeznQP3C0fz91nHD+HJf/FNHVp/GEKOr0t0W/6j+vy5q+3ZrLnI1WQ+7Zxn
32f3s/9W1hNC2AS/6J1+iNSDfn7hxARiXzhWgWNjfhzygJjK1rn2ieiisQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwgu5V7tkfdGbP8OD4dyS/1bIe0MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZkNDN2xYdTJSOTBac193NFBoM0pMX1ZzaDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDKMA0G
CSqGSIb3DQEBCwUAA4IBAQAn72tQPwX7p5MES7WTmNkwmHmcyoJRV/i+LqA+MqzY
dXPDvHiVRdZPiDp0sMXoMWio7nnnoe8Q2yCiLuHa665V8c9+cnUtH4f8Gr12HuOi
LXst5nJCfsqvp/u6BIFevhEcnc01di7DWyIK6aIrt0f83DIZd/akRRWjZ+8rr8pe
adyreV4fDfDUtGhPJYYGhKB3W5ROcIPy7m+O8tFCqhiH6V/XFFLvXLe3vSZjHmQQ
YTpBfA2tUyNNNamsUpIEHetUefmZ/S+HziN/RKPUaq5tDraUbOmRnoSYONcG03sT
FUeXhsQ5ZY/lUsyzgZJKh/a09A6klTCfT7I8qDw3wtAt
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:18:12 2026 by rpki-client