Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/g5Q0x_K6vQIdHcrFtZqEMhKo74E.roa
File:                     g5Q0x_K6vQIdHcrFtZqEMhKo74E.roa (raw, json)
Hash identifier:          xkkKA4bf4v9SogFlYQjpm99rOnIz3G0M4hAgEzujbmU=
Subject key identifier:   83:94:34:C7:F2:BA:BD:02:1D:1D:CA:C5:B5:9A:84:32:12:A8:EF:81
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368E397CF5751B103794067A67A75CB
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/g5Q0x_K6vQIdHcrFtZqEMhKo74E.roa
Signing time:             Thu 02 Jul 2026 15:18:24 +0000
ROA not before:           Thu 02 Jul 2026 15:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203758
IP address blocks:        82.153.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:e3:97:cf:57:51:b1:03:79:40:67:a6:7a:75:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=839434c7f2babd021d1dcac5b59a843212a8ef81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:11:b8:4d:23:77:05:2f:52:60:ad:b8:33:fe:
                    ba:48:85:e5:5f:e0:5c:90:51:84:c4:5a:9a:3a:f7:
                    e1:c2:8a:58:88:fb:63:a3:6f:b3:a1:98:42:14:b3:
                    94:cc:6d:6b:ba:56:b1:e7:74:fd:4f:77:e1:ff:21:
                    91:ff:ef:38:f0:17:5a:ff:fd:fb:91:95:af:4c:31:
                    09:41:eb:be:bc:bd:61:d3:a8:a7:fe:82:c2:bd:87:
                    48:8b:07:e0:c5:de:47:8e:7a:b2:e5:7f:96:65:60:
                    55:4f:f3:89:de:57:f9:31:ef:0c:64:23:37:52:bc:
                    cc:cb:f6:ff:a1:66:7b:65:f7:d4:d4:04:b0:ff:1e:
                    f4:ea:0a:0b:f3:1d:43:8a:bb:c6:42:d2:c0:26:7b:
                    21:b0:1a:86:17:03:cc:a5:fc:44:52:a6:41:56:72:
                    cd:55:08:b1:9e:72:6e:8e:07:67:ac:ce:a3:aa:d8:
                    bd:aa:e2:8b:b4:38:bc:20:11:ff:1e:52:8d:4b:98:
                    37:76:9d:f4:80:d8:4e:2d:56:c3:ce:fa:15:a2:78:
                    47:ed:50:c0:3e:56:59:5d:a5:ec:7c:cd:a5:be:26:
                    fd:0c:68:c9:93:60:dd:00:6c:da:f8:13:8f:bd:df:
                    0d:09:4d:7c:91:00:ce:19:6a:fd:8d:de:61:ef:8f:
                    a6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:94:34:C7:F2:BA:BD:02:1D:1D:CA:C5:B5:9A:84:32:12:A8:EF:81
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/g5Q0x_K6vQIdHcrFtZqEMhKo74E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:e1:6d:a6:9b:8a:53:9f:ed:4f:4b:fb:db:e9:bc:b1:1a:93:
         26:f8:b8:97:87:a2:d0:d7:87:0c:13:0d:0b:da:a5:08:d4:af:
         14:18:e7:7d:40:73:13:dc:84:d3:9b:89:a5:8f:67:96:30:76:
         41:96:fa:41:e1:dd:0b:ff:cb:d7:3b:71:f8:47:d5:0f:3e:d2:
         28:1a:0c:74:aa:62:93:2f:7c:e7:58:d9:c7:e7:16:5b:86:74:
         c3:63:f4:93:5c:64:6e:de:34:20:46:27:d1:de:1c:ed:11:7f:
         8f:a1:9e:cd:24:8e:7c:4b:1d:ce:1d:c1:5c:e2:69:3a:b0:95:
         37:76:98:1a:b0:8a:6e:94:01:61:96:d3:db:09:c1:15:63:7a:
         1c:cc:01:42:0c:41:07:c4:f4:ae:a2:5c:6d:bb:d5:a4:fe:2d:
         d5:f3:44:82:ee:d9:3b:ef:c5:0f:a8:06:1c:50:f1:3b:b7:4d:
         8f:89:b1:09:78:41:62:ac:bd:e0:0a:b2:cd:c5:c2:fb:2f:6a:
         eb:b0:2e:b4:de:6e:5a:74:3c:af:07:25:cf:63:55:32:0a:19:
         52:86:f4:41:32:15:68:6f:15:70:c7:36:f7:f1:6f:9e:08:7b:
         c7:7e:50:cc:aa:1f:c4:9b:a7:8f:99:0c:79:70:ab:df:8c:6e:
         08:b5:d9:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaOOXz1dRsQN5QGemenXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzk0MzRjN2YyYmFiZDAyMWQxZGNhYzViNTlhODQzMjEyYThlZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxG4TSN3BS9SYK24M/66SIXlX+Bc
kFGExFqaOvfhwopYiPtjo2+zoZhCFLOUzG1rulax53T9T3fh/yGR/+848Bda//37
kZWvTDEJQeu+vL1h06in/oLCvYdIiwfgxd5Hjnqy5X+WZWBVT/OJ3lf5Me8MZCM3
UrzMy/b/oWZ7ZffU1ASw/x706goL8x1DirvGQtLAJnshsBqGFwPMpfxEUqZBVnLN
VQixnnJujgdnrM6jqti9quKLtDi8IBH/HlKNS5g3dp30gNhOLVbDzvoVonhH7VDA
PlZZXaXsfM2lvib9DGjJk2DdAGza+BOPvd8NCU18kQDOGWr9jd5h74+mAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIOUNMfyur0CHR3KxbWahDISqO+BMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZzVRMHhfSzZ2UUlkSGNyRnRacUVNaEtvNzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUplGMA0G
CSqGSIb3DQEBCwUAA4IBAQA64W2mm4pTn+1PS/vb6byxGpMm+LiXh6LQ14cMEw0L
2qUI1K8UGOd9QHMT3ITTm4mlj2eWMHZBlvpB4d0L/8vXO3H4R9UPPtIoGgx0qmKT
L3znWNnH5xZbhnTDY/STXGRu3jQgRifR3hztEX+PoZ7NJI58Sx3OHcFc4mk6sJU3
dpgasIpulAFhltPbCcEVY3oczAFCDEEHxPSuolxtu9Wk/i3V80SC7tk778UPqAYc
UPE7t02PibEJeEFirL3gCrLNxcL7L2rrsC603m5adDyvByXPY1UyChlShvRBMhVo
bxVwxzb38W+eCHvHflDMqh/Em6ePmQx5cKvfjG4ItdmD
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:21:21 2026 by rpki-client