Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gFOPtAcZ-sr9ttbwfgyt38MMkXg.roa
File:                     gFOPtAcZ-sr9ttbwfgyt38MMkXg.roa (raw, json)
Hash identifier:          cJJ5s3DQALUMWFUnMZ91wZjfsJyZU7IH9Gg9Jj6CqRg=
Subject key identifier:   80:53:8F:B4:07:19:FA:CA:FD:B6:D6:F0:7E:0C:AD:DF:C3:0C:91:78
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368F97871BF213D225B0A7F758233E7
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gFOPtAcZ-sr9ttbwfgyt38MMkXg.roa
Signing time:             Thu 02 Jul 2026 15:18:29 +0000
ROA not before:           Thu 02 Jul 2026 15:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212416
IP address blocks:        213.210.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:f9:78:71:bf:21:3d:22:5b:0a:7f:75:82:33:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80538fb40719facafdb6d6f07e0caddfc30c9178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:66:7c:b5:3c:06:df:7a:21:1a:c7:c9:8e:93:
                    31:26:71:0c:fb:1f:0f:87:49:bc:3d:09:c4:a2:1d:
                    c6:8b:47:83:58:9c:9e:9f:51:2b:57:8e:c5:06:bf:
                    13:fe:94:ef:2a:a5:c8:a8:58:1b:86:5d:c8:0b:cc:
                    60:90:9c:7c:48:98:c3:fe:69:bb:bc:c2:c2:3d:dc:
                    80:63:04:dd:8e:99:52:5d:2f:31:32:32:79:4b:b2:
                    d2:3e:72:e2:4b:8f:20:0c:ba:e2:86:28:4f:cf:01:
                    0a:f0:f5:98:1f:6c:26:a2:9c:a7:49:d6:3d:0e:fb:
                    2f:86:77:2d:a0:2a:9b:22:95:5a:db:a6:3a:93:4c:
                    a2:7b:d3:b6:a0:27:a2:bb:35:20:c9:85:c4:06:b0:
                    05:d6:e8:40:a2:88:a0:f2:09:26:46:63:66:41:9a:
                    2c:61:dd:94:58:7c:72:c8:18:04:4d:e9:f9:88:f0:
                    de:17:01:af:e2:81:3c:c7:84:c5:ce:d7:f7:d8:e2:
                    83:50:e3:b8:eb:f3:2c:32:f5:f2:7f:c0:de:78:8e:
                    e9:c6:ac:58:99:e9:ea:37:88:df:d8:00:0e:56:b1:
                    a7:12:2a:5f:2c:db:9f:82:7b:21:ad:d3:fb:e4:d6:
                    62:f2:ed:de:84:cf:c8:78:dd:cd:aa:5d:c4:eb:a7:
                    1a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:53:8F:B4:07:19:FA:CA:FD:B6:D6:F0:7E:0C:AD:DF:C3:0C:91:78
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gFOPtAcZ-sr9ttbwfgyt38MMkXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:15:ac:68:d9:71:57:3a:34:56:68:02:81:50:60:e5:35:5d:
         bb:ca:d2:e1:b8:27:4c:da:1b:36:d2:22:43:55:7d:e3:83:22:
         ad:03:60:4b:34:57:84:a7:9e:c1:40:35:37:86:01:73:b2:9d:
         44:3a:01:bc:4d:05:b7:31:53:bc:d1:50:ed:60:06:97:0b:31:
         2e:60:ee:ea:f2:64:df:f5:6c:71:98:8e:20:71:87:df:8c:a8:
         bf:17:e1:cc:ba:7b:df:8f:f2:96:8f:4c:15:ec:9a:37:86:45:
         79:39:38:33:c1:71:5e:6e:a1:1e:ec:83:e1:ba:35:8f:ef:04:
         1f:2a:47:04:98:9d:60:06:71:f6:f1:db:2f:ac:ec:28:cb:1d:
         db:8a:b2:1f:b8:bd:a2:d9:51:b6:13:66:35:5c:e0:b1:45:0c:
         8f:d2:c8:d7:3c:7f:60:ab:ef:6c:54:cf:8a:f2:e0:ba:3b:ac:
         40:da:b7:56:8c:59:c3:ed:d2:e1:9b:ac:94:e0:95:1b:7c:9a:
         b1:f3:2c:ed:6e:86:7a:a4:96:d3:77:f3:6e:ca:15:e4:f3:d6:
         87:40:68:e9:cd:af:45:03:0f:74:60:b8:6c:0b:33:43:7b:9b:
         d5:17:77:ba:4c:62:73:ed:b5:55:f9:8d:b7:40:c4:d2:c9:81:
         7e:9a:45:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaPl4cb8hPSJbCn91gjPnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDUzOGZiNDA3MTlmYWNhZmRiNmQ2ZjA3ZTBjYWRkZmMzMGM5MTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2Z8tTwG33ohGsfJjpMxJnEM+x8P
h0m8PQnEoh3Gi0eDWJyen1ErV47FBr8T/pTvKqXIqFgbhl3IC8xgkJx8SJjD/mm7
vMLCPdyAYwTdjplSXS8xMjJ5S7LSPnLiS48gDLrihihPzwEK8PWYH2wmopynSdY9
DvsvhnctoCqbIpVa26Y6k0yie9O2oCeiuzUgyYXEBrAF1uhAooig8gkmRmNmQZos
Yd2UWHxyyBgETen5iPDeFwGv4oE8x4TFztf32OKDUOO46/MsMvXyf8DeeI7pxqxY
menqN4jf2AAOVrGnEipfLNufgnshrdP75NZi8u3ehM/IeN3Nql3E66caxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBTj7QHGfrK/bbW8H4Mrd/DDJF4MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ0ZPUHRBY1otc3I5dHRid2ZneXQzOE1Na1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dI7MA0G
CSqGSIb3DQEBCwUAA4IBAQBuFaxo2XFXOjRWaAKBUGDlNV27ytLhuCdM2hs20iJD
VX3jgyKtA2BLNFeEp57BQDU3hgFzsp1EOgG8TQW3MVO80VDtYAaXCzEuYO7q8mTf
9WxxmI4gcYffjKi/F+HMunvfj/KWj0wV7Jo3hkV5OTgzwXFebqEe7IPhujWP7wQf
KkcEmJ1gBnH28dsvrOwoyx3birIfuL2i2VG2E2Y1XOCxRQyP0sjXPH9gq+9sVM+K
8uC6O6xA2rdWjFnD7dLhm6yU4JUbfJqx8yztboZ6pJbTd/NuyhXk89aHQGjpza9F
Aw90YLhsCzNDe5vVF3e6TGJz7bVV+Y23QMTSyYF+mkUD
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:18:32 2026 by rpki-client