Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/g_iUZ1gt1vh0l1iflv9pMBVv2i8.roa
File:                     g_iUZ1gt1vh0l1iflv9pMBVv2i8.roa (raw, json)
Hash identifier:          68nLRRtEekrw8i/Uo+aBTM2uKdpGiM9QZ7GNpC7rzYE=
Subject key identifier:   83:F8:94:67:58:2D:D6:F8:74:97:58:9F:96:FF:69:30:15:6F:DA:2F
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368BAAE86A0EA48703E8F1785E2E04F
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/g_iUZ1gt1vh0l1iflv9pMBVv2i8.roa
Signing time:             Thu 02 Jul 2026 15:18:13 +0000
ROA not before:           Thu 02 Jul 2026 15:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47263
IP address blocks:        82.153.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:ba:ae:86:a0:ea:48:70:3e:8f:17:85:e2:e0:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83f89467582dd6f87497589f96ff6930156fda2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bc:e3:31:18:69:88:ae:33:a4:1c:57:82:c7:
                    21:fa:38:91:de:f1:4d:52:aa:7e:8c:84:ca:81:0c:
                    b7:83:c6:0f:27:9c:93:85:28:ce:d6:7e:02:d8:4c:
                    2a:97:95:d4:f3:e6:03:78:29:d5:a2:45:cf:39:f7:
                    a3:f4:f4:60:c6:9d:03:a6:68:51:ef:b7:9c:94:b4:
                    79:ff:26:d7:d8:eb:37:ff:3e:a5:a1:89:7c:d0:d0:
                    a5:d5:36:20:3c:47:2a:10:df:2a:55:2c:8e:eb:68:
                    b6:45:5f:b6:ac:cd:e1:c1:47:e8:b5:ef:fe:05:7d:
                    e2:b9:a7:2f:7e:32:10:3a:bd:b7:d3:ce:bb:40:b7:
                    76:15:84:28:7d:82:af:64:d0:e9:78:8e:f3:70:49:
                    1f:67:8a:4c:20:3f:3f:90:e7:f7:02:4e:61:0a:4c:
                    ee:c5:6d:35:fd:24:80:27:36:d2:bb:46:51:61:56:
                    80:25:9f:14:1e:c1:14:ea:13:e4:71:34:0f:c8:3c:
                    df:31:21:de:f6:13:26:d1:de:69:34:29:6c:cb:8b:
                    bf:3b:26:ec:38:c2:61:8e:ce:24:54:02:5a:0f:ee:
                    9b:22:b7:d8:d9:9a:fb:81:a6:4a:7f:23:fa:c1:cb:
                    86:84:ba:d7:94:da:4b:77:b7:78:02:13:32:29:0a:
                    51:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F8:94:67:58:2D:D6:F8:74:97:58:9F:96:FF:69:30:15:6F:DA:2F
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/g_iUZ1gt1vh0l1iflv9pMBVv2i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:4a:97:95:59:43:3b:cd:93:d7:0b:d9:2a:fe:ba:2b:e8:31:
         f1:e3:a6:05:04:ef:31:b4:5e:af:46:c7:a9:ee:ba:f0:42:3d:
         83:e9:fe:3e:d4:e7:a7:12:67:c9:4c:92:15:3e:53:af:ff:48:
         e8:b2:46:98:75:ae:4d:d3:39:24:23:f9:61:f2:bf:f3:38:0c:
         c8:9b:83:b8:38:fe:d8:42:5f:3e:81:db:93:38:97:04:3b:86:
         1f:57:00:d9:84:9d:3c:c1:d7:f5:5e:29:7f:b8:f4:2a:fb:ec:
         d0:a4:68:f4:ce:30:8d:73:67:e2:f0:ab:0e:da:a1:62:97:81:
         6e:34:70:d0:7f:cd:b2:71:43:96:e4:82:1f:10:ca:1f:25:bd:
         3e:d3:0f:84:25:9e:91:d1:a3:2e:b9:6c:8b:8e:05:58:27:68:
         91:eb:7f:9c:59:09:e0:a2:2e:06:b1:8b:90:95:3b:4a:ce:0d:
         c7:9f:f3:63:11:f8:5b:4a:82:2c:99:90:10:a8:a8:f9:52:f7:
         e1:a2:c1:65:3c:66:39:b5:9e:fb:ec:23:2a:af:88:29:64:21:
         09:91:f7:a6:cc:15:da:5c:34:16:b4:83:e9:f2:c2:46:16:75:
         76:b9:b4:d9:5f:9e:9b:11:86:0f:b3:9d:c0:fa:bf:96:bb:dd:
         0e:bb:87:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaLquhqDqSHA+jxeF4uBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Y4OTQ2NzU4MmRkNmY4NzQ5NzU4OWY5NmZmNjkzMDE1NmZkYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLzjMRhpiK4zpBxXgsch+jiR3vFN
Uqp+jITKgQy3g8YPJ5yThSjO1n4C2Ewql5XU8+YDeCnVokXPOfej9PRgxp0DpmhR
77eclLR5/ybX2Os3/z6loYl80NCl1TYgPEcqEN8qVSyO62i2RV+2rM3hwUfote/+
BX3iuacvfjIQOr230867QLd2FYQofYKvZNDpeI7zcEkfZ4pMID8/kOf3Ak5hCkzu
xW01/SSAJzbSu0ZRYVaAJZ8UHsEU6hPkcTQPyDzfMSHe9hMm0d5pNClsy4u/Oybs
OMJhjs4kVAJaD+6bIrfY2Zr7gaZKfyP6wcuGhLrXlNpLd7d4AhMyKQpRRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIP4lGdYLdb4dJdYn5b/aTAVb9ovMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ19pVVoxZ3QxdmgwbDFpZmx2OXBNQlZ2Mmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnhMA0G
CSqGSIb3DQEBCwUAA4IBAQALSpeVWUM7zZPXC9kq/ror6DHx46YFBO8xtF6vRsep
7rrwQj2D6f4+1OenEmfJTJIVPlOv/0joskaYda5N0zkkI/lh8r/zOAzIm4O4OP7Y
Ql8+gduTOJcEO4YfVwDZhJ08wdf1Xil/uPQq++zQpGj0zjCNc2fi8KsO2qFil4Fu
NHDQf82ycUOW5IIfEMofJb0+0w+EJZ6R0aMuuWyLjgVYJ2iR63+cWQngoi4GsYuQ
lTtKzg3Hn/NjEfhbSoIsmZAQqKj5UvfhosFlPGY5tZ777CMqr4gpZCEJkfemzBXa
XDQWtIPp8sJGFnV2ubTZX56bEYYPs53A+r+Wu90Ou4ev
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:21:53 2026 by rpki-client