Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gxWhiEXTZqC5ueNds9L-QlV1VBM.roa
File:                     gxWhiEXTZqC5ueNds9L-QlV1VBM.roa (raw, json)
Hash identifier:          okXXKwRTQtwUwVJyHn7AijCw102cQHjYdo53RLdmNwk=
Subject key identifier:   83:15:A1:88:45:D3:66:A0:B9:B9:E3:5D:B3:D2:FE:42:55:75:54:13
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368C8DA8DD9C66AE23726A5096E12BC
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gxWhiEXTZqC5ueNds9L-QlV1VBM.roa
Signing time:             Thu 02 Jul 2026 15:18:17 +0000
ROA not before:           Thu 02 Jul 2026 15:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135402
IP address blocks:        213.210.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:c8:da:8d:d9:c6:6a:e2:37:26:a5:09:6e:12:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8315a18845d366a0b9b9e35db3d2fe4255755413
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d4:c3:5f:da:c7:d8:bc:c9:bc:a8:83:f4:e6:
                    8b:45:9e:64:47:6d:a9:4f:6c:b7:a4:85:fa:8f:7f:
                    64:54:d8:34:fe:86:04:1d:73:bb:f8:83:a3:5b:78:
                    f8:d4:22:42:d9:a4:09:07:dd:06:ef:2d:16:e1:ed:
                    95:09:5c:23:23:c3:04:d5:86:52:62:31:eb:2d:ed:
                    27:ac:e9:c8:0a:36:6f:75:7a:6d:94:ed:52:c7:5b:
                    73:6d:2e:24:cf:80:e4:90:57:ea:31:a5:3f:a6:b2:
                    f9:b5:59:32:a2:d2:c2:f7:06:b2:db:26:bb:ec:0e:
                    1d:d7:02:c0:0e:d4:8d:e9:fb:fd:1b:52:9c:d7:d1:
                    11:7e:10:1f:f6:b6:25:be:e5:f9:b9:ff:5c:be:c6:
                    6c:82:79:78:7b:a1:86:ac:5d:89:54:41:e6:a5:db:
                    41:09:19:28:e0:85:53:cc:72:9e:bd:f5:99:1a:9e:
                    65:89:56:87:ad:22:f3:b5:ea:b9:f8:99:18:a5:33:
                    df:32:68:fa:53:ac:0c:a3:61:4f:71:15:a4:0e:97:
                    00:00:fd:48:83:3b:88:a4:8b:85:74:32:e8:f3:f3:
                    bd:c1:bc:57:97:2a:6c:d5:b8:f6:91:9b:13:88:1e:
                    5c:f7:0d:0f:07:28:cb:ba:95:c3:63:a6:f1:bc:bb:
                    43:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:15:A1:88:45:D3:66:A0:B9:B9:E3:5D:B3:D2:FE:42:55:75:54:13
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gxWhiEXTZqC5ueNds9L-QlV1VBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:26:56:20:17:33:0c:b8:95:9e:4b:0a:b4:ff:27:0d:0a:06:
         55:16:01:b2:fc:b1:07:b7:fd:5c:56:6f:11:f7:3c:d1:9d:4b:
         30:4d:f4:9e:96:4a:7f:7b:ac:da:8f:ba:3b:49:ed:3c:a5:06:
         16:c9:74:f8:fd:cf:31:0f:59:d8:6b:f9:a7:32:81:6b:ba:f5:
         e7:35:53:a0:e7:a0:26:3b:e2:a7:01:7a:77:8d:40:93:47:2b:
         5e:27:66:a2:10:08:20:25:d4:47:33:76:c5:ed:66:df:d1:6b:
         a6:bb:5e:77:8d:84:e2:f6:37:af:f0:71:f2:45:4e:71:2b:4f:
         1a:fb:eb:17:cc:47:e3:a5:1a:38:ac:98:09:a8:c5:3e:de:f8:
         2d:7f:37:88:4a:14:f9:82:a4:7a:da:56:bb:30:b1:38:48:de:
         5c:36:80:13:4b:0a:65:56:98:1e:f4:9b:a5:c6:95:0e:46:2f:
         be:0d:45:db:ad:85:5a:13:00:b8:2d:71:24:6f:f7:8d:96:61:
         bb:80:7d:9a:de:c2:c6:1f:ec:2d:5d:6e:dc:6e:a9:64:74:d0:
         a5:1f:a6:39:3d:62:c8:db:5b:45:05:5b:44:10:c3:ae:15:eb:
         89:ca:5b:97:2d:d3:6a:a0:1d:af:28:c7:17:8a:73:95:02:b1:
         7b:96:6a:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaMjajdnGauI3JqUJbhK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzE1YTE4ODQ1ZDM2NmEwYjliOWUzNWRiM2QyZmU0MjU1NzU1NDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdTDX9rH2LzJvKiD9OaLRZ5kR22p
T2y3pIX6j39kVNg0/oYEHXO7+IOjW3j41CJC2aQJB90G7y0W4e2VCVwjI8ME1YZS
YjHrLe0nrOnICjZvdXptlO1Sx1tzbS4kz4DkkFfqMaU/prL5tVkyotLC9way2ya7
7A4d1wLADtSN6fv9G1Kc19ERfhAf9rYlvuX5uf9cvsZsgnl4e6GGrF2JVEHmpdtB
CRko4IVTzHKevfWZGp5liVaHrSLzteq5+JkYpTPfMmj6U6wMo2FPcRWkDpcAAP1I
gzuIpIuFdDLo8/O9wbxXlyps1bj2kZsTiB5c9w0PByjLupXDY6bxvLtDuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMVoYhF02agubnjXbPS/kJVdVQTMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ3hXaGlFWFRacUM1dWVOZHM5TC1RbFYxVkJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dIqMA0G
CSqGSIb3DQEBCwUAA4IBAQApJlYgFzMMuJWeSwq0/ycNCgZVFgGy/LEHt/1cVm8R
9zzRnUswTfSelkp/e6zaj7o7Se08pQYWyXT4/c8xD1nYa/mnMoFruvXnNVOg56Am
O+KnAXp3jUCTRyteJ2aiEAggJdRHM3bF7Wbf0Wumu153jYTi9jev8HHyRU5xK08a
++sXzEfjpRo4rJgJqMU+3vgtfzeIShT5gqR62la7MLE4SN5cNoATSwplVpge9Jul
xpUORi++DUXbrYVaEwC4LXEkb/eNlmG7gH2a3sLGH+wtXW7cbqlkdNClH6Y5PWLI
21tFBVtEEMOuFeuJyluXLdNqoB2vKMcXinOVArF7lmqW
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:22:22 2026 by rpki-client