Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/h8JTVjucnRFWaQ_Phf7CeTdsv9s.roa
File:                     h8JTVjucnRFWaQ_Phf7CeTdsv9s.roa (raw, json)
Hash identifier:          E0Lxg3s5KEtGsRcUV4ecw+fscIqkT2CP4vQzVCwu44M=
Subject key identifier:   87:C2:53:56:3B:9C:9D:11:56:69:0F:CF:85:FE:C2:79:37:6C:BF:DB
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F23691A00533287721AE0A917FB2F983A
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/h8JTVjucnRFWaQ_Phf7CeTdsv9s.roa
Signing time:             Thu 02 Jul 2026 15:18:38 +0000
ROA not before:           Thu 02 Jul 2026 15:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     270158
IP address blocks:        82.152.133.0/24 maxlen: 24
                          82.152.138.0/24 maxlen: 24
                          82.152.139.0/24 maxlen: 24
                          82.153.2.0/24 maxlen: 24
                          82.153.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:1a:00:53:32:87:72:1a:e0:a9:17:fb:2f:98:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87c253563b9c9d1156690fcf85fec279376cbfdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a1:eb:66:cf:b3:c8:31:f3:5a:5f:ca:58:74:
                    22:ce:4b:89:b4:5f:1a:df:44:ba:91:35:2f:70:75:
                    c7:71:37:2a:df:ad:35:ea:59:ba:12:0e:19:20:a2:
                    59:34:85:63:72:b6:65:da:c3:17:31:4c:71:04:c9:
                    92:f4:44:04:81:1d:8e:26:52:c4:94:51:66:e1:1c:
                    1a:49:03:fb:bb:db:1b:6d:a2:0c:17:3e:0c:01:2b:
                    a0:70:47:9e:8f:3c:ce:55:b1:8f:be:79:b0:95:d2:
                    9d:d8:43:e8:b8:8e:6a:de:6f:e7:70:90:0b:c5:b1:
                    9e:7c:10:4a:f1:6a:74:0f:a3:bd:6a:07:65:48:1b:
                    09:ea:8c:10:f8:5e:85:a8:65:ad:e9:4e:75:0e:d4:
                    29:91:05:3a:88:ef:d7:ee:3d:85:01:79:15:61:fe:
                    e7:cc:f0:e4:8c:af:75:4b:85:04:83:09:f5:dc:c3:
                    32:74:47:39:73:d7:c1:3c:81:57:5e:2e:af:00:b9:
                    a8:0b:0b:db:93:30:03:33:cd:47:a2:54:cf:4a:54:
                    c2:92:5c:e2:5d:a9:82:a1:f4:bf:1a:fa:11:88:7b:
                    fe:75:cd:1e:0e:b9:99:ae:0d:28:c6:07:c3:9f:7b:
                    69:d1:bb:bf:08:0a:50:dd:0c:14:29:e4:33:dd:05:
                    1b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:C2:53:56:3B:9C:9D:11:56:69:0F:CF:85:FE:C2:79:37:6C:BF:DB
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/h8JTVjucnRFWaQ_Phf7CeTdsv9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.133.0/24
                  82.152.138.0/23
                  82.153.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:d0:f5:5f:6a:ee:b8:08:36:82:26:36:e4:9d:6d:a4:9c:a7:
         77:d3:4a:c5:72:70:e0:25:1e:5a:1b:52:87:45:5c:43:4b:91:
         ff:48:3d:22:f2:ca:7e:54:db:c1:7e:5e:2b:95:4b:e0:9f:39:
         1b:22:6f:bc:e6:09:f4:77:4a:8a:20:77:37:32:76:dd:23:f3:
         16:b3:6e:7c:bb:b2:3f:e3:97:9c:14:d5:8c:86:f7:97:07:e2:
         37:9e:a8:77:03:2f:d0:a2:d9:35:45:61:2b:95:67:b5:85:fe:
         db:b1:4d:e4:d0:ff:be:42:17:21:cd:37:f8:b5:6d:54:f3:d6:
         97:8d:b5:db:1c:04:89:f0:96:24:80:c5:3b:03:15:c0:0d:37:
         27:f8:24:a4:55:da:42:e0:17:9c:a0:e4:e0:a1:d2:12:24:4a:
         ae:bd:19:7c:4f:b9:96:07:a2:b6:e9:a5:78:04:23:21:b8:4d:
         27:24:9b:29:5e:55:c5:78:c7:71:73:85:50:25:96:da:5e:92:
         a7:e1:e6:dc:2d:51:4f:8b:f0:50:32:f9:5c:04:93:21:2e:22:
         44:25:4f:02:be:49:e8:2f:89:8e:38:b2:89:8f:5f:e6:5d:11:
         cf:97:ea:4d:08:63:5d:38:fa:10:b1:83:6c:07:29:4d:40:99:
         b3:6e:8f:cc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ8jaRoAUzKHchrgqRf7L5g6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2MyNTM1NjNiOWM5ZDExNTY2OTBmY2Y4NWZlYzI3OTM3NmNiZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6HrZs+zyDHzWl/KWHQizkuJtF8a
30S6kTUvcHXHcTcq36016lm6Eg4ZIKJZNIVjcrZl2sMXMUxxBMmS9EQEgR2OJlLE
lFFm4RwaSQP7u9sbbaIMFz4MASugcEeejzzOVbGPvnmwldKd2EPouI5q3m/ncJAL
xbGefBBK8Wp0D6O9agdlSBsJ6owQ+F6FqGWt6U51DtQpkQU6iO/X7j2FAXkVYf7n
zPDkjK91S4UEgwn13MMydEc5c9fBPIFXXi6vALmoCwvbkzADM81HolTPSlTCklzi
XamCofS/GvoRiHv+dc0eDrmZrg0oxgfDn3tp0bu/CApQ3QwUKeQz3QUbEwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIfCU1Y7nJ0RVmkPz4X+wnk3bL/bMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaDhKVFZqdWNuUkZXYVFfUGhmN0NlVGRzdjlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUpiFAwQB
UpiKAwQBUpkCMA0GCSqGSIb3DQEBCwUAA4IBAQAN0PVfau64CDaCJjbknW2knKd3
00rFcnDgJR5aG1KHRVxDS5H/SD0i8sp+VNvBfl4rlUvgnzkbIm+85gn0d0qKIHc3
MnbdI/MWs258u7I/45ecFNWMhveXB+I3nqh3Ay/Qotk1RWErlWe1hf7bsU3k0P++
QhchzTf4tW1U89aXjbXbHASJ8JYkgMU7AxXADTcn+CSkVdpC4BecoOTgodISJEqu
vRl8T7mWB6K26aV4BCMhuE0nJJspXlXFeMdxc4VQJZbaXpKn4ebcLVFPi/BQMvlc
BJMhLiJEJU8CvknoL4mOOLKJj1/mXRHPl+pNCGNdOPoQsYNsBylNQJmzbo/M
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:29 2026 by rpki-client