Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kHzzWerguMi4H6GZzMjDeWRdgYE.roa
File:                     kHzzWerguMi4H6GZzMjDeWRdgYE.roa (raw, json)
Hash identifier:          KEAK0DwhsZZC+TFtPyKcvMRxPOuD+mThxvCxN+CkumM=
Subject key identifier:   90:7C:F3:59:EA:E0:B8:C8:B8:1F:A1:99:CC:C8:C3:79:64:5D:81:81
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368B242895CC670D4C1D717D24F078B
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kHzzWerguMi4H6GZzMjDeWRdgYE.roa
Signing time:             Thu 02 Jul 2026 15:18:11 +0000
ROA not before:           Thu 02 Jul 2026 15:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20860
IP address blocks:        81.168.83.0/24 maxlen: 24
                          81.168.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:b2:42:89:5c:c6:70:d4:c1:d7:17:d2:4f:07:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=907cf359eae0b8c8b81fa199ccc8c379645d8181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:99:39:21:f4:9b:58:8c:0a:5c:22:d3:15:6b:
                    a3:23:53:b6:80:a0:40:ce:4e:24:29:ab:d2:22:91:
                    c9:24:f0:09:53:a0:34:56:37:01:4b:88:8e:92:96:
                    39:ad:64:b6:38:14:36:f7:09:85:a7:18:cd:bf:1f:
                    9c:dd:3b:f9:ba:5f:4c:99:64:32:b8:73:71:a2:d2:
                    04:2d:89:59:b9:73:b8:dd:e7:74:09:d0:7c:54:fc:
                    af:be:fb:56:53:6c:09:9e:17:f2:84:94:4a:8a:80:
                    c0:21:ac:73:98:87:d2:1e:5e:6f:c2:3b:d0:a9:35:
                    32:9e:53:97:4a:b7:6d:62:9a:36:a6:be:52:d3:c4:
                    c7:d3:c1:87:f8:63:5f:26:8f:95:d8:74:aa:85:7b:
                    8a:53:cd:bf:7b:08:a3:cb:2d:6f:ed:d7:c5:8a:f9:
                    66:3d:62:45:3e:0b:36:ad:8e:8f:a1:0e:96:ed:e8:
                    50:53:5b:05:4e:ae:1f:17:12:da:fd:d8:02:d6:73:
                    87:9e:e7:46:a9:ea:f8:3a:89:7f:e4:03:ee:91:62:
                    da:72:74:b8:de:4b:fe:9d:f6:fe:74:2c:78:1e:f3:
                    09:b0:3d:e1:48:65:e9:8c:d3:cd:0f:89:57:06:c3:
                    eb:c0:48:5e:f6:b5:34:89:ed:d7:84:0b:26:28:b3:
                    f2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:7C:F3:59:EA:E0:B8:C8:B8:1F:A1:99:CC:C8:C3:79:64:5D:81:81
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kHzzWerguMi4H6GZzMjDeWRdgYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.83.0/24
                  81.168.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:0f:86:be:ec:99:84:a7:63:84:80:f4:1e:be:ce:2b:b0:97:
         74:49:d1:e6:68:9e:b6:a5:55:3f:e3:c2:40:b9:11:88:d5:02:
         18:eb:6e:6c:95:b0:f5:29:cb:2d:a9:17:bd:9d:89:80:52:18:
         cf:cc:2c:12:58:46:d9:ab:2c:75:e8:9d:81:84:e9:51:7b:71:
         b5:e2:a4:95:f0:9b:30:f6:04:3c:e8:31:90:ab:a0:05:07:eb:
         44:50:ce:c6:ae:cd:a6:c6:68:85:ca:a1:ae:5d:b7:74:7d:b5:
         bf:51:d7:08:f0:31:1f:b8:b7:43:0b:9f:0e:90:7d:cf:bc:c2:
         a0:b0:b8:92:d4:8f:c0:12:76:0d:9b:15:a4:d9:1c:f0:c2:db:
         5e:b4:10:3f:f6:2f:fc:05:00:b5:27:6c:f9:5d:6a:3d:92:35:
         ed:43:12:b4:35:5b:50:f5:69:41:3a:10:45:c1:20:e5:cc:e9:
         6c:20:7b:0f:88:be:66:eb:9d:b1:57:4c:67:3d:a7:f9:6b:af:
         e6:bb:e5:b2:24:d7:89:f7:44:e5:7f:01:80:c8:8a:ab:c6:d3:
         4e:b2:12:e5:a3:2b:5b:c6:cb:2b:01:ed:71:90:ff:d8:f8:a2:
         61:2b:4c:44:75:7d:4b:dc:fc:e0:66:24:7b:a1:e3:e2:1c:ad:
         2f:46:49:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8jaLJCiVzGcNTB1xfSTweLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDdjZjM1OWVhZTBiOGM4YjgxZmExOTljY2M4YzM3OTY0NWQ4MTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5k5IfSbWIwKXCLTFWujI1O2gKBA
zk4kKavSIpHJJPAJU6A0VjcBS4iOkpY5rWS2OBQ29wmFpxjNvx+c3Tv5ul9MmWQy
uHNxotIELYlZuXO43ed0CdB8VPyvvvtWU2wJnhfyhJRKioDAIaxzmIfSHl5vwjvQ
qTUynlOXSrdtYpo2pr5S08TH08GH+GNfJo+V2HSqhXuKU82/ewijyy1v7dfFivlm
PWJFPgs2rY6PoQ6W7ehQU1sFTq4fFxLa/dgC1nOHnudGqer4Ool/5APukWLacnS4
3kv+nfb+dCx4HvMJsD3hSGXpjNPND4lXBsPrwEhe9rU0ie3XhAsmKLPyBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJB881nq4LjIuB+hmczIw3lkXYGBMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEva0h6eldlcmd1TWk0SDZHWnpNakRlV1JkZ1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUahTAwQA
Uah3MA0GCSqGSIb3DQEBCwUAA4IBAQBDD4a+7JmEp2OEgPQevs4rsJd0SdHmaJ62
pVU/48JAuRGI1QIY625slbD1KcstqRe9nYmAUhjPzCwSWEbZqyx16J2BhOlRe3G1
4qSV8Jsw9gQ86DGQq6AFB+tEUM7Grs2mxmiFyqGuXbd0fbW/UdcI8DEfuLdDC58O
kH3PvMKgsLiS1I/AEnYNmxWk2RzwwttetBA/9i/8BQC1J2z5XWo9kjXtQxK0NVtQ
9WlBOhBFwSDlzOlsIHsPiL5m652xV0xnPaf5a6/mu+WyJNeJ90TlfwGAyIqrxtNO
shLloytbxssrAe1xkP/Y+KJhK0xEdX1L3PzgZiR7oePiHK0vRkkw
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:18 2026 by rpki-client