Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mVVcOvX3FAu9KV5UP68rCyq9vQM.roa
File:                     mVVcOvX3FAu9KV5UP68rCyq9vQM.roa (raw, json)
Hash identifier:          rVZQ7ddr3o5V+imsymRfhyEkXnWn1RyaXs/UUbZ++00=
Subject key identifier:   99:55:5C:3A:F5:F7:14:0B:BD:29:5E:54:3F:AF:2B:0B:2A:BD:BD:03
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F286487325BF8DDE547808BAE0B14BF8D
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mVVcOvX3FAu9KV5UP68rCyq9vQM.roa
Signing time:             Fri 03 Jul 2026 14:31:44 +0000
ROA not before:           Fri 03 Jul 2026 14:31:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399359
IP address blocks:        82.153.103.0/24 maxlen: 24
                          82.153.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:28:64:87:32:5b:f8:dd:e5:47:80:8b:ae:0b:14:bf:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  3 14:31:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99555c3af5f7140bbd295e543faf2b0b2abdbd03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b2:ce:a9:ce:10:10:45:07:1f:ac:15:d4:e8:
                    4a:4b:b6:c9:02:e7:e7:3a:98:a5:fa:08:2f:62:64:
                    98:a5:a6:f0:75:1d:e1:b4:38:6a:7b:f5:9d:b8:7f:
                    6e:ed:87:77:9e:4e:6f:76:69:f0:09:01:19:4c:aa:
                    b3:a7:82:c6:bb:48:f0:c5:d2:a4:af:53:7e:22:99:
                    67:3f:a8:a4:45:9e:7a:d8:f3:5a:6f:aa:9c:cc:7a:
                    44:50:ea:13:8d:2f:b8:4d:c1:81:7b:b6:d0:a2:a2:
                    5c:f9:b8:05:81:ce:59:73:7a:00:49:cd:33:57:be:
                    55:a6:2f:01:4c:dc:60:39:10:49:30:de:9c:5f:15:
                    44:cd:52:44:81:6e:98:65:c7:2e:8c:d8:74:09:5e:
                    2a:35:8b:d7:e0:15:ee:e2:da:9d:41:77:f2:97:1b:
                    c3:5b:b0:dd:cc:80:a6:48:aa:78:9c:4b:79:96:89:
                    3f:ab:52:00:2a:f3:67:dc:b2:6c:34:a2:5c:5d:e5:
                    0f:da:ef:52:31:c0:ed:17:bf:f6:66:37:82:1a:d2:
                    98:dc:fb:21:76:f7:0f:b1:4d:1d:f6:0b:49:a5:bf:
                    d6:0f:3e:f9:df:a0:d7:75:80:a0:2c:3a:92:5d:28:
                    79:1e:87:16:df:09:58:35:82:20:7f:b7:6b:07:45:
                    c1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:55:5C:3A:F5:F7:14:0B:BD:29:5E:54:3F:AF:2B:0B:2A:BD:BD:03
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mVVcOvX3FAu9KV5UP68rCyq9vQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.103.0-82.153.104.255

    Signature Algorithm: sha256WithRSAEncryption
         59:c3:16:93:aa:03:ce:6e:7f:75:21:2e:82:cc:38:3c:e5:8b:
         c7:22:da:4c:11:fe:fb:a2:b7:3f:03:94:56:40:f0:24:d4:2a:
         98:fa:2a:2d:e1:be:79:cf:f8:52:e2:f3:fe:86:41:27:02:94:
         e9:e4:21:f2:83:76:bd:dc:a8:33:21:58:71:58:f7:13:eb:07:
         41:9d:fb:0d:30:55:02:a4:b8:23:0b:00:e0:4e:e7:d4:2a:38:
         9c:16:00:9f:3d:a1:82:e6:d2:44:50:f5:84:ea:ff:b9:ef:82:
         f6:bd:17:bd:46:23:2a:8d:c2:13:9c:2f:af:3a:09:82:2f:f4:
         c7:c5:a5:c5:ca:d5:58:5b:01:61:a5:32:c0:a4:c9:a9:da:d3:
         0a:f7:f5:9a:51:18:7e:9f:4c:d5:3c:7d:ab:c3:8e:fc:b9:48:
         1e:09:a3:f1:aa:90:7e:da:91:60:2b:42:1b:30:a6:fd:e8:51:
         b2:17:e3:a6:63:2c:43:d1:53:d6:52:84:29:c1:5f:06:6b:4b:
         63:e1:7b:fa:ea:35:66:aa:c5:54:db:02:a2:0e:c7:97:bf:a3:
         a8:9c:68:c9:48:dc:69:20:2f:3b:de:61:4c:85:56:4d:42:2b:
         21:f0:77:5c:d1:8b:2e:7e:90:3f:4f:86:e7:b8:85:59:4d:ed:
         a6:aa:2d:d1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ8oZIcyW/jd5UeAi64LFL+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAzMTQzMTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTU1NWMzYWY1ZjcxNDBiYmQyOTVlNTQzZmFmMmIwYjJhYmRiZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrLOqc4QEEUHH6wV1OhKS7bJAufn
Opil+ggvYmSYpabwdR3htDhqe/WduH9u7Yd3nk5vdmnwCQEZTKqzp4LGu0jwxdKk
r1N+IplnP6ikRZ562PNab6qczHpEUOoTjS+4TcGBe7bQoqJc+bgFgc5Zc3oASc0z
V75Vpi8BTNxgORBJMN6cXxVEzVJEgW6YZccujNh0CV4qNYvX4BXu4tqdQXfylxvD
W7DdzICmSKp4nEt5lok/q1IAKvNn3LJsNKJcXeUP2u9SMcDtF7/2ZjeCGtKY3Psh
dvcPsU0d9gtJpb/WDz7536DXdYCgLDqSXSh5HocW3wlYNYIgf7drB0XB5wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJlVXDr19xQLvSleVD+vKwsqvb0DMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbVZWY092WDNGQXU5S1Y1VVA2OHJDeXE5dlFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABSmWcD
BABSmWgwDQYJKoZIhvcNAQELBQADggEBAFnDFpOqA85uf3UhLoLMODzli8ci2kwR
/vuitz8DlFZA8CTUKpj6Ki3hvnnP+FLi8/6GQScClOnkIfKDdr3cqDMhWHFY9xPr
B0Gd+w0wVQKkuCMLAOBO59QqOJwWAJ89oYLm0kRQ9YTq/7nvgva9F71GIyqNwhOc
L686CYIv9MfFpcXK1VhbAWGlMsCkyana0wr39ZpRGH6fTNU8favDjvy5SB4Jo/Gq
kH7akWArQhswpv3oUbIX46ZjLEPRU9ZShCnBXwZrS2Phe/rqNWaqxVTbAqIOx5e/
o6icaMlI3GkgLzveYUyFVk1CKyHwd1zRiy5+kD9Phue4hVlN7aaqLdE=
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:20:48 2026 by rpki-client