Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mZI2hP7e3Sk2bLD32nBLP4Eliis.roa
File:                     mZI2hP7e3Sk2bLD32nBLP4Eliis.roa (raw, json)
Hash identifier:          TN+O3xZOG9nMQz+6rf3eik1WnMRD9m0gcYSJrf0rgPw=
Subject key identifier:   99:92:36:84:FE:DE:DD:29:36:6C:B0:F7:DA:70:4B:3F:81:25:8A:2B
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F23690E0971CE956515CB91F6F1FD5A83
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mZI2hP7e3Sk2bLD32nBLP4Eliis.roa
Signing time:             Thu 02 Jul 2026 15:18:35 +0000
ROA not before:           Thu 02 Jul 2026 15:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215186
IP address blocks:        212.38.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:0e:09:71:ce:95:65:15:cb:91:f6:f1:fd:5a:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99923684fededd29366cb0f7da704b3f81258a2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8d:ed:d1:ed:a7:db:35:d0:19:b2:48:cc:cb:
                    ee:a5:ab:fa:ef:01:84:e4:4b:90:d1:af:e7:3d:53:
                    97:03:b3:68:e1:7c:78:8e:53:2d:f9:04:66:10:c1:
                    93:78:c1:58:26:f2:39:ad:cf:9a:cd:83:65:a2:4d:
                    6a:fe:84:cf:3d:4a:a1:0d:65:54:50:c8:0c:11:66:
                    97:33:8a:1d:cd:fd:72:e9:ca:82:6e:22:25:b4:27:
                    a3:5e:4e:1d:32:a2:cf:87:23:1b:41:7c:4d:36:89:
                    21:6e:e4:0b:3b:1f:34:b5:03:16:76:05:23:e4:74:
                    c4:a8:e5:6d:87:00:20:7d:62:0a:23:f0:26:38:14:
                    95:6f:c1:6e:13:b7:87:98:8e:45:a0:a6:7d:73:55:
                    f6:89:6d:3a:cc:57:13:e1:c9:fe:89:85:3a:c8:f0:
                    e7:bf:d9:c7:a1:26:78:2f:53:ca:1c:f7:fd:29:4f:
                    52:e3:87:01:d7:1c:ff:d0:bf:f7:90:2e:7c:89:e0:
                    11:50:1e:c4:99:12:14:99:4a:de:1e:c8:32:a3:36:
                    89:df:9e:96:61:9e:77:6e:dd:1d:0f:1a:69:7a:64:
                    42:c9:77:70:7e:5d:10:3b:d7:c9:4d:e4:74:b3:27:
                    c8:af:31:28:71:b2:c8:cc:03:c7:2e:70:55:b1:51:
                    8a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:92:36:84:FE:DE:DD:29:36:6C:B0:F7:DA:70:4B:3F:81:25:8A:2B
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/mZI2hP7e3Sk2bLD32nBLP4Eliis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.38.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:43:8c:dc:e7:a5:ad:0d:7e:87:d8:ad:be:a8:40:fd:68:ee:
         a4:ed:42:55:0e:f0:9c:57:f6:88:3e:68:60:18:7e:e8:d4:5b:
         2d:86:1c:3a:fb:ee:93:8e:a3:42:c7:b8:f4:f2:e6:37:aa:ba:
         66:29:00:be:0b:dd:92:3b:83:69:bc:61:07:20:8b:ea:b5:e9:
         74:ca:6f:ac:4b:d1:0e:13:68:a6:e6:42:3c:4c:de:ab:86:94:
         7a:ee:a7:cb:44:00:d9:28:ab:f2:a0:95:28:b1:47:46:16:58:
         a8:03:52:c0:01:9f:3d:be:f4:21:60:46:19:0e:26:6c:dc:26:
         e2:e3:e3:eb:ad:eb:18:e2:53:a2:ac:ec:a2:60:38:42:b5:15:
         91:b3:d3:89:1d:12:34:72:4c:fc:ee:71:70:d1:35:40:2a:9e:
         04:33:26:32:27:cf:99:27:0f:db:fc:30:0a:26:ad:33:a9:f5:
         49:17:a6:6b:ee:47:f2:5a:69:75:f4:42:81:87:8c:f5:24:51:
         2b:d0:84:33:c9:a5:aa:38:31:e5:19:5e:9a:9e:96:9a:2d:bd:
         1e:36:a4:bd:30:cb:38:6c:af:6a:40:b6:1f:21:7a:3f:51:e1:
         e2:80:47:bb:a1:41:3a:fb:38:12:2f:10:66:24:f5:10:4e:82:
         a4:02:a9:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaQ4Jcc6VZRXLkfbx/VqDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTkyMzY4NGZlZGVkZDI5MzY2Y2IwZjdkYTcwNGIzZjgxMjU4YTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoY3t0e2n2zXQGbJIzMvupav67wGE
5EuQ0a/nPVOXA7No4Xx4jlMt+QRmEMGTeMFYJvI5rc+azYNlok1q/oTPPUqhDWVU
UMgMEWaXM4odzf1y6cqCbiIltCejXk4dMqLPhyMbQXxNNokhbuQLOx80tQMWdgUj
5HTEqOVthwAgfWIKI/AmOBSVb8FuE7eHmI5FoKZ9c1X2iW06zFcT4cn+iYU6yPDn
v9nHoSZ4L1PKHPf9KU9S44cB1xz/0L/3kC58ieARUB7EmRIUmUreHsgyozaJ356W
YZ53bt0dDxppemRCyXdwfl0QO9fJTeR0syfIrzEocbLIzAPHLnBVsVGKowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmSNoT+3t0pNmyw99pwSz+BJYorMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbVpJMmhQN2UzU2syYkxEMzJuQkxQNEVsaWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CZTMA0G
CSqGSIb3DQEBCwUAA4IBAQBsQ4zc56WtDX6H2K2+qED9aO6k7UJVDvCcV/aIPmhg
GH7o1Fsthhw6++6TjqNCx7j08uY3qrpmKQC+C92SO4NpvGEHIIvqtel0ym+sS9EO
E2im5kI8TN6rhpR67qfLRADZKKvyoJUosUdGFlioA1LAAZ89vvQhYEYZDiZs3Cbi
4+PrresY4lOirOyiYDhCtRWRs9OJHRI0ckz87nFw0TVAKp4EMyYyJ8+ZJw/b/DAK
Jq0zqfVJF6Zr7kfyWml19EKBh4z1JFEr0IQzyaWqODHlGV6anpaaLb0eNqS9MMs4
bK9qQLYfIXo/UeHigEe7oUE6+zgSLxBmJPUQToKkAqlU
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:29 2026 by rpki-client