Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pDhkRvFZTqvseXf1DUtlVv7VDz8.roa
File:                     pDhkRvFZTqvseXf1DUtlVv7VDz8.roa (raw, json)
Hash identifier:          9h1DSHx8TfUnaHqtuY3KHCKnhKxQoNtCNNJ6rOXh7EM=
Subject key identifier:   A4:38:64:46:F1:59:4E:AB:EC:79:77:F5:0D:4B:65:56:FE:D5:0F:3F
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368F9FC79CE10CFCA090FE5636CDE99
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pDhkRvFZTqvseXf1DUtlVv7VDz8.roa
Signing time:             Thu 02 Jul 2026 15:18:30 +0000
ROA not before:           Thu 02 Jul 2026 15:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212669
IP address blocks:        109.176.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:f9:fc:79:ce:10:cf:ca:09:0f:e5:63:6c:de:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4386446f1594eabec7977f50d4b6556fed50f3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:34:b8:13:fc:b7:6e:2e:64:18:11:20:ca:af:
                    56:ee:e0:1a:8d:b2:0a:a1:de:e1:32:c3:42:b2:63:
                    de:9b:a9:40:d3:c9:42:a9:bb:1a:5c:be:bd:b4:36:
                    51:9d:bd:29:bf:b9:58:b4:22:67:a8:a2:ec:5b:6c:
                    55:35:7c:32:1c:16:4d:0f:10:29:0b:bb:13:23:ab:
                    08:d9:2c:57:3e:13:d4:ee:de:86:e2:44:3d:4d:94:
                    e3:fc:25:dc:a2:6d:29:ca:46:07:a3:6a:25:01:b3:
                    7d:d5:15:4f:a4:b5:b0:48:39:f2:77:1d:b5:13:b3:
                    5a:c0:b5:44:07:51:4d:97:34:50:fc:44:7d:a3:51:
                    83:37:c7:79:04:10:13:7a:9a:f2:e2:82:74:d3:3d:
                    6f:36:bd:b7:18:e8:c2:37:90:c2:28:18:16:ce:57:
                    b6:d5:41:12:f4:1e:a6:20:0a:00:9f:1e:5b:9b:33:
                    04:71:7a:6c:a2:a8:93:bc:30:0a:a7:2a:bd:3a:95:
                    67:a9:3d:7a:61:be:53:35:03:79:b9:d7:7e:20:9e:
                    7c:09:23:4e:dc:72:6e:b1:f6:b0:e4:9a:30:48:f5:
                    f9:e1:08:c0:c0:bc:55:01:67:56:bf:21:0a:48:82:
                    f7:3f:8c:21:3a:bd:e0:09:60:e3:6b:8f:de:4f:23:
                    d1:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:38:64:46:F1:59:4E:AB:EC:79:77:F5:0D:4B:65:56:FE:D5:0F:3F
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pDhkRvFZTqvseXf1DUtlVv7VDz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:00:fa:fe:48:83:31:21:11:f6:d4:aa:f5:b2:56:28:95:c1:
         66:0d:46:bc:d7:b5:33:aa:5e:14:37:b8:c7:04:bd:f4:48:d1:
         b9:59:3f:0a:74:1f:62:41:bf:4d:22:65:16:09:8d:59:57:d7:
         ff:0d:d1:bd:f4:e4:74:d8:d0:f8:fe:86:0a:18:2e:eb:fd:43:
         e6:38:04:f3:6e:5e:f3:4a:ba:aa:e9:94:4d:cd:f2:ce:b6:fa:
         07:1f:15:3c:2f:5d:1b:c0:c9:6e:f2:26:df:3b:d7:d4:90:56:
         25:69:35:14:2b:c2:84:7b:1e:c8:86:e2:ff:05:e4:a6:66:76:
         4d:16:b3:7f:57:e0:23:16:92:64:99:32:a6:c1:88:59:fe:fb:
         53:2c:6e:9a:8c:d5:44:00:2e:ad:5a:79:43:27:97:54:b3:29:
         ff:8f:d1:35:78:82:84:f0:25:27:54:2c:85:9f:5d:5b:e7:76:
         8a:36:bd:44:f0:d2:29:4c:60:a8:49:dc:2b:a1:3b:8e:dc:a8:
         b4:6c:b8:d7:a4:06:e0:19:69:ae:f5:c7:95:69:00:1e:54:6f:
         3d:38:ce:5c:e4:86:d5:cc:45:24:49:85:1a:49:c0:75:e9:bb:
         5e:02:ed:57:98:e8:7f:ef:76:3c:91:71:98:a1:b8:1d:9e:11:
         ba:fa:46:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaPn8ec4Qz8oJD+VjbN6ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDM4NjQ0NmYxNTk0ZWFiZWM3OTc3ZjUwZDRiNjU1NmZlZDUwZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTS4E/y3bi5kGBEgyq9W7uAajbIK
od7hMsNCsmPem6lA08lCqbsaXL69tDZRnb0pv7lYtCJnqKLsW2xVNXwyHBZNDxAp
C7sTI6sI2SxXPhPU7t6G4kQ9TZTj/CXcom0pykYHo2olAbN91RVPpLWwSDnydx21
E7NawLVEB1FNlzRQ/ER9o1GDN8d5BBATepry4oJ00z1vNr23GOjCN5DCKBgWzle2
1UES9B6mIAoAnx5bmzMEcXpsoqiTvDAKpyq9OpVnqT16Yb5TNQN5udd+IJ58CSNO
3HJusfaw5JowSPX54QjAwLxVAWdWvyEKSIL3P4whOr3gCWDja4/eTyPR9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQ4ZEbxWU6r7Hl39Q1LZVb+1Q8/MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcERoa1J2RlpUcXZzZVhmMURVdGxWdjdWRHo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbAaMA0G
CSqGSIb3DQEBCwUAA4IBAQASAPr+SIMxIRH21Kr1slYolcFmDUa817Uzql4UN7jH
BL30SNG5WT8KdB9iQb9NImUWCY1ZV9f/DdG99OR02ND4/oYKGC7r/UPmOATzbl7z
Srqq6ZRNzfLOtvoHHxU8L10bwMlu8ibfO9fUkFYlaTUUK8KEex7IhuL/BeSmZnZN
FrN/V+AjFpJkmTKmwYhZ/vtTLG6ajNVEAC6tWnlDJ5dUsyn/j9E1eIKE8CUnVCyF
n11b53aKNr1E8NIpTGCoSdwroTuO3Ki0bLjXpAbgGWmu9ceVaQAeVG89OM5c5IbV
zEUkSYUaScB16bteAu1XmOh/73Y8kXGYobgdnhG6+kYR
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:58 2026 by rpki-client