Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qY9ej3ngvH6nr11LNW8qGLypN28.roa
File:                     qY9ej3ngvH6nr11LNW8qGLypN28.roa (raw, json)
Hash identifier:          n+9tVf2FdSuiC8Hjgvi3AO3Fi+Pd20CyOZjjfVkLJ3Q=
Subject key identifier:   A9:8F:5E:8F:79:E0:BC:7E:A7:AF:5D:4B:35:6F:2A:18:BC:A9:37:6F
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368B21461E6AB6F4CF0CD123607152B
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qY9ej3ngvH6nr11LNW8qGLypN28.roa
Signing time:             Thu 02 Jul 2026 15:18:11 +0000
ROA not before:           Thu 02 Jul 2026 15:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        77.93.136.0/24 maxlen: 24
                          77.93.138.0/23 maxlen: 24
                          77.107.95.0/24 maxlen: 24
                          81.168.58.0/24 maxlen: 24
                          81.168.63.0/24 maxlen: 24
                          81.168.65.0/24 maxlen: 24
                          81.168.87.0/24 maxlen: 24
                          81.168.96.0/24 maxlen: 24
                          81.168.105.0/24 maxlen: 24
                          81.168.125.0/24 maxlen: 24
                          82.152.1.0/24 maxlen: 24
                          82.152.11.0/24 maxlen: 24
                          82.152.102.0/24 maxlen: 24
                          82.152.117.0/24 maxlen: 24
                          82.152.118.0/24 maxlen: 24
                          109.176.91.0/24 maxlen: 24
                          212.38.81.0/24 maxlen: 24
                          213.130.138.0/24 maxlen: 24
                          213.210.11.0/24 maxlen: 24
                          213.210.48.0/23 maxlen: 24
                          217.144.145.0/24 maxlen: 24
                          217.144.156.0/24 maxlen: 24
                          217.145.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:b2:14:61:e6:ab:6f:4c:f0:cd:12:36:07:15:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a98f5e8f79e0bc7ea7af5d4b356f2a18bca9376f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a7:9e:9b:ce:41:0c:1b:4b:51:36:e8:01:a4:
                    38:ce:03:4b:38:66:13:e6:55:67:b4:73:a3:6f:9d:
                    43:d5:25:dc:0f:52:f3:6e:a3:81:1b:b1:69:50:c9:
                    af:88:04:0e:e7:f5:e0:72:37:19:a8:bb:ab:48:b2:
                    c7:c6:c2:b5:76:54:63:f1:79:2c:7c:c5:2e:ee:60:
                    cc:e5:ce:85:4c:d4:48:96:15:07:06:8e:6a:f9:6f:
                    76:dd:d3:87:f6:1d:b2:70:1d:ef:2b:d2:84:b4:54:
                    5e:88:a0:7b:f3:09:d8:0e:db:cc:32:29:65:be:db:
                    62:55:5e:23:16:14:28:d3:9e:ea:64:8b:da:e5:a1:
                    5b:a9:30:68:75:57:bd:b5:21:9a:04:62:12:a5:21:
                    00:83:b4:fd:70:f6:1a:73:10:6e:2f:a0:12:d4:fb:
                    15:cb:74:f0:7a:ca:96:83:7c:74:a2:85:7c:b1:4a:
                    14:7e:0e:c1:55:9c:33:f4:b1:e9:15:89:d4:41:8b:
                    a2:a8:58:a3:f7:59:47:49:3b:66:2b:92:df:a4:ff:
                    da:4d:fa:7f:c1:5d:b5:96:14:58:d6:93:9b:dc:f2:
                    a9:13:bb:40:39:2f:98:49:04:87:cc:af:1e:61:c4:
                    5e:00:67:15:aa:89:ad:68:2e:b7:16:48:c5:2c:58:
                    1e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:8F:5E:8F:79:E0:BC:7E:A7:AF:5D:4B:35:6F:2A:18:BC:A9:37:6F
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qY9ej3ngvH6nr11LNW8qGLypN28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.136.0/24
                  77.93.138.0/23
                  77.107.95.0/24
                  81.168.58.0/24
                  81.168.63.0/24
                  81.168.65.0/24
                  81.168.87.0/24
                  81.168.96.0/24
                  81.168.105.0/24
                  81.168.125.0/24
                  82.152.1.0/24
                  82.152.11.0/24
                  82.152.102.0/24
                  82.152.117.0-82.152.118.255
                  109.176.91.0/24
                  212.38.81.0/24
                  213.130.138.0/24
                  213.210.11.0/24
                  213.210.48.0/23
                  217.144.145.0/24
                  217.144.156.0/24
                  217.145.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:c5:cf:e2:98:8e:bb:52:7f:b7:ad:bf:18:cf:07:3d:22:6b:
         16:f7:fd:eb:96:ad:83:8f:88:88:e9:b1:24:b4:c2:fa:92:8d:
         a0:f0:f7:ea:4f:57:45:f5:1c:43:59:c2:67:27:40:db:29:db:
         1b:3b:b1:e4:9b:22:cf:87:b2:43:09:6d:5f:5c:cb:73:b1:b9:
         0d:a5:78:17:8f:1a:5d:ff:ca:77:5c:5d:b3:f9:7f:1a:1e:46:
         94:74:cb:24:b5:9d:3d:cb:d6:86:ba:13:56:1a:72:f7:1e:54:
         f0:ec:13:30:15:a4:ac:d4:f2:ee:1c:2c:1f:aa:8c:f8:06:43:
         69:04:90:38:33:fd:d4:db:b7:93:9a:24:30:d1:97:3f:cf:b3:
         24:ca:aa:d2:8d:e5:49:b0:2c:dc:d5:bf:44:ed:62:2b:56:c2:
         e3:80:16:df:ad:3c:5e:ab:9f:d4:f7:56:1f:27:f5:ed:5e:1d:
         38:5c:10:5c:25:a0:3b:ec:f2:1d:a6:86:6d:9a:5b:16:dd:20:
         dd:0c:47:b0:23:5d:a9:f0:86:02:33:b7:65:3c:aa:21:ee:03:
         4e:d4:ef:d1:07:0b:da:90:87:4f:a2:e5:a0:80:2b:da:25:4e:
         75:0b:d9:23:3e:91:b0:00:a2:97:46:d3:53:30:2e:1e:d8:a6:
         09:60:1c:75
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAZ8jaLIUYearb0zwzRI2BxUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOThmNWU4Zjc5ZTBiYzdlYTdhZjVkNGIzNTZmMmExOGJjYTkzNzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaeem85BDBtLUTboAaQ4zgNLOGYT
5lVntHOjb51D1SXcD1LzbqOBG7FpUMmviAQO5/XgcjcZqLurSLLHxsK1dlRj8Xks
fMUu7mDM5c6FTNRIlhUHBo5q+W923dOH9h2ycB3vK9KEtFReiKB78wnYDtvMMill
vttiVV4jFhQo057qZIva5aFbqTBodVe9tSGaBGISpSEAg7T9cPYacxBuL6AS1PsV
y3TwesqWg3x0ooV8sUoUfg7BVZwz9LHpFYnUQYuiqFij91lHSTtmK5LfpP/aTfp/
wV21lhRY1pOb3PKpE7tAOS+YSQSHzK8eYcReAGcVqomtaC63FkjFLFgeLQIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFKmPXo954Lx+p69dSzVvKhi8qTdvMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcVk5ZWozbmd2SDZucjExTE5XOHFHTHlwTjI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBkwQCAAEwgYwDBABN
XYgDBAFNXYoDBABNa18DBABRqDoDBABRqD8DBABRqEEDBABRqFcDBABRqGADBABR
qGkDBABRqH0DBABSmAEDBABSmAsDBABSmGYwDAMEAFKYdQMEAFKYdgMEAG2wWwME
ANQmUQMEANWCigMEANXSCwMEAdXSMAMEANmQkQMEANmQnAMEANmRQTANBgkqhkiG
9w0BAQsFAAOCAQEACcXP4piOu1J/t62/GM8HPSJrFvf965atg4+IiOmxJLTC+pKN
oPD36k9XRfUcQ1nCZydA2ynbGzux5Jsiz4eyQwltX1zLc7G5DaV4F48aXf/Kd1xd
s/l/Gh5GlHTLJLWdPcvWhroTVhpy9x5U8OwTMBWkrNTy7hwsH6qM+AZDaQSQODP9
1Nu3k5okMNGXP8+zJMqq0o3lSbAs3NW/RO1iK1bC44AW3608Xquf1PdWHyf17V4d
OFwQXCWgO+zyHaaGbZpbFt0g3QxHsCNdqfCGAjO3ZTyqIe4DTtTv0QcL2pCHT6Ll
oIAr2iVOdQvZIz6RsACil0bTUzAuHtimCWAcdQ==
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:20:28 2026 by rpki-client