Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qePrj_oQ8C6i_g_kWIgOiqTADlY.roa
File:                     qePrj_oQ8C6i_g_kWIgOiqTADlY.roa (raw, json)
Hash identifier:          EtOa2EGGbRMsCvC9DxdzaBQb66vxLvQQsoNfsOhlAqM=
Subject key identifier:   A9:E3:EB:8F:FA:10:F0:2E:A2:FE:0F:E4:58:88:0E:8A:A4:C0:0E:56
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368A7630ADFD6064312252D6ABE058F
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qePrj_oQ8C6i_g_kWIgOiqTADlY.roa
Signing time:             Thu 02 Jul 2026 15:18:08 +0000
ROA not before:           Thu 02 Jul 2026 15:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        37.252.30.0/24 maxlen: 24
                          77.107.81.0/24 maxlen: 24
                          77.107.94.0/24 maxlen: 24
                          77.107.103.0/24 maxlen: 24
                          77.107.104.0/24 maxlen: 24
                          77.107.113.0/24 maxlen: 24
                          77.107.115.0/24 maxlen: 24
                          77.107.126.0/24 maxlen: 24
                          81.168.127.0/24 maxlen: 24
                          82.152.15.0/24 maxlen: 24
                          82.152.19.0/24 maxlen: 24
                          82.152.82.0/24 maxlen: 24
                          82.152.103.0/24 maxlen: 24
                          82.152.134.0/24 maxlen: 24
                          82.152.242.0/24 maxlen: 24
                          82.153.146.0/24 maxlen: 24
                          82.153.158.0/24 maxlen: 24
                          89.213.103.0/24 maxlen: 24
                          109.176.72.0/24 maxlen: 24
                          109.176.77.0/24 maxlen: 24
                          109.176.129.0/24 maxlen: 24
                          109.176.168.0/24 maxlen: 24
                          109.176.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:a7:63:0a:df:d6:06:43:12:25:2d:6a:be:05:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9e3eb8ffa10f02ea2fe0fe458880e8aa4c00e56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e7:45:7d:85:a6:2f:64:e3:94:05:00:10:50:
                    41:17:7f:13:4d:4a:e6:03:e0:17:c3:e4:a7:23:7d:
                    b4:99:dd:bf:db:e9:ea:1b:f8:2f:f9:ab:89:41:ca:
                    3a:50:45:41:b2:81:a2:03:2d:68:ab:ec:31:a4:43:
                    9a:c9:83:9e:2e:b2:a5:1c:f7:6b:87:36:5c:34:4d:
                    c1:2a:a0:2b:0b:b1:48:b6:88:c0:c3:46:df:01:b0:
                    ba:78:60:e3:09:14:ce:97:f1:bc:9f:60:3f:e4:c7:
                    6f:bd:69:44:01:00:b1:1d:2b:c7:3f:0a:d5:7a:a9:
                    b8:63:7b:ce:76:b7:d0:5a:0d:ac:f0:7a:22:2a:05:
                    3a:a6:da:43:f9:10:c9:d9:c6:55:13:28:e2:7c:47:
                    52:0f:14:c6:7c:b4:3c:61:f5:6f:a0:8c:4b:89:31:
                    c6:b2:82:8f:1f:2f:b5:d9:36:20:8c:51:63:7d:df:
                    a1:79:4c:8e:ff:64:de:95:62:30:25:8f:4c:de:df:
                    64:46:ce:90:e8:a3:b0:bd:cd:2e:34:8a:b3:11:06:
                    83:43:21:a0:17:42:83:31:31:6f:78:0a:80:a1:6d:
                    80:bc:93:c9:db:6b:79:a4:e3:59:7b:c9:e2:dc:7d:
                    95:83:a3:1c:1c:3d:2a:6e:0e:55:6c:12:3b:c3:71:
                    53:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:E3:EB:8F:FA:10:F0:2E:A2:FE:0F:E4:58:88:0E:8A:A4:C0:0E:56
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qePrj_oQ8C6i_g_kWIgOiqTADlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.30.0/24
                  77.107.81.0/24
                  77.107.94.0/24
                  77.107.103.0-77.107.104.255
                  77.107.113.0/24
                  77.107.115.0/24
                  77.107.126.0/24
                  81.168.127.0/24
                  82.152.15.0/24
                  82.152.19.0/24
                  82.152.82.0/24
                  82.152.103.0/24
                  82.152.134.0/24
                  82.152.242.0/24
                  82.153.146.0/24
                  82.153.158.0/24
                  89.213.103.0/24
                  109.176.72.0/24
                  109.176.77.0/24
                  109.176.129.0/24
                  109.176.168.0/24
                  109.176.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:57:0a:2b:72:e1:75:e5:d5:00:56:3b:a0:80:70:7b:e0:12:
         c6:a4:cf:0a:a1:5d:41:14:89:42:1b:88:a6:48:2a:eb:17:d0:
         b2:bc:60:16:fd:1a:74:02:cc:ca:9e:9e:ad:34:64:76:41:d1:
         3f:65:0d:8a:5d:6a:e3:6a:d5:b6:f7:32:a5:3b:39:34:a5:0f:
         64:64:c1:23:b6:ee:1a:44:5d:c6:d9:77:71:6e:76:22:e3:c8:
         ee:e6:b7:96:14:94:b1:41:1d:41:56:91:cf:a0:b7:1c:05:40:
         c0:44:81:a3:ff:f9:da:96:50:77:33:d8:a8:07:13:75:3c:12:
         76:54:91:ff:35:1c:2a:3d:d9:13:05:b7:00:e8:93:03:75:45:
         4b:cc:43:68:d6:7a:c1:7a:b6:de:96:c3:07:f1:7d:43:e4:9b:
         0a:68:a7:70:ee:15:cf:73:83:27:e9:8d:b9:41:ce:1e:c2:f2:
         08:bf:07:cc:54:a5:65:ac:4b:df:4a:47:dc:0f:06:89:25:dc:
         8a:c6:89:14:23:bf:8e:5d:eb:77:bf:a7:a3:ce:f1:7c:9e:e8:
         26:96:92:20:eb:d7:82:41:d4:fc:1f:a7:ca:d8:dc:e8:7e:fa:
         02:f9:da:01:49:b2:44:ce:8f:cc:94:07:20:19:5d:21:d2:44:
         49:9e:b6:3d
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAZ8jaKdjCt/WBkMSJS1qvgWPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWUzZWI4ZmZhMTBmMDJlYTJmZTBmZTQ1ODg4MGU4YWE0YzAwZTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApedFfYWmL2TjlAUAEFBBF38TTUrm
A+AXw+SnI320md2/2+nqG/gv+auJQco6UEVBsoGiAy1oq+wxpEOayYOeLrKlHPdr
hzZcNE3BKqArC7FItojAw0bfAbC6eGDjCRTOl/G8n2A/5MdvvWlEAQCxHSvHPwrV
eqm4Y3vOdrfQWg2s8HoiKgU6ptpD+RDJ2cZVEyjifEdSDxTGfLQ8YfVvoIxLiTHG
soKPHy+12TYgjFFjfd+heUyO/2TelWIwJY9M3t9kRs6Q6KOwvc0uNIqzEQaDQyGg
F0KDMTFveAqAoW2AvJPJ22t5pONZe8ni3H2Vg6McHD0qbg5VbBI7w3FTAwIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFKnj64/6EPAuov4P5FiIDoqkwA5WMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcWVQcmpfb1E4QzZpX2dfa1dJZ09pcVRBRGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBkwQCAAEwgYwDBAAl
/B4DBABNa1EDBABNa14wDAMEAE1rZwMEAE1raAMEAE1rcQMEAE1rcwMEAE1rfgME
AFGofwMEAFKYDwMEAFKYEwMEAFKYUgMEAFKYZwMEAFKYhgMEAFKY8gMEAFKZkgME
AFKZngMEAFnVZwMEAG2wSAMEAG2wTQMEAG2wgQMEAG2wqAMEAG2wqzANBgkqhkiG
9w0BAQsFAAOCAQEAU1cKK3LhdeXVAFY7oIBwe+ASxqTPCqFdQRSJQhuIpkgq6xfQ
srxgFv0adALMyp6erTRkdkHRP2UNil1q42rVtvcypTs5NKUPZGTBI7buGkRdxtl3
cW52IuPI7ua3lhSUsUEdQVaRz6C3HAVAwESBo//52pZQdzPYqAcTdTwSdlSR/zUc
Kj3ZEwW3AOiTA3VFS8xDaNZ6wXq23pbDB/F9Q+SbCmincO4Vz3ODJ+mNuUHOHsLy
CL8HzFSlZaxL30pH3A8GiSXcisaJFCO/jl3rd7+no87xfJ7oJpaSIOvXgkHU/B+n
ytjc6H76AvnaAUmyRM6PzJQHIBldIdJESZ62PQ==
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:16:51 2026 by rpki-client