Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/r8J2Cn2_pkzl2ZbwRFcE1kvPer4.roa
File:                     r8J2Cn2_pkzl2ZbwRFcE1kvPer4.roa (raw, json)
Hash identifier:          JBoxZj7FYWWVkxiCvZWV0bY+uZR7yDQVuxhNz6kqVew=
Subject key identifier:   AF:C2:76:0A:7D:BF:A6:4C:E5:D9:96:F0:44:57:04:D6:4B:CF:7A:BE
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368BF06345B47B21FF9033654343FB7
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/r8J2Cn2_pkzl2ZbwRFcE1kvPer4.roa
Signing time:             Thu 02 Jul 2026 15:18:14 +0000
ROA not before:           Thu 02 Jul 2026 15:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49981
IP address blocks:        213.210.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:bf:06:34:5b:47:b2:1f:f9:03:36:54:34:3f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=afc2760a7dbfa64ce5d996f0445704d64bcf7abe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2e:ee:27:3d:bb:75:85:f1:4c:41:b5:8c:8e:
                    5d:7e:0f:6a:de:b0:d6:6d:af:9e:8f:e6:42:92:8d:
                    57:07:f7:95:9f:2c:8c:29:a6:54:65:9e:4d:d1:99:
                    4d:54:4a:b1:99:a4:86:4d:9e:33:92:6b:10:e7:3e:
                    a0:87:e1:be:0a:52:6a:ad:db:3b:fb:4e:89:a8:ab:
                    b7:63:ce:a1:85:ea:eb:26:05:bf:07:06:19:70:6e:
                    3c:d7:b0:70:04:f2:d7:27:34:4f:c4:03:d7:9a:f8:
                    48:07:ff:ca:17:ec:59:b5:5a:fd:8b:26:51:bb:a5:
                    bf:16:8c:58:23:eb:59:39:c5:e9:7c:64:bc:09:f5:
                    4e:34:91:5a:49:aa:02:1c:1d:0f:87:a9:8c:df:9e:
                    1b:5a:a6:32:bf:34:71:3e:85:e9:01:e4:f6:b1:19:
                    b0:65:74:db:67:7a:87:11:a5:8e:d3:1c:5c:64:41:
                    ac:19:cc:9a:a1:f3:65:8d:7b:dd:c7:4d:2e:96:a9:
                    b0:fc:c0:4f:a8:a0:7a:e1:a9:c4:c3:ba:cd:ca:ff:
                    f4:a4:27:fc:2e:49:87:f1:54:78:99:32:fa:9a:38:
                    f6:52:c2:bd:da:9d:85:ab:db:bc:5c:f3:3a:c8:07:
                    c7:b1:73:6e:87:aa:66:1a:7d:35:f6:5e:80:d8:f7:
                    5d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:C2:76:0A:7D:BF:A6:4C:E5:D9:96:F0:44:57:04:D6:4B:CF:7A:BE
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/r8J2Cn2_pkzl2ZbwRFcE1kvPer4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:72:f5:39:fe:49:fd:8c:33:55:48:d3:a2:78:f9:94:80:c3:
         c5:80:c3:4d:39:93:94:62:5f:81:d6:01:bd:5c:d5:d5:a0:4e:
         04:3f:2a:5e:f2:7e:f2:c0:d9:2e:2d:40:98:4b:f9:5a:99:84:
         64:a1:25:55:13:24:ae:d4:fa:09:2c:16:08:0f:72:60:7d:78:
         da:75:a9:19:da:06:5d:15:46:c0:0d:4e:72:dc:82:a4:29:5b:
         33:35:ce:5f:f4:b0:d0:d4:a8:03:6a:c0:d3:43:f2:43:ec:84:
         25:21:d2:06:21:37:f6:08:12:b6:8c:7d:87:61:4d:e0:ba:3a:
         31:17:69:a9:b2:41:6a:0c:e3:03:db:f1:c0:c6:9e:f3:c6:55:
         ac:e5:78:a4:f9:a4:fe:89:55:86:ac:3f:b7:d6:ea:80:ec:9b:
         e4:e4:a1:61:78:1d:25:23:0b:71:d5:a5:07:7e:c5:83:c8:e0:
         43:6b:2a:99:ea:fb:54:3d:c2:36:a5:dd:57:2b:79:8e:78:18:
         56:3a:38:03:c2:0e:4e:d7:24:9e:f6:48:9e:4a:b1:1a:9a:02:
         86:81:d4:43:ba:24:4f:2b:d9:4b:e6:00:c4:8e:08:e2:1b:27:
         79:99:7d:48:64:3b:a3:8f:11:26:60:4a:e0:d2:e5:70:98:71:
         43:d1:06:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaL8GNFtHsh/5AzZUND+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmMyNzYwYTdkYmZhNjRjZTVkOTk2ZjA0NDU3MDRkNjRiY2Y3YWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAri7uJz27dYXxTEG1jI5dfg9q3rDW
ba+ej+ZCko1XB/eVnyyMKaZUZZ5N0ZlNVEqxmaSGTZ4zkmsQ5z6gh+G+ClJqrds7
+06JqKu3Y86hherrJgW/BwYZcG4817BwBPLXJzRPxAPXmvhIB//KF+xZtVr9iyZR
u6W/FoxYI+tZOcXpfGS8CfVONJFaSaoCHB0Ph6mM354bWqYyvzRxPoXpAeT2sRmw
ZXTbZ3qHEaWO0xxcZEGsGcyaofNljXvdx00ulqmw/MBPqKB64anEw7rNyv/0pCf8
LkmH8VR4mTL6mjj2UsK92p2Fq9u8XPM6yAfHsXNuh6pmGn019l6A2PddXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/Cdgp9v6ZM5dmW8ERXBNZLz3q+MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcjhKMkNuMl9wa3psMlpid1JGY0Uxa3ZQZXI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dIcMA0G
CSqGSIb3DQEBCwUAA4IBAQAYcvU5/kn9jDNVSNOiePmUgMPFgMNNOZOUYl+B1gG9
XNXVoE4EPype8n7ywNkuLUCYS/lamYRkoSVVEySu1PoJLBYID3JgfXjadakZ2gZd
FUbADU5y3IKkKVszNc5f9LDQ1KgDasDTQ/JD7IQlIdIGITf2CBK2jH2HYU3gujox
F2mpskFqDOMD2/HAxp7zxlWs5Xik+aT+iVWGrD+31uqA7Jvk5KFheB0lIwtx1aUH
fsWDyOBDayqZ6vtUPcI2pd1XK3mOeBhWOjgDwg5O1ySe9kieSrEamgKGgdRDuiRP
K9lL5gDEjgjiGyd5mX1IZDujjxEmYErg0uVwmHFD0Qbs
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:18:32 2026 by rpki-client