Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rF8QxYhBnAeMKzgxqQ63skzJKi0.roa
File:                     rF8QxYhBnAeMKzgxqQ63skzJKi0.roa (raw, json)
Hash identifier:          rmUTBt+17LjE5B71aLTUsgzqZmO/fcN958kb6G4wR28=
Subject key identifier:   AC:5F:10:C5:88:41:9C:07:8C:2B:38:31:A9:0E:B7:B2:4C:C9:2A:2D
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368C3036F335699F8C2B69ED05B6BC7
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rF8QxYhBnAeMKzgxqQ63skzJKi0.roa
Signing time:             Thu 02 Jul 2026 15:18:15 +0000
ROA not before:           Thu 02 Jul 2026 15:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58643
IP address blocks:        89.28.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:c3:03:6f:33:56:99:f8:c2:b6:9e:d0:5b:6b:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac5f10c588419c078c2b3831a90eb7b24cc92a2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4c:18:aa:26:dd:2a:61:61:84:8b:aa:75:02:
                    3c:a6:9a:21:3b:48:e3:c1:af:7e:de:9c:97:19:07:
                    0f:c6:af:82:8f:06:32:43:6a:e9:5b:fc:ab:d6:10:
                    da:ca:ee:0d:75:05:54:81:31:54:07:fe:25:85:4c:
                    87:44:ff:b6:fc:41:ca:ca:10:af:e2:13:54:9e:f1:
                    70:e6:91:d9:38:f1:64:fd:d2:b3:97:d5:43:28:e0:
                    ed:4c:fa:b6:86:52:fa:76:42:7e:f3:ab:38:f6:13:
                    fb:42:2f:7c:e3:29:be:9f:73:b1:0c:e4:05:ad:a2:
                    b5:3f:9f:f1:ae:9a:67:d3:14:9e:e7:1e:1d:30:1e:
                    1b:e4:a7:a7:93:eb:fe:ee:de:2c:7b:72:10:f6:13:
                    84:d3:b1:99:80:ab:93:6b:12:9f:66:ce:57:ac:5a:
                    84:7a:e4:d7:b0:35:6e:da:4f:81:52:c7:dc:ce:69:
                    06:61:5c:5e:98:47:22:fc:6c:4f:ac:5c:f2:33:1a:
                    d5:2d:f2:76:dc:17:6f:11:28:2a:df:30:d3:43:3b:
                    fa:7f:b6:c1:54:2c:42:00:f6:f6:41:b8:15:ae:28:
                    06:8b:d0:8b:80:ca:79:0d:7e:f5:92:f1:ad:d1:b1:
                    cb:a1:84:f3:20:48:51:0f:d6:cb:5c:cb:6f:72:04:
                    5d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:5F:10:C5:88:41:9C:07:8C:2B:38:31:A9:0E:B7:B2:4C:C9:2A:2D
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/rF8QxYhBnAeMKzgxqQ63skzJKi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:c0:f7:e7:d2:1d:08:13:e5:d5:c1:0d:17:01:7b:9a:05:b5:
         b0:c0:04:a4:4d:31:27:bb:50:df:6d:bc:1e:bc:61:59:10:5f:
         f7:93:b4:72:98:1d:d6:71:a0:c1:9e:51:1f:84:60:53:b0:52:
         f0:98:52:a5:2d:cd:81:c2:58:2a:6b:88:bc:d2:ca:80:5d:67:
         b7:20:31:0e:b2:67:01:e7:19:52:a6:4d:de:11:65:be:a2:4d:
         7c:f7:17:40:0d:31:93:bc:d4:22:18:8d:69:d3:78:f8:77:c0:
         35:b7:25:d8:90:87:d6:d3:81:85:5a:ee:87:dd:5d:34:df:d6:
         e5:1a:0e:6b:73:0d:73:86:7c:06:27:93:ae:f0:28:c4:a0:0e:
         8f:78:c4:77:65:bb:ba:fe:63:94:ba:04:88:d3:5a:dd:17:6d:
         f5:be:45:aa:b7:b6:b2:6c:14:ee:ee:2c:cc:96:7d:61:44:d7:
         b2:03:ee:30:06:8a:09:ec:1d:d9:0c:1b:c5:bb:4e:20:ee:c5:
         7d:87:61:2e:c1:de:2a:be:7b:de:69:7e:f6:0f:c1:71:b0:d4:
         27:10:34:38:a2:41:f6:6e:5f:d7:6e:bf:53:24:1a:53:aa:5a:
         61:31:1b:9c:d0:12:0b:46:3f:f1:8c:4f:87:bf:37:3c:b8:e8:
         3a:4f:fa:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaMMDbzNWmfjCtp7QW2vHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzVmMTBjNTg4NDE5YzA3OGMyYjM4MzFhOTBlYjdiMjRjYzkyYTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UwYqibdKmFhhIuqdQI8ppohO0jj
wa9+3pyXGQcPxq+CjwYyQ2rpW/yr1hDayu4NdQVUgTFUB/4lhUyHRP+2/EHKyhCv
4hNUnvFw5pHZOPFk/dKzl9VDKODtTPq2hlL6dkJ+86s49hP7Qi984ym+n3OxDOQF
raK1P5/xrppn0xSe5x4dMB4b5Kenk+v+7t4se3IQ9hOE07GZgKuTaxKfZs5XrFqE
euTXsDVu2k+BUsfczmkGYVxemEci/GxPrFzyMxrVLfJ23BdvESgq3zDTQzv6f7bB
VCxCAPb2QbgVrigGi9CLgMp5DX71kvGt0bHLoYTzIEhRD9bLXMtvcgRd0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxfEMWIQZwHjCs4MakOt7JMySotMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvckY4UXhZaEJuQWVNS3pneHFRNjNza3pKS2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzrMA0G
CSqGSIb3DQEBCwUAA4IBAQAtwPfn0h0IE+XVwQ0XAXuaBbWwwASkTTEnu1Dfbbwe
vGFZEF/3k7RymB3WcaDBnlEfhGBTsFLwmFKlLc2Bwlgqa4i80sqAXWe3IDEOsmcB
5xlSpk3eEWW+ok189xdADTGTvNQiGI1p03j4d8A1tyXYkIfW04GFWu6H3V0039bl
Gg5rcw1zhnwGJ5Ou8CjEoA6PeMR3Zbu6/mOUugSI01rdF231vkWqt7aybBTu7izM
ln1hRNeyA+4wBooJ7B3ZDBvFu04g7sV9h2Euwd4qvnveaX72D8FxsNQnEDQ4okH2
bl/Xbr9TJBpTqlphMRuc0BILRj/xjE+Hvzc8uOg6T/rq
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:22:55 2026 by rpki-client