Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/urBRpjKpdiiNtu0GQrfx0kX6TVs.roa
File:                     urBRpjKpdiiNtu0GQrfx0kX6TVs.roa (raw, json)
Hash identifier:          gl8L8I9Txd7J6G9cow7+Xi4RAbJcQPVPYn3I1IF/YcA=
Subject key identifier:   BA:B0:51:A6:32:A9:76:28:8D:B6:ED:06:42:B7:F1:D2:45:FA:4D:5B
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368BD3E9199A7ADED8F7B5FF6A8AD7C
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/urBRpjKpdiiNtu0GQrfx0kX6TVs.roa
Signing time:             Thu 02 Jul 2026 15:18:14 +0000
ROA not before:           Thu 02 Jul 2026 15:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47869
IP address blocks:        89.213.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:bd:3e:91:99:a7:ad:ed:8f:7b:5f:f6:a8:ad:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bab051a632a976288db6ed0642b7f1d245fa4d5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f1:dd:d9:bd:2c:f3:d1:e9:f9:fc:9c:b4:44:
                    98:cb:d9:91:dc:a0:21:ae:91:c8:fa:c3:03:f2:a0:
                    ad:b4:88:7f:fe:7c:22:4a:99:46:03:96:85:5d:42:
                    c0:12:1e:13:08:af:7e:45:57:1c:a7:af:55:98:ad:
                    82:68:ea:dc:d6:07:1c:df:72:f1:18:c7:c1:79:97:
                    4b:ca:3c:d1:71:cc:a1:e7:6e:00:b2:00:9c:fd:ca:
                    75:d9:e4:99:84:65:41:7f:56:20:8f:ab:a6:44:a5:
                    09:1d:bd:ca:4d:fd:03:69:7b:8d:91:67:97:1f:89:
                    ed:d7:06:43:a5:a1:f9:2b:db:66:25:9d:54:1f:3b:
                    68:f2:43:d1:66:cc:df:8f:9f:c6:6e:67:7d:1d:d7:
                    6b:45:d7:e1:9e:08:4d:c8:85:59:db:37:28:37:b2:
                    74:8c:7b:68:9a:80:c8:3a:b6:34:6d:9c:62:5c:85:
                    80:49:17:c9:0d:e1:cf:b5:e5:52:d8:db:63:b6:cb:
                    2f:a1:70:83:51:02:ef:96:97:0a:d8:48:90:59:f1:
                    b0:89:0c:16:a2:b5:19:fa:56:c7:15:f7:0d:66:db:
                    52:90:ad:06:41:ff:13:55:86:76:2b:24:3f:cd:46:
                    63:3a:91:da:e7:f8:79:6d:54:ff:c9:45:70:a3:9c:
                    97:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:B0:51:A6:32:A9:76:28:8D:B6:ED:06:42:B7:F1:D2:45:FA:4D:5B
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/urBRpjKpdiiNtu0GQrfx0kX6TVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:7f:52:96:8e:11:28:26:91:02:89:31:df:1d:37:6d:1e:64:
         3e:b1:fe:65:16:81:d9:30:c4:9c:e2:b1:74:89:cb:eb:18:d0:
         1e:7e:6b:97:ee:ea:62:2d:fb:71:74:0f:a4:12:ea:42:87:92:
         aa:0d:89:59:c4:c3:c6:8f:6e:37:df:36:dc:81:bf:ad:d8:3c:
         26:de:57:2a:bd:59:85:30:5a:85:e0:bf:cf:ce:3d:c3:47:d0:
         33:79:15:1c:c0:a2:97:58:36:22:9b:42:2e:97:af:4d:e1:a8:
         b1:3b:af:10:5c:0b:26:dd:15:c6:8e:42:4d:85:4a:67:eb:0b:
         99:90:54:3f:de:fa:13:5b:bd:5e:28:25:1f:37:de:c5:8e:65:
         e9:50:e0:51:89:c8:c4:11:54:ed:28:1a:44:fb:1f:f6:24:72:
         6f:f1:b5:9d:61:24:2a:f0:15:83:81:8f:45:0a:64:8b:55:c7:
         f5:23:0f:62:df:76:e0:01:1d:47:3a:b0:76:8b:d9:1a:a0:25:
         22:94:b3:dc:bd:8d:0f:b4:36:05:f0:36:7a:80:ec:40:d6:79:
         95:1d:bf:98:1b:19:72:f1:57:e7:93:f8:54:c7:6c:50:16:e4:
         de:a4:35:54:59:ec:5f:67:14:6f:3d:eb:be:35:80:76:19:55:
         d7:14:5c:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaL0+kZmnre2Pe1/2qK18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWIwNTFhNjMyYTk3NjI4OGRiNmVkMDY0MmI3ZjFkMjQ1ZmE0ZDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfHd2b0s89Hp+fyctESYy9mR3KAh
rpHI+sMD8qCttIh//nwiSplGA5aFXULAEh4TCK9+RVccp69VmK2CaOrc1gcc33Lx
GMfBeZdLyjzRccyh524AsgCc/cp12eSZhGVBf1Ygj6umRKUJHb3KTf0DaXuNkWeX
H4nt1wZDpaH5K9tmJZ1UHzto8kPRZszfj5/Gbmd9HddrRdfhnghNyIVZ2zcoN7J0
jHtomoDIOrY0bZxiXIWASRfJDeHPteVS2NtjtssvoXCDUQLvlpcK2EiQWfGwiQwW
orUZ+lbHFfcNZttSkK0GQf8TVYZ2KyQ/zUZjOpHa5/h5bVT/yUVwo5yX+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqwUaYyqXYojbbtBkK38dJF+k1bMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdXJCUnBqS3BkaWlOdHUwR1FyZngwa1g2VFZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWlMA0G
CSqGSIb3DQEBCwUAA4IBAQAOf1KWjhEoJpECiTHfHTdtHmQ+sf5lFoHZMMSc4rF0
icvrGNAefmuX7upiLftxdA+kEupCh5KqDYlZxMPGj2433zbcgb+t2Dwm3lcqvVmF
MFqF4L/Pzj3DR9AzeRUcwKKXWDYim0Iul69N4aixO68QXAsm3RXGjkJNhUpn6wuZ
kFQ/3voTW71eKCUfN97FjmXpUOBRicjEEVTtKBpE+x/2JHJv8bWdYSQq8BWDgY9F
CmSLVcf1Iw9i33bgAR1HOrB2i9kaoCUilLPcvY0PtDYF8DZ6gOxA1nmVHb+YGxly
8Vfnk/hUx2xQFuTepDVUWexfZxRvPeu+NYB2GVXXFFzr
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:22:41 2026 by rpki-client