Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vI3Qq9xNkngcLYq6MVY8O8mvjig.roa
File:                     vI3Qq9xNkngcLYq6MVY8O8mvjig.roa (raw, json)
Hash identifier:          HWkWIS4RzPpkKzodEfUN1t0sYHVT/TDjJ2+5xayclW8=
Subject key identifier:   BC:8D:D0:AB:DC:4D:92:78:1C:2D:8A:BA:31:56:3C:3B:C9:AF:8E:28
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368FBF4C168743A7161A350BB12641D
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vI3Qq9xNkngcLYq6MVY8O8mvjig.roa
Signing time:             Thu 02 Jul 2026 15:18:30 +0000
ROA not before:           Thu 02 Jul 2026 15:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212980
IP address blocks:        80.240.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:fb:f4:c1:68:74:3a:71:61:a3:50:bb:12:64:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc8dd0abdc4d92781c2d8aba31563c3bc9af8e28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:48:d6:a9:05:ad:77:a3:68:57:7d:49:31:0a:
                    0b:0d:05:1c:17:39:93:1d:fb:d8:d4:95:ef:51:0d:
                    f9:20:8b:ae:97:1a:2d:c4:cd:b2:0a:ee:61:28:bb:
                    91:8f:60:88:96:37:94:84:68:39:9b:f8:1d:d6:6d:
                    d3:dc:b4:94:75:52:9c:1d:10:be:63:f5:41:56:04:
                    83:bf:05:0a:60:7d:5d:4c:8b:79:8d:04:08:72:a8:
                    93:31:f3:2f:90:6c:85:d4:a7:ae:b3:ca:7b:89:09:
                    ec:a8:ea:10:86:15:72:8e:eb:3d:ee:42:06:c3:7f:
                    89:7c:c1:10:6e:c5:4e:80:ed:fd:05:b2:d1:37:f8:
                    28:e0:56:bf:66:4e:72:d4:fa:96:1e:e9:1d:05:8c:
                    de:05:58:66:df:9c:f6:c8:15:fa:77:e7:f9:16:88:
                    ea:16:ed:4b:61:37:f7:12:0d:30:f6:a0:7e:4b:89:
                    25:7e:db:50:43:cf:ce:64:26:a3:d1:6f:cb:ff:71:
                    77:b0:e8:0b:f0:a6:ad:af:86:06:44:5f:48:03:99:
                    48:c2:1e:5d:b0:06:de:2e:f8:50:30:91:c6:06:9d:
                    5e:6b:73:db:80:75:34:5d:a4:01:4f:5f:90:8d:c3:
                    f0:2d:5d:6b:7a:da:28:15:83:3c:b8:cb:f3:89:c5:
                    f2:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:8D:D0:AB:DC:4D:92:78:1C:2D:8A:BA:31:56:3C:3B:C9:AF:8E:28
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vI3Qq9xNkngcLYq6MVY8O8mvjig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:4a:a7:74:24:f5:da:00:82:e7:a2:11:ac:03:7a:e6:db:8b:
         d7:e5:f4:dc:c3:f2:13:6c:98:52:85:63:6f:15:50:eb:43:55:
         92:a8:51:1d:b2:5e:f2:98:11:d0:4f:f0:a0:bd:56:5f:7f:75:
         03:67:16:9e:67:ae:f3:46:17:28:ac:90:86:13:c5:67:38:eb:
         bc:15:e0:e4:4b:b1:3f:4c:18:c5:43:ab:2b:b1:8d:00:cf:c3:
         42:67:24:50:6e:ff:5a:3f:0f:4c:2f:4c:bb:04:05:24:e0:ef:
         6a:c2:cc:ee:2d:60:dc:97:70:74:b3:a8:02:5c:3c:9e:01:fc:
         54:fc:ec:87:6f:03:1a:f9:c3:83:1d:85:41:34:32:bb:a1:0c:
         49:6d:0b:fd:b0:e1:48:9e:7f:4e:2c:3c:cb:83:e6:3a:78:28:
         84:9c:d9:a0:6b:5c:ed:92:56:f2:d6:86:6e:36:02:e6:ff:94:
         4c:01:64:32:09:06:0a:fe:80:87:a2:bb:22:f2:12:74:59:94:
         00:12:df:47:a4:93:7e:e2:9b:9e:e2:e5:fe:19:0e:83:ff:2c:
         ae:c5:db:a0:5f:b1:25:15:f9:5e:51:36:8c:41:8a:c5:62:21:
         3a:70:69:38:9f:4c:a4:67:7f:bc:13:8b:da:1b:77:86:90:94:
         78:e4:12:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaPv0wWh0OnFho1C7EmQdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzhkZDBhYmRjNGQ5Mjc4MWMyZDhhYmEzMTU2M2MzYmM5YWY4ZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUjWqQWtd6NoV31JMQoLDQUcFzmT
HfvY1JXvUQ35IIuulxotxM2yCu5hKLuRj2CIljeUhGg5m/gd1m3T3LSUdVKcHRC+
Y/VBVgSDvwUKYH1dTIt5jQQIcqiTMfMvkGyF1Keus8p7iQnsqOoQhhVyjus97kIG
w3+JfMEQbsVOgO39BbLRN/go4Fa/Zk5y1PqWHukdBYzeBVhm35z2yBX6d+f5Fojq
Fu1LYTf3Eg0w9qB+S4klfttQQ8/OZCaj0W/L/3F3sOgL8Katr4YGRF9IA5lIwh5d
sAbeLvhQMJHGBp1ea3PbgHU0XaQBT1+QjcPwLV1retooFYM8uMvzicXy8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyN0KvcTZJ4HC2KujFWPDvJr44oMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdkkzUXE5eE5rbmdjTFlxNk1WWThPOG12amlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPBZMA0G
CSqGSIb3DQEBCwUAA4IBAQBqSqd0JPXaAILnohGsA3rm24vX5fTcw/ITbJhShWNv
FVDrQ1WSqFEdsl7ymBHQT/CgvVZff3UDZxaeZ67zRhcorJCGE8VnOOu8FeDkS7E/
TBjFQ6srsY0Az8NCZyRQbv9aPw9ML0y7BAUk4O9qwszuLWDcl3B0s6gCXDyeAfxU
/OyHbwMa+cODHYVBNDK7oQxJbQv9sOFInn9OLDzLg+Y6eCiEnNmga1ztklby1oZu
NgLm/5RMAWQyCQYK/oCHorsi8hJ0WZQAEt9HpJN+4pue4uX+GQ6D/yyuxdugX7El
FfleUTaMQYrFYiE6cGk4n0ykZ3+8E4vaG3eGkJR45BLx
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:22:42 2026 by rpki-client