Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wRb5Wdj0zBueNDGaE4HUIjgdRVU.roa
File:                     wRb5Wdj0zBueNDGaE4HUIjgdRVU.roa (raw, json)
Hash identifier:          seidWej22d0zh99ER8OZoAj5Job29gsOZK51uQVcnuE=
Subject key identifier:   C1:16:F9:59:D8:F4:CC:1B:9E:34:31:9A:13:81:D4:22:38:1D:45:55
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368D180DBA8FCDC53F6EF6FB87C9508
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wRb5Wdj0zBueNDGaE4HUIjgdRVU.roa
Signing time:             Thu 02 Jul 2026 15:18:19 +0000
ROA not before:           Thu 02 Jul 2026 15:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153786
IP address blocks:        213.130.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:d1:80:db:a8:fc:dc:53:f6:ef:6f:b8:7c:95:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c116f959d8f4cc1b9e34319a1381d422381d4555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:74:bc:03:8a:c3:6a:7f:79:df:7e:58:08:cb:
                    38:c3:7a:c1:ed:23:8c:6d:39:d3:4a:eb:b7:12:5c:
                    d7:46:eb:0e:5f:f5:dc:68:e5:af:f2:1b:bb:e0:ed:
                    48:99:96:b3:00:94:f2:df:f8:ba:85:6f:9a:35:ef:
                    07:53:c8:33:11:48:eb:95:70:76:54:c4:e7:bd:a3:
                    6b:ad:72:7e:27:6c:ba:c0:61:3a:09:60:cd:d7:70:
                    ab:87:45:fc:94:16:1b:d4:37:01:01:6e:2f:99:fa:
                    0b:ea:09:f0:50:21:d9:6b:14:cb:23:4d:92:e7:aa:
                    89:fb:c3:0a:fd:b8:de:b8:2d:16:8f:f9:1f:fe:a9:
                    0a:43:70:32:0e:47:4a:84:a4:ad:6d:f9:34:14:80:
                    91:7f:0b:12:ab:25:36:98:5d:06:82:c6:94:8f:b2:
                    00:eb:35:bf:00:31:4e:7d:e3:0d:af:33:b7:56:bc:
                    dc:9c:94:b3:88:d3:d7:15:08:7c:dd:24:d4:a5:53:
                    6a:5b:db:64:f7:96:ae:44:cc:6c:65:22:b0:fd:08:
                    43:7f:ee:fa:ab:1b:8b:4f:5b:82:d2:6a:55:b4:32:
                    b0:e8:ed:e3:75:e8:c6:c0:d5:35:ff:8b:38:32:3d:
                    47:07:eb:8d:6b:1b:6e:f3:9d:d8:4e:df:2c:7c:29:
                    5b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:16:F9:59:D8:F4:CC:1B:9E:34:31:9A:13:81:D4:22:38:1D:45:55
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wRb5Wdj0zBueNDGaE4HUIjgdRVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.130.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:51:d2:0b:33:82:e3:7e:fb:7c:45:27:ff:a9:12:1c:b7:ed:
         54:fa:8f:f4:74:9a:2e:fd:d0:94:f5:09:aa:1e:ed:a6:b4:c7:
         c6:f3:25:18:49:c7:24:89:88:10:a9:21:a0:d7:d6:6b:0f:2e:
         35:b0:e6:a3:cb:e7:1b:a7:14:60:3a:38:3e:1b:78:c2:23:6a:
         f4:76:65:08:6a:c7:68:13:2b:98:ce:ed:da:9d:ed:81:79:b8:
         85:23:cf:ec:94:85:6d:42:77:40:6c:39:1b:33:bd:d6:4a:7f:
         ba:d9:fe:3c:49:0d:e7:9d:c4:e6:8a:1c:15:07:77:58:c1:94:
         84:e4:80:20:0c:68:7b:42:19:55:13:69:b3:ba:ad:c3:b1:c4:
         29:ae:65:da:8c:69:68:6d:1d:27:eb:01:78:78:14:f1:21:69:
         e1:1d:fa:35:04:78:de:45:2e:bb:0d:8b:97:de:66:55:d4:00:
         09:b8:60:11:72:0f:ee:c7:cb:f7:78:32:f0:93:8e:32:c2:74:
         f0:c7:ea:bc:e2:16:81:9c:72:90:6b:03:55:d3:49:d9:9c:e4:
         ca:40:e8:44:e9:ba:eb:1c:68:7a:de:f1:87:54:40:3b:dc:68:
         3d:d5:c2:7a:52:6d:61:86:cc:3f:0c:a8:8e:31:f4:10:5b:e7:
         00:3c:31:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaNGA26j83FP272+4fJUIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTE2Zjk1OWQ4ZjRjYzFiOWUzNDMxOWExMzgxZDQyMjM4MWQ0NTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHS8A4rDan95335YCMs4w3rB7SOM
bTnTSuu3ElzXRusOX/XcaOWv8hu74O1ImZazAJTy3/i6hW+aNe8HU8gzEUjrlXB2
VMTnvaNrrXJ+J2y6wGE6CWDN13Crh0X8lBYb1DcBAW4vmfoL6gnwUCHZaxTLI02S
56qJ+8MK/bjeuC0Wj/kf/qkKQ3AyDkdKhKStbfk0FICRfwsSqyU2mF0GgsaUj7IA
6zW/ADFOfeMNrzO3VrzcnJSziNPXFQh83STUpVNqW9tk95auRMxsZSKw/QhDf+76
qxuLT1uC0mpVtDKw6O3jdejGwNU1/4s4Mj1HB+uNaxtu853YTt8sfClb0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEW+VnY9MwbnjQxmhOB1CI4HUVVMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvd1JiNVdkajB6QnVlTkRHYUU0SFVJamdkUlZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YKMMA0G
CSqGSIb3DQEBCwUAA4IBAQBEUdILM4Ljfvt8RSf/qRIct+1U+o/0dJou/dCU9Qmq
Hu2mtMfG8yUYScckiYgQqSGg19ZrDy41sOajy+cbpxRgOjg+G3jCI2r0dmUIasdo
EyuYzu3ane2BebiFI8/slIVtQndAbDkbM73WSn+62f48SQ3nncTmihwVB3dYwZSE
5IAgDGh7QhlVE2mzuq3DscQprmXajGlobR0n6wF4eBTxIWnhHfo1BHjeRS67DYuX
3mZV1AAJuGARcg/ux8v3eDLwk44ywnTwx+q84haBnHKQawNV00nZnOTKQOhE6brr
HGh63vGHVEA73Gg91cJ6Um1hhsw/DKiOMfQQW+cAPDF8
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:39 2026 by rpki-client