Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wcys9zqtZ-gVMzAs8FlWGVanKNI.roa
File:                     wcys9zqtZ-gVMzAs8FlWGVanKNI.roa (raw, json)
Hash identifier:          DjibpMAPmoLsAFZlUUMziFCQK5oKeWHxZEmUO8mil/8=
Subject key identifier:   C1:CC:AC:F7:3A:AD:67:E8:15:33:30:2C:F0:59:56:19:56:A7:28:D2
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368C3D7780C0FF699A20AA28EFBE8CD
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wcys9zqtZ-gVMzAs8FlWGVanKNI.roa
Signing time:             Thu 02 Jul 2026 15:18:16 +0000
ROA not before:           Thu 02 Jul 2026 15:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59711
IP address blocks:        82.153.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:c3:d7:78:0c:0f:f6:99:a2:0a:a2:8e:fb:e8:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1ccacf73aad67e81533302cf059561956a728d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:30:02:3d:a6:76:4b:b1:0c:22:75:6a:23:df:
                    84:97:c1:f8:fe:1d:06:ad:d1:c0:a0:e9:5a:dc:72:
                    b3:90:c5:de:a5:0f:e3:1f:b2:6d:10:eb:1c:98:77:
                    c0:da:6f:ac:44:fc:ec:bd:00:06:60:63:d1:dc:f1:
                    e5:a0:77:50:ac:a0:8e:1e:ca:b0:bd:1a:ce:54:ad:
                    95:13:da:22:f1:ec:56:dc:1c:e1:fc:57:b6:c7:46:
                    d0:b4:57:56:92:43:38:36:2e:0b:2e:6d:4a:4d:df:
                    07:cd:b3:1f:d1:5b:73:0d:23:65:fe:d0:42:6e:3c:
                    48:3b:3c:cc:54:b3:97:52:83:ae:41:4a:e8:61:20:
                    c7:84:fc:3a:8b:b4:32:7f:ba:cd:5d:01:28:47:b5:
                    24:02:c2:34:82:d3:2b:00:d0:dd:15:fd:4d:47:b9:
                    05:c3:9d:4a:cd:a2:b8:6d:6c:a1:63:79:26:eb:9c:
                    19:a2:a3:e2:6f:4d:88:45:a1:88:98:70:ce:b5:c8:
                    e7:21:7c:41:76:1e:8b:ae:9f:3c:86:b2:97:98:1b:
                    3e:ea:78:a3:8d:7c:5e:49:41:a2:4e:2b:94:56:78:
                    74:8a:3b:24:1e:6c:5c:36:7c:0c:3f:6a:32:3b:08:
                    cb:fc:8e:0f:08:6a:51:c9:2c:06:21:a5:72:b4:f8:
                    bb:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:CC:AC:F7:3A:AD:67:E8:15:33:30:2C:F0:59:56:19:56:A7:28:D2
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wcys9zqtZ-gVMzAs8FlWGVanKNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:11:2d:fc:46:ab:97:d9:18:02:1c:ef:bd:ed:19:1d:f6:95:
         c3:6d:a3:bf:32:90:44:6f:cf:3a:60:a1:20:57:a2:f8:1b:ee:
         7e:a9:cd:eb:d7:7d:ad:18:aa:09:72:02:3a:ca:27:92:bb:5a:
         65:30:e8:c0:f9:d9:0a:b9:a1:8e:dd:38:44:9e:cd:7e:e9:74:
         31:97:93:4f:cb:fb:a1:dc:70:e4:28:cb:30:68:2b:c9:5f:0c:
         28:69:70:b5:56:8c:a1:d6:08:be:7b:90:61:3e:f5:e5:54:b6:
         d2:95:30:f2:ee:1a:c1:7c:03:b9:45:b8:db:0c:66:7c:a3:8f:
         71:c7:12:8f:eb:db:2e:30:8c:28:ef:1c:74:75:aa:cb:8c:91:
         f8:e2:41:a6:4c:58:8f:1c:88:dc:15:a1:7a:5c:61:df:90:f6:
         ff:2b:86:e5:8e:4c:de:90:d9:61:10:10:ab:6b:59:c4:8b:1a:
         f5:aa:9c:a4:2b:d1:5e:8e:88:0a:90:35:05:f1:6a:0d:0d:40:
         bc:c9:1c:a1:f3:41:e7:55:23:78:0c:3f:c1:1b:9f:03:c3:9c:
         1c:8c:b5:b9:ec:46:25:b9:d3:c3:13:f0:e0:eb:0d:e6:55:50:
         06:32:1b:ec:3f:9f:9b:51:8b:99:ab:64:4e:ac:16:db:e7:80:
         e9:43:6d:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaMPXeAwP9pmiCqKO++jNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWNjYWNmNzNhYWQ2N2U4MTUzMzMwMmNmMDU5NTYxOTU2YTcyOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzACPaZ2S7EMInVqI9+El8H4/h0G
rdHAoOla3HKzkMXepQ/jH7JtEOscmHfA2m+sRPzsvQAGYGPR3PHloHdQrKCOHsqw
vRrOVK2VE9oi8exW3Bzh/Fe2x0bQtFdWkkM4Ni4LLm1KTd8HzbMf0VtzDSNl/tBC
bjxIOzzMVLOXUoOuQUroYSDHhPw6i7Qyf7rNXQEoR7UkAsI0gtMrANDdFf1NR7kF
w51KzaK4bWyhY3km65wZoqPib02IRaGImHDOtcjnIXxBdh6Lrp88hrKXmBs+6nij
jXxeSUGiTiuUVnh0ijskHmxcNnwMP2oyOwjL/I4PCGpRySwGIaVytPi7WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHMrPc6rWfoFTMwLPBZVhlWpyjSMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvd2N5czl6cXRaLWdWTXpBczhGbFdHVmFuS05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpn4MA0G
CSqGSIb3DQEBCwUAA4IBAQB2ES38RquX2RgCHO+97Rkd9pXDbaO/MpBEb886YKEg
V6L4G+5+qc3r132tGKoJcgI6yieSu1plMOjA+dkKuaGO3ThEns1+6XQxl5NPy/uh
3HDkKMswaCvJXwwoaXC1Voyh1gi+e5BhPvXlVLbSlTDy7hrBfAO5RbjbDGZ8o49x
xxKP69suMIwo7xx0darLjJH44kGmTFiPHIjcFaF6XGHfkPb/K4bljkzekNlhEBCr
a1nEixr1qpykK9FejogKkDUF8WoNDUC8yRyh80HnVSN4DD/BG58Dw5wcjLW57EYl
udPDE/Dg6w3mVVAGMhvsP5+bUYuZq2ROrBbb54DpQ22x
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:18 2026 by rpki-client