Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wiJCc0Y7bt9bIaxy7QjsOzmmHqU.roa
File:                     wiJCc0Y7bt9bIaxy7QjsOzmmHqU.roa (raw, json)
Hash identifier:          qGrK0B8j3k2MaZDDomGV49aygyjOPLdGYAy6QW2YtDE=
Subject key identifier:   C2:22:42:73:46:3B:6E:DF:5B:21:AC:72:ED:08:EC:3B:39:A6:1E:A5
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368F8D2FCF6E5873C9B0CA7C2692FD2
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wiJCc0Y7bt9bIaxy7QjsOzmmHqU.roa
Signing time:             Thu 02 Jul 2026 15:18:29 +0000
ROA not before:           Thu 02 Jul 2026 15:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212384
IP address blocks:        37.252.27.0/24 maxlen: 24
                          81.168.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:f8:d2:fc:f6:e5:87:3c:9b:0c:a7:c2:69:2f:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2224273463b6edf5b21ac72ed08ec3b39a61ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2c:16:63:5a:db:ba:f0:e6:6a:7b:a0:14:49:
                    3f:a5:03:64:4d:db:ba:ae:3f:bc:25:34:4b:88:51:
                    56:72:88:2b:b2:20:ee:b6:c4:68:4f:a8:84:6a:2f:
                    40:8d:4a:6a:b2:db:b1:9c:e5:05:3a:51:9b:68:a3:
                    29:cb:a3:a2:1f:3d:db:67:c1:68:c5:82:0a:b2:80:
                    85:3d:e0:82:3c:66:f3:67:82:e9:60:b7:ea:3a:37:
                    50:b7:db:b5:08:de:62:fe:19:73:01:6b:b9:fa:f6:
                    14:8b:ef:df:d0:d9:28:19:b3:15:bb:d5:ea:47:d5:
                    fe:1b:68:79:d7:5d:95:f1:e9:0e:39:3e:bf:82:e7:
                    41:78:a9:74:29:f7:70:9b:37:7b:bb:b3:10:c7:d3:
                    ac:a3:aa:61:c2:46:0c:18:26:ec:88:cc:49:00:14:
                    18:42:53:32:58:1f:8e:5a:75:e3:07:8c:68:0f:5e:
                    b0:0d:38:e1:46:97:e1:85:36:84:b1:65:ea:e1:56:
                    e7:46:61:73:e3:92:1f:7d:bf:58:33:8b:34:47:3c:
                    fc:02:09:a1:f8:ee:95:67:5a:bc:5d:fb:22:8c:8e:
                    ca:33:08:a4:4a:ef:17:46:d6:c9:a5:4d:f4:b6:db:
                    2f:77:c4:d4:16:cb:8c:f3:6f:5d:54:7a:48:fa:9b:
                    2e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:22:42:73:46:3B:6E:DF:5B:21:AC:72:ED:08:EC:3B:39:A6:1E:A5
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wiJCc0Y7bt9bIaxy7QjsOzmmHqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.27.0/24
                  81.168.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:c7:8e:f9:6a:ca:db:66:3b:eb:05:e6:e3:1d:e1:03:51:a4:
         3b:c4:3a:c0:5c:c0:a5:79:39:a8:7f:c4:da:13:45:ef:93:a4:
         8c:f1:25:9b:8a:01:d3:ae:60:a7:c0:76:3a:7c:f2:30:31:81:
         d0:24:b5:7e:95:e0:77:cd:fd:da:b0:f7:8f:1c:94:fe:97:02:
         59:5f:99:67:ff:e8:ed:9d:4e:4e:df:1c:fd:da:b9:4d:53:0b:
         52:3e:9d:f3:96:d1:a3:76:52:8b:f3:33:64:60:89:97:d5:6e:
         96:a4:ec:51:cc:ac:5a:69:f5:c0:d9:9c:1e:0e:8d:be:78:94:
         5b:91:96:b8:d0:2c:de:36:28:b7:10:81:41:a0:0b:7f:4f:88:
         d5:d1:a6:9b:15:0f:ef:e4:2c:6c:b2:2f:89:6e:5e:e9:8b:18:
         01:28:04:e1:2f:1b:31:48:a9:79:56:7b:44:93:f2:b5:7a:66:
         2d:d8:26:0b:79:6d:92:a6:d2:66:0a:26:6d:c6:ce:7e:4f:f1:
         76:0c:ec:ec:cd:4b:16:ae:01:4c:11:21:f9:f1:e5:8f:92:e7:
         fb:a6:bf:40:62:e4:f9:3c:e3:9b:7c:1c:5b:ee:45:12:e2:95:
         c4:a7:c9:65:c9:b9:fd:21:ab:d4:cd:e6:fb:b4:7c:d6:4a:cf:
         f8:8f:82:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8jaPjS/PblhzybDKfCaS/SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjIyNDI3MzQ2M2I2ZWRmNWIyMWFjNzJlZDA4ZWMzYjM5YTYxZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCwWY1rbuvDmanugFEk/pQNkTdu6
rj+8JTRLiFFWcogrsiDutsRoT6iEai9AjUpqstuxnOUFOlGbaKMpy6OiHz3bZ8Fo
xYIKsoCFPeCCPGbzZ4LpYLfqOjdQt9u1CN5i/hlzAWu5+vYUi+/f0NkoGbMVu9Xq
R9X+G2h5112V8ekOOT6/gudBeKl0Kfdwmzd7u7MQx9Oso6phwkYMGCbsiMxJABQY
QlMyWB+OWnXjB4xoD16wDTjhRpfhhTaEsWXq4VbnRmFz45Iffb9YM4s0Rzz8Agmh
+O6VZ1q8XfsijI7KMwikSu8XRtbJpU30ttsvd8TUFsuM829dVHpI+psu/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMIiQnNGO27fWyGscu0I7Ds5ph6lMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvd2lKQ2MwWTdidDliSWF4eTdRanNPem1tSHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJfwbAwQA
UagyMA0GCSqGSIb3DQEBCwUAA4IBAQA8x475asrbZjvrBebjHeEDUaQ7xDrAXMCl
eTmof8TaE0Xvk6SM8SWbigHTrmCnwHY6fPIwMYHQJLV+leB3zf3asPePHJT+lwJZ
X5ln/+jtnU5O3xz92rlNUwtSPp3zltGjdlKL8zNkYImX1W6WpOxRzKxaafXA2Zwe
Do2+eJRbkZa40CzeNii3EIFBoAt/T4jV0aabFQ/v5Cxssi+Jbl7pixgBKAThLxsx
SKl5VntEk/K1emYt2CYLeW2SptJmCiZtxs5+T/F2DOzszUsWrgFMESH58eWPkuf7
pr9AYuT5POObfBxb7kUS4pXEp8llybn9IavUzeb7tHzWSs/4j4Lg
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:57 2026 by rpki-client