Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wtGGWlRgnJ3Bj7NGNmMBVE18xeQ.roa
File:                     wtGGWlRgnJ3Bj7NGNmMBVE18xeQ.roa (raw, json)
Hash identifier:          boFabbh8QYUme+1XNzd9eMpfQRWirBIorbBJp7SavJM=
Subject key identifier:   C2:D1:86:5A:54:60:9C:9D:C1:8F:B3:46:36:63:01:54:4D:7C:C5:E4
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368E870F61490F2CF79ADEAA312F753
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wtGGWlRgnJ3Bj7NGNmMBVE18xeQ.roa
Signing time:             Thu 02 Jul 2026 15:18:25 +0000
ROA not before:           Thu 02 Jul 2026 15:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207645
IP address blocks:        82.153.74.0/23 maxlen: 23
                          82.153.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:e8:70:f6:14:90:f2:cf:79:ad:ea:a3:12:f7:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2d1865a54609c9dc18fb346366301544d7cc5e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:dd:fa:65:85:a7:0e:3c:50:a3:12:6b:f0:fb:
                    25:a1:b9:3f:b3:e3:0b:64:23:ec:12:e2:e3:82:8d:
                    af:23:28:3a:16:ff:98:7e:db:72:46:c1:03:2c:5a:
                    86:d2:6b:6b:94:a4:f1:44:cc:a9:63:93:38:91:e6:
                    7e:f4:b4:69:25:63:15:46:5f:7a:ff:f6:7e:08:68:
                    30:31:88:bc:3b:7a:de:3d:c7:9c:53:27:9f:96:3d:
                    a5:98:dc:b7:68:7d:5a:75:86:b9:e1:14:76:1f:ac:
                    26:ba:06:02:c9:f8:df:b0:6a:a6:2d:ca:88:ea:c6:
                    55:b1:de:51:8a:24:75:ff:2c:a8:0a:af:b1:b2:14:
                    74:0f:04:75:56:3b:24:7a:90:e8:01:36:c4:f8:f4:
                    97:7e:cf:fb:10:72:12:2a:11:a8:30:8c:46:52:7d:
                    60:83:cc:00:5b:a8:84:d6:0a:e2:53:41:df:f4:a7:
                    43:c2:bf:db:52:1c:f0:21:34:f2:42:34:2d:cb:7f:
                    28:23:74:81:65:5b:aa:48:97:aa:3b:8e:4f:b6:10:
                    5b:01:8a:fe:1b:da:17:d3:ef:d8:9f:a5:99:f2:10:
                    f8:1d:4c:d1:95:cd:5d:79:19:bf:10:5d:f5:2c:66:
                    4e:59:02:9f:6f:f6:1d:de:5f:fe:47:66:99:78:21:
                    21:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:D1:86:5A:54:60:9C:9D:C1:8F:B3:46:36:63:01:54:4D:7C:C5:E4
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wtGGWlRgnJ3Bj7NGNmMBVE18xeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.74.0-82.153.77.255

    Signature Algorithm: sha256WithRSAEncryption
         6a:60:70:a4:f4:bf:b1:00:11:79:3d:95:b3:36:41:5d:fc:9f:
         b0:5e:27:8b:20:36:a5:b2:c2:d3:51:03:77:7a:3d:7f:69:35:
         7d:a0:4d:f6:d4:ba:2c:50:34:34:b1:f3:d9:a6:6a:e1:e8:d9:
         aa:43:09:e1:74:b5:dc:b4:69:4a:eb:23:4e:3f:42:9a:c7:9b:
         78:6d:d7:aa:f4:f3:b0:13:a2:07:6e:aa:ec:63:a5:fc:4f:1d:
         e5:08:f0:73:6e:b0:b6:22:0d:a7:52:62:57:a6:07:9f:10:3d:
         3e:70:b9:76:59:1f:1a:7b:4f:63:40:bb:82:43:2d:96:0a:49:
         8f:d3:6a:2e:f8:63:37:91:b9:30:c8:7f:f8:b7:43:13:c5:5f:
         57:dd:3a:57:59:02:e8:49:d7:60:de:6a:c7:5e:f3:f3:76:28:
         77:35:4c:e3:86:a7:6a:e2:26:8b:26:12:33:dd:20:a9:76:d9:
         66:1b:40:b2:3a:46:86:8b:34:22:dc:77:95:ba:c9:68:1f:47:
         8b:66:a7:81:7e:a6:c2:2b:62:d9:4b:dc:2d:f9:76:00:88:21:
         68:e4:c9:ed:b7:ce:29:59:8f:58:36:c9:84:15:44:ff:38:3a:
         d0:2b:c3:35:83:c9:4c:c5:ed:b5:6a:ca:c5:81:d7:2a:b3:0f:
         a9:33:f0:be
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ8jaOhw9hSQ8s95reqjEvdTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmQxODY1YTU0NjA5YzlkYzE4ZmIzNDYzNjYzMDE1NDRkN2NjNWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvd36ZYWnDjxQoxJr8Pslobk/s+ML
ZCPsEuLjgo2vIyg6Fv+YfttyRsEDLFqG0mtrlKTxRMypY5M4keZ+9LRpJWMVRl96
//Z+CGgwMYi8O3rePcecUyeflj2lmNy3aH1adYa54RR2H6wmugYCyfjfsGqmLcqI
6sZVsd5RiiR1/yyoCq+xshR0DwR1VjskepDoATbE+PSXfs/7EHISKhGoMIxGUn1g
g8wAW6iE1griU0Hf9KdDwr/bUhzwITTyQjQty38oI3SBZVuqSJeqO45PthBbAYr+
G9oX0+/Yn6WZ8hD4HUzRlc1deRm/EF31LGZOWQKfb/Yd3l/+R2aZeCEhYwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMLRhlpUYJydwY+zRjZjAVRNfMXkMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvd3RHR1dsUmduSjNCajdOR05tTUJWRTE4eGVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFSmUoD
BAFSmUwwDQYJKoZIhvcNAQELBQADggEBAGpgcKT0v7EAEXk9lbM2QV38n7BeJ4sg
NqWywtNRA3d6PX9pNX2gTfbUuixQNDSx89mmauHo2apDCeF0tdy0aUrrI04/QprH
m3ht16r087ATogduquxjpfxPHeUI8HNusLYiDadSYlemB58QPT5wuXZZHxp7T2NA
u4JDLZYKSY/Tai74YzeRuTDIf/i3QxPFX1fdOldZAuhJ12Deasde8/N2KHc1TOOG
p2riJosmEjPdIKl22WYbQLI6RoaLNCLcd5W6yWgfR4tmp4F+psIrYtlL3C35dgCI
IWjkye23zilZj1g2yYQVRP84OtArwzWDyUzF7bVqysWB1yqzD6kz8L4=
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:27 2026 by rpki-client