Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xDxuIEUCIDcUBC7GEX_yysiuxhc.roa
File:                     xDxuIEUCIDcUBC7GEX_yysiuxhc.roa (raw, json)
Hash identifier:          IzprAziVgxKDFqYRMO4B3XrCwMl8qW/JU7Fx+iGkOeI=
Subject key identifier:   C4:3C:6E:20:45:02:20:37:14:04:2E:C6:11:7F:F2:CA:C8:AE:C6:17
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368D1EF351FE26363BB1C73ECA9D284
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xDxuIEUCIDcUBC7GEX_yysiuxhc.roa
Signing time:             Thu 02 Jul 2026 15:18:19 +0000
ROA not before:           Thu 02 Jul 2026 15:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154049
IP address blocks:        37.252.25.0/24 maxlen: 24
                          77.107.83.0/24 maxlen: 24
                          79.99.147.0/24 maxlen: 24
                          81.168.38.0/24 maxlen: 24
                          109.176.14.0/24 maxlen: 24
                          212.38.80.0/24 maxlen: 24
                          213.210.24.0/24 maxlen: 24
                          217.144.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:d1:ef:35:1f:e2:63:63:bb:1c:73:ec:a9:d2:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c43c6e204502203714042ec6117ff2cac8aec617
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f8:fd:2b:50:5f:e4:c9:e6:fa:af:e7:0a:95:
                    bf:49:d6:02:c0:06:27:08:83:dc:15:c3:09:97:fd:
                    4a:d2:25:61:a1:f6:22:60:c1:7a:52:c8:90:2e:2c:
                    e5:ce:e5:b6:67:ee:d4:d3:a7:08:10:34:52:0d:14:
                    b5:13:79:f4:5c:cb:3f:cf:9c:3e:cd:5a:72:d1:d4:
                    33:48:d7:bb:a0:ff:40:f9:80:49:ae:b7:06:b9:a3:
                    0a:9f:b6:0a:08:f1:04:a0:99:26:bb:6b:eb:a2:b5:
                    4e:21:e8:d7:85:ce:d1:27:07:89:a0:46:df:04:a6:
                    d0:75:4f:20:cc:0e:41:6a:95:35:a8:9a:15:a0:41:
                    11:41:25:3e:1b:e3:d6:97:4f:13:ba:f0:34:5a:b5:
                    a7:91:1d:6f:7c:52:9a:48:53:26:05:6b:a3:54:8f:
                    04:9f:c7:75:1a:28:56:87:4c:31:72:e7:7d:02:07:
                    b3:dc:57:93:18:53:35:7e:31:9c:d5:c3:9b:5b:09:
                    61:3d:d8:37:0c:7f:99:f6:0a:f5:10:8d:51:b3:5b:
                    de:37:32:37:5f:33:97:d5:1d:19:5f:d4:72:6a:cb:
                    93:3c:10:8d:5a:17:ac:58:f1:e2:0c:2b:ed:49:ba:
                    c2:d4:91:8d:36:2a:66:62:93:a1:0e:5b:94:8b:75:
                    bb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:3C:6E:20:45:02:20:37:14:04:2E:C6:11:7F:F2:CA:C8:AE:C6:17
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xDxuIEUCIDcUBC7GEX_yysiuxhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.25.0/24
                  77.107.83.0/24
                  79.99.147.0/24
                  81.168.38.0/24
                  109.176.14.0/24
                  212.38.80.0/24
                  213.210.24.0/24
                  217.144.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:95:7c:f9:d0:4c:6c:07:6e:dc:e0:9a:3e:ea:fa:19:69:72:
         3e:28:33:d2:b5:ec:4a:c6:ff:99:a9:a1:35:56:67:5f:77:c3:
         68:9a:39:3d:23:49:13:3f:d1:1f:dd:0f:4b:a4:49:af:ca:f5:
         90:70:2c:35:08:30:cf:99:35:23:a1:70:66:c7:10:e2:fe:9b:
         09:39:eb:51:c8:f8:89:d8:11:94:b2:e1:74:99:74:a2:77:69:
         13:72:84:26:12:8b:c6:44:7d:5f:29:3d:e5:fe:28:cc:5c:4b:
         bc:94:e0:6a:93:01:df:22:6e:ac:de:d7:0f:ad:3e:25:e2:93:
         c9:57:7b:c7:65:d7:2a:51:3d:ff:24:7d:fc:04:f7:26:54:27:
         f4:32:1c:1f:ab:f3:9e:ec:38:a6:e5:32:dc:ed:ad:bb:2e:43:
         11:07:ce:2d:1a:4f:9a:11:45:2a:98:d3:45:97:a1:9a:e9:16:
         1c:1d:de:f9:d9:26:2e:07:84:1c:8c:66:40:09:b2:fe:7b:ea:
         96:f5:f7:71:d7:17:d2:a2:e7:3a:ef:cc:bf:b1:0b:0e:0e:d1:
         89:ba:69:99:56:48:57:1a:f8:61:00:51:f8:1a:f7:a5:fc:fc:
         5b:55:94:1f:00:80:4c:5a:1e:9f:18:49:2a:54:dc:43:ef:8b:
         6f:35:26:cd
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZ8jaNHvNR/iY2O7HHPsqdKEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDNjNmUyMDQ1MDIyMDM3MTQwNDJlYzYxMTdmZjJjYWM4YWVjNjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vj9K1Bf5Mnm+q/nCpW/SdYCwAYn
CIPcFcMJl/1K0iVhofYiYMF6UsiQLizlzuW2Z+7U06cIEDRSDRS1E3n0XMs/z5w+
zVpy0dQzSNe7oP9A+YBJrrcGuaMKn7YKCPEEoJkmu2vrorVOIejXhc7RJweJoEbf
BKbQdU8gzA5BapU1qJoVoEERQSU+G+PWl08TuvA0WrWnkR1vfFKaSFMmBWujVI8E
n8d1GihWh0wxcud9Agez3FeTGFM1fjGc1cObWwlhPdg3DH+Z9gr1EI1Rs1veNzI3
XzOX1R0ZX9RyasuTPBCNWhesWPHiDCvtSbrC1JGNNipmYpOhDluUi3W77QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFMQ8biBFAiA3FAQuxhF/8srIrsYXMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveER4dUlFVUNJRGNVQkM3R0VYX3l5c2l1eGhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAJfwZAwQA
TWtTAwQAT2OTAwQAUagmAwQAbbAOAwQA1CZQAwQA1dIYAwQA2ZCTMA0GCSqGSIb3
DQEBCwUAA4IBAQBglXz50ExsB27c4Jo+6voZaXI+KDPStexKxv+ZqaE1Vmdfd8No
mjk9I0kTP9Ef3Q9LpEmvyvWQcCw1CDDPmTUjoXBmxxDi/psJOetRyPiJ2BGUsuF0
mXSid2kTcoQmEovGRH1fKT3l/ijMXEu8lOBqkwHfIm6s3tcPrT4l4pPJV3vHZdcq
UT3/JH38BPcmVCf0Mhwfq/Oe7Dim5TLc7a27LkMRB84tGk+aEUUqmNNFl6Ga6RYc
Hd752SYuB4QcjGZACbL+e+qW9fdx1xfSouc678y/sQsODtGJummZVkhXGvhhAFH4
Gvel/PxbVZQfAIBMWh6fGEkqVNxD74tvNSbN
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:20:06 2026 by rpki-client