Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/y5fNGIJ6Dd9d8HWnk-vY3nUEFTI.roa
File:                     y5fNGIJ6Dd9d8HWnk-vY3nUEFTI.roa (raw, json)
Hash identifier:          cWuzf5Zl1w1bBxs8Spn75D8gQv39ukVEQ1Tv6WjiY0Q=
Subject key identifier:   CB:97:CD:18:82:7A:0D:DF:5D:F0:75:A7:93:EB:D8:DE:75:04:15:32
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368CD37D65665864A1563671896462E
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/y5fNGIJ6Dd9d8HWnk-vY3nUEFTI.roa
Signing time:             Thu 02 Jul 2026 15:18:18 +0000
ROA not before:           Thu 02 Jul 2026 15:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     141968
IP address blocks:        82.153.226.0/24 maxlen: 24
                          109.176.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:cd:37:d6:56:65:86:4a:15:63:67:18:96:46:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb97cd18827a0ddf5df075a793ebd8de75041532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:83:60:b9:47:9c:de:fd:ea:9c:46:f7:69:0a:
                    a4:19:21:8d:08:d6:a4:54:eb:d5:94:1b:67:43:a1:
                    20:f1:4e:5f:42:6f:08:4f:b6:3f:b5:79:e0:9d:9e:
                    ad:70:69:20:8b:82:4c:11:20:a4:07:35:2d:86:68:
                    bc:f8:fb:2d:46:3d:d6:69:37:8f:56:5a:18:8a:6f:
                    cd:54:ec:6e:10:8a:e0:e0:4d:7f:7c:dd:ce:60:bf:
                    dd:e6:39:83:c9:88:cf:04:a8:3d:93:22:4e:c7:d8:
                    ed:be:47:52:89:9a:6a:89:6e:5f:b0:37:95:36:f3:
                    4b:73:72:52:d5:0f:3f:7d:7f:db:f4:ca:35:40:a5:
                    58:c4:cc:81:be:46:c2:b9:c8:1c:c8:f7:9b:31:43:
                    82:06:c8:e3:cc:59:98:c7:3e:fb:d6:ec:ac:c6:e3:
                    b2:dc:19:d4:51:36:0b:56:e4:ab:f9:44:1f:ad:ed:
                    2b:5e:d5:87:ec:96:a9:7d:fb:9c:d2:8b:bc:08:45:
                    66:a6:73:e1:0d:eb:4a:6f:d9:19:8c:7f:30:ba:de:
                    94:67:d6:15:50:e8:36:1f:7b:74:af:7a:55:a6:bf:
                    85:5f:3b:a2:04:00:6a:b9:c2:ab:6e:db:80:08:ec:
                    25:7d:96:81:b6:5b:60:a6:ab:5e:12:7d:4c:fe:1a:
                    1d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:97:CD:18:82:7A:0D:DF:5D:F0:75:A7:93:EB:D8:DE:75:04:15:32
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/y5fNGIJ6Dd9d8HWnk-vY3nUEFTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.226.0/24
                  109.176.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:ab:05:f5:59:49:f5:67:3b:bf:7e:8a:76:ec:da:45:cd:df:
         a6:ee:f3:a4:44:4d:6d:21:4e:f1:e4:f2:10:4e:31:73:dd:24:
         70:25:46:0e:8a:bc:c7:bf:37:ab:17:52:cd:19:be:67:05:33:
         9b:f1:ac:9e:fd:a7:e5:88:71:f8:ab:3a:36:0e:2d:e0:6e:1d:
         70:a4:a4:09:ca:1c:71:8c:c4:86:23:11:ac:b1:51:dd:5c:5a:
         9f:62:87:e8:24:dd:32:d6:fc:2a:a8:c8:92:ec:fd:ff:0b:8b:
         7b:62:1f:5b:26:a3:b6:13:3b:32:d6:b1:69:88:74:85:c1:b9:
         d6:67:f1:6b:3b:1a:74:2c:ac:c2:ac:8a:f4:23:bc:31:e2:32:
         87:b0:7b:f9:14:a4:23:d3:3e:0a:93:51:ce:78:f0:60:eb:34:
         c2:fb:11:74:39:71:ca:41:25:bb:65:6a:98:ea:40:5b:3b:73:
         f6:b8:64:33:00:96:c6:d0:0e:8c:da:cc:fe:3e:2d:2c:0c:ad:
         a5:52:ac:41:f1:28:2e:2b:e0:2b:04:b6:2b:be:9a:c3:2b:a4:
         39:b6:08:6d:75:fd:8f:1e:05:30:67:44:02:d0:21:4a:d1:e7:
         49:fb:53:cd:a1:cb:72:75:be:52:d8:4d:7d:af:10:58:2a:65:
         78:7a:ac:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8jaM031lZlhkoVY2cYlkYuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjk3Y2QxODgyN2EwZGRmNWRmMDc1YTc5M2ViZDhkZTc1MDQxNTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4NguUec3v3qnEb3aQqkGSGNCNak
VOvVlBtnQ6Eg8U5fQm8IT7Y/tXngnZ6tcGkgi4JMESCkBzUthmi8+PstRj3WaTeP
VloYim/NVOxuEIrg4E1/fN3OYL/d5jmDyYjPBKg9kyJOx9jtvkdSiZpqiW5fsDeV
NvNLc3JS1Q8/fX/b9Mo1QKVYxMyBvkbCucgcyPebMUOCBsjjzFmYxz771uysxuOy
3BnUUTYLVuSr+UQfre0rXtWH7Japffuc0ou8CEVmpnPhDetKb9kZjH8wut6UZ9YV
UOg2H3t0r3pVpr+FXzuiBABqucKrbtuACOwlfZaBtltgpqteEn1M/hodgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMuXzRiCeg3fXfB1p5Pr2N51BBUyMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveTVmTkdJSjZEZDlkOEhXbmstdlkzblVFRlRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpniAwQA
bbARMA0GCSqGSIb3DQEBCwUAA4IBAQAVqwX1WUn1Zzu/fop27NpFzd+m7vOkRE1t
IU7x5PIQTjFz3SRwJUYOirzHvzerF1LNGb5nBTOb8aye/afliHH4qzo2Di3gbh1w
pKQJyhxxjMSGIxGssVHdXFqfYofoJN0y1vwqqMiS7P3/C4t7Yh9bJqO2Ezsy1rFp
iHSFwbnWZ/FrOxp0LKzCrIr0I7wx4jKHsHv5FKQj0z4Kk1HOePBg6zTC+xF0OXHK
QSW7ZWqY6kBbO3P2uGQzAJbG0A6M2sz+Pi0sDK2lUqxB8SguK+ArBLYrvprDK6Q5
tghtdf2PHgUwZ0QC0CFK0edJ+1PNoctydb5S2E19rxBYKmV4eqzy
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:19 2026 by rpki-client