Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yiBIKJ3R8QuxgWMHCoQutyTPbC8.roa
File:                     yiBIKJ3R8QuxgWMHCoQutyTPbC8.roa (raw, json)
Hash identifier:          zeSG/aHJfDXWq+Tr9cZ3CAaBuRJaQmH5hUZcm85u6kQ=
Subject key identifier:   CA:20:48:28:9D:D1:F1:0B:B1:81:63:07:0A:84:2E:B7:24:CF:6C:2F
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368FEC4D3FEE13623F9F7337280F980
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yiBIKJ3R8QuxgWMHCoQutyTPbC8.roa
Signing time:             Thu 02 Jul 2026 15:18:31 +0000
ROA not before:           Thu 02 Jul 2026 15:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213407
IP address blocks:        213.218.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:fe:c4:d3:fe:e1:36:23:f9:f7:33:72:80:f9:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca2048289dd1f10bb18163070a842eb724cf6c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:16:c7:b0:85:34:45:33:6d:75:91:1c:e9:6f:
                    84:0a:ca:43:18:8c:65:8b:3e:10:1a:c2:98:a0:f2:
                    d6:56:93:bf:8f:bf:cc:e3:c9:22:26:98:2b:48:2d:
                    0f:91:1f:e3:46:fc:65:68:c8:e2:e3:6c:9d:12:33:
                    f7:d9:bb:72:f0:53:2e:be:d8:cd:c6:a4:f2:7c:d9:
                    71:82:4b:9d:b8:c8:64:6f:2e:e2:47:2f:f1:56:44:
                    3e:69:8e:fa:fc:1b:05:2e:17:76:26:dc:27:51:ee:
                    55:a8:a6:1b:4a:b4:f6:00:4b:81:fb:b1:9c:5c:ec:
                    9c:7e:ee:d8:53:7f:35:6e:c5:09:f6:35:52:6a:f1:
                    ff:4c:35:1e:ff:b2:2d:ab:40:db:7c:d6:76:5d:da:
                    e8:59:d7:f9:67:25:17:a4:93:89:eb:c0:27:b9:b6:
                    39:4c:66:59:d7:90:de:40:6e:69:e2:29:a3:7a:ff:
                    eb:5f:8a:a7:27:f5:1e:4e:46:14:af:9d:e8:50:7d:
                    15:48:04:0f:d4:4e:e5:e4:16:7e:71:b6:ba:70:df:
                    73:c0:43:b1:5a:2d:02:68:d4:bb:2f:3d:98:aa:75:
                    bc:5f:4f:1e:e2:95:61:e6:91:ce:2e:71:03:54:90:
                    0f:00:10:d4:62:41:42:ea:c2:cd:40:82:70:df:18:
                    51:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:20:48:28:9D:D1:F1:0B:B1:81:63:07:0A:84:2E:B7:24:CF:6C:2F
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yiBIKJ3R8QuxgWMHCoQutyTPbC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:29:fc:70:5b:c9:28:93:d5:b1:a7:95:3a:fc:c6:c2:91:75:
         a2:9b:e6:cb:a6:d8:80:a7:b1:1c:73:20:08:73:bc:26:9e:f9:
         a9:2e:fe:a1:b2:42:7f:da:80:4e:66:26:7d:db:a9:d7:f0:a5:
         22:9f:4f:53:4f:45:33:4b:1d:df:eb:56:54:a4:64:96:3b:30:
         df:d0:ca:13:80:44:ec:7f:04:27:f4:4a:be:c5:ff:77:c7:2a:
         62:75:48:7f:06:92:dc:35:c6:6e:11:10:30:d7:11:9c:b6:46:
         32:cb:b9:e2:9d:2a:00:6b:b5:f8:f8:3e:84:98:49:01:c2:05:
         4c:51:5d:51:b3:e3:f7:90:e7:10:39:8b:97:ec:be:ce:ba:a6:
         12:40:5c:e7:61:04:80:29:09:1d:34:35:48:e2:d6:2c:3e:b2:
         71:6d:78:dc:a0:54:da:2c:50:9b:12:dc:d5:8a:90:64:30:c8:
         bf:3d:e7:53:b4:29:e1:bb:d0:5b:40:59:75:5b:60:8c:30:fc:
         52:fd:95:7c:e2:87:bd:73:a4:8e:d2:2c:24:fa:f7:b5:8f:fc:
         ee:c0:cf:e0:d2:6f:ea:ba:90:00:39:1c:74:4f:66:9f:7d:05:
         3a:55:66:8b:38:4f:09:2b:1d:7f:e4:e6:4c:4a:dc:01:c8:bc:
         0b:44:94:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaP7E0/7hNiP59zNygPmAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTIwNDgyODlkZDFmMTBiYjE4MTYzMDcwYTg0MmViNzI0Y2Y2YzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBbHsIU0RTNtdZEc6W+ECspDGIxl
iz4QGsKYoPLWVpO/j7/M48kiJpgrSC0PkR/jRvxlaMji42ydEjP32bty8FMuvtjN
xqTyfNlxgkuduMhkby7iRy/xVkQ+aY76/BsFLhd2JtwnUe5VqKYbSrT2AEuB+7Gc
XOycfu7YU381bsUJ9jVSavH/TDUe/7Itq0DbfNZ2XdroWdf5ZyUXpJOJ68AnubY5
TGZZ15DeQG5p4imjev/rX4qnJ/UeTkYUr53oUH0VSAQP1E7l5BZ+cba6cN9zwEOx
Wi0CaNS7Lz2YqnW8X08e4pVh5pHOLnEDVJAPABDUYkFC6sLNQIJw3xhRhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMogSCid0fELsYFjBwqELrckz2wvMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveWlCSUtKM1I4UXV4Z1dNSENvUXV0eVRQYkM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dr7MA0G
CSqGSIb3DQEBCwUAA4IBAQBGKfxwW8kok9Wxp5U6/MbCkXWim+bLptiAp7EccyAI
c7wmnvmpLv6hskJ/2oBOZiZ926nX8KUin09TT0UzSx3f61ZUpGSWOzDf0MoTgETs
fwQn9Eq+xf93xypidUh/BpLcNcZuERAw1xGctkYyy7ninSoAa7X4+D6EmEkBwgVM
UV1Rs+P3kOcQOYuX7L7OuqYSQFznYQSAKQkdNDVI4tYsPrJxbXjcoFTaLFCbEtzV
ipBkMMi/PedTtCnhu9BbQFl1W2CMMPxS/ZV84oe9c6SO0iwk+ve1j/zuwM/g0m/q
upAAORx0T2affQU6VWaLOE8JKx1/5OZMStwByLwLRJSH
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:19:19 2026 by rpki-client