Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yqouCn_2gsUkzCHxsuiUtlqzvo4.roa
File:                     yqouCn_2gsUkzCHxsuiUtlqzvo4.roa (raw, json)
Hash identifier:          5ReVoHIoaC/w6MVnEwI4rQJQYHSxNVtwVtg7NVSaU9k=
Subject key identifier:   CA:AA:2E:0A:7F:F6:82:C5:24:CC:21:F1:B2:E8:94:B6:5A:B3:BE:8E
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368F8281F4C5B29F486B50F94F7FF6A
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yqouCn_2gsUkzCHxsuiUtlqzvo4.roa
Signing time:             Thu 02 Jul 2026 15:18:29 +0000
ROA not before:           Thu 02 Jul 2026 15:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212332
IP address blocks:        82.153.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:f8:28:1f:4c:5b:29:f4:86:b5:0f:94:f7:ff:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=caaa2e0a7ff682c524cc21f1b2e894b65ab3be8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6b:95:54:16:0d:37:4e:eb:40:f9:aa:84:eb:
                    88:74:fc:00:da:2f:0f:19:f4:53:44:0d:05:dc:c0:
                    fe:70:04:68:3f:70:9b:bc:75:05:46:9e:c6:93:a0:
                    a8:04:4d:03:6a:a6:e6:e8:da:72:c2:1a:3b:02:4e:
                    68:8c:5d:ad:49:58:d9:95:06:08:4e:45:10:f4:86:
                    3b:c5:07:db:d4:85:ab:f8:8b:42:90:85:b6:b8:be:
                    e9:55:51:45:33:26:7d:73:80:7c:26:05:e5:76:71:
                    aa:48:bb:a7:b8:d6:2c:b2:99:e6:98:d9:4b:13:d9:
                    68:38:0f:f0:32:89:a9:2a:7d:d9:18:99:2f:7d:93:
                    14:d8:71:d6:7f:d3:7e:64:6e:c3:bf:d1:33:71:14:
                    30:d8:d0:fc:78:49:25:23:69:3e:cc:17:77:2a:9b:
                    86:ca:1b:fe:97:d3:f3:77:4f:02:97:4d:25:6c:be:
                    42:93:cf:3e:31:63:50:4f:46:b0:0e:0d:c6:b9:1c:
                    eb:29:f7:a1:8a:bd:52:3f:57:73:25:9b:e2:72:eb:
                    85:64:83:a5:48:07:a2:9e:35:1c:8e:41:c9:91:b9:
                    60:9f:c3:37:17:7a:e7:52:77:ec:cc:55:a8:cb:f3:
                    e1:cc:1d:c6:07:77:a6:9a:d5:22:95:24:8c:82:00:
                    99:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:AA:2E:0A:7F:F6:82:C5:24:CC:21:F1:B2:E8:94:B6:5A:B3:BE:8E
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yqouCn_2gsUkzCHxsuiUtlqzvo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:ee:41:54:b2:f3:ba:da:42:b4:1d:9e:1b:71:e9:4a:a9:87:
         a9:8c:6f:ff:07:aa:ce:64:37:5d:18:07:fd:7c:70:c1:b3:1a:
         65:c2:4a:85:4b:0c:a3:db:14:47:a8:e4:54:19:78:21:20:3e:
         5f:52:9f:65:95:33:b5:17:77:42:7f:16:d4:72:d2:5e:a6:b7:
         8e:8b:1d:ac:a8:b0:77:05:bc:21:9b:d1:1e:c2:66:85:0d:6e:
         05:f0:6e:16:bd:a3:4f:e7:6f:c4:5f:93:74:b7:3f:5e:59:bb:
         03:bc:6b:6c:e0:f5:cb:56:ba:e1:f4:6c:e0:36:09:31:7e:90:
         d6:e9:d3:16:9f:59:0a:54:90:28:cc:3e:6b:48:3e:f2:41:42:
         5f:53:1b:70:1e:ce:19:ee:08:c2:7a:27:ca:83:a6:e6:50:59:
         16:bc:81:23:0e:be:a1:b1:8c:0c:62:be:79:6b:a2:c8:37:08:
         95:7e:58:e6:60:f3:8a:0f:78:b2:50:2d:2f:73:99:c7:48:5f:
         56:c0:8d:a3:3b:ad:13:ac:de:ce:39:72:11:4d:a9:e1:48:89:
         65:6d:02:c9:81:59:39:56:1a:c7:a3:ea:d0:19:64:4f:d2:c2:
         20:54:f7:dc:62:df:a2:5f:5e:7e:f5:5e:ed:d3:4a:05:87:f5:
         af:90:e2:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaPgoH0xbKfSGtQ+U9/9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWFhMmUwYTdmZjY4MmM1MjRjYzIxZjFiMmU4OTRiNjVhYjNiZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WuVVBYNN07rQPmqhOuIdPwA2i8P
GfRTRA0F3MD+cARoP3CbvHUFRp7Gk6CoBE0Daqbm6Npywho7Ak5ojF2tSVjZlQYI
TkUQ9IY7xQfb1IWr+ItCkIW2uL7pVVFFMyZ9c4B8JgXldnGqSLunuNYsspnmmNlL
E9loOA/wMompKn3ZGJkvfZMU2HHWf9N+ZG7Dv9EzcRQw2ND8eEklI2k+zBd3KpuG
yhv+l9Pzd08Cl00lbL5Ck88+MWNQT0awDg3GuRzrKfehir1SP1dzJZvicuuFZIOl
SAeinjUcjkHJkblgn8M3F3rnUnfszFWoy/PhzB3GB3emmtUilSSMggCZmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqqLgp/9oLFJMwh8bLolLZas76OMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveXFvdUNuXzJnc1VrekNIeHN1aVV0bHF6dm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnyMA0G
CSqGSIb3DQEBCwUAA4IBAQBa7kFUsvO62kK0HZ4bcelKqYepjG//B6rOZDddGAf9
fHDBsxplwkqFSwyj2xRHqORUGXghID5fUp9llTO1F3dCfxbUctJepreOix2sqLB3
Bbwhm9EewmaFDW4F8G4WvaNP52/EX5N0tz9eWbsDvGts4PXLVrrh9GzgNgkxfpDW
6dMWn1kKVJAozD5rSD7yQUJfUxtwHs4Z7gjCeifKg6bmUFkWvIEjDr6hsYwMYr55
a6LINwiVfljmYPOKD3iyUC0vc5nHSF9WwI2jO60TrN7OOXIRTanhSIllbQLJgVk5
VhrHo+rQGWRP0sIgVPfcYt+iX15+9V7t00oFh/WvkOIC
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:22:41 2026 by rpki-client