Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z6BNwhVWSq9gRzS-vVYxJejSbb0.roa
File:                     z6BNwhVWSq9gRzS-vVYxJejSbb0.roa (raw, json)
Hash identifier:          6MSiyQcxiNDnIGQc1kr5alomHOg5ay7xO4IxB4T4Zw8=
Subject key identifier:   CF:A0:4D:C2:15:56:4A:AF:60:47:34:BE:BD:56:31:25:E8:D2:6D:BD
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368E3DB5EDF65F1E544857AF9D7CF9F
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z6BNwhVWSq9gRzS-vVYxJejSbb0.roa
Signing time:             Thu 02 Jul 2026 15:18:24 +0000
ROA not before:           Thu 02 Jul 2026 15:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203771
IP address blocks:        82.152.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:e3:db:5e:df:65:f1:e5:44:85:7a:f9:d7:cf:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cfa04dc215564aaf604734bebd563125e8d26dbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3b:b5:cc:e2:b6:c8:45:67:5e:75:5e:d6:ae:
                    dd:86:c3:d6:b4:79:9d:3d:64:85:b4:8c:be:24:db:
                    88:36:11:10:48:13:af:37:f2:d4:e8:d6:02:c2:09:
                    d9:5c:eb:63:4d:99:b0:3e:87:4b:ea:82:94:df:25:
                    43:fb:a4:57:45:8b:a7:fb:3f:c1:ce:2b:6d:ed:6e:
                    92:c8:c5:d6:6d:3f:a5:eb:e1:f4:a5:9c:ea:13:8e:
                    d8:3c:17:dc:8c:51:ee:e3:9c:94:5d:09:af:22:e3:
                    ba:9e:d9:4c:83:62:9e:a8:62:a9:68:72:8a:6d:4b:
                    82:f3:4a:25:41:b0:83:ea:b4:6c:25:3e:12:92:38:
                    23:94:c8:61:63:0b:dc:5c:ad:dc:ff:5e:eb:50:d7:
                    87:29:2a:a9:3b:77:92:c1:5f:1a:cc:0a:44:0a:20:
                    d4:4b:e5:15:a0:71:7c:c5:d7:42:76:e2:de:4b:b4:
                    70:5b:6a:32:d4:2e:e8:2c:0d:fc:66:80:fd:e7:c3:
                    57:8b:bc:19:3e:69:d2:33:cc:36:d1:9e:f3:b9:ef:
                    dc:53:6d:27:e6:30:68:f7:1c:14:fb:fe:67:60:56:
                    91:ef:ca:66:17:a2:f5:db:b8:20:0b:52:96:2f:b0:
                    a5:9c:69:22:21:70:2e:16:20:ff:f8:75:e4:a2:fd:
                    7b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:A0:4D:C2:15:56:4A:AF:60:47:34:BE:BD:56:31:25:E8:D2:6D:BD
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/z6BNwhVWSq9gRzS-vVYxJejSbb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:8b:f1:e5:4d:69:1a:85:5e:10:bf:8e:f4:f8:90:01:6a:ae:
         81:08:56:30:f0:96:3f:8c:1b:c7:e6:ba:59:19:cf:ec:e3:95:
         bc:53:eb:9b:55:83:ee:2b:d4:ac:10:6d:35:a2:27:96:1b:61:
         f2:b2:53:ca:79:cf:52:04:9f:26:10:87:93:3b:80:0d:a1:74:
         c2:d5:ce:b5:04:cb:aa:88:7c:32:1d:dc:94:51:50:58:20:ed:
         fc:59:5f:61:b9:37:74:6c:ef:d5:b1:de:7a:9d:29:1c:c0:12:
         8e:e7:f7:ff:38:85:85:0f:fa:a6:b7:20:75:5a:75:c5:91:80:
         8e:6e:ec:47:f8:ab:24:2f:b8:23:48:3a:53:d5:27:d7:8b:a0:
         1d:e9:28:77:8a:b8:34:e4:ab:ad:c2:c8:57:7b:1a:96:aa:ab:
         f2:8e:6d:0e:63:a4:c7:36:c0:ac:e2:eb:8b:98:9e:f6:a3:72:
         b9:55:e1:7f:0d:b7:69:6c:57:4e:43:67:a3:e8:7e:be:83:6d:
         f7:4c:23:f3:ce:64:78:63:d5:71:f2:da:99:dd:20:14:45:42:
         c3:e3:57:dd:17:9e:7b:b6:63:fd:c8:7b:1d:2c:4e:29:51:e6:
         c5:33:c7:4d:f4:82:0d:24:2b:ee:98:18:76:64:49:02:66:59:
         85:4a:51:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaOPbXt9l8eVEhXr518+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmEwNGRjMjE1NTY0YWFmNjA0NzM0YmViZDU2MzEyNWU4ZDI2ZGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Du1zOK2yEVnXnVe1q7dhsPWtHmd
PWSFtIy+JNuINhEQSBOvN/LU6NYCwgnZXOtjTZmwPodL6oKU3yVD+6RXRYun+z/B
zitt7W6SyMXWbT+l6+H0pZzqE47YPBfcjFHu45yUXQmvIuO6ntlMg2KeqGKpaHKK
bUuC80olQbCD6rRsJT4SkjgjlMhhYwvcXK3c/17rUNeHKSqpO3eSwV8azApECiDU
S+UVoHF8xddCduLeS7RwW2oy1C7oLA38ZoD958NXi7wZPmnSM8w20Z7zue/cU20n
5jBo9xwU+/5nYFaR78pmF6L127ggC1KWL7ClnGkiIXAuFiD/+HXkov17ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+gTcIVVkqvYEc0vr1WMSXo0m29MB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvejZCTndoVldTcTlnUnpTLXZWWXhKZWpTYmIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpgLMA0G
CSqGSIb3DQEBCwUAA4IBAQAEi/HlTWkahV4Qv470+JABaq6BCFYw8JY/jBvH5rpZ
Gc/s45W8U+ubVYPuK9SsEG01oieWG2HyslPKec9SBJ8mEIeTO4ANoXTC1c61BMuq
iHwyHdyUUVBYIO38WV9huTd0bO/Vsd56nSkcwBKO5/f/OIWFD/qmtyB1WnXFkYCO
buxH+KskL7gjSDpT1SfXi6Ad6Sh3irg05KutwshXexqWqqvyjm0OY6THNsCs4uuL
mJ72o3K5VeF/DbdpbFdOQ2ej6H6+g233TCPzzmR4Y9Vx8tqZ3SAURULD41fdF557
tmP9yHsdLE4pUebFM8dN9IINJCvumBh2ZEkCZlmFSlEd
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:21:14 2026 by rpki-client