Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zGj480IzkgYQE07dxKpED3MFWWg.roa
File:                     zGj480IzkgYQE07dxKpED3MFWWg.roa (raw, json)
Hash identifier:          8AokmnaBdjCa+HOBqYLG8zYE97CrwHFJpqtZJAe9vws=
Subject key identifier:   CC:68:F8:F3:42:33:92:06:10:13:4E:DD:C4:AA:44:0F:73:05:59:68
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368EBF675BB0F22F5E088F6733CFA11
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zGj480IzkgYQE07dxKpED3MFWWg.roa
Signing time:             Thu 02 Jul 2026 15:18:26 +0000
ROA not before:           Thu 02 Jul 2026 15:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209043
IP address blocks:        213.152.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:eb:f6:75:bb:0f:22:f5:e0:88:f6:73:3c:fa:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc68f8f34233920610134eddc4aa440f73055968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5f:2e:ea:26:29:97:cb:90:cc:a3:17:02:cd:
                    33:5e:c7:3d:bc:d9:b7:42:96:21:93:22:d6:5e:95:
                    9b:07:7a:37:ed:81:6a:ff:85:2f:57:20:e2:27:4a:
                    94:47:51:b1:0a:5d:8a:b4:67:aa:fe:84:8e:97:bd:
                    84:7c:a8:00:3e:4f:83:77:80:1e:c8:87:2e:e3:48:
                    99:bb:7a:13:11:ee:2f:e2:15:d8:23:7c:1e:3d:96:
                    dd:8c:91:0f:e7:ca:c3:58:4d:25:86:ac:36:e0:39:
                    c1:5b:d5:ce:f1:d9:18:72:4f:1a:dd:65:07:27:1c:
                    3d:1d:60:2a:be:fd:cc:40:8c:27:ad:c2:63:4d:1b:
                    7f:d0:aa:ea:ad:93:90:3e:95:ba:76:89:91:26:21:
                    6d:0c:d3:ac:bd:87:47:f0:3c:8b:01:07:36:3d:bb:
                    51:b3:4d:fb:37:50:9e:fb:c6:57:9c:04:c6:43:d3:
                    54:24:16:14:e3:6d:58:20:7e:88:78:b4:68:69:04:
                    18:c9:53:de:93:5b:e4:76:b4:ff:d8:c6:3c:2b:7e:
                    0a:86:11:4d:3b:28:f2:3b:c9:49:ff:0e:e8:e6:c1:
                    fb:9a:32:ff:05:4b:8f:ca:bd:46:a8:79:ec:77:a6:
                    16:28:d2:96:7f:82:2a:eb:2d:8d:7f:1d:f3:ac:b6:
                    58:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:68:F8:F3:42:33:92:06:10:13:4E:DD:C4:AA:44:0F:73:05:59:68
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zGj480IzkgYQE07dxKpED3MFWWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.152.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:81:b6:dc:c6:59:ae:92:a5:e1:1e:8d:bd:42:b1:06:c3:b4:
         67:49:52:5b:57:45:fa:87:97:17:41:f7:80:5b:65:18:23:6f:
         56:b0:93:fd:57:66:cc:30:bb:48:2a:1e:3a:1d:c2:8e:9a:ac:
         7c:b1:fb:06:ec:1a:2c:5a:0a:18:29:75:c9:ad:c9:f2:9c:48:
         25:81:bc:f9:c4:e1:49:17:a5:cf:4b:9e:1b:c3:16:6d:5a:9d:
         a6:c7:be:0f:c1:b0:17:28:4d:cf:c2:35:58:36:9b:00:a4:42:
         d2:62:0b:a8:ee:d4:2b:62:72:77:68:84:f8:54:a7:4d:05:36:
         39:37:b4:11:fb:1c:f3:0e:b6:51:25:1c:f3:ad:5b:8e:a3:8f:
         40:7f:cd:9f:3e:93:01:b4:fd:df:29:98:16:86:b0:f7:c4:5a:
         13:f6:94:72:7c:5b:51:3b:6d:37:7e:29:0a:51:16:e1:b8:12:
         8a:a2:48:db:f9:28:81:e5:8a:a7:e0:0b:fe:fd:6c:3d:f5:ea:
         3a:8d:2c:a9:02:30:dd:fb:70:61:68:b4:55:31:e4:0b:32:e0:
         48:c9:6d:ad:80:d3:be:d5:4c:41:0d:76:60:9c:ef:55:e6:d0:
         78:4c:2b:bb:42:74:41:b0:6e:c7:4e:2b:15:92:46:a5:09:47:
         32:86:22:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaOv2dbsPIvXgiPZzPPoRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzY4ZjhmMzQyMzM5MjA2MTAxMzRlZGRjNGFhNDQwZjczMDU1OTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArl8u6iYpl8uQzKMXAs0zXsc9vNm3
QpYhkyLWXpWbB3o37YFq/4UvVyDiJ0qUR1GxCl2KtGeq/oSOl72EfKgAPk+Dd4Ae
yIcu40iZu3oTEe4v4hXYI3wePZbdjJEP58rDWE0lhqw24DnBW9XO8dkYck8a3WUH
Jxw9HWAqvv3MQIwnrcJjTRt/0KrqrZOQPpW6domRJiFtDNOsvYdH8DyLAQc2PbtR
s037N1Ce+8ZXnATGQ9NUJBYU421YIH6IeLRoaQQYyVPek1vkdrT/2MY8K34KhhFN
OyjyO8lJ/w7o5sH7mjL/BUuPyr1GqHnsd6YWKNKWf4Iq6y2Nfx3zrLZYKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxo+PNCM5IGEBNO3cSqRA9zBVloMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvekdqNDgwSXprZ1lRRTA3ZHhLcEVEM01GV1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZgqMA0G
CSqGSIb3DQEBCwUAA4IBAQAVgbbcxlmukqXhHo29QrEGw7RnSVJbV0X6h5cXQfeA
W2UYI29WsJP9V2bMMLtIKh46HcKOmqx8sfsG7BosWgoYKXXJrcnynEglgbz5xOFJ
F6XPS54bwxZtWp2mx74PwbAXKE3PwjVYNpsApELSYguo7tQrYnJ3aIT4VKdNBTY5
N7QR+xzzDrZRJRzzrVuOo49Af82fPpMBtP3fKZgWhrD3xFoT9pRyfFtRO203fikK
URbhuBKKokjb+SiB5Yqn4Av+/Ww99eo6jSypAjDd+3BhaLRVMeQLMuBIyW2tgNO+
1UxBDXZgnO9V5tB4TCu7QnRBsG7HTisVkkalCUcyhiKw
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:21:32 2026 by rpki-client