Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zHjlkzQDYfKBWtOHM48mdXubTt0.roa
File:                     zHjlkzQDYfKBWtOHM48mdXubTt0.roa (raw, json)
Hash identifier:          8qzIXi4pp8ad4U7z6L09WnUYtJRsdC38xBcq92cNZbs=
Subject key identifier:   CC:78:E5:93:34:03:61:F2:81:5A:D3:87:33:8F:26:75:7B:9B:4E:DD
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2369237427B01CCCACDB559607835CC4
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zHjlkzQDYfKBWtOHM48mdXubTt0.roa
Signing time:             Thu 02 Jul 2026 15:18:40 +0000
ROA not before:           Thu 02 Jul 2026 15:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        77.107.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:69:23:74:27:b0:1c:cc:ac:db:55:96:07:83:5c:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc78e593340361f2815ad387338f26757b9b4edd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:9c:90:de:c8:17:a6:dc:fc:5d:79:70:e2:56:
                    de:63:29:55:9c:3a:43:3a:e2:97:d8:5a:13:0c:df:
                    e7:50:d2:e0:fb:ea:1c:3e:bc:7a:3c:7f:24:7e:c5:
                    e0:46:06:58:8a:07:64:00:76:09:41:42:3d:ed:5d:
                    1e:4c:9c:97:6a:e6:bf:da:ae:38:9c:b2:54:5e:be:
                    30:85:03:fd:d5:a7:51:ef:d4:05:9b:6b:41:85:41:
                    7e:a6:7a:40:21:96:60:57:7b:42:57:29:d1:07:cb:
                    7f:1e:af:35:88:89:51:73:b8:3c:49:e9:97:f3:12:
                    91:c0:c3:44:e9:e4:1b:a6:63:95:85:28:dd:b4:83:
                    bb:6d:14:10:d1:4e:2c:89:29:d9:24:4b:60:2b:e0:
                    11:8b:ac:60:a2:ea:b7:16:d2:6c:8c:be:00:7a:91:
                    5b:8f:10:d9:ca:12:19:45:ae:e4:5f:d2:65:b0:dc:
                    34:78:e2:a8:ac:35:53:e3:b5:ac:ea:48:00:75:26:
                    75:14:0c:02:20:48:60:92:08:23:6a:b2:e3:31:54:
                    a9:b6:43:46:50:6b:75:be:3d:11:13:40:f7:25:88:
                    35:ea:c1:8b:ed:70:9a:ec:95:5c:2a:f4:a8:ab:2f:
                    a5:69:d1:5b:78:c5:1e:52:65:17:02:25:d9:01:ab:
                    1c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:78:E5:93:34:03:61:F2:81:5A:D3:87:33:8F:26:75:7B:9B:4E:DD
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zHjlkzQDYfKBWtOHM48mdXubTt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.107.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:78:22:37:05:d4:63:d3:d3:dc:fd:7a:4e:ee:59:ee:a2:f4:
         32:37:64:b4:14:02:93:a2:b8:86:0b:14:97:f0:3b:92:44:b4:
         c4:71:6a:6b:f8:66:e9:3c:7f:26:b7:7b:c5:04:fc:0f:e9:66:
         9a:b3:49:cb:e3:3e:2a:59:8d:fa:d0:37:6b:c8:b8:b1:61:c3:
         82:f6:b3:be:fd:ce:57:c0:bb:2d:2d:10:99:73:7e:fd:e6:64:
         60:b6:b0:6a:bd:bb:70:37:4f:36:54:f3:61:85:9a:cf:eb:9a:
         8f:1e:13:29:4e:3f:53:d7:76:9a:40:4b:1c:41:c7:96:6a:95:
         71:35:ad:4f:7e:46:59:41:2a:c7:5f:0a:1d:d6:16:df:20:fd:
         43:ca:ce:00:40:cf:e1:4a:28:75:88:94:fc:50:7c:3c:b2:2e:
         13:53:f2:4b:c6:d0:e6:d8:05:17:8a:bf:26:0e:4f:18:5d:87:
         b8:25:6b:77:1f:e9:21:38:3d:36:f3:94:a9:6e:10:1b:47:59:
         dc:1f:91:0a:c0:57:f3:a7:78:77:1a:91:45:29:7d:b4:4c:93:
         44:97:9c:de:df:55:5a:f7:71:00:b2:dc:d9:4f:b4:e3:78:52:
         12:d0:64:09:da:c1:c5:31:e6:3d:67:8b:bb:84:03:b9:cc:ed:
         26:c1:5a:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaSN0J7AczKzbVZYHg1zEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzc4ZTU5MzM0MDM2MWYyODE1YWQzODczMzhmMjY3NTdiOWI0ZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35yQ3sgXptz8XXlw4lbeYylVnDpD
OuKX2FoTDN/nUNLg++ocPrx6PH8kfsXgRgZYigdkAHYJQUI97V0eTJyXaua/2q44
nLJUXr4whQP91adR79QFm2tBhUF+pnpAIZZgV3tCVynRB8t/Hq81iIlRc7g8SemX
8xKRwMNE6eQbpmOVhSjdtIO7bRQQ0U4siSnZJEtgK+ARi6xgouq3FtJsjL4AepFb
jxDZyhIZRa7kX9JlsNw0eOKorDVT47Ws6kgAdSZ1FAwCIEhgkggjarLjMVSptkNG
UGt1vj0RE0D3JYg16sGL7XCa7JVcKvSoqy+ladFbeMUeUmUXAiXZAascTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMx45ZM0A2HygVrThzOPJnV7m07dMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvekhqbGt6UURZZktCV3RPSE00OG1kWHViVHQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWtSMA0G
CSqGSIb3DQEBCwUAA4IBAQAMeCI3BdRj09Pc/XpO7lnuovQyN2S0FAKToriGCxSX
8DuSRLTEcWpr+GbpPH8mt3vFBPwP6Waas0nL4z4qWY360DdryLixYcOC9rO+/c5X
wLstLRCZc3795mRgtrBqvbtwN082VPNhhZrP65qPHhMpTj9T13aaQEscQceWapVx
Na1PfkZZQSrHXwod1hbfIP1Dys4AQM/hSih1iJT8UHw8si4TU/JLxtDm2AUXir8m
Dk8YXYe4JWt3H+khOD0285SpbhAbR1ncH5EKwFfzp3h3GpFFKX20TJNEl5ze31Va
93EAstzZT7TjeFIS0GQJ2sHFMeY9Z4u7hAO5zO0mwVox
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:20:28 2026 by rpki-client