Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MwbgLOkAjOlFqhtFwESSiLZV_II.roa
File:                     MwbgLOkAjOlFqhtFwESSiLZV_II.roa (raw, json)
Hash identifier:          /7RzBc5SlA5H3INNEgPlkkSxIBN+cjs01frnlXfST30=
Subject key identifier:   33:06:E0:2C:E9:00:8C:E9:45:AA:1B:45:C0:44:92:88:B6:55:FC:82
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019EF91A5C2F6FF9284443F4111B2C6BB11E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MwbgLOkAjOlFqhtFwESSiLZV_II.roa
Signing time:             Wed 24 Jun 2026 10:08:34 +0000
ROA not before:           Wed 24 Jun 2026 10:08:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        45.67.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Jul 2026 08:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f9:1a:5c:2f:6f:f9:28:44:43:f4:11:1b:2c:6b:b1:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jun 24 10:08:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3306e02ce9008ce945aa1b45c0449288b655fc82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e1:12:1f:b7:d0:3e:95:72:5d:29:6d:06:de:
                    f4:98:8c:78:cb:75:ec:6f:a3:67:81:04:7d:30:db:
                    80:a3:9d:b6:11:ad:0b:ac:46:48:73:65:46:3f:7a:
                    88:66:ad:4d:40:cf:bd:9f:ab:42:4d:68:2b:ed:92:
                    d4:d7:de:27:ec:61:5a:cd:57:f4:53:65:ce:25:6a:
                    ef:b4:45:a8:9f:f9:3a:15:bf:e2:73:c8:ac:3b:3c:
                    4a:17:9f:f0:45:21:32:26:0c:b7:65:4c:88:a6:ea:
                    d6:d0:6b:e6:89:d2:ed:a5:9b:12:e6:a1:67:fc:c0:
                    d0:dc:70:39:9e:47:b1:3b:2a:6e:92:a2:4f:3d:fc:
                    0d:78:3f:d2:90:2a:f8:ae:f8:e9:e8:b8:82:06:23:
                    cb:c9:1f:b0:7c:6d:bb:d8:08:d9:dd:86:db:0e:0d:
                    43:69:5d:fa:94:e6:f9:b7:33:17:07:23:e7:5e:93:
                    67:bd:7d:58:aa:32:29:eb:c8:8f:19:1b:ce:35:5f:
                    42:6b:d3:bc:77:1d:19:e0:f5:4a:b9:20:82:1f:ef:
                    e6:60:a9:54:7a:d3:65:7f:7a:fa:e7:5f:60:75:ae:
                    12:21:c6:11:42:c3:ca:25:4f:d3:f5:01:6f:1c:f1:
                    9e:f3:0a:be:44:43:bf:62:6a:2c:92:68:39:fa:ac:
                    b4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:06:E0:2C:E9:00:8C:E9:45:AA:1B:45:C0:44:92:88:B6:55:FC:82
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MwbgLOkAjOlFqhtFwESSiLZV_II.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:d7:c8:af:04:96:de:38:41:0e:dd:96:05:ef:10:96:08:1a:
         43:a2:0d:24:b5:40:6b:93:9e:b9:fd:0a:a5:dd:3f:a7:60:d4:
         a7:ed:7b:b8:41:3b:87:77:75:d1:34:7d:ae:bc:7e:9b:d8:ab:
         ae:ba:d2:1d:70:8f:7c:20:f7:cd:d8:be:84:97:6d:68:84:53:
         74:4e:65:25:4e:ba:f2:48:1e:5c:cb:9e:a0:56:3a:7f:b8:3b:
         07:63:99:00:1e:35:24:48:bf:b0:6b:08:4d:d6:f3:df:90:30:
         76:bb:4d:91:9b:60:ef:0e:6e:ba:dd:52:e0:aa:83:1b:86:d2:
         48:e5:61:f2:9b:19:1a:e5:92:4f:76:9a:16:42:ab:bb:5a:c9:
         b1:fa:47:f3:89:72:42:ad:d8:53:0b:b7:d9:a5:4c:a6:c9:d3:
         8e:c3:92:5f:dd:99:f3:85:33:32:ed:47:22:2e:69:2f:58:54:
         9c:0b:ae:b3:b0:be:04:e6:e6:4b:43:b9:c7:79:31:4c:6f:08:
         f0:c5:a9:3f:99:18:41:5e:22:0c:ff:c8:d2:aa:e1:76:6b:aa:
         6e:2c:58:31:db:6a:9a:c8:ba:c3:25:b2:c6:83:94:14:bd:e0:
         89:95:5c:ad:63:33:54:71:41:a3:08:cc:89:10:02:cc:14:2d:
         00:af:5b:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ75Glwvb/koREP0ERssa7EeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwNjI0MTAwODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzA2ZTAyY2U5MDA4Y2U5NDVhYTFiNDVjMDQ0OTI4OGI2NTVmYzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+ESH7fQPpVyXSltBt70mIx4y3Xs
b6NngQR9MNuAo522Ea0LrEZIc2VGP3qIZq1NQM+9n6tCTWgr7ZLU194n7GFazVf0
U2XOJWrvtEWon/k6Fb/ic8isOzxKF5/wRSEyJgy3ZUyIpurW0GvmidLtpZsS5qFn
/MDQ3HA5nkexOypukqJPPfwNeD/SkCr4rvjp6LiCBiPLyR+wfG272AjZ3YbbDg1D
aV36lOb5tzMXByPnXpNnvX1YqjIp68iPGRvONV9Ca9O8dx0Z4PVKuSCCH+/mYKlU
etNlf3r6519gda4SIcYRQsPKJU/T9QFvHPGe8wq+REO/Ymoskmg5+qy0MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMG4CzpAIzpRaobRcBEkoi2VfyCMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTXdiZ0xPa0FqT2xGcWh0RndFU1NpTFpWX0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUNjMA0G
CSqGSIb3DQEBCwUAA4IBAQBs18ivBJbeOEEO3ZYF7xCWCBpDog0ktUBrk565/Qql
3T+nYNSn7Xu4QTuHd3XRNH2uvH6b2KuuutIdcI98IPfN2L6El21ohFN0TmUlTrry
SB5cy56gVjp/uDsHY5kAHjUkSL+wawhN1vPfkDB2u02Rm2DvDm663VLgqoMbhtJI
5WHymxka5ZJPdpoWQqu7Wsmx+kfziXJCrdhTC7fZpUymydOOw5Jf3ZnzhTMy7Uci
LmkvWFScC66zsL4E5uZLQ7nHeTFMbwjwxak/mRhBXiIM/8jSquF2a6puLFgx22qa
yLrDJbLGg5QUveCJlVytYzNUcUGjCMyJEALMFC0Ar1t/
-----END CERTIFICATE-----
Generated at Wed Jul 1 13:50:54 2026 by rpki-client