Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/CBtEHJaHzVeN2D-IZE6BCv7mSC8.roa
File:                     CBtEHJaHzVeN2D-IZE6BCv7mSC8.roa (raw, json)
Hash identifier:          heEBAu3l6Z4RAGafbljD+NgYk3gtGcKPKxmuj7zaY7U=
Subject key identifier:   08:1B:44:1C:96:87:CD:57:8D:D8:3F:88:64:4E:81:0A:FE:E6:48:2F
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       019ECA8298C3845695936DA176EF73BC708D
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/CBtEHJaHzVeN2D-IZE6BCv7mSC8.roa
Signing time:             Mon 15 Jun 2026 09:00:16 +0000
ROA not before:           Mon 15 Jun 2026 09:00:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8262
IP address blocks:        82.119.64.0/19 maxlen: 19
                          82.119.68.0/24 maxlen: 24
                          82.119.69.0/24 maxlen: 24
                          82.119.80.0/21 maxlen: 21
                          82.119.83.0/24 maxlen: 24
                          82.119.84.0/24 maxlen: 24
                          82.119.92.0/24 maxlen: 24
                          82.119.94.0/24 maxlen: 24
                          85.14.0.0/18 maxlen: 24
                          85.14.0.0/23 maxlen: 23
                          85.14.12.0/24 maxlen: 24
                          85.14.13.0/24 maxlen: 24
                          85.14.21.0/24 maxlen: 24
                          85.14.24.0/24 maxlen: 24
                          85.14.36.0/24 maxlen: 24
                          85.14.44.0/24 maxlen: 24
                          85.14.47.0/24 maxlen: 24
                          85.14.49.0/24 maxlen: 24
                          89.252.192.0/18 maxlen: 24
                          89.252.192.0/22 maxlen: 22
                          89.252.199.0/24 maxlen: 24
                          89.252.200.0/21 maxlen: 24
                          89.252.208.0/20 maxlen: 20
                          89.252.223.0/24 maxlen: 24
                          89.252.224.0/19 maxlen: 24
                          89.252.229.0/24 maxlen: 24
                          89.252.241.0/24 maxlen: 24
                          89.252.246.0/24 maxlen: 24
                          176.67.233.0/24 maxlen: 24
                          176.67.234.0/24 maxlen: 24
                          185.92.132.0/22 maxlen: 22
                          194.12.224.0/19 maxlen: 24
                          194.12.231.0/24 maxlen: 24
                          194.12.234.0/24 maxlen: 24
                          194.12.244.0/24 maxlen: 24
                          194.12.249.0/24 maxlen: 24
                          194.12.253.0/24 maxlen: 32
                          194.12.254.0/24 maxlen: 24
                          2001:1ae0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ca:82:98:c3:84:56:95:93:6d:a1:76:ef:73:bc:70:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jun 15 09:00:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=081b441c9687cd578dd83f88644e810afee6482f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:bf:02:ea:78:76:f1:14:3c:7f:a3:67:d2:28:
                    63:6c:03:b7:0f:cf:a7:99:03:44:3e:63:cc:bd:46:
                    21:c9:e7:07:3f:d3:1b:c4:3a:4c:3d:33:fb:94:7e:
                    7f:02:34:cb:8c:b9:18:89:a2:6b:9c:40:dd:73:ae:
                    37:cf:eb:6e:09:a4:52:08:0c:6d:b3:57:25:2e:2b:
                    8a:ba:81:62:f6:1f:0f:94:be:c2:83:87:26:de:c1:
                    86:38:a2:cc:cd:84:27:e4:a1:cf:33:3b:be:97:a9:
                    cc:13:32:e4:73:d8:17:25:71:56:64:9d:0c:8a:3c:
                    04:8e:4e:44:04:c0:26:a5:f4:9c:2f:1c:a2:6a:b9:
                    6a:ca:1e:ea:4e:5c:f2:74:bd:4d:c1:b5:2d:52:80:
                    c0:63:d1:d2:8f:3d:fe:92:43:43:01:ed:d6:52:4c:
                    c1:b5:a6:92:b3:31:f5:b3:a7:cd:26:45:f2:35:44:
                    9c:5f:e1:95:51:bd:ac:c6:31:81:f5:6b:2e:18:b5:
                    4c:b7:ce:1c:67:9e:f9:25:d1:e6:2c:ac:97:ca:37:
                    36:5b:03:67:2c:cd:33:f9:36:35:5e:05:bf:55:ba:
                    e5:36:38:1b:b9:dd:e5:4c:56:72:23:f9:a2:10:63:
                    e4:55:32:3c:2d:ac:ec:29:33:aa:40:32:f0:70:ea:
                    69:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:1B:44:1C:96:87:CD:57:8D:D8:3F:88:64:4E:81:0A:FE:E6:48:2F
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/CBtEHJaHzVeN2D-IZE6BCv7mSC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.64.0/19
                  85.14.0.0/18
                  89.252.192.0/18
                  176.67.233.0-176.67.234.255
                  185.92.132.0/22
                  194.12.224.0/19
                IPv6:
                  2001:1ae0::/32

    Signature Algorithm: sha256WithRSAEncryption
         bc:d2:a8:b0:40:45:6f:d7:92:ee:7c:ea:41:f1:03:24:f0:24:
         ae:5c:41:be:cf:70:b6:1f:86:06:ff:be:b3:a5:42:67:10:22:
         22:b7:e4:53:7e:0a:6d:89:85:59:a1:49:93:44:4f:55:88:4a:
         eb:82:47:f3:4d:1a:30:61:eb:6f:a0:f7:d5:86:86:04:c8:ed:
         36:ad:82:d4:fa:eb:1f:73:84:eb:9a:10:f6:8f:a6:13:05:08:
         4c:44:78:d7:55:3f:b0:b5:c8:68:85:6e:45:60:83:5f:69:f5:
         62:f0:0d:a5:e1:b0:bf:55:90:df:6f:9c:80:9d:03:2b:7d:6f:
         01:fc:77:32:99:39:b1:98:2a:4e:93:19:61:fb:2e:14:68:c5:
         9e:5e:e9:5f:63:dd:75:99:57:60:6a:f9:02:5d:ce:f9:8c:19:
         5d:95:13:3b:9b:ed:9f:a0:f7:6b:f6:18:f3:d1:25:cb:89:d1:
         00:7c:40:9f:17:8c:7c:e5:cf:48:32:c5:5f:61:b7:01:70:fb:
         a8:de:15:75:dc:22:db:9b:2d:5e:1c:c8:35:5e:ce:f7:9d:df:
         af:72:df:3d:53:e3:3b:19:02:b4:26:b1:8b:94:32:e1:ad:e4:
         4e:b4:43:84:75:1e:f5:e9:6a:e1:b6:c8:31:e7:c3:18:e1:5f:
         88:7b:2b:d6
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZ7KgpjDhFaVk22hdu9zvHCNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjYwNjE1MDkwMDE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODFiNDQxYzk2ODdjZDU3OGRkODNmODg2NDRlODEwYWZlZTY0ODJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmb8C6nh28RQ8f6Nn0ihjbAO3D8+n
mQNEPmPMvUYhyecHP9MbxDpMPTP7lH5/AjTLjLkYiaJrnEDdc643z+tuCaRSCAxt
s1clLiuKuoFi9h8PlL7Cg4cm3sGGOKLMzYQn5KHPMzu+l6nMEzLkc9gXJXFWZJ0M
ijwEjk5EBMAmpfScLxyiarlqyh7qTlzydL1NwbUtUoDAY9HSjz3+kkNDAe3WUkzB
taaSszH1s6fNJkXyNUScX+GVUb2sxjGB9WsuGLVMt84cZ575JdHmLKyXyjc2WwNn
LM0z+TY1XgW/VbrlNjgbud3lTFZyI/miEGPkVTI8LazsKTOqQDLwcOpp7wIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFAgbRByWh81Xjdg/iGROgQr+5kgvMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvQ0J0RUhKYUh6VmVOMkQtSVpFNkJDdjdtU0M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQFUndAAwQG
VQ4AAwQGWfzAMAwDBACwQ+kDBACwQ+oDBAK5XIQDBAXCDOAwDQQCAAIwBwMFACAB
GuAwDQYJKoZIhvcNAQELBQADggEBALzSqLBARW/Xku586kHxAyTwJK5cQb7PcLYf
hgb/vrOlQmcQIiK35FN+Cm2JhVmhSZNET1WISuuCR/NNGjBh62+g99WGhgTI7Tat
gtT66x9zhOuaEPaPphMFCExEeNdVP7C1yGiFbkVgg19p9WLwDaXhsL9VkN9vnICd
Ayt9bwH8dzKZObGYKk6TGWH7LhRoxZ5e6V9j3XWZV2Bq+QJdzvmMGV2VEzub7Z+g
92v2GPPRJcuJ0QB8QJ8XjHzlz0gyxV9htwFw+6jeFXXcItubLV4cyDVezved369y
3z1T4zsZArQmsYuUMuGt5E60Q4R1HvXpauG2yDHnwxjhX4h7K9Y=
-----END CERTIFICATE-----
Generated at Wed Jul 1 00:12:07 2026 by rpki-client