Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/2kLC5oc0wtFYxb-UoY1NN8AeYeA.roa
File:                     2kLC5oc0wtFYxb-UoY1NN8AeYeA.roa (raw, json)
Hash identifier:          WWHfYyQQ20grjWfdXp93pjE8sxqP9wBjYJdjjvSKaGw=
Subject key identifier:   DA:42:C2:E6:87:34:C2:D1:58:C5:BF:94:A1:8D:4D:37:C0:1E:61:E0
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019F1D40A8D7E5E5788140E98F51E0BD53DF
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/2kLC5oc0wtFYxb-UoY1NN8AeYeA.roa
Signing time:             Wed 01 Jul 2026 10:36:44 +0000
ROA not before:           Wed 01 Jul 2026 10:36:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219476
IP address blocks:        83.245.2.0/24 maxlen: 24
                          83.245.15.0/24 maxlen: 24
                          83.245.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:1d:40:a8:d7:e5:e5:78:81:40:e9:8f:51:e0:bd:53:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jul  1 10:36:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da42c2e68734c2d158c5bf94a18d4d37c01e61e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5a:92:0b:94:4b:68:9e:e4:ac:ba:ce:92:b6:
                    09:32:d8:45:35:07:a5:c7:01:54:47:87:92:90:59:
                    c5:9f:b9:c5:9c:97:76:7a:f1:be:02:55:24:b1:f9:
                    ed:56:06:f4:c0:f8:17:f4:07:2d:c9:ff:4b:57:08:
                    70:86:20:5d:49:f8:c8:0c:4e:38:17:63:c3:8e:61:
                    8a:19:4e:f4:23:40:44:bf:13:80:fc:87:9d:5e:fe:
                    67:02:7c:04:49:5c:a2:06:34:5b:29:6b:98:05:01:
                    6b:ab:ec:e5:37:0b:42:de:da:cb:c2:a0:e6:11:70:
                    8e:e7:4b:1f:43:e6:6d:9d:59:0f:ba:19:b5:df:aa:
                    6f:f1:c7:32:71:a8:c8:5c:6d:8a:32:14:1b:98:73:
                    07:2d:bb:02:c0:47:ee:77:b1:56:27:1f:d3:19:bd:
                    7e:59:8a:e0:0b:a4:5f:d5:8b:a8:e0:67:f9:08:07:
                    3a:fe:27:20:18:c8:0a:59:d4:53:7a:d9:20:8d:88:
                    ca:52:1c:7d:5a:53:53:e7:3e:3d:cb:6e:62:c4:75:
                    dc:4e:ae:92:9b:d4:a2:5d:36:1f:46:99:69:ce:ba:
                    a4:64:6b:ea:4a:c5:b3:74:2b:39:3a:ec:da:05:75:
                    71:7a:71:d5:c0:f8:a1:0a:3c:8a:01:82:f5:c3:50:
                    f6:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:42:C2:E6:87:34:C2:D1:58:C5:BF:94:A1:8D:4D:37:C0:1E:61:E0
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/2kLC5oc0wtFYxb-UoY1NN8AeYeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.245.2.0/24
                  83.245.15.0/24
                  83.245.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:f2:dc:f5:e3:db:b1:29:3b:d8:17:7b:1b:f9:b3:d1:33:2e:
         b5:df:71:25:5b:c8:65:5e:c6:db:2c:c4:be:46:e6:a2:b9:5a:
         ea:74:37:66:48:21:a4:4a:5b:75:8c:c7:1d:d9:eb:5d:b8:e9:
         0a:8f:b1:f5:51:5b:aa:7d:31:0d:bb:28:4f:af:7b:87:3f:b0:
         1a:86:59:4a:d1:44:e4:be:63:bf:b5:8f:ca:83:d9:98:11:50:
         6f:34:fc:e4:18:4b:e1:d6:41:f9:46:9c:1a:60:f5:74:5e:3b:
         f3:a7:18:6b:e0:19:c2:6e:ba:33:7e:00:48:27:eb:2b:73:66:
         4f:66:2e:e3:63:f2:6d:b1:f9:51:1f:f7:8d:10:ae:15:dc:c7:
         ad:97:e3:1d:53:9b:35:a5:68:08:87:32:4b:23:42:d2:c3:ff:
         3e:90:c3:0a:5f:c3:6d:41:ba:ca:42:52:81:5b:9a:cb:3a:7e:
         8f:24:e4:72:a2:7c:4d:5f:13:ea:87:95:63:a9:10:7e:af:a9:
         0e:2e:6a:d7:03:6f:8e:ad:7c:33:b2:53:ee:19:cc:98:89:72:
         e4:1c:c7:b2:c6:97:cf:1f:2f:b9:1e:d1:79:de:42:f7:79:f5:
         18:b3:8e:08:e1:36:7d:0b:61:25:71:54:37:f2:ea:dc:e6:06:
         20:43:6a:54
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ8dQKjX5eV4gUDpj1HgvVPfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjYwNzAxMTAzNjQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTQyYzJlNjg3MzRjMmQxNThjNWJmOTRhMThkNGQzN2MwMWU2MWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VqSC5RLaJ7krLrOkrYJMthFNQel
xwFUR4eSkFnFn7nFnJd2evG+AlUksfntVgb0wPgX9Actyf9LVwhwhiBdSfjIDE44
F2PDjmGKGU70I0BEvxOA/IedXv5nAnwESVyiBjRbKWuYBQFrq+zlNwtC3trLwqDm
EXCO50sfQ+ZtnVkPuhm136pv8ccycajIXG2KMhQbmHMHLbsCwEfud7FWJx/TGb1+
WYrgC6Rf1Yuo4Gf5CAc6/icgGMgKWdRTetkgjYjKUhx9WlNT5z49y25ixHXcTq6S
m9SiXTYfRplpzrqkZGvqSsWzdCs5OuzaBXVxenHVwPihCjyKAYL1w1D2SQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNpCwuaHNMLRWMW/lKGNTTfAHmHgMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvMmtMQzVvYzB3dEZZeGItVW9ZMU5OOEFlWWVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAU/UCAwQA
U/UPAwQAU/VsMA0GCSqGSIb3DQEBCwUAA4IBAQAr8tz149uxKTvYF3sb+bPRMy61
33ElW8hlXsbbLMS+RuaiuVrqdDdmSCGkSlt1jMcd2etduOkKj7H1UVuqfTENuyhP
r3uHP7AahllK0UTkvmO/tY/Kg9mYEVBvNPzkGEvh1kH5RpwaYPV0Xjvzpxhr4BnC
brozfgBIJ+src2ZPZi7jY/JtsflRH/eNEK4V3Metl+MdU5s1pWgIhzJLI0LSw/8+
kMMKX8NtQbrKQlKBW5rLOn6PJORyonxNXxPqh5VjqRB+r6kOLmrXA2+OrXwzslPu
GcyYiXLkHMeyxpfPHy+5HtF53kL3efUYs44I4TZ9C2ElcVQ38urc5gYgQ2pU
-----END CERTIFICATE-----
Generated at Fri Jul 3 19:56:59 2026 by rpki-client