Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/egwjSaE8dKCZcZ5xVBbRXb8X6N8.roa
File:                     egwjSaE8dKCZcZ5xVBbRXb8X6N8.roa (raw, json)
Hash identifier:          mUcTwpYrQ2K8nra0iJyyxnxo5XucJVHUBxR3++75eSU=
Subject key identifier:   7A:0C:23:49:A1:3C:74:A0:99:71:9E:71:54:16:D1:5D:BF:17:E8:DF
Certificate issuer:       /CN=174f8cb77c4d069d34abbf513d695ea99a3e7f1a
Certificate serial:       019F12EE5341127A15C93AEC01EAFDC89FC3
Authority key identifier: 17:4F:8C:B7:7C:4D:06:9D:34:AB:BF:51:3D:69:5E:A9:9A:3E:7F:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0-Mt3xNBp00q79RPWleqZo-fxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/egwjSaE8dKCZcZ5xVBbRXb8X6N8.roa
Signing time:             Mon 29 Jun 2026 10:30:36 +0000
ROA not before:           Mon 29 Jun 2026 10:30:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203287
IP address blocks:        95.215.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/F0-Mt3xNBp00q79RPWleqZo-fxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/F0-Mt3xNBp00q79RPWleqZo-fxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F0-Mt3xNBp00q79RPWleqZo-fxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:12:ee:53:41:12:7a:15:c9:3a:ec:01:ea:fd:c8:9f:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=174f8cb77c4d069d34abbf513d695ea99a3e7f1a
        Validity
            Not Before: Jun 29 10:30:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a0c2349a13c74a099719e715416d15dbf17e8df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8f:54:21:e0:a8:4a:53:30:51:e6:11:58:b7:
                    16:ac:be:5d:0e:45:5d:1d:f5:8c:2d:41:7e:8e:4f:
                    92:c8:f2:a1:f2:2c:ab:d6:05:ce:88:f7:6b:24:d1:
                    f9:fb:b8:31:b1:8c:ed:46:fd:e2:82:52:8d:68:2f:
                    a2:6f:a5:fe:3a:96:56:eb:c2:bf:99:42:7e:2d:a4:
                    d9:5c:01:8c:b0:52:16:98:9e:73:06:aa:25:27:c3:
                    f0:64:60:cb:af:4f:ea:2b:3b:83:ec:a7:36:33:7e:
                    6e:e7:a6:f0:af:e5:77:f9:a4:97:3a:fe:01:77:f0:
                    a3:28:b0:6e:72:6c:c1:a8:de:3f:bf:7f:95:90:84:
                    2b:ee:0c:a5:62:77:a6:ec:3b:83:0b:12:64:36:1c:
                    0e:96:3c:25:11:74:83:39:fa:4f:c3:26:44:a3:50:
                    7c:37:79:d8:a0:10:0c:07:cc:c7:c8:cf:df:f3:64:
                    42:89:ad:a4:9b:74:f7:6a:f3:10:2e:8d:59:1f:21:
                    a2:fc:40:2d:01:7a:25:b3:de:3a:d6:ac:e5:e7:bf:
                    7e:32:39:df:06:74:ab:8d:6e:09:e4:f1:5b:8c:de:
                    ce:0a:b9:bd:c5:b0:fb:32:d2:c0:a8:70:c6:48:95:
                    ac:62:b3:8d:98:ba:92:2e:09:6a:12:8f:46:94:20:
                    d3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:0C:23:49:A1:3C:74:A0:99:71:9E:71:54:16:D1:5D:BF:17:E8:DF
            X509v3 Authority Key Identifier:
                keyid:17:4F:8C:B7:7C:4D:06:9D:34:AB:BF:51:3D:69:5E:A9:9A:3E:7F:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0-Mt3xNBp00q79RPWleqZo-fxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/egwjSaE8dKCZcZ5xVBbRXb8X6N8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/F0-Mt3xNBp00q79RPWleqZo-fxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:cc:a5:3e:f0:82:38:8f:d9:7d:5f:2a:00:a9:9b:4e:17:15:
         ee:21:3a:78:6a:41:8e:58:8d:6c:39:77:2a:37:82:2c:d8:29:
         64:e5:82:63:9a:a1:f6:a8:c6:81:db:b3:e4:4a:6d:40:ee:dc:
         3a:80:0f:14:3c:c4:ef:61:a9:68:24:50:e4:ac:38:43:99:85:
         cd:65:91:28:e3:0a:66:3a:8b:a5:e6:14:a0:f2:5d:b3:89:be:
         72:e1:db:fa:b9:ec:6e:9b:0c:64:dd:4f:02:4c:38:00:d5:65:
         61:ba:1e:ae:d7:94:47:e1:9c:0a:ac:47:dd:ca:61:0f:94:9d:
         bf:fa:78:2f:2c:28:7f:5d:17:53:01:08:60:47:47:f2:a1:7e:
         e1:86:96:95:4c:d9:eb:56:47:16:e2:5e:20:7c:03:f9:b8:33:
         a4:32:51:de:58:41:fb:db:84:cf:e9:dc:fc:14:de:e2:d5:0b:
         1a:e4:a8:13:2d:a1:08:eb:3e:db:95:f4:52:4b:53:87:e6:38:
         b3:11:62:96:c0:a1:d4:f7:6a:99:9a:3a:38:26:98:fe:16:91:
         5a:94:6d:72:a4:79:b8:b7:21:7a:9e:e4:d9:6c:6d:37:ed:66:
         4a:0e:d7:f2:e1:75:dc:62:f8:c7:38:ce:24:f0:de:f3:ff:95:
         07:62:c0:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8S7lNBEnoVyTrsAer9yJ/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NGY4Y2I3N2M0ZDA2OWQzNGFiYmY1MTNkNjk1ZWE5OWEz
ZTdmMWEwHhcNMjYwNjI5MTAzMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTBjMjM0OWExM2M3NGEwOTk3MTllNzE1NDE2ZDE1ZGJmMTdlOGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwY9UIeCoSlMwUeYRWLcWrL5dDkVd
HfWMLUF+jk+SyPKh8iyr1gXOiPdrJNH5+7gxsYztRv3iglKNaC+ib6X+OpZW68K/
mUJ+LaTZXAGMsFIWmJ5zBqolJ8PwZGDLr0/qKzuD7Kc2M35u56bwr+V3+aSXOv4B
d/CjKLBucmzBqN4/v3+VkIQr7gylYnem7DuDCxJkNhwOljwlEXSDOfpPwyZEo1B8
N3nYoBAMB8zHyM/f82RCia2km3T3avMQLo1ZHyGi/EAtAXols9461qzl579+Mjnf
BnSrjW4J5PFbjN7OCrm9xbD7MtLAqHDGSJWsYrONmLqSLglqEo9GlCDTSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoMI0mhPHSgmXGecVQW0V2/F+jfMB8GA1UdIwQY
MBaAFBdPjLd8TQadNKu/UT1pXqmaPn8aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjAtTXQzeE5CcDAwcTc5UlBXbGVxWm8tZnhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zNDQ3MWYtMGJhZi00MzNiLWI4NmEt
YWNkNzQyZmUwOTg2LzEvZWd3alNhRThkS0NaY1o1eFZCYlJYYjhYNk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zNDQ3MWYtMGJhZi00MzNiLWI4NmEtYWNkNzQyZmUwOTg2
LzEvRjAtTXQzeE5CcDAwcTc5UlBXbGVxWm8tZnhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX9dAMA0G
CSqGSIb3DQEBCwUAA4IBAQBhzKU+8II4j9l9XyoAqZtOFxXuITp4akGOWI1sOXcq
N4Is2Clk5YJjmqH2qMaB27PkSm1A7tw6gA8UPMTvYaloJFDkrDhDmYXNZZEo4wpm
Ooul5hSg8l2zib5y4dv6uexumwxk3U8CTDgA1WVhuh6u15RH4ZwKrEfdymEPlJ2/
+ngvLCh/XRdTAQhgR0fyoX7hhpaVTNnrVkcW4l4gfAP5uDOkMlHeWEH724TP6dz8
FN7i1Qsa5KgTLaEI6z7blfRSS1OH5jizEWKWwKHU92qZmjo4Jpj+FpFalG1ypHm4
tyF6nuTZbG037WZKDtfy4XXcYvjHOM4k8N7z/5UHYsDg
-----END CERTIFICATE-----
Generated at Wed Jul 1 02:14:04 2026 by rpki-client