Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/4hMP69vBtWNwkhrvhyGRZeAR2oU.roa
File:                     4hMP69vBtWNwkhrvhyGRZeAR2oU.roa (raw, json)
Hash identifier:          wbW1Sr8txhC3CPPC7p8lNOSa6FLl59E4B7Qpihfpsgw=
Subject key identifier:   E2:13:0F:EB:DB:C1:B5:63:70:92:1A:EF:87:21:91:65:E0:11:DA:85
Certificate issuer:       /CN=c2d82ccf0c8dea7d7f6ad72e8e62462d7be20d56
Certificate serial:       019EF392650C72EB22BE9EBBCE74E7DC8FB8
Authority key identifier: C2:D8:2C:CF:0C:8D:EA:7D:7F:6A:D7:2E:8E:62:46:2D:7B:E2:0D:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtgszwyN6n1_atcujmJGLXviDVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/4hMP69vBtWNwkhrvhyGRZeAR2oU.roa
Signing time:             Tue 23 Jun 2026 08:21:57 +0000
ROA not before:           Tue 23 Jun 2026 08:21:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219406
IP address blocks:        2a04:d207:1000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/wtgszwyN6n1_atcujmJGLXviDVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/wtgszwyN6n1_atcujmJGLXviDVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtgszwyN6n1_atcujmJGLXviDVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f3:92:65:0c:72:eb:22:be:9e:bb:ce:74:e7:dc:8f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d82ccf0c8dea7d7f6ad72e8e62462d7be20d56
        Validity
            Not Before: Jun 23 08:21:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2130febdbc1b56370921aef87219165e011da85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:28:76:cb:cd:4a:40:42:d6:65:5a:08:c6:7a:
                    3d:66:d5:8e:e6:95:89:54:43:0d:be:ab:72:c6:30:
                    08:56:03:6b:3b:26:8e:1d:da:ad:c1:b3:d7:9f:7b:
                    02:f9:b1:cf:43:69:cd:9c:f6:29:90:53:13:48:6c:
                    21:43:3e:b2:95:79:c9:d6:98:f1:7d:51:87:7f:6d:
                    2c:f8:e6:bd:4c:97:d2:81:ea:ca:4b:fd:06:77:e0:
                    53:69:ff:b8:18:3f:ef:f1:a5:4b:53:e4:ce:59:de:
                    f5:f7:68:d2:97:98:06:eb:2d:3b:d0:3b:f7:ba:04:
                    18:40:e0:17:62:ce:57:0e:bb:e1:54:cc:a7:97:19:
                    c4:e2:68:db:6a:3d:b8:2c:1e:fb:12:bd:68:24:d2:
                    db:b3:87:ec:59:e8:84:3c:f3:9e:68:69:7d:ca:07:
                    13:24:1b:8e:04:ae:09:cd:1a:6e:eb:07:d1:9f:a2:
                    f2:bb:2b:4d:d8:83:37:70:9c:87:e7:1e:9e:27:5b:
                    d7:1c:d1:5e:04:70:de:04:1b:2f:26:eb:15:12:d3:
                    52:11:59:27:36:9c:95:8d:d8:ed:56:83:31:2f:6e:
                    a9:a7:ac:4c:47:2f:d5:bc:14:5c:67:1e:60:c4:c6:
                    8c:9e:f8:90:1c:96:d2:be:96:09:dc:62:30:ee:89:
                    10:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:13:0F:EB:DB:C1:B5:63:70:92:1A:EF:87:21:91:65:E0:11:DA:85
            X509v3 Authority Key Identifier:
                keyid:C2:D8:2C:CF:0C:8D:EA:7D:7F:6A:D7:2E:8E:62:46:2D:7B:E2:0D:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtgszwyN6n1_atcujmJGLXviDVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/4hMP69vBtWNwkhrvhyGRZeAR2oU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/wtgszwyN6n1_atcujmJGLXviDVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:d207:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         59:4d:b5:6b:84:52:47:fe:05:92:3d:6b:a5:ac:8a:56:54:9d:
         bc:0c:04:08:fb:b4:68:5f:13:b2:c2:27:30:a5:e8:6a:6d:ec:
         bb:c6:4f:cc:6f:3f:0f:67:71:ab:68:19:31:f9:9e:52:a5:8a:
         94:6a:63:fc:de:77:ea:1e:51:4e:d4:cf:6f:b1:72:a3:3e:f5:
         3e:dc:1b:53:d5:15:4c:b5:02:7f:ec:dc:80:d0:ea:9c:28:7d:
         31:d6:11:70:a0:b5:26:02:6a:b6:88:25:65:7d:99:a5:dc:2e:
         c6:74:24:fe:48:15:ed:35:eb:e5:1f:f7:62:a2:61:4a:db:f5:
         f3:e0:a1:8a:6a:f4:40:49:de:a3:5c:de:54:1a:46:49:e9:8b:
         3e:72:ce:96:34:95:86:da:a9:63:f8:46:fc:20:d4:a2:53:e9:
         1e:d2:59:0e:3b:e0:c2:c2:39:c6:70:6e:31:21:45:0d:47:29:
         4f:f3:f6:ae:b9:87:08:7e:08:04:73:c3:d1:17:36:26:7f:fb:
         ab:85:b1:b7:e4:2f:9f:e7:2e:3e:af:db:59:40:17:e0:57:77:
         9d:b1:05:52:da:42:31:ca:c3:d5:da:a3:38:37:61:50:1d:09:
         b0:6e:e9:b8:2b:8f:01:62:ee:23:7d:51:a9:93:41:ed:e6:94:
         a4:3a:9e:c0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ7zkmUMcusivp67znTn3I+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDgyY2NmMGM4ZGVhN2Q3ZjZhZDcyZThlNjI0NjJkN2Jl
MjBkNTYwHhcNMjYwNjIzMDgyMTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjEzMGZlYmRiYzFiNTYzNzA5MjFhZWY4NzIxOTE2NWUwMTFkYTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSh2y81KQELWZVoIxno9ZtWO5pWJ
VEMNvqtyxjAIVgNrOyaOHdqtwbPXn3sC+bHPQ2nNnPYpkFMTSGwhQz6ylXnJ1pjx
fVGHf20s+Oa9TJfSgerKS/0Gd+BTaf+4GD/v8aVLU+TOWd7192jSl5gG6y070Dv3
ugQYQOAXYs5XDrvhVMynlxnE4mjbaj24LB77Er1oJNLbs4fsWeiEPPOeaGl9ygcT
JBuOBK4JzRpu6wfRn6LyuytN2IM3cJyH5x6eJ1vXHNFeBHDeBBsvJusVEtNSEVkn
NpyVjdjtVoMxL26pp6xMRy/VvBRcZx5gxMaMnviQHJbSvpYJ3GIw7okQPwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOITD+vbwbVjcJIa74chkWXgEdqFMB8GA1UdIwQY
MBaAFMLYLM8Mjep9f2rXLo5iRi174g1WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3Rnc3p3eU42bjFfYXRjdWptSkdMWHZpRFZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zMjc5NTItNGM2Ni00Yjk1LWI2ZGUt
NDMxMThlNDk2ZDQwLzEvNGhNUDY5dkJ0V053a2hydmh5R1JaZUFSMm9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zMjc5NTItNGM2Ni00Yjk1LWI2ZGUtNDMxMThlNDk2ZDQw
LzEvd3Rnc3p3eU42bjFfYXRjdWptSkdMWHZpRFZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgTSBxAw
DQYJKoZIhvcNAQELBQADggEBAFlNtWuEUkf+BZI9a6WsilZUnbwMBAj7tGhfE7LC
JzCl6Gpt7LvGT8xvPw9ncatoGTH5nlKlipRqY/zed+oeUU7Uz2+xcqM+9T7cG1PV
FUy1An/s3IDQ6pwofTHWEXCgtSYCaraIJWV9maXcLsZ0JP5IFe016+Uf92KiYUrb
9fPgoYpq9EBJ3qNc3lQaRknpiz5yzpY0lYbaqWP4Rvwg1KJT6R7SWQ474MLCOcZw
bjEhRQ1HKU/z9q65hwh+CARzw9EXNiZ/+6uFsbfkL5/nLj6v21lAF+BXd52xBVLa
QjHKw9Xaozg3YVAdCbBu6bgrjwFi7iN9UamTQe3mlKQ6nsA=
-----END CERTIFICATE-----
Generated at Wed Jul 1 03:30:16 2026 by rpki-client