Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/162f8f-687f-4671-a524-55691a569720/1/AEyZjBDd8JRa3C8Qu8Ed1pPfWTA.roa
File:                     AEyZjBDd8JRa3C8Qu8Ed1pPfWTA.roa (raw, json)
Hash identifier:          t/3GieMGxWoGjj/AjR+XfDv+Hv6o+nbcwMgeFZJBMF0=
Subject key identifier:   00:4C:99:8C:10:DD:F0:94:5A:DC:2F:10:BB:C1:1D:D6:93:DF:59:30
Certificate issuer:       /CN=8181440a367a34d306bc0f685ae9cd86952f7f95
Certificate serial:       019EEFB8F113ACAA9D467B4E85D804D919D8
Authority key identifier: 81:81:44:0A:36:7A:34:D3:06:BC:0F:68:5A:E9:CD:86:95:2F:7F:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gYFECjZ6NNMGvA9oWunNhpUvf5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/162f8f-687f-4671-a524-55691a569720/1/AEyZjBDd8JRa3C8Qu8Ed1pPfWTA.roa
Signing time:             Mon 22 Jun 2026 14:25:35 +0000
ROA not before:           Mon 22 Jun 2026 14:25:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215691
IP address blocks:        78.40.111.0/24 maxlen: 24
                          171.22.18.0/24 maxlen: 24
                          212.47.59.0/24 maxlen: 24
                          2a14:8880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/162f8f-687f-4671-a524-55691a569720/1/gYFECjZ6NNMGvA9oWunNhpUvf5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/162f8f-687f-4671-a524-55691a569720/1/gYFECjZ6NNMGvA9oWunNhpUvf5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gYFECjZ6NNMGvA9oWunNhpUvf5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ef:b8:f1:13:ac:aa:9d:46:7b:4e:85:d8:04:d9:19:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8181440a367a34d306bc0f685ae9cd86952f7f95
        Validity
            Not Before: Jun 22 14:25:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=004c998c10ddf0945adc2f10bbc11dd693df5930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:53:d8:91:c9:d3:78:73:3a:70:da:c8:0a:59:
                    93:69:f4:ef:87:02:e5:41:2a:73:f2:22:30:d2:db:
                    c0:24:23:a6:34:45:29:ec:04:a1:ad:b6:bc:cf:7e:
                    40:11:8f:26:bb:6d:35:64:3d:69:10:41:c9:40:d6:
                    46:32:0c:5f:5e:1b:09:63:6e:bc:e6:2b:56:bf:53:
                    c6:03:3d:ab:1c:ff:58:d2:09:2a:1e:c5:6e:f9:0e:
                    d6:6e:5c:f9:12:e6:07:d6:1a:2b:dd:46:c1:be:90:
                    7e:7f:39:81:1d:d9:8f:eb:1b:e6:ce:68:80:68:7f:
                    88:1c:99:2b:f5:24:15:99:3f:22:32:a1:ba:58:59:
                    39:54:a6:e9:c0:ab:c6:8b:e2:10:c6:19:c2:3c:a6:
                    64:e3:92:0d:e9:bb:6d:fa:95:16:e8:77:df:75:e3:
                    57:1e:c8:ee:dc:82:fa:bc:5a:60:1b:72:c5:e6:8b:
                    2d:04:92:36:b3:0c:ac:a7:1d:1d:fc:c4:0b:cf:a1:
                    01:56:28:33:35:bc:44:df:8d:7e:91:cc:23:82:f2:
                    4c:24:f6:26:33:32:b7:ee:d3:a3:e1:d7:6b:5f:9a:
                    d5:f1:1f:b5:bc:ea:9d:60:e6:c7:58:73:1c:ad:d4:
                    83:04:24:ed:4e:e7:6b:21:72:1d:d5:c1:50:55:f8:
                    8c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:4C:99:8C:10:DD:F0:94:5A:DC:2F:10:BB:C1:1D:D6:93:DF:59:30
            X509v3 Authority Key Identifier:
                keyid:81:81:44:0A:36:7A:34:D3:06:BC:0F:68:5A:E9:CD:86:95:2F:7F:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gYFECjZ6NNMGvA9oWunNhpUvf5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/162f8f-687f-4671-a524-55691a569720/1/AEyZjBDd8JRa3C8Qu8Ed1pPfWTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/162f8f-687f-4671-a524-55691a569720/1/gYFECjZ6NNMGvA9oWunNhpUvf5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.111.0/24
                  171.22.18.0/24
                  212.47.59.0/24
                IPv6:
                  2a14:8880::/29

    Signature Algorithm: sha256WithRSAEncryption
         c6:cc:8c:e6:a3:10:6f:26:55:05:65:de:49:6f:0b:b7:a0:f2:
         0d:4e:59:27:42:c0:eb:27:09:16:8b:d4:68:43:dd:c0:7d:eb:
         76:06:f4:61:6f:1f:00:d8:38:e6:34:ba:8a:87:8c:8c:1c:79:
         1e:53:63:0a:78:1b:1e:41:68:6d:2d:73:15:51:8d:44:79:15:
         5c:2d:57:0f:7d:d4:5a:b6:a3:95:d4:cc:d0:79:37:38:cd:31:
         0f:75:8f:5a:d2:54:fb:03:0d:9c:64:b7:56:8f:42:70:ee:9e:
         ff:9b:37:c0:74:c1:02:fa:63:68:9f:9a:c0:6e:8d:ba:49:1e:
         75:6b:1a:50:71:42:fa:e3:fb:5d:d9:de:12:f6:14:c2:8d:5a:
         eb:1d:b1:ee:02:79:f0:2f:8a:4d:b3:67:53:32:3a:c8:0e:f0:
         fc:81:d3:40:22:72:24:a1:05:af:92:4e:00:1a:b4:f0:34:68:
         47:a1:4f:2c:47:bf:92:28:f1:ef:15:f4:10:9b:38:d2:e9:b0:
         df:22:5b:b2:fa:5c:96:e3:45:0d:b0:c4:02:2e:a0:f7:2a:e6:
         63:5e:6a:12:73:1b:3a:3e:3e:ab:cd:f7:f2:8f:6d:52:95:e6:
         34:f2:01:c0:6a:10:f4:5f:7b:cb:88:6d:a8:c5:e9:e3:40:4d:
         c8:95:da:44
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZ7vuPETrKqdRntOhdgE2RnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxODE0NDBhMzY3YTM0ZDMwNmJjMGY2ODVhZTljZDg2OTUy
ZjdmOTUwHhcNMjYwNjIyMTQyNTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDRjOTk4YzEwZGRmMDk0NWFkYzJmMTBiYmMxMWRkNjkzZGY1OTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4lPYkcnTeHM6cNrIClmTafTvhwLl
QSpz8iIw0tvAJCOmNEUp7AShrba8z35AEY8mu201ZD1pEEHJQNZGMgxfXhsJY268
5itWv1PGAz2rHP9Y0gkqHsVu+Q7Wblz5EuYH1hor3UbBvpB+fzmBHdmP6xvmzmiA
aH+IHJkr9SQVmT8iMqG6WFk5VKbpwKvGi+IQxhnCPKZk45IN6btt+pUW6HffdeNX
Hsju3IL6vFpgG3LF5ostBJI2swyspx0d/MQLz6EBVigzNbxE341+kcwjgvJMJPYm
MzK37tOj4ddrX5rV8R+1vOqdYObHWHMcrdSDBCTtTudrIXId1cFQVfiMlQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFABMmYwQ3fCUWtwvELvBHdaT31kwMB8GA1UdIwQY
MBaAFIGBRAo2ejTTBrwPaFrpzYaVL3+VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1lGRUNqWjZOTk1HdkE5b1d1bk5ocFV2ZjVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8xNjJmOGYtNjg3Zi00NjcxLWE1MjQt
NTU2OTFhNTY5NzIwLzEvQUV5WmpCRGQ4SlJhM0M4UXU4RWQxcFBmV1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8xNjJmOGYtNjg3Zi00NjcxLWE1MjQtNTU2OTFhNTY5NzIw
LzEvZ1lGRUNqWjZOTk1HdkE5b1d1bk5ocFV2ZjVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQATihvAwQA
qxYSAwQA1C87MA0EAgACMAcDBQMqFIiAMA0GCSqGSIb3DQEBCwUAA4IBAQDGzIzm
oxBvJlUFZd5Jbwu3oPINTlknQsDrJwkWi9RoQ93Afet2BvRhbx8A2DjmNLqKh4yM
HHkeU2MKeBseQWhtLXMVUY1EeRVcLVcPfdRatqOV1MzQeTc4zTEPdY9a0lT7Aw2c
ZLdWj0Jw7p7/mzfAdMEC+mNon5rAbo26SR51axpQcUL64/td2d4S9hTCjVrrHbHu
AnnwL4pNs2dTMjrIDvD8gdNAInIkoQWvkk4AGrTwNGhHoU8sR7+SKPHvFfQQmzjS
6bDfIluy+lyW40UNsMQCLqD3KuZjXmoScxs6Pj6rzffyj21SleY08gHAahD0X3vL
iG2oxenjQE3IldpE
-----END CERTIFICATE-----
Generated at Fri Jul 3 16:51:49 2026 by rpki-client