Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/31lsna3coaCho9f79M74rSiM-2E.roa
File:                     31lsna3coaCho9f79M74rSiM-2E.roa (raw, json)
Hash identifier:          TBV2V1tUQJQMVD10TW8IiOUNmV5p9zslLqp5axtwP2I=
Subject key identifier:   DF:59:6C:9D:AD:DC:A1:A0:A1:A3:D7:FB:F4:CE:F8:AD:28:8C:FB:61
Certificate issuer:       /CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
Certificate serial:       019F23687BBDD87042A29B994EB8B7D6BE9B
Authority key identifier: C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/31lsna3coaCho9f79M74rSiM-2E.roa
Signing time:             Thu 02 Jul 2026 15:17:57 +0000
ROA not before:           Thu 02 Jul 2026 15:17:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        194.143.206.0/24 maxlen: 24
                          195.114.193.0/24 maxlen: 24
                          195.114.201.0/24 maxlen: 24
                          195.114.206.0/24 maxlen: 24
                          195.114.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Jul 2026 15:19:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:7b:bd:d8:70:42:a2:9b:99:4e:b8:b7:d6:be:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
        Validity
            Not Before: Jul  2 15:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df596c9daddca1a0a1a3d7fbf4cef8ad288cfb61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d2:5f:e1:e7:02:e3:1e:8d:23:0a:07:de:f2:
                    8d:08:59:62:fb:7f:49:d4:c8:d4:51:ab:4c:11:2d:
                    1f:1f:10:d3:88:55:92:52:0f:d5:6f:a9:b4:70:5a:
                    f9:24:c3:5e:44:1b:66:0a:31:57:25:b8:35:9d:bb:
                    2c:e4:6f:60:6a:db:cd:6e:90:b7:c1:dc:ea:ad:a9:
                    ef:0a:9e:55:62:5f:e0:c3:86:d5:30:ab:e5:47:94:
                    04:e4:5b:2e:62:8e:1a:09:98:49:a9:22:e8:a3:e9:
                    36:67:9e:c0:e7:b7:9a:f3:4e:54:41:59:33:4d:1d:
                    fc:9a:b7:f6:60:b4:75:fa:2f:e8:f3:4b:a4:1e:c0:
                    64:f7:7d:2c:07:8c:75:bd:2d:e6:dc:24:83:38:9d:
                    aa:4a:fd:1c:5a:58:6a:6d:f2:55:ed:3a:d8:b6:c8:
                    99:08:04:d0:49:01:5f:83:24:99:04:fc:88:1a:45:
                    32:19:d6:48:fd:1a:fe:1c:41:ac:fd:db:e8:01:a5:
                    1b:cf:af:c1:53:6c:82:da:b7:b7:be:82:f0:16:3c:
                    0e:5c:96:9c:f6:32:7a:b1:9b:54:46:2a:3f:e2:81:
                    83:f3:3c:22:74:f8:3d:f2:8e:5d:be:a1:b9:19:a2:
                    65:7a:2d:27:81:0d:b2:a1:23:17:c3:11:f7:af:56:
                    f3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:59:6C:9D:AD:DC:A1:A0:A1:A3:D7:FB:F4:CE:F8:AD:28:8C:FB:61
            X509v3 Authority Key Identifier:
                keyid:C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/31lsna3coaCho9f79M74rSiM-2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.206.0/24
                  195.114.193.0/24
                  195.114.201.0/24
                  195.114.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:82:06:89:ea:36:e9:67:47:6f:1a:f5:9a:fb:0f:d6:1a:8b:
         3a:a6:ec:5c:26:e6:7e:8b:7d:e6:77:8f:ce:77:70:7f:d9:e0:
         c7:f7:e0:8a:db:75:39:fe:df:fc:1d:86:1d:ed:cd:e6:b3:c8:
         9e:22:64:a8:d8:9e:f1:4d:a2:7d:e9:a3:8c:5d:55:be:89:c4:
         26:dc:f0:79:94:12:44:99:04:7d:3f:5e:39:43:76:20:24:c2:
         72:f9:3d:09:cb:62:db:67:be:6b:e4:6d:e2:4a:42:6a:34:8c:
         5a:18:9f:47:9d:50:e5:63:5f:cc:b2:66:53:c6:e9:97:46:f7:
         3d:af:11:f7:6a:af:f4:10:d9:27:f4:9f:fd:54:22:38:e5:d9:
         7b:89:13:3d:73:58:c1:ce:c4:66:98:85:a3:b4:72:b3:d8:70:
         49:51:31:0b:7e:aa:1f:d7:97:af:5e:0b:1a:23:c0:0a:5b:31:
         91:18:e8:34:fe:bf:24:9e:5f:68:c3:b0:00:42:16:aa:11:c8:
         c3:25:cb:44:c4:66:1c:3c:51:1c:62:98:f2:57:ed:e9:d7:e5:
         32:80:e6:5c:61:b0:88:b2:1a:cc:e7:86:9c:35:47:10:a0:21:
         2c:cd:83:4a:ff:6b:55:7b:e2:0b:48:1c:e9:02:68:a2:a5:91:
         53:bd:4e:af
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ8jaHu92HBCopuZTri31r6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNjBkNDZkMWQ4MDQ2YjRkNzRlNGQ4MTU4MThjOGUzNjU5
ZWRiZTkwHhcNMjYwNzAyMTUxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjU5NmM5ZGFkZGNhMWEwYTFhM2Q3ZmJmNGNlZjhhZDI4OGNmYjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNJf4ecC4x6NIwoH3vKNCFli+39J
1MjUUatMES0fHxDTiFWSUg/Vb6m0cFr5JMNeRBtmCjFXJbg1nbss5G9gatvNbpC3
wdzqranvCp5VYl/gw4bVMKvlR5QE5FsuYo4aCZhJqSLoo+k2Z57A57ea805UQVkz
TR38mrf2YLR1+i/o80ukHsBk930sB4x1vS3m3CSDOJ2qSv0cWlhqbfJV7TrYtsiZ
CATQSQFfgySZBPyIGkUyGdZI/Rr+HEGs/dvoAaUbz6/BU2yC2re3voLwFjwOXJac
9jJ6sZtURio/4oGD8zwidPg98o5dvqG5GaJlei0ngQ2yoSMXwxH3r1bzDQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFN9ZbJ2t3KGgoaPX+/TO+K0ojPthMB8GA1UdIwQY
MBaAFMBg1G0dgEa0105NgVgYyONlntvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvMzFsc25hM2NvYUNobzlmNzlNNzRyU2lNLTJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwo/OAwQA
w3LBAwQAw3LJAwQBw3LOMA0GCSqGSIb3DQEBCwUAA4IBAQACggaJ6jbpZ0dvGvWa
+w/WGos6puxcJuZ+i33md4/Od3B/2eDH9+CK23U5/t/8HYYd7c3ms8ieImSo2J7x
TaJ96aOMXVW+icQm3PB5lBJEmQR9P145Q3YgJMJy+T0Jy2LbZ75r5G3iSkJqNIxa
GJ9HnVDlY1/MsmZTxumXRvc9rxH3aq/0ENkn9J/9VCI45dl7iRM9c1jBzsRmmIWj
tHKz2HBJUTELfqof15evXgsaI8AKWzGRGOg0/r8knl9ow7AAQhaqEcjDJctExGYc
PFEcYpjyV+3p1+UygOZcYbCIshrM54acNUcQoCEszYNK/2tVe+ILSBzpAmiipZFT
vU6v
-----END CERTIFICATE-----
Generated at Thu Jul 2 23:45:24 2026 by rpki-client