Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/d2gMOrPuFF2xz_9mplkl3BeyYac.roa
File:                     d2gMOrPuFF2xz_9mplkl3BeyYac.roa (raw, json)
Hash identifier:          hMGGpuXUGzC0yFPNLu1PQs6yIzQGCuppBNvOlOKOZRk=
Subject key identifier:   77:68:0C:3A:B3:EE:14:5D:B1:CF:FF:66:A6:59:25:DC:17:B2:61:A7
Certificate issuer:       /CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
Certificate serial:       019F236879CD9BE97A45CF80A21B923235D8
Authority key identifier: C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/d2gMOrPuFF2xz_9mplkl3BeyYac.roa
Signing time:             Thu 02 Jul 2026 15:17:57 +0000
ROA not before:           Thu 02 Jul 2026 15:17:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200131
IP address blocks:        213.220.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Jul 2026 15:19:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:79:cd:9b:e9:7a:45:cf:80:a2:1b:92:32:35:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
        Validity
            Not Before: Jul  2 15:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=77680c3ab3ee145db1cfff66a65925dc17b261a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:43:7b:6e:26:af:07:cc:9b:63:58:51:e9:9d:
                    de:03:59:50:41:34:db:f8:7d:eb:be:af:2e:77:a0:
                    97:b9:91:64:48:94:1b:74:a2:51:5f:e0:44:04:bb:
                    fe:14:f5:d4:a2:c5:18:8a:b6:0f:62:6f:f9:46:84:
                    a7:30:34:7e:ed:23:20:d1:dd:0b:2a:14:53:f6:5c:
                    be:d6:1e:8b:f2:de:07:81:68:7e:1e:d3:d6:9b:9b:
                    81:22:d3:65:11:d4:13:73:6a:6c:d7:62:52:cd:11:
                    7e:10:39:06:d3:44:95:c5:fc:d4:b7:78:d2:df:6d:
                    0c:75:fd:99:85:eb:4e:14:4c:a6:da:3c:b3:8b:6c:
                    75:5d:b5:cc:cd:b0:2c:fc:bf:61:42:27:ec:5d:ef:
                    ba:f9:51:da:ab:5c:18:f4:7b:97:f8:ce:38:7a:3c:
                    a0:9e:89:a3:65:8d:78:e8:5e:bf:09:80:12:f5:4e:
                    70:08:22:e6:7e:a4:62:d5:8a:49:19:38:62:db:3a:
                    62:a9:c9:1d:9e:10:04:9f:97:69:76:80:57:5a:9c:
                    e9:16:1f:f7:95:79:95:79:5f:05:a9:43:b0:f1:23:
                    8a:19:01:c5:f6:c9:ee:25:12:6a:e8:cd:d1:4b:bd:
                    da:a1:bb:2b:c4:e4:83:16:d3:20:5a:66:f5:94:80:
                    47:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:68:0C:3A:B3:EE:14:5D:B1:CF:FF:66:A6:59:25:DC:17:B2:61:A7
            X509v3 Authority Key Identifier:
                keyid:C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/d2gMOrPuFF2xz_9mplkl3BeyYac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:9f:da:5e:9e:9b:24:a3:26:1a:63:e1:04:29:b8:44:db:e4:
         59:5f:10:28:39:60:e8:43:5e:55:a5:dc:a5:a8:43:3b:5a:64:
         82:2c:79:c1:8e:88:33:40:44:59:57:00:c2:1e:9e:86:c2:db:
         38:9c:6e:09:d1:6e:9b:94:18:31:ec:4c:9e:48:60:0e:07:6e:
         e7:fd:35:e4:a0:85:ba:b4:fc:9d:37:6a:5d:8e:b7:d6:17:58:
         aa:1c:16:2a:ad:b6:d3:7e:1e:36:a4:e5:c3:01:af:18:36:b4:
         0a:ae:3f:e3:f1:df:ce:3f:a5:b4:52:0c:99:e4:18:a2:fb:86:
         f0:a6:59:50:25:5e:ac:d7:30:c8:81:2e:f9:bf:20:8b:e7:5a:
         c8:b1:3f:4a:1a:72:d7:c0:b5:59:56:0a:a6:f3:89:7b:4c:46:
         4d:70:fc:77:5a:1e:20:f2:1f:75:7b:ca:5f:ec:c7:51:52:0b:
         09:b6:a8:1f:b4:b1:61:c9:99:9e:c6:63:aa:73:ee:26:54:0c:
         11:5a:f6:e8:85:f9:4f:25:1f:1c:c5:c9:1a:53:b4:a6:92:0c:
         48:31:ed:69:38:f6:79:56:4c:49:14:b4:f5:d2:15:63:0f:2a:
         74:1a:f1:6c:50:30:be:fb:fe:df:4f:4a:ab:f6:b1:d6:9a:5d:
         32:53:b9:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaHnNm+l6Rc+AohuSMjXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNjBkNDZkMWQ4MDQ2YjRkNzRlNGQ4MTU4MThjOGUzNjU5
ZWRiZTkwHhcNMjYwNzAyMTUxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzY4MGMzYWIzZWUxNDVkYjFjZmZmNjZhNjU5MjVkYzE3YjI2MWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0N7biavB8ybY1hR6Z3eA1lQQTTb
+H3rvq8ud6CXuZFkSJQbdKJRX+BEBLv+FPXUosUYirYPYm/5RoSnMDR+7SMg0d0L
KhRT9ly+1h6L8t4HgWh+HtPWm5uBItNlEdQTc2ps12JSzRF+EDkG00SVxfzUt3jS
320Mdf2ZhetOFEym2jyzi2x1XbXMzbAs/L9hQifsXe+6+VHaq1wY9HuX+M44ejyg
nomjZY146F6/CYAS9U5wCCLmfqRi1YpJGThi2zpiqckdnhAEn5dpdoBXWpzpFh/3
lXmVeV8FqUOw8SOKGQHF9snuJRJq6M3RS73aobsrxOSDFtMgWmb1lIBHtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdoDDqz7hRdsc//ZqZZJdwXsmGnMB8GA1UdIwQY
MBaAFMBg1G0dgEa0105NgVgYyONlntvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvZDJnTU9yUHVGRjJ4el85bXBsa2wzQmV5WWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dwDMA0G
CSqGSIb3DQEBCwUAA4IBAQALn9penpskoyYaY+EEKbhE2+RZXxAoOWDoQ15Vpdyl
qEM7WmSCLHnBjogzQERZVwDCHp6Gwts4nG4J0W6blBgx7EyeSGAOB27n/TXkoIW6
tPydN2pdjrfWF1iqHBYqrbbTfh42pOXDAa8YNrQKrj/j8d/OP6W0UgyZ5Bii+4bw
pllQJV6s1zDIgS75vyCL51rIsT9KGnLXwLVZVgqm84l7TEZNcPx3Wh4g8h91e8pf
7MdRUgsJtqgftLFhyZmexmOqc+4mVAwRWvbohflPJR8cxckaU7SmkgxIMe1pOPZ5
VkxJFLT10hVjDyp0GvFsUDC++/7fT0qr9rHWml0yU7nG
-----END CERTIFICATE-----
Generated at Thu Jul 2 23:45:40 2026 by rpki-client