Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/igS0cFT4bKmQza7xOsMautMBrdc.roa
File:                     igS0cFT4bKmQza7xOsMautMBrdc.roa (raw, json)
Hash identifier:          vIQ5BdqmbroBvvs0jFLKd4x/xCXV8VFIeeqQ7LxGMsY=
Subject key identifier:   8A:04:B4:70:54:F8:6C:A9:90:CD:AE:F1:3A:C3:1A:BA:D3:01:AD:D7
Certificate issuer:       /CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
Certificate serial:       019F236875E7CC844AF7C9E638B8B4C76486
Authority key identifier: C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/igS0cFT4bKmQza7xOsMautMBrdc.roa
Signing time:             Thu 02 Jul 2026 15:17:56 +0000
ROA not before:           Thu 02 Jul 2026 15:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20648
IP address blocks:        213.220.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Jul 2026 15:19:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:75:e7:cc:84:4a:f7:c9:e6:38:b8:b4:c7:64:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
        Validity
            Not Before: Jul  2 15:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a04b47054f86ca990cdaef13ac31abad301add7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c9:ac:f7:f7:8c:9e:37:01:8b:e7:e2:fa:98:
                    56:a9:86:9b:72:cd:03:23:3c:6c:0e:c7:e1:22:da:
                    ad:59:fc:8f:0f:81:a2:28:a8:09:c4:35:31:10:be:
                    c1:3d:b1:bd:48:c9:82:df:a3:43:51:04:75:69:4b:
                    23:2d:ba:42:d2:8d:d3:b5:e3:84:ef:af:40:54:21:
                    62:86:ba:0d:9a:54:0c:57:0e:63:49:84:81:db:66:
                    99:5e:b3:c0:54:6f:9f:e5:46:ca:58:69:dd:de:65:
                    42:7f:b2:07:5b:4a:6f:dd:95:c8:88:8f:94:82:a0:
                    42:60:4c:55:c2:df:8a:84:10:b4:8a:77:39:cd:4b:
                    7e:9b:1d:75:15:88:dd:eb:bc:13:d4:c6:60:d7:56:
                    3b:23:3d:82:9e:55:4f:5e:28:2d:61:76:12:ae:ef:
                    4b:f9:9b:99:94:ee:8c:e0:c8:ad:4a:67:25:8f:5b:
                    7c:1e:b1:2c:64:b8:d9:77:dc:f3:f0:e2:1e:f2:fe:
                    e8:1d:af:9a:b3:36:d0:ee:e9:b7:7c:7a:91:a3:97:
                    e5:76:a0:cd:ab:c8:66:55:ad:7b:b8:24:01:52:f1:
                    6b:ce:20:1a:20:ec:b2:e9:d0:61:cc:5a:92:4e:d5:
                    48:ab:06:99:93:42:53:18:cd:d1:26:be:eb:a3:43:
                    5d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:04:B4:70:54:F8:6C:A9:90:CD:AE:F1:3A:C3:1A:BA:D3:01:AD:D7
            X509v3 Authority Key Identifier:
                keyid:C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/igS0cFT4bKmQza7xOsMautMBrdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:7b:c5:38:a1:af:21:7d:32:ec:02:05:6a:03:f6:40:83:36:
         1f:34:af:29:8b:eb:0f:b5:1c:4d:e8:f6:c4:20:a4:1e:63:e0:
         4c:42:49:9d:45:42:9a:94:37:89:79:cf:1f:e9:bc:7f:da:d9:
         a8:14:6c:f2:ba:ea:5b:9a:ff:07:b0:bc:fd:38:d3:76:2d:cd:
         01:73:ad:a8:fa:66:cc:8a:f2:c5:c7:1f:18:c5:3a:fc:06:f5:
         dd:d3:aa:3f:36:08:d4:6e:0c:bd:4a:ee:60:e4:dd:ad:73:0c:
         53:0a:a0:43:05:b0:1a:4c:fe:c2:58:f4:65:6c:b7:f3:c5:e4:
         e6:36:6b:47:b3:c8:cf:8a:db:39:f9:f4:de:59:0b:99:44:78:
         64:95:76:29:8a:0d:52:d2:4b:92:79:e0:f2:27:7b:8e:ad:90:
         e5:c0:ea:1b:b9:09:54:f5:6f:68:24:2d:74:5a:34:d3:c5:85:
         0e:a7:87:16:0d:f7:ee:99:d6:78:c2:9b:82:c1:f7:ef:9e:18:
         b2:6c:de:3d:ff:8a:70:1d:f5:1b:dc:ea:80:97:34:f9:d2:1c:
         6d:2a:66:b1:aa:bf:90:50:20:37:6d:2d:76:cc:eb:11:51:87:
         95:8f:03:e3:bd:6e:89:14:bf:1f:12:48:27:06:6f:83:b7:d4:
         5d:d2:d8:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaHXnzIRK98nmOLi0x2SGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNjBkNDZkMWQ4MDQ2YjRkNzRlNGQ4MTU4MThjOGUzNjU5
ZWRiZTkwHhcNMjYwNzAyMTUxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTA0YjQ3MDU0Zjg2Y2E5OTBjZGFlZjEzYWMzMWFiYWQzMDFhZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsms9/eMnjcBi+fi+phWqYabcs0D
IzxsDsfhItqtWfyPD4GiKKgJxDUxEL7BPbG9SMmC36NDUQR1aUsjLbpC0o3TteOE
769AVCFihroNmlQMVw5jSYSB22aZXrPAVG+f5UbKWGnd3mVCf7IHW0pv3ZXIiI+U
gqBCYExVwt+KhBC0inc5zUt+mx11FYjd67wT1MZg11Y7Iz2CnlVPXigtYXYSru9L
+ZuZlO6M4MitSmclj1t8HrEsZLjZd9zz8OIe8v7oHa+aszbQ7um3fHqRo5fldqDN
q8hmVa17uCQBUvFrziAaIOyy6dBhzFqSTtVIqwaZk0JTGM3RJr7ro0NdkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIoEtHBU+GypkM2u8TrDGrrTAa3XMB8GA1UdIwQY
MBaAFMBg1G0dgEa0105NgVgYyONlntvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvaWdTMGNGVDRiS21RemE3eE9zTWF1dE1CcmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dwIMA0G
CSqGSIb3DQEBCwUAA4IBAQCqe8U4oa8hfTLsAgVqA/ZAgzYfNK8pi+sPtRxN6PbE
IKQeY+BMQkmdRUKalDeJec8f6bx/2tmoFGzyuupbmv8HsLz9ONN2Lc0Bc62o+mbM
ivLFxx8YxTr8BvXd06o/NgjUbgy9Su5g5N2tcwxTCqBDBbAaTP7CWPRlbLfzxeTm
NmtHs8jPits5+fTeWQuZRHhklXYpig1S0kuSeeDyJ3uOrZDlwOobuQlU9W9oJC10
WjTTxYUOp4cWDffumdZ4wpuCwffvnhiybN49/4pwHfUb3OqAlzT50hxtKmaxqr+Q
UCA3bS12zOsRUYeVjwPjvW6JFL8fEkgnBm+Dt9Rd0tiZ
-----END CERTIFICATE-----
Generated at Thu Jul 2 23:45:13 2026 by rpki-client