Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ijX-wbrRsGA1oH7vIX-da-hg2o4.roa
File:                     ijX-wbrRsGA1oH7vIX-da-hg2o4.roa (raw, json)
Hash identifier:          eYGuJmx/1NokgHZ4ALtPE2iWk9VkyPXdAtlC+gC9/G4=
Subject key identifier:   8A:35:FE:C1:BA:D1:B0:60:35:A0:7E:EF:21:7F:9D:6B:E8:60:DA:8E
Certificate issuer:       /CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
Certificate serial:       019F23687C25FCA10B86C5A0B8520FE7EF5B
Authority key identifier: C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ijX-wbrRsGA1oH7vIX-da-hg2o4.roa
Signing time:             Thu 02 Jul 2026 15:17:57 +0000
ROA not before:           Thu 02 Jul 2026 15:17:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213918
IP address blocks:        213.220.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Jul 2026 15:19:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:7c:25:fc:a1:0b:86:c5:a0:b8:52:0f:e7:ef:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
        Validity
            Not Before: Jul  2 15:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a35fec1bad1b06035a07eef217f9d6be860da8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:47:ce:1b:14:f4:2d:e4:ec:ff:c0:a2:15:91:
                    ba:68:62:d6:86:0f:ce:7c:35:14:b4:54:a5:1b:ba:
                    33:4a:23:89:8b:a7:68:4a:48:1d:40:06:20:d4:95:
                    f1:70:26:d8:10:65:da:2c:76:c3:cd:f9:d3:45:06:
                    72:38:ba:2e:3a:69:ad:13:78:d0:15:ea:ef:fc:7c:
                    b6:2a:cf:6d:18:53:0a:75:1d:95:a1:3a:32:94:d8:
                    b6:be:d4:09:25:a7:d1:81:79:1d:c9:0d:3e:8a:c4:
                    f2:06:ae:c8:6a:fa:51:69:51:a5:4f:0e:85:69:18:
                    e4:bb:db:6d:10:40:07:cd:95:93:94:d9:b3:1c:d8:
                    e7:11:75:0e:f6:1d:1b:05:5b:76:91:f5:a8:06:94:
                    48:76:43:b6:6d:7d:a2:18:d7:bc:98:cf:60:02:94:
                    3f:e9:c6:41:54:c6:35:3a:e4:04:88:33:e7:c1:19:
                    63:7c:c7:ec:5d:ae:90:80:f0:bd:ff:a5:c4:c7:4b:
                    1f:14:2e:50:40:24:06:f6:99:34:38:de:2b:0d:fc:
                    d0:aa:75:f6:99:a6:e0:b4:67:41:99:d4:98:ba:e6:
                    66:61:6c:ab:50:b4:07:51:c9:ef:42:58:a2:2b:3b:
                    f7:21:66:3d:ea:39:20:31:94:d1:a7:54:e7:f4:4f:
                    b2:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:35:FE:C1:BA:D1:B0:60:35:A0:7E:EF:21:7F:9D:6B:E8:60:DA:8E
            X509v3 Authority Key Identifier:
                keyid:C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/ijX-wbrRsGA1oH7vIX-da-hg2o4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:f7:88:b9:64:22:99:67:9a:f3:f6:95:22:63:af:96:1e:6f:
         c5:8d:dd:3a:58:f0:83:2f:9c:50:52:90:e1:88:90:b7:e8:73:
         05:0d:3a:bb:fc:95:e8:10:3f:8a:a7:49:10:42:09:2b:41:42:
         97:8c:9b:88:0d:f6:99:c2:6a:0c:e2:ff:df:f2:96:3c:12:05:
         43:81:3d:2c:e4:25:e6:81:5d:6c:74:9e:4d:c3:0f:1c:a0:e3:
         1b:7f:d2:ad:92:24:8c:56:a8:64:ff:f0:ea:75:88:b0:20:7c:
         c8:c3:af:98:54:25:d0:12:fa:0b:ba:12:70:ff:d4:25:c8:6a:
         21:9b:c2:37:a3:05:f2:49:c8:4c:dc:7e:ce:5c:5e:8a:5d:e4:
         1a:1f:fa:3f:66:76:c9:9d:80:2b:4a:87:0c:f9:f5:2c:bf:7b:
         bf:81:21:21:89:4a:93:e0:d5:d3:c0:94:8b:ca:41:8d:c6:be:
         4a:aa:11:d0:28:fc:30:4e:62:a4:0b:d6:89:32:25:fc:e7:d2:
         c8:36:72:1a:e5:6e:2a:51:88:5e:1e:ae:7a:43:5a:62:f6:56:
         38:62:08:23:8b:76:45:e2:4f:48:4d:08:2c:02:fd:92:63:97:
         16:36:24:e1:78:6a:4b:9e:f2:aa:42:0a:c8:a5:51:69:f1:dd:
         8a:89:8e:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaHwl/KELhsWguFIP5+9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNjBkNDZkMWQ4MDQ2YjRkNzRlNGQ4MTU4MThjOGUzNjU5
ZWRiZTkwHhcNMjYwNzAyMTUxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTM1ZmVjMWJhZDFiMDYwMzVhMDdlZWYyMTdmOWQ2YmU4NjBkYThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEfOGxT0LeTs/8CiFZG6aGLWhg/O
fDUUtFSlG7ozSiOJi6doSkgdQAYg1JXxcCbYEGXaLHbDzfnTRQZyOLouOmmtE3jQ
Ferv/Hy2Ks9tGFMKdR2VoToylNi2vtQJJafRgXkdyQ0+isTyBq7IavpRaVGlTw6F
aRjku9ttEEAHzZWTlNmzHNjnEXUO9h0bBVt2kfWoBpRIdkO2bX2iGNe8mM9gApQ/
6cZBVMY1OuQEiDPnwRljfMfsXa6QgPC9/6XEx0sfFC5QQCQG9pk0ON4rDfzQqnX2
mabgtGdBmdSYuuZmYWyrULQHUcnvQliiKzv3IWY96jkgMZTRp1Tn9E+y+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIo1/sG60bBgNaB+7yF/nWvoYNqOMB8GA1UdIwQY
MBaAFMBg1G0dgEa0105NgVgYyONlntvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvaWpYLXdiclJzR0Exb0g3dklYLWRhLWhnMm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dw+MA0G
CSqGSIb3DQEBCwUAA4IBAQBY94i5ZCKZZ5rz9pUiY6+WHm/Fjd06WPCDL5xQUpDh
iJC36HMFDTq7/JXoED+Kp0kQQgkrQUKXjJuIDfaZwmoM4v/f8pY8EgVDgT0s5CXm
gV1sdJ5Nww8coOMbf9KtkiSMVqhk//DqdYiwIHzIw6+YVCXQEvoLuhJw/9QlyGoh
m8I3owXySchM3H7OXF6KXeQaH/o/ZnbJnYArSocM+fUsv3u/gSEhiUqT4NXTwJSL
ykGNxr5KqhHQKPwwTmKkC9aJMiX859LINnIa5W4qUYheHq56Q1pi9lY4Yggji3ZF
4k9ITQgsAv2SY5cWNiTheGpLnvKqQgrIpVFp8d2KiY57
-----END CERTIFICATE-----
Generated at Thu Jul 2 23:46:02 2026 by rpki-client