Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/b8tjTENeq315r5dRse-s6UddbZ4.roa
File:                     b8tjTENeq315r5dRse-s6UddbZ4.roa (raw, json)
Hash identifier:          vYlKF7u/Roxlc6oO2bXZKSMDVRQSHDaSLg7O8tzKX0A=
Subject key identifier:   6F:CB:63:4C:43:5E:AB:7D:79:AF:97:51:B1:EF:AC:E9:47:5D:6D:9E
Certificate issuer:       /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial:       019EF9E59A28AE8B220B83AC45B2F8241532
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/b8tjTENeq315r5dRse-s6UddbZ4.roa
Signing time:             Wed 24 Jun 2026 13:50:34 +0000
ROA not before:           Wed 24 Jun 2026 13:50:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210976
IP address blocks:        78.40.216.0/24 maxlen: 24
                          85.193.92.0/24 maxlen: 24
                          85.193.93.0/24 maxlen: 24
                          85.193.95.0/24 maxlen: 24
                          87.249.50.0/24 maxlen: 24
                          89.191.228.0/24 maxlen: 24
                          90.156.231.0/24 maxlen: 24
                          176.57.212.0/24 maxlen: 24
                          176.57.221.0/24 maxlen: 24
                          185.104.112.0/24 maxlen: 24
                          185.104.115.0/24 maxlen: 24
                          185.247.18.0/24 maxlen: 24
                          185.247.19.0/24 maxlen: 24
                          188.225.14.0/24 maxlen: 24
                          194.35.117.0/24 maxlen: 24
                          217.151.229.0/24 maxlen: 24
                          217.151.231.0/24 maxlen: 24
                          2a03:6f02::/48 maxlen: 128
                          2a03:6f02::/64 maxlen: 64
                          2a03:6f02:1::/48 maxlen: 128
                          2a03:6f02:2::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f9:e5:9a:28:ae:8b:22:0b:83:ac:45:b2:f8:24:15:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
        Validity
            Not Before: Jun 24 13:50:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6fcb634c435eab7d79af9751b1eface9475d6d9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0f:24:df:84:6d:17:45:39:a4:8f:45:22:e4:
                    e2:85:a2:9e:a5:a9:ad:cd:3a:6f:8f:3b:82:54:65:
                    88:96:f3:6e:f1:80:b2:f7:a9:9c:f9:c5:a9:df:e2:
                    84:97:f5:21:b4:91:6d:77:c9:d3:05:93:d3:f6:01:
                    42:dc:c9:2b:24:88:01:f8:8b:eb:7f:f1:1d:4e:dd:
                    47:da:86:e3:2a:a5:d4:4f:48:d5:df:36:a5:bf:50:
                    ad:f5:19:69:9a:91:6a:c0:8a:31:2e:9f:ba:f5:0d:
                    0a:5f:da:91:9a:b7:7e:fb:a1:7a:4a:4e:2b:80:2a:
                    d3:5f:36:9c:f4:75:fe:fa:9c:77:7a:c2:57:2f:9a:
                    a6:f6:20:4d:cb:a8:bb:e8:b3:0a:ce:79:00:4b:c1:
                    0a:97:ae:cd:76:c1:b6:8b:c2:22:3f:80:9c:10:f8:
                    99:2a:b0:33:5b:e4:ee:2d:4d:d7:d2:7f:c3:9b:c4:
                    b9:e5:ca:73:ea:49:d5:43:eb:be:fc:9e:df:4c:f7:
                    03:7f:3d:5d:db:b6:3e:00:44:d6:59:b8:2f:f2:eb:
                    bc:1d:0c:31:ef:82:94:bb:13:b9:a8:59:5f:82:64:
                    a0:6e:23:3a:0d:30:4c:2c:6b:81:11:2d:40:e3:81:
                    db:0b:00:6f:28:26:76:22:41:3d:23:c8:48:e1:9b:
                    4f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:CB:63:4C:43:5E:AB:7D:79:AF:97:51:B1:EF:AC:E9:47:5D:6D:9E
            X509v3 Authority Key Identifier:
                keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/b8tjTENeq315r5dRse-s6UddbZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.216.0/24
                  85.193.92.0/23
                  85.193.95.0/24
                  87.249.50.0/24
                  89.191.228.0/24
                  90.156.231.0/24
                  176.57.212.0/24
                  176.57.221.0/24
                  185.104.112.0/24
                  185.104.115.0/24
                  185.247.18.0/23
                  188.225.14.0/24
                  194.35.117.0/24
                  217.151.229.0/24
                  217.151.231.0/24
                IPv6:
                  2a03:6f02::-2a03:6f02:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1d:54:17:50:eb:21:4b:f7:f9:03:bb:b5:aa:20:e6:81:4b:53:
         29:c5:db:b7:f9:40:fb:41:7e:88:a8:55:51:a8:bd:22:fa:c1:
         19:4e:1e:b0:5c:22:2a:81:1d:b5:1b:71:71:a2:a3:36:9f:af:
         b6:82:3e:01:5c:e4:76:fc:02:71:68:dd:f5:08:1e:84:2f:4c:
         fe:9b:16:d9:45:b1:3a:04:f4:61:4d:3b:d4:70:6b:76:e0:a8:
         dc:3b:0b:1a:d4:55:e4:da:90:d0:80:8b:3c:38:60:91:c8:ad:
         5b:98:36:12:22:f6:ef:78:ee:58:d8:59:36:c6:0b:a4:0f:ae:
         66:0a:8f:e2:76:b1:0d:14:99:14:49:33:b0:87:34:4d:c1:f3:
         9f:91:9a:a9:b2:21:30:1c:d2:09:ae:8d:5e:61:f8:21:ef:54:
         08:ec:f1:01:24:cc:58:8d:6f:68:ba:a7:b1:81:4e:99:13:17:
         42:f2:1c:57:29:71:31:ca:98:82:0c:d0:e9:5b:2c:8a:56:a1:
         f4:28:4d:f4:f1:27:bf:f7:e1:e5:3b:e0:06:06:4c:10:5c:db:
         5f:85:57:8d:26:8a:7a:11:b4:3e:4a:50:97:51:41:82:0d:d6:
         9b:d9:f1:c3:b1:0c:c4:56:76:b5:d5:ec:e2:11:88:1b:c8:52:
         54:0c:39:d8
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAZ755ZoorosiC4OsRbL4JBUyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjYwNjI0MTM1MDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmNiNjM0YzQzNWVhYjdkNzlhZjk3NTFiMWVmYWNlOTQ3NWQ2ZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQ8k34RtF0U5pI9FIuTihaKepamt
zTpvjzuCVGWIlvNu8YCy96mc+cWp3+KEl/UhtJFtd8nTBZPT9gFC3MkrJIgB+Ivr
f/EdTt1H2objKqXUT0jV3zalv1Ct9RlpmpFqwIoxLp+69Q0KX9qRmrd++6F6Sk4r
gCrTXzac9HX++px3esJXL5qm9iBNy6i76LMKznkAS8EKl67NdsG2i8IiP4CcEPiZ
KrAzW+TuLU3X0n/Dm8S55cpz6knVQ+u+/J7fTPcDfz1d27Y+AETWWbgv8uu8HQwx
74KUuxO5qFlfgmSgbiM6DTBMLGuBES1A44HbCwBvKCZ2IkE9I8hI4ZtPNwIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFG/LY0xDXqt9ea+XUbHvrOlHXW2eMB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvYjh0alRFTmVxMzE1cjVkUnNlLXM2VWRkYlo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwYAQCAAEwWgMEAE4o2AME
AVXBXAMEAFXBXwMEAFf5MgMEAFm/5AMEAFqc5wMEALA51AMEALA53QMEALlocAME
ALlocwMEAbn3EgMEALzhDgMEAMIjdQMEANmX5QMEANmX5zAYBAIAAjASMBADBQEq
A28CAwcAKgNvAgACMA0GCSqGSIb3DQEBCwUAA4IBAQAdVBdQ6yFL9/kDu7WqIOaB
S1Mpxdu3+UD7QX6IqFVRqL0i+sEZTh6wXCIqgR21G3FxoqM2n6+2gj4BXOR2/AJx
aN31CB6EL0z+mxbZRbE6BPRhTTvUcGt24KjcOwsa1FXk2pDQgIs8OGCRyK1bmDYS
IvbveO5Y2Fk2xgukD65mCo/idrENFJkUSTOwhzRNwfOfkZqpsiEwHNIJro1eYfgh
71QI7PEBJMxYjW9ouqexgU6ZExdC8hxXKXExypiCDNDpWyyKVqH0KE308Se/9+Hl
O+AGBkwQXNtfhVeNJop6EbQ+SlCXUUGCDdab2fHDsQzEVna11eziEYgbyFJUDDnY
-----END CERTIFICATE-----
Generated at Wed Jul 1 08:34:40 2026 by rpki-client