Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/BGTIebFN8Np0NsQtF_avGDoUny4.roa
File:                     BGTIebFN8Np0NsQtF_avGDoUny4.roa (raw, json)
Hash identifier:          NPCQmuapy/fWkxHdwPSPdnEK1QY4KGIX45+Q8l7yby0=
Subject key identifier:   04:64:C8:79:B1:4D:F0:DA:74:36:C4:2D:17:F6:AF:18:3A:14:9F:2E
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       019D72EE1A1A8672B2D37B217A945EB51EDF
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/BGTIebFN8Np0NsQtF_avGDoUny4.roa
Signing time:             Thu 09 Apr 2026 15:48:20 +0000
ROA not before:           Thu 09 Apr 2026 15:48:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201670
IP address blocks:        195.20.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 01:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:ee:1a:1a:86:72:b2:d3:7b:21:7a:94:5e:b5:1e:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Apr  9 15:48:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0464c879b14df0da7436c42d17f6af183a149f2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:48:27:dd:89:8a:fa:99:25:62:62:42:39:e0:
                    d4:f2:0a:d1:b9:87:48:8d:ba:a1:a8:e1:63:bd:f2:
                    40:bf:87:54:77:56:9b:c8:6d:66:3e:4b:10:97:e2:
                    42:87:ec:84:fc:6f:84:f4:95:05:70:a8:23:dd:e0:
                    18:7e:be:7f:3d:7f:89:fe:d2:79:80:9d:37:a7:2b:
                    4c:4a:a2:a7:47:bf:a6:af:e6:52:55:c0:b3:1a:13:
                    f4:d6:0c:0a:a4:d7:66:11:30:2f:6f:c4:df:b0:41:
                    dd:a4:c1:5e:81:94:cd:d8:db:33:f9:89:16:f4:12:
                    a7:2d:ba:a5:63:f6:00:9a:a0:03:f8:18:b7:23:ed:
                    5a:9d:9b:b3:15:78:7b:4d:21:63:59:a6:ce:51:7f:
                    2c:1c:9a:14:59:db:84:f4:86:0e:3f:e2:bd:b0:c5:
                    69:5c:47:7e:bd:69:48:73:77:34:8a:ba:d9:ab:5d:
                    7c:aa:57:91:c7:7a:2c:f1:b5:6c:4f:1a:b7:6b:09:
                    fa:be:a0:62:0b:30:67:2b:5d:32:58:78:2e:04:b2:
                    81:09:0f:2a:d8:35:5d:9a:73:f7:a4:97:5c:be:61:
                    f7:38:4f:0a:c9:7f:b0:35:48:43:5f:60:20:ae:1e:
                    f7:e5:0e:54:3a:a6:9c:b1:6c:93:2a:00:54:90:1e:
                    64:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:64:C8:79:B1:4D:F0:DA:74:36:C4:2D:17:F6:AF:18:3A:14:9F:2E
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/BGTIebFN8Np0NsQtF_avGDoUny4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:ae:bd:f3:d7:fb:fc:65:1b:4f:f0:8c:1b:3a:bd:75:4a:0d:
         04:1c:3c:60:4f:49:78:54:92:4d:cf:6c:de:4d:c8:6c:61:91:
         d4:ce:88:38:66:f4:30:56:fc:00:81:0a:78:fd:13:36:b9:1a:
         55:25:95:36:3c:22:1a:ef:25:8c:47:3a:52:a1:c2:ad:50:b8:
         d3:c7:d0:db:51:77:b2:68:4c:0e:86:93:6c:e5:af:70:4f:c4:
         d8:69:35:4e:b9:41:fc:fa:71:6d:ae:7c:df:e6:7f:ad:35:a2:
         25:45:a4:12:40:8b:ed:50:89:d9:d3:fd:a9:cd:63:0a:9f:63:
         a2:05:36:a0:74:6c:8d:8a:b5:8f:34:dd:b2:43:f6:08:64:9b:
         98:16:f3:a6:74:1a:dd:0e:fc:b7:13:0a:2c:27:8f:47:07:b5:
         48:40:3a:e8:77:27:41:ba:69:46:06:b8:a1:34:0e:a9:2b:dc:
         35:09:80:ff:df:25:6a:96:b7:67:27:a2:a0:20:47:98:e2:7b:
         9b:a5:6d:62:b3:3e:c9:69:9e:eb:02:12:44:aa:51:48:4b:8b:
         20:c9:e5:b6:4b:d6:d3:20:3f:a9:ea:41:8c:ff:f2:c1:6b:ae:
         14:9d:4a:7f:36:46:5d:9d:bd:e5:bc:b1:fc:df:78:27:90:53:
         5c:9f:9a:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1y7hoahnKy03shepRetR7fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjYwNDA5MTU0ODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDY0Yzg3OWIxNGRmMGRhNzQzNmM0MmQxN2Y2YWYxODNhMTQ5ZjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEgn3YmK+pklYmJCOeDU8grRuYdI
jbqhqOFjvfJAv4dUd1abyG1mPksQl+JCh+yE/G+E9JUFcKgj3eAYfr5/PX+J/tJ5
gJ03pytMSqKnR7+mr+ZSVcCzGhP01gwKpNdmETAvb8TfsEHdpMFegZTN2Nsz+YkW
9BKnLbqlY/YAmqAD+Bi3I+1anZuzFXh7TSFjWabOUX8sHJoUWduE9IYOP+K9sMVp
XEd+vWlIc3c0irrZq118qleRx3os8bVsTxq3awn6vqBiCzBnK10yWHguBLKBCQ8q
2DVdmnP3pJdcvmH3OE8KyX+wNUhDX2Agrh735Q5UOqacsWyTKgBUkB5knwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFARkyHmxTfDadDbELRf2rxg6FJ8uMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvQkdUSWViRk44TnAwTnNRdEZfYXZHRG9Vbnk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxQTMA0G
CSqGSIb3DQEBCwUAA4IBAQAFrr3z1/v8ZRtP8IwbOr11Sg0EHDxgT0l4VJJNz2ze
TchsYZHUzog4ZvQwVvwAgQp4/RM2uRpVJZU2PCIa7yWMRzpSocKtULjTx9DbUXey
aEwOhpNs5a9wT8TYaTVOuUH8+nFtrnzf5n+tNaIlRaQSQIvtUInZ0/2pzWMKn2Oi
BTagdGyNirWPNN2yQ/YIZJuYFvOmdBrdDvy3EwosJ49HB7VIQDrodydBumlGBrih
NA6pK9w1CYD/3yVqlrdnJ6KgIEeY4nubpW1isz7JaZ7rAhJEqlFIS4sgyeW2S9bT
ID+p6kGM//LBa64UnUp/NkZdnb3lvLH833gnkFNcn5o/
-----END CERTIFICATE-----