Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/bWK3uhABpwf6mvXl4q8o7yPRJno.roa
File:                     bWK3uhABpwf6mvXl4q8o7yPRJno.roa (raw, json)
Hash identifier:          /EqiCs51Nu4hopwtTcoOO6slNJ4AdVdaWqEpADYeITY=
Subject key identifier:   6D:62:B7:BA:10:01:A7:07:FA:9A:F5:E5:E2:AF:28:EF:23:D1:26:7A
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       019D4D66A54E5BE2932FC876D29B9A7D08A4
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/bWK3uhABpwf6mvXl4q8o7yPRJno.roa
Signing time:             Thu 02 Apr 2026 08:54:25 +0000
ROA not before:           Thu 02 Apr 2026 08:54:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201136
IP address blocks:        62.164.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4d:66:a5:4e:5b:e2:93:2f:c8:76:d2:9b:9a:7d:08:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Apr  2 08:54:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d62b7ba1001a707fa9af5e5e2af28ef23d1267a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4b:1d:13:21:6b:6b:82:ce:43:fc:68:9d:e9:
                    b4:c2:bc:44:49:1b:d8:a3:4b:6a:d6:50:cf:5b:1b:
                    47:fe:30:17:11:56:54:b7:2b:2b:69:1c:c3:85:c6:
                    5c:c5:ff:54:99:8f:77:80:c9:ce:1f:1c:8b:fb:a0:
                    35:78:fe:9e:04:e6:a4:9b:10:b0:69:5e:95:86:5b:
                    4e:52:92:0e:8e:75:9f:d4:56:dc:f7:4d:bc:73:22:
                    ee:f7:88:c9:26:1a:54:df:ff:b0:86:91:70:c9:62:
                    20:9f:90:56:6d:77:9d:25:78:52:e6:ea:75:fb:1c:
                    20:9c:bb:94:87:bb:0e:11:cf:30:06:4a:e4:8d:bf:
                    c4:71:ae:52:f9:0f:90:fe:ca:f1:d4:10:1f:2b:0c:
                    a9:3b:b6:ab:93:e1:ab:29:99:94:7a:f1:40:00:fb:
                    70:97:8a:66:79:b3:a3:c7:4a:9a:cc:b2:b2:bc:b0:
                    e7:86:57:88:3c:b8:bf:cb:3d:62:bf:0c:93:3b:cc:
                    b4:57:65:cc:20:df:28:65:f8:6b:2b:f3:28:77:5e:
                    89:43:69:78:0c:e0:63:5c:0e:14:1a:ea:0e:01:85:
                    d7:e6:fa:5c:85:9f:00:ef:8f:91:81:30:c2:a2:c0:
                    b5:dc:86:29:3f:d9:c1:6b:f9:75:f4:40:4b:32:1e:
                    76:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:62:B7:BA:10:01:A7:07:FA:9A:F5:E5:E2:AF:28:EF:23:D1:26:7A
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/bWK3uhABpwf6mvXl4q8o7yPRJno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:e4:3d:4a:a0:88:9f:bf:14:75:b9:fd:ea:84:9a:20:e8:3c:
         1b:a9:4b:b5:e9:e4:46:9a:89:e5:a8:4d:91:0e:de:ea:97:10:
         e5:9b:ea:03:4b:92:5d:e3:8d:be:66:83:7b:01:d5:b8:db:a8:
         aa:96:8c:d8:b8:e9:e5:76:d7:96:57:09:0e:50:e0:61:03:27:
         1c:11:0b:77:26:f5:d8:ea:ef:38:8a:50:eb:e8:a2:60:9d:df:
         39:b0:5c:1e:47:9a:b7:24:8c:aa:ed:a5:9f:46:df:46:4d:f6:
         d2:3a:6d:3d:4e:5a:cd:48:89:cd:dd:b1:98:ff:42:52:8a:f4:
         56:eb:5c:6d:5d:58:18:17:e4:70:16:a2:27:d3:ec:c0:f5:55:
         56:0e:24:00:b9:1b:ac:98:bf:81:db:a9:9a:8e:f7:67:a8:1c:
         25:e3:ba:58:58:b0:15:73:6a:fa:da:a5:1f:b0:a8:5c:9c:a3:
         3b:a6:78:a2:92:93:98:31:fc:07:51:66:d1:62:16:f9:1e:fd:
         3c:43:7f:1d:98:a2:b2:7f:08:ec:d3:b5:c1:85:dd:d4:ed:df:
         c0:9a:13:d4:61:4b:62:c5:fd:cb:62:42:51:bc:4c:e6:75:29:
         bb:4f:5a:4f:41:84:df:b1:db:4f:fc:f5:eb:5f:3c:71:a3:b3:
         3e:58:de:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1NZqVOW+KTL8h20puafQikMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjYwNDAyMDg1NDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDYyYjdiYTEwMDFhNzA3ZmE5YWY1ZTVlMmFmMjhlZjIzZDEyNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUsdEyFra4LOQ/xonem0wrxESRvY
o0tq1lDPWxtH/jAXEVZUtysraRzDhcZcxf9UmY93gMnOHxyL+6A1eP6eBOakmxCw
aV6VhltOUpIOjnWf1Fbc9028cyLu94jJJhpU3/+whpFwyWIgn5BWbXedJXhS5up1
+xwgnLuUh7sOEc8wBkrkjb/Eca5S+Q+Q/srx1BAfKwypO7ark+GrKZmUevFAAPtw
l4pmebOjx0qazLKyvLDnhleIPLi/yz1ivwyTO8y0V2XMIN8oZfhrK/Mod16JQ2l4
DOBjXA4UGuoOAYXX5vpchZ8A74+RgTDCosC13IYpP9nBa/l19EBLMh52nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1it7oQAacH+pr15eKvKO8j0SZ6MB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvYldLM3VoQUJwd2Y2bXZYbDRxOG83eVBSSm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqTAMA0G
CSqGSIb3DQEBCwUAA4IBAQAi5D1KoIifvxR1uf3qhJog6DwbqUu16eRGmonlqE2R
Dt7qlxDlm+oDS5Jd442+ZoN7AdW426iqlozYuOnldteWVwkOUOBhAyccEQt3JvXY
6u84ilDr6KJgnd85sFweR5q3JIyq7aWfRt9GTfbSOm09TlrNSInN3bGY/0JSivRW
61xtXVgYF+RwFqIn0+zA9VVWDiQAuRusmL+B26majvdnqBwl47pYWLAVc2r62qUf
sKhcnKM7pniikpOYMfwHUWbRYhb5Hv08Q38dmKKyfwjs07XBhd3U7d/AmhPUYUti
xf3LYkJRvEzmdSm7T1pPQYTfsdtP/PXrXzxxo7M+WN6h
-----END CERTIFICATE-----