Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/bwenT4iz5NCwdrQAFjUA1IEQOFs.roa
File:                     bwenT4iz5NCwdrQAFjUA1IEQOFs.roa (raw, json)
Hash identifier:          siucHIqJ/AsqXWorY6yYom+k5FE3thAz0JfWFYRglZc=
Subject key identifier:   6F:07:A7:4F:88:B3:E4:D0:B0:76:B4:00:16:35:00:D4:81:10:38:5B
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019CAB3A3F51AD2C47FA86C47397B52349CB
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/bwenT4iz5NCwdrQAFjUA1IEQOFs.roa
Signing time:             Sun 01 Mar 2026 21:07:27 +0000
ROA not before:           Sun 01 Mar 2026 21:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        31.192.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:07:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ab:3a:3f:51:ad:2c:47:fa:86:c4:73:97:b5:23:49:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Mar  1 21:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f07a74f88b3e4d0b076b400163500d48110385b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:17:19:a2:a2:7b:c2:a5:ca:8f:80:c4:ca:ab:
                    7e:3f:0e:1b:90:57:57:09:d5:ba:bb:79:fa:c2:92:
                    55:96:1c:37:81:7d:64:c3:cf:2b:cb:d5:d6:63:17:
                    e1:b4:b1:2f:e2:67:bb:1c:c5:bb:23:36:b2:72:ac:
                    93:9c:dd:26:51:79:9c:31:0d:77:5e:f7:3f:95:b5:
                    f2:37:c4:22:bb:60:81:2a:72:7f:4c:91:35:0d:74:
                    19:2d:98:96:ee:96:f2:c7:9f:92:35:c9:ff:1e:a3:
                    9c:f6:bd:c1:01:32:03:09:40:fe:49:e6:c1:94:a6:
                    8d:08:f4:84:6d:06:5b:48:af:e6:64:81:da:f8:cf:
                    2c:d2:b5:a8:70:6b:be:a5:1b:f7:64:be:88:3f:cd:
                    53:ad:f5:d7:d7:7e:dd:10:0a:9f:fb:7b:9f:fc:1d:
                    8e:62:3d:63:cd:eb:7a:46:99:a6:77:78:b5:2b:64:
                    c0:e9:c4:ad:66:f2:75:f7:5e:a1:d0:be:d5:77:21:
                    15:09:63:7c:cd:ae:9c:4e:70:85:2e:0e:e3:7c:e5:
                    51:a7:72:7a:17:6a:57:e7:0d:02:a9:2b:37:00:07:
                    1f:90:d4:a7:9b:ef:c3:a5:5d:f2:7a:23:53:58:1e:
                    05:8c:b6:34:bb:41:c4:1c:80:37:63:a6:84:3f:0c:
                    0c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:07:A7:4F:88:B3:E4:D0:B0:76:B4:00:16:35:00:D4:81:10:38:5B
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/bwenT4iz5NCwdrQAFjUA1IEQOFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:8f:7d:8c:fe:e3:37:d2:43:93:c8:d7:2e:fa:36:1c:71:16:
         d1:e3:13:4f:6d:19:26:fd:05:55:78:6b:39:51:d1:06:08:22:
         58:53:b2:1b:a7:26:a4:e8:36:dc:ea:ea:37:14:b9:31:ed:a3:
         e2:88:84:09:a6:d2:e2:e7:e8:f2:95:a7:78:2b:0c:9a:40:23:
         21:4a:93:32:bb:e8:d5:bc:8a:1f:4e:7a:ef:f0:ad:24:b1:43:
         9b:4e:38:4e:0a:69:71:59:f6:90:3e:82:73:57:da:66:8b:fb:
         94:ab:bf:56:93:66:fd:91:87:39:2c:a0:f0:f2:ca:dd:61:c9:
         4d:64:df:83:82:f8:89:23:cf:bb:d4:ee:47:e7:ef:e2:ea:c7:
         91:cd:7c:ef:e5:ac:53:f9:7d:87:38:63:d6:28:11:e4:30:32:
         2a:3b:59:14:54:97:9a:d5:ee:62:5e:a1:61:3e:13:b4:45:97:
         bf:c0:a9:1c:80:cb:7f:ae:72:e1:5b:80:42:e4:22:3a:ce:ff:
         0d:be:c1:52:13:16:ea:17:52:9b:4d:93:33:e5:1a:16:78:ab:
         a4:52:16:b6:45:4f:24:85:da:8b:5b:6d:92:f6:67:fa:c1:ce:
         83:e1:4a:f7:52:36:98:f1:f1:8d:2f:38:a9:1c:26:e2:62:77:
         6c:d6:2c:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyrOj9RrSxH+obEc5e1I0nLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwMzAxMjEwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjA3YTc0Zjg4YjNlNGQwYjA3NmI0MDAxNjM1MDBkNDgxMTAzODViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohcZoqJ7wqXKj4DEyqt+Pw4bkFdX
CdW6u3n6wpJVlhw3gX1kw88ry9XWYxfhtLEv4me7HMW7IzaycqyTnN0mUXmcMQ13
Xvc/lbXyN8Qiu2CBKnJ/TJE1DXQZLZiW7pbyx5+SNcn/HqOc9r3BATIDCUD+SebB
lKaNCPSEbQZbSK/mZIHa+M8s0rWocGu+pRv3ZL6IP81TrfXX137dEAqf+3uf/B2O
Yj1jzet6Rpmmd3i1K2TA6cStZvJ1916h0L7VdyEVCWN8za6cTnCFLg7jfOVRp3J6
F2pX5w0CqSs3AAcfkNSnm+/DpV3yeiNTWB4FjLY0u0HEHIA3Y6aEPwwMQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8Hp0+Is+TQsHa0ABY1ANSBEDhbMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvYndlblQ0aXo1TkN3ZHJRQUZqVUExSUVRT0ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH8D3MA0G
CSqGSIb3DQEBCwUAA4IBAQASj32M/uM30kOTyNcu+jYccRbR4xNPbRkm/QVVeGs5
UdEGCCJYU7Ibpyak6Dbc6uo3FLkx7aPiiIQJptLi5+jylad4KwyaQCMhSpMyu+jV
vIofTnrv8K0ksUObTjhOCmlxWfaQPoJzV9pmi/uUq79Wk2b9kYc5LKDw8srdYclN
ZN+DgviJI8+71O5H5+/i6seRzXzv5axT+X2HOGPWKBHkMDIqO1kUVJea1e5iXqFh
PhO0RZe/wKkcgMt/rnLhW4BC5CI6zv8NvsFSExbqF1KbTZMz5RoWeKukUha2RU8k
hdqLW22S9mf6wc6D4Ur3UjaY8fGNLzipHCbiYnds1ix1
-----END CERTIFICATE-----