Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/bzC7j0omLj_YNcYGEgPw6KsNGos.roa
File:                     bzC7j0omLj_YNcYGEgPw6KsNGos.roa (raw, json)
Hash identifier:          JbFBMLyqogdNayBZyhkASdXp//+KG+bIXMjX3s0pjGg=
Subject key identifier:   6F:30:BB:8F:4A:26:2E:3F:D8:35:C6:06:12:03:F0:E8:AB:0D:1A:8B
Certificate issuer:       /CN=107312a5016a3cdcc0b7e61dc79f55d3d5ecb37e
Certificate serial:       019D38351A967AFF336A577086137CDD4B37
Authority key identifier: 10:73:12:A5:01:6A:3C:DC:C0:B7:E6:1D:C7:9F:55:D3:D5:EC:B3:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHMSpQFqPNzAt-Ydx59V09Xss34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/bzC7j0omLj_YNcYGEgPw6KsNGos.roa
Signing time:             Sun 29 Mar 2026 06:08:17 +0000
ROA not before:           Sun 29 Mar 2026 06:08:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209576
IP address blocks:        91.132.66.0/24 maxlen: 24
                          91.132.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/EHMSpQFqPNzAt-Ydx59V09Xss34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/EHMSpQFqPNzAt-Ydx59V09Xss34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHMSpQFqPNzAt-Ydx59V09Xss34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:35:1a:96:7a:ff:33:6a:57:70:86:13:7c:dd:4b:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=107312a5016a3cdcc0b7e61dc79f55d3d5ecb37e
        Validity
            Not Before: Mar 29 06:08:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f30bb8f4a262e3fd835c6061203f0e8ab0d1a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:41:23:97:b9:4e:6c:41:35:66:21:63:5b:64:
                    f0:41:e0:a2:b0:fa:5e:93:e2:3a:51:96:57:16:8a:
                    08:a8:3c:fb:34:e4:0d:7c:6e:76:3a:d2:db:bb:53:
                    c8:9a:cd:9d:0c:82:f7:0a:41:12:ab:99:02:84:5d:
                    f0:9f:88:1e:a4:30:ad:c9:73:35:27:82:e1:9b:d2:
                    6f:e1:c5:22:80:fa:e0:c8:80:a5:28:7d:b4:4a:cb:
                    91:f8:5a:0d:4c:51:6c:7f:98:4b:85:c4:24:22:34:
                    07:69:c8:05:9c:89:cd:ac:d3:0a:89:a1:eb:a4:7e:
                    55:7c:3a:76:a4:27:73:bf:88:30:1b:c1:a1:a4:63:
                    ce:35:21:68:5c:a5:1b:2e:43:fb:c6:7d:a7:8f:94:
                    4c:39:e8:b7:86:5e:37:74:fd:bf:18:86:5e:8d:27:
                    32:99:89:dd:37:be:05:cd:11:fc:e1:03:d0:8c:02:
                    b0:e9:b9:18:d6:a0:ae:a3:3a:ff:d9:f6:57:07:b0:
                    7e:a9:64:28:95:25:a8:d7:7e:12:63:12:1b:29:a3:
                    c4:df:4c:8b:60:c9:8b:ac:ba:ce:f4:a5:fe:50:54:
                    27:17:dc:bd:68:51:53:46:4f:85:ed:ed:b5:71:b9:
                    72:8b:67:01:43:a7:ec:3d:3c:38:19:01:65:2c:36:
                    09:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:30:BB:8F:4A:26:2E:3F:D8:35:C6:06:12:03:F0:E8:AB:0D:1A:8B
            X509v3 Authority Key Identifier:
                keyid:10:73:12:A5:01:6A:3C:DC:C0:B7:E6:1D:C7:9F:55:D3:D5:EC:B3:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHMSpQFqPNzAt-Ydx59V09Xss34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/bzC7j0omLj_YNcYGEgPw6KsNGos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/EHMSpQFqPNzAt-Ydx59V09Xss34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:22:41:39:71:02:b2:e0:bd:41:ce:a8:9f:44:c0:b4:a5:2c:
         7e:1d:a5:5d:cf:c3:68:70:bd:1d:be:76:41:25:90:fc:fd:6b:
         cb:c9:be:ef:05:4a:87:2e:65:7b:26:80:f0:d1:92:f0:1e:bd:
         98:ce:8f:b6:13:6a:49:e8:f2:d6:68:4e:3b:30:9e:12:72:df:
         d9:17:1c:df:85:7c:43:44:94:e5:29:ca:6c:95:a5:c7:cd:c6:
         b3:fc:12:6b:c5:2b:75:66:cf:41:ec:55:76:85:f7:9c:64:2a:
         ed:4a:b2:a7:75:a6:50:5f:2a:7b:50:5e:4f:00:49:ad:0c:7f:
         c4:25:7b:4b:a1:62:68:5e:6b:9b:a1:92:ba:a6:b5:f7:b6:7b:
         06:e4:33:9f:2d:63:ec:79:5b:dd:0b:ee:56:07:e7:1e:79:9a:
         22:d1:1d:be:88:13:d9:cf:ee:0d:4f:70:16:fb:d8:8b:3c:f3:
         7d:a1:b1:f2:41:73:4e:35:23:a7:bd:73:5d:c3:61:7a:f9:ec:
         bf:6d:31:70:3d:54:8c:c0:f9:c3:91:70:70:9e:1e:38:49:dc:
         5a:e2:21:bc:c7:ff:64:ca:b8:dd:00:c7:bc:86:8f:f4:2b:a1:
         71:89:6f:b3:ef:ab:45:92:6b:e7:2e:83:25:09:c1:d7:a1:75:
         cc:66:43:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ04NRqWev8zaldwhhN83Us3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzMxMmE1MDE2YTNjZGNjMGI3ZTYxZGM3OWY1NWQzZDVl
Y2IzN2UwHhcNMjYwMzI5MDYwODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjMwYmI4ZjRhMjYyZTNmZDgzNWM2MDYxMjAzZjBlOGFiMGQxYThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskEjl7lObEE1ZiFjW2TwQeCisPpe
k+I6UZZXFooIqDz7NOQNfG52OtLbu1PIms2dDIL3CkESq5kChF3wn4gepDCtyXM1
J4Lhm9Jv4cUigPrgyIClKH20SsuR+FoNTFFsf5hLhcQkIjQHacgFnInNrNMKiaHr
pH5VfDp2pCdzv4gwG8GhpGPONSFoXKUbLkP7xn2nj5RMOei3hl43dP2/GIZejScy
mYndN74FzRH84QPQjAKw6bkY1qCuozr/2fZXB7B+qWQolSWo134SYxIbKaPE30yL
YMmLrLrO9KX+UFQnF9y9aFFTRk+F7e21cblyi2cBQ6fsPTw4GQFlLDYJRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8wu49KJi4/2DXGBhID8OirDRqLMB8GA1UdIwQY
MBaAFBBzEqUBajzcwLfmHcefVdPV7LN+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhNU3BRRnFQTnpBdC1ZZHg1OVYwOVhzczM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC85OWY1YzMtNmI3NS00OGJjLWE4YWEt
M2ZkYmE5NzY5MzAyLzEvYnpDN2owb21Mal9ZTmNZR0VnUHc2S3NOR29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC85OWY1YzMtNmI3NS00OGJjLWE4YWEtM2ZkYmE5NzY5MzAy
LzEvRUhNU3BRRnFQTnpBdC1ZZHg1OVYwOVhzczM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW4RCMA0G
CSqGSIb3DQEBCwUAA4IBAQBgIkE5cQKy4L1BzqifRMC0pSx+HaVdz8NocL0dvnZB
JZD8/WvLyb7vBUqHLmV7JoDw0ZLwHr2Yzo+2E2pJ6PLWaE47MJ4Sct/ZFxzfhXxD
RJTlKcpslaXHzcaz/BJrxSt1Zs9B7FV2hfecZCrtSrKndaZQXyp7UF5PAEmtDH/E
JXtLoWJoXmuboZK6prX3tnsG5DOfLWPseVvdC+5WB+ceeZoi0R2+iBPZz+4NT3AW
+9iLPPN9obHyQXNONSOnvXNdw2F6+ey/bTFwPVSMwPnDkXBwnh44Sdxa4iG8x/9k
yrjdAMe8ho/0K6FxiW+z76tFkmvnLoMlCcHXoXXMZkMr
-----END CERTIFICATE-----