Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/BTfvoIck4b28eRIuEepSXwKoAEM.roa
File:                     BTfvoIck4b28eRIuEepSXwKoAEM.roa (raw, json)
Hash identifier:          6Ax1yR50ZJUgxHWK/99D8/Pvfpz5kOgbVo/9rQbcsQU=
Subject key identifier:   05:37:EF:A0:87:24:E1:BD:BC:79:12:2E:11:EA:52:5F:02:A8:00:43
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019C8E93D39254C9F818892B552DC5B43CDD
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/BTfvoIck4b28eRIuEepSXwKoAEM.roa
Signing time:             Tue 24 Feb 2026 07:36:18 +0000
ROA not before:           Tue 24 Feb 2026 07:36:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138195
IP address blocks:        93.114.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:93:d3:92:54:c9:f8:18:89:2b:55:2d:c5:b4:3c:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Feb 24 07:36:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0537efa08724e1bdbc79122e11ea525f02a80043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:56:07:39:44:40:04:be:04:39:ee:db:46:0b:
                    e2:92:78:c7:c9:df:ac:53:92:0b:65:80:f1:00:a0:
                    32:a4:86:8c:3a:23:ec:73:28:63:6d:47:5b:89:08:
                    62:fa:4c:57:15:47:4f:50:01:9e:d6:58:e1:04:18:
                    00:af:66:26:a9:2e:a5:25:47:0f:d9:24:7c:83:65:
                    cd:22:e7:2b:e3:df:79:f7:ec:a9:7c:4d:d9:bf:48:
                    dc:e2:a9:8f:53:77:32:8b:a1:88:86:91:ea:0a:db:
                    48:a8:92:94:08:cb:68:2d:bc:be:eb:cf:9a:0d:cd:
                    ed:33:0e:fa:28:88:3f:39:8c:61:76:ac:80:9d:f7:
                    3b:da:9c:54:bf:1b:c8:bf:37:7e:a6:a3:57:55:6b:
                    42:e6:4b:11:49:67:9d:6b:d2:70:7c:f0:8a:44:8f:
                    5d:95:f4:2e:44:c7:55:b6:83:bd:c1:46:c5:6e:4d:
                    77:8f:d4:42:bc:86:8d:4f:b4:2a:db:1e:e4:7d:3c:
                    28:ae:dc:29:91:16:f6:9d:5b:29:26:cb:36:b3:94:
                    9b:72:ac:9c:3a:eb:b1:61:2e:28:08:7a:75:59:94:
                    37:8b:da:fd:51:cb:d8:d2:ab:6e:2c:2d:8b:78:3f:
                    0d:54:0f:5b:17:dc:aa:91:99:3d:85:60:d9:b8:11:
                    97:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:37:EF:A0:87:24:E1:BD:BC:79:12:2E:11:EA:52:5F:02:A8:00:43
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/BTfvoIck4b28eRIuEepSXwKoAEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:bd:11:03:a2:25:4d:32:32:85:ad:51:3f:da:02:e6:c9:f8:
         b2:90:e8:e8:1e:2f:8b:d1:f0:e5:a5:fa:11:b8:b4:cb:94:97:
         80:b3:c0:25:f5:c7:e3:18:e7:5f:25:0b:e5:72:cb:17:ea:4b:
         2a:2f:0a:b0:ee:ba:62:4c:e5:fb:26:a8:aa:32:19:d5:8d:93:
         54:68:cb:e5:1b:ce:76:a1:ba:0b:f7:b5:78:a9:56:88:67:2c:
         af:11:2c:18:9e:17:b5:81:b1:dd:0e:56:40:1a:39:ad:29:25:
         58:82:1f:e4:df:ac:43:70:b8:ca:a6:42:49:52:08:e5:f8:dd:
         50:cc:70:c1:19:37:0b:ed:93:48:e0:d0:20:c8:9d:a2:80:c4:
         5b:7b:69:4f:f5:c9:02:10:63:e5:ab:90:cc:c4:3b:ee:3e:81:
         c6:8e:08:58:19:32:1b:5a:ce:32:8e:e6:3d:70:cd:50:81:78:
         a3:04:e6:80:64:ee:f3:22:8b:02:41:85:26:fb:75:5b:ff:40:
         ea:d3:f4:47:e4:6f:0c:15:dc:d2:3f:72:c9:d9:b1:bb:1b:ef:
         e2:b7:0e:7e:83:59:b5:28:ef:50:e3:56:fe:48:c8:34:0b:db:
         70:69:5d:e5:5f:32:10:77:2e:f9:a5:74:ce:e3:c0:6c:2e:91:
         2d:ef:08:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyOk9OSVMn4GIkrVS3FtDzdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwMjI0MDczNjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTM3ZWZhMDg3MjRlMWJkYmM3OTEyMmUxMWVhNTI1ZjAyYTgwMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVYHOURABL4EOe7bRgviknjHyd+s
U5ILZYDxAKAypIaMOiPscyhjbUdbiQhi+kxXFUdPUAGe1ljhBBgAr2YmqS6lJUcP
2SR8g2XNIucr49959+ypfE3Zv0jc4qmPU3cyi6GIhpHqCttIqJKUCMtoLby+68+a
Dc3tMw76KIg/OYxhdqyAnfc72pxUvxvIvzd+pqNXVWtC5ksRSWeda9JwfPCKRI9d
lfQuRMdVtoO9wUbFbk13j9RCvIaNT7Qq2x7kfTwortwpkRb2nVspJss2s5Sbcqyc
OuuxYS4oCHp1WZQ3i9r9UcvY0qtuLC2LeD8NVA9bF9yqkZk9hWDZuBGXWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAU376CHJOG9vHkSLhHqUl8CqABDMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvQlRmdm9JY2s0YjI4ZVJJdUVlcFNYd0tvQUVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXK7MA0G
CSqGSIb3DQEBCwUAA4IBAQARvREDoiVNMjKFrVE/2gLmyfiykOjoHi+L0fDlpfoR
uLTLlJeAs8Al9cfjGOdfJQvlcssX6ksqLwqw7rpiTOX7JqiqMhnVjZNUaMvlG852
oboL97V4qVaIZyyvESwYnhe1gbHdDlZAGjmtKSVYgh/k36xDcLjKpkJJUgjl+N1Q
zHDBGTcL7ZNI4NAgyJ2igMRbe2lP9ckCEGPlq5DMxDvuPoHGjghYGTIbWs4yjuY9
cM1QgXijBOaAZO7zIosCQYUm+3Vb/0Dq0/RH5G8MFdzSP3LJ2bG7G+/itw5+g1m1
KO9Q41b+SMg0C9twaV3lXzIQdy75pXTO48BsLpEt7wig
-----END CERTIFICATE-----