Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/BDT11QF-TtgdWALp45xoyYelUsM.roa
File:                     BDT11QF-TtgdWALp45xoyYelUsM.roa (raw, json)
Hash identifier:          mujOfcZnyEUoIqlubLK7erXRFeA189kfqWm71HEHJLA=
Subject key identifier:   04:34:F5:D5:01:7E:4E:D8:1D:58:02:E9:E3:9C:68:C9:87:A5:52:C3
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       019D527F45F4B1F2AD0FB057A1EC33C9693B
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/BDT11QF-TtgdWALp45xoyYelUsM.roa
Signing time:             Fri 03 Apr 2026 08:39:25 +0000
ROA not before:           Fri 03 Apr 2026 08:39:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200367
IP address blocks:        209.131.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:7f:45:f4:b1:f2:ad:0f:b0:57:a1:ec:33:c9:69:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: Apr  3 08:39:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0434f5d5017e4ed81d5802e9e39c68c987a552c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:0c:02:51:78:6e:1b:96:a7:7d:58:3f:e0:f8:
                    c6:ef:b7:04:d7:2b:8c:8c:4a:d9:67:b7:e2:d6:07:
                    78:95:3e:22:8f:6f:65:d2:2a:f2:ca:ef:4e:91:6a:
                    27:d6:82:6e:a7:d1:53:04:88:a1:d8:93:7e:b1:18:
                    a5:b1:07:fa:ec:15:eb:ce:c0:e5:a0:a9:31:66:96:
                    c7:c8:13:fb:18:fa:c2:54:af:42:b7:8b:b2:88:12:
                    d0:7b:ae:6f:de:3a:87:f3:6d:b2:f5:af:fc:c7:aa:
                    5f:88:73:da:60:47:04:21:23:7e:c8:6a:29:53:88:
                    5a:f5:84:69:0e:15:dc:16:fc:79:6f:d0:4d:95:ee:
                    48:89:e0:79:44:37:93:d1:04:35:34:b6:f1:ec:eb:
                    43:82:b6:f9:26:ba:ac:63:40:59:6f:b0:83:9f:70:
                    de:8f:39:73:6d:6b:84:d3:e8:53:f9:63:b5:99:4e:
                    74:e0:cc:73:c8:9f:c6:55:64:d6:4b:9b:93:96:25:
                    0f:16:4b:6c:5e:59:35:20:90:91:96:75:d0:26:bd:
                    35:0a:7c:fa:e6:f0:42:f9:36:ec:60:5c:e8:ae:d8:
                    22:b7:5b:32:ab:a8:ac:22:5a:10:ae:4d:fe:56:9f:
                    b5:a6:0f:09:e0:e4:f0:f3:25:35:18:ec:03:9c:db:
                    50:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:34:F5:D5:01:7E:4E:D8:1D:58:02:E9:E3:9C:68:C9:87:A5:52:C3
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/BDT11QF-TtgdWALp45xoyYelUsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.131.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:19:75:6a:58:ba:f7:6b:85:7d:20:a9:f4:54:ca:6a:9f:83:
         05:aa:44:00:a2:81:98:e5:0c:5b:c1:a2:8b:54:30:82:e7:b5:
         8a:44:34:68:6b:96:ba:ed:e8:72:fe:cc:25:3e:a7:34:47:92:
         74:ca:3c:7c:46:13:91:f2:7a:ef:53:6f:9f:96:8d:a0:84:4f:
         31:25:e5:d7:b6:ff:02:ba:ae:2b:fc:c2:72:62:92:e9:3c:30:
         5f:06:be:9f:ad:d5:09:03:34:2d:00:bd:a7:70:f7:d6:9d:5a:
         76:02:f0:97:f8:2d:d0:44:a0:78:d4:16:bf:db:6d:71:ed:bb:
         82:1c:d9:99:b2:96:6a:3f:3f:5d:61:77:be:80:6d:f6:8a:e0:
         25:62:9f:46:71:10:66:bd:bc:5a:e3:c0:38:19:ce:4a:42:c4:
         10:fb:fc:71:ee:ae:28:d2:d4:f4:2c:ee:a0:72:1a:94:ef:71:
         23:fb:e4:1d:e1:7b:e7:5d:2f:0e:f1:ff:c3:b5:48:fb:24:23:
         6b:65:ce:01:dd:f8:87:c6:54:dd:3a:36:0c:b8:b9:9c:ec:64:
         49:ee:fd:00:2c:ec:ce:36:1f:2e:b5:67:fb:ba:54:77:b5:43:
         8c:41:bd:e2:2a:63:ac:ab:86:8e:ce:47:f8:df:08:9d:37:0c:
         dc:ae:ef:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Sf0X0sfKtD7BXoewzyWk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjYwNDAzMDgzOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDM0ZjVkNTAxN2U0ZWQ4MWQ1ODAyZTllMzljNjhjOTg3YTU1MmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgwCUXhuG5anfVg/4PjG77cE1yuM
jErZZ7fi1gd4lT4ij29l0iryyu9OkWon1oJup9FTBIih2JN+sRilsQf67BXrzsDl
oKkxZpbHyBP7GPrCVK9Ct4uyiBLQe65v3jqH822y9a/8x6pfiHPaYEcEISN+yGop
U4ha9YRpDhXcFvx5b9BNle5IieB5RDeT0QQ1NLbx7OtDgrb5JrqsY0BZb7CDn3De
jzlzbWuE0+hT+WO1mU504MxzyJ/GVWTWS5uTliUPFktsXlk1IJCRlnXQJr01Cnz6
5vBC+TbsYFzortgit1syq6isIloQrk3+Vp+1pg8J4OTw8yU1GOwDnNtQHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQ09dUBfk7YHVgC6eOcaMmHpVLDMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvQkRUMTFRRi1UdGdkV0FMcDQ1eG95WWVsVXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0YNDMA0G
CSqGSIb3DQEBCwUAA4IBAQBBGXVqWLr3a4V9IKn0VMpqn4MFqkQAooGY5QxbwaKL
VDCC57WKRDRoa5a67ehy/swlPqc0R5J0yjx8RhOR8nrvU2+flo2ghE8xJeXXtv8C
uq4r/MJyYpLpPDBfBr6frdUJAzQtAL2ncPfWnVp2AvCX+C3QRKB41Ba/221x7buC
HNmZspZqPz9dYXe+gG32iuAlYp9GcRBmvbxa48A4Gc5KQsQQ+/xx7q4o0tT0LO6g
chqU73Ej++Qd4XvnXS8O8f/DtUj7JCNrZc4B3fiHxlTdOjYMuLmc7GRJ7v0ALOzO
Nh8utWf7ulR3tUOMQb3iKmOsq4aOzkf43widNwzcru+U
-----END CERTIFICATE-----