Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/B1LmogDiG5H4_k5uUrgfonyyiW4.roa
File:                     B1LmogDiG5H4_k5uUrgfonyyiW4.roa (raw, json)
Hash identifier:          LtJgG4zjDao4Dx7LNTGfrda2tlESdObImPV8hyJ+LrQ=
Subject key identifier:   07:52:E6:A2:00:E2:1B:91:F8:FE:4E:6E:52:B8:1F:A2:7C:B2:89:6E
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D77D28C9BBAEDA6364B9F2E23F0BAB6FB
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/B1LmogDiG5H4_k5uUrgfonyyiW4.roa
Signing time:             Fri 10 Apr 2026 14:36:20 +0000
ROA not before:           Fri 10 Apr 2026 14:36:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199184
IP address blocks:        186.246.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 00:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:77:d2:8c:9b:ba:ed:a6:36:4b:9f:2e:23:f0:ba:b6:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 10 14:36:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0752e6a200e21b91f8fe4e6e52b81fa27cb2896e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8b:2e:14:58:9f:91:15:57:6d:4c:cb:78:07:
                    ec:c4:c8:dd:c6:b4:0c:72:3f:e0:14:d3:f9:7e:94:
                    5d:35:46:74:1a:2e:93:ae:db:6b:77:01:e1:54:76:
                    ec:48:ad:0a:65:76:3d:f2:28:bd:fc:99:6c:a3:78:
                    ed:99:24:9d:d3:60:fc:ee:93:0f:ec:32:90:05:95:
                    11:f6:da:86:fb:18:90:47:05:92:03:d4:35:a0:77:
                    ec:88:67:b1:7e:ec:65:82:71:31:f8:40:30:4f:ce:
                    fe:c7:b7:16:cd:25:28:75:cd:42:a3:10:ab:e4:ec:
                    40:59:58:06:cf:3e:02:43:45:8c:3a:f1:f0:37:fa:
                    ac:f8:ff:bd:09:4b:ed:25:eb:6e:85:d7:23:2a:42:
                    50:1d:80:b7:84:aa:4f:3c:27:0d:4a:3c:df:d7:b9:
                    99:3a:f7:4f:5d:a2:6b:61:09:b8:be:3e:31:b6:f8:
                    51:b5:08:b4:ff:07:35:b7:e0:c1:bd:25:45:27:61:
                    28:69:b3:0c:df:b5:4c:d9:84:49:b9:6e:74:c4:24:
                    a8:a2:a2:01:e3:ae:3a:21:75:7e:67:ca:b0:0f:f5:
                    a1:b3:fb:4f:32:99:48:55:cb:3a:6f:7f:93:f5:3c:
                    04:ce:b1:79:0c:61:06:98:22:f6:47:ea:ec:29:21:
                    70:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:52:E6:A2:00:E2:1B:91:F8:FE:4E:6E:52:B8:1F:A2:7C:B2:89:6E
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/B1LmogDiG5H4_k5uUrgfonyyiW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  186.246.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:15:4d:9f:01:dc:45:70:fa:d5:03:de:97:51:b8:7b:72:16:
         85:12:6e:25:20:f7:28:61:1d:59:8f:f7:07:2a:f2:40:f5:b1:
         9d:9a:5c:2f:68:f5:17:d2:ff:84:02:28:23:29:ae:e7:72:b0:
         2e:d2:60:7d:83:8d:0e:83:67:e5:97:a8:65:7b:03:c4:c4:40:
         c1:ff:97:23:fe:56:ff:cb:6d:61:b0:73:aa:96:0d:86:ca:95:
         49:17:37:52:65:ae:bc:97:03:62:7a:b7:45:db:36:f6:a4:bc:
         84:08:29:49:2c:de:0a:85:d1:4a:e6:e1:2b:2b:1c:58:d4:34:
         c1:e4:b0:6f:f6:0e:44:17:79:dd:18:86:a9:77:e5:f2:02:4a:
         3d:a6:21:f4:e0:11:b4:56:0a:66:eb:5c:fb:10:12:96:9b:06:
         08:c4:f7:02:c2:e1:94:a2:8d:54:a1:77:90:6c:9e:1e:eb:a7:
         8e:e5:63:eb:41:34:1b:13:e5:ce:f3:33:c9:78:6e:8f:d6:16:
         b6:ee:e6:e7:ef:20:20:4b:bf:c2:11:1d:43:d9:d6:9d:31:1a:
         f4:75:47:80:5c:d9:57:0d:27:5f:d8:db:e6:78:0c:f5:0c:3a:
         1f:4e:39:aa:fe:47:7c:9d:62:b0:31:c3:9d:34:5c:2e:c9:2f:
         49:de:bb:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ130oybuu2mNkufLiPwurb7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNDEwMTQzNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzUyZTZhMjAwZTIxYjkxZjhmZTRlNmU1MmI4MWZhMjdjYjI4OTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmosuFFifkRVXbUzLeAfsxMjdxrQM
cj/gFNP5fpRdNUZ0Gi6TrttrdwHhVHbsSK0KZXY98ii9/Jlso3jtmSSd02D87pMP
7DKQBZUR9tqG+xiQRwWSA9Q1oHfsiGexfuxlgnEx+EAwT87+x7cWzSUodc1CoxCr
5OxAWVgGzz4CQ0WMOvHwN/qs+P+9CUvtJetuhdcjKkJQHYC3hKpPPCcNSjzf17mZ
OvdPXaJrYQm4vj4xtvhRtQi0/wc1t+DBvSVFJ2EoabMM37VM2YRJuW50xCSooqIB
4646IXV+Z8qwD/Whs/tPMplIVcs6b3+T9TwEzrF5DGEGmCL2R+rsKSFw6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdS5qIA4huR+P5OblK4H6J8soluMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvQjFMbW9nRGlHNUg0X2s1dVVyZ2Zvbnl5aVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuvYkMA0G
CSqGSIb3DQEBCwUAA4IBAQCDFU2fAdxFcPrVA96XUbh7chaFEm4lIPcoYR1Zj/cH
KvJA9bGdmlwvaPUX0v+EAigjKa7ncrAu0mB9g40Og2fll6hlewPExEDB/5cj/lb/
y21hsHOqlg2GypVJFzdSZa68lwNierdF2zb2pLyECClJLN4KhdFK5uErKxxY1DTB
5LBv9g5EF3ndGIapd+XyAko9piH04BG0Vgpm61z7EBKWmwYIxPcCwuGUoo1UoXeQ
bJ4e66eO5WPrQTQbE+XO8zPJeG6P1ha27ubn7yAgS7/CER1D2dadMRr0dUeAXNlX
DSdf2NvmeAz1DDofTjmq/kd8nWKwMcOdNFwuyS9J3rtE
-----END CERTIFICATE-----