Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BtHG8IfxfpFju_GHM0HJT_lAaG0.roa
File:                     BtHG8IfxfpFju_GHM0HJT_lAaG0.roa (raw, json)
Hash identifier:          aJ2zdIl61qWuvylXlJG4FiyTDaMrreN2oUtE3yfn0S4=
Subject key identifier:   06:D1:C6:F0:87:F1:7E:91:63:BB:F1:87:33:41:C9:4F:F9:40:68:6D
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019D62A138D7E5F395D783CDC1241E491368
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BtHG8IfxfpFju_GHM0HJT_lAaG0.roa
Signing time:             Mon 06 Apr 2026 11:50:26 +0000
ROA not before:           Mon 06 Apr 2026 11:50:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204104
IP address blocks:        195.96.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:62:a1:38:d7:e5:f3:95:d7:83:cd:c1:24:1e:49:13:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Apr  6 11:50:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06d1c6f087f17e9163bbf1873341c94ff940686d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:62:b9:17:96:eb:8a:c2:5f:e1:4f:71:8f:bf:
                    8e:6a:f1:3d:e5:06:ae:73:29:75:b7:03:59:fe:1f:
                    35:eb:67:71:c4:39:a5:20:3b:46:44:b9:98:6f:4d:
                    41:84:54:1f:67:3e:13:b9:67:c2:c6:4e:f4:b5:f5:
                    a7:a9:32:0f:9c:2e:67:26:c1:c4:82:cd:bd:c7:33:
                    c5:96:7a:74:bd:4e:2c:7d:b1:9b:57:12:34:4f:c6:
                    61:db:83:01:95:49:56:a9:15:4b:50:1d:97:ed:a1:
                    15:5f:03:be:da:11:62:d5:c8:9c:76:a7:f0:3f:93:
                    eb:01:37:9c:7b:6f:d3:ef:80:c8:43:dc:e2:ed:dd:
                    f2:55:fb:2e:c2:3c:dd:0f:af:91:7b:f4:8a:ce:01:
                    24:49:9a:a9:75:1b:4b:e2:1b:e0:54:65:26:f8:b9:
                    f7:d4:ba:90:e3:72:31:6e:1e:00:ab:be:77:3f:0f:
                    49:35:41:77:12:77:3c:be:c2:96:e0:1a:b3:49:75:
                    2f:2a:14:0f:9a:f8:a7:d5:3e:02:17:25:25:93:63:
                    a7:5f:4b:04:c0:c5:8b:45:f3:85:fb:3d:9a:47:4a:
                    63:70:f5:84:18:49:5e:27:c9:8d:8a:b9:b2:e9:a1:
                    63:bc:4d:b3:dc:0c:78:7a:7c:9d:4d:a6:ec:1c:d1:
                    26:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D1:C6:F0:87:F1:7E:91:63:BB:F1:87:33:41:C9:4F:F9:40:68:6D
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/BtHG8IfxfpFju_GHM0HJT_lAaG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:ff:23:ab:1d:10:6d:28:64:69:e8:ce:d7:ef:89:d9:51:cb:
         66:40:57:58:31:7b:49:84:86:55:cc:ac:28:48:d4:96:97:e9:
         5f:3f:aa:62:36:66:6e:f3:d2:4e:0a:84:e3:6b:59:1c:8b:d9:
         21:ca:20:0e:0c:df:48:26:63:b9:ae:f7:68:b1:c7:13:f3:cf:
         c4:54:c3:a4:6a:db:ff:1a:63:3f:8f:9f:db:c9:36:b4:dd:d9:
         2a:70:0b:4b:bc:d2:4a:87:ce:c1:40:40:04:7d:94:9c:76:f6:
         9d:f3:43:86:61:2b:b1:62:b2:34:40:4d:1c:61:40:05:cf:1d:
         23:e9:69:d9:be:a8:60:5f:f5:64:a6:12:c3:65:3e:84:3d:c0:
         41:5e:b3:b2:16:ae:b8:eb:cb:08:cb:3a:f8:a9:55:56:51:c4:
         70:47:be:1a:e8:b6:b9:b6:f8:de:0c:5e:42:d3:c3:60:cb:fb:
         77:0e:2a:8d:90:95:b3:56:cb:ab:68:8f:44:64:61:83:9b:bb:
         49:01:14:32:e1:3d:01:db:b1:5e:74:fa:89:cd:69:fd:01:77:
         ff:97:90:01:7d:55:5b:0c:67:6b:7b:1f:4a:9f:a3:a7:aa:54:
         2b:08:bf:09:af:bb:a7:a1:b1:8f:dd:6d:13:13:4a:4a:8b:b3:
         79:13:05:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1ioTjX5fOV14PNwSQeSRNoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwNDA2MTE1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQxYzZmMDg3ZjE3ZTkxNjNiYmYxODczMzQxYzk0ZmY5NDA2ODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmK5F5brisJf4U9xj7+OavE95Qau
cyl1twNZ/h8162dxxDmlIDtGRLmYb01BhFQfZz4TuWfCxk70tfWnqTIPnC5nJsHE
gs29xzPFlnp0vU4sfbGbVxI0T8Zh24MBlUlWqRVLUB2X7aEVXwO+2hFi1cicdqfw
P5PrATece2/T74DIQ9zi7d3yVfsuwjzdD6+Re/SKzgEkSZqpdRtL4hvgVGUm+Ln3
1LqQ43Ixbh4Aq753Pw9JNUF3Enc8vsKW4BqzSXUvKhQPmvin1T4CFyUlk2OnX0sE
wMWLRfOF+z2aR0pjcPWEGEleJ8mNirmy6aFjvE2z3Ax4enydTabsHNEmywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbRxvCH8X6RY7vxhzNByU/5QGhtMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvQnRIRzhJZnhmcEZqdV9HSE0wSEpUX2xBYUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CHMA0G
CSqGSIb3DQEBCwUAA4IBAQAk/yOrHRBtKGRp6M7X74nZUctmQFdYMXtJhIZVzKwo
SNSWl+lfP6piNmZu89JOCoTja1kci9khyiAODN9IJmO5rvdosccT88/EVMOkatv/
GmM/j5/byTa03dkqcAtLvNJKh87BQEAEfZScdvad80OGYSuxYrI0QE0cYUAFzx0j
6WnZvqhgX/VkphLDZT6EPcBBXrOyFq6468sIyzr4qVVWUcRwR74a6La5tvjeDF5C
08Ngy/t3DiqNkJWzVsuraI9EZGGDm7tJARQy4T0B27FedPqJzWn9AXf/l5ABfVVb
DGdrex9Kn6OnqlQrCL8Jr7unobGP3W0TE0pKi7N5EwXb
-----END CERTIFICATE-----