Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/BiFlBqm3KUzEVOiMzYhT_EVILsg.roa
File:                     BiFlBqm3KUzEVOiMzYhT_EVILsg.roa (raw, json)
Hash identifier:          fPfSMKmz3G9txaE/xrCmq0xkzT0anA6fzG93SYzo/Cs=
Subject key identifier:   06:21:65:06:A9:B7:29:4C:C4:54:E8:8C:CD:88:53:FC:45:48:2E:C8
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       019E82EBB99A0790FB844FBA363EB1099102
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/BiFlBqm3KUzEVOiMzYhT_EVILsg.roa
Signing time:             Mon 01 Jun 2026 11:22:27 +0000
ROA not before:           Mon 01 Jun 2026 11:22:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197158
IP address blocks:        45.95.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:eb:b9:9a:07:90:fb:84:4f:ba:36:3e:b1:09:91:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jun  1 11:22:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06216506a9b7294cc454e88ccd8853fc45482ec8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:48:39:d7:9a:67:5e:85:46:2d:65:21:96:18:
                    ed:c8:39:a9:4e:96:5a:e2:d0:bb:33:e3:22:63:a4:
                    01:7d:7f:60:0c:49:5d:20:88:57:b1:9d:28:70:7c:
                    da:1b:37:5c:1a:51:17:24:a2:3c:f7:5e:38:ba:72:
                    e7:a7:a1:25:a3:4c:ec:0d:73:02:51:5c:33:7e:29:
                    7c:9b:a2:a5:f8:63:c7:61:e7:a3:31:bc:b4:a4:76:
                    9d:fd:8f:8b:4c:f3:0b:e8:d9:66:41:d1:ad:eb:05:
                    47:d8:7b:e5:be:c3:1e:7a:a3:29:ae:14:5a:77:3e:
                    98:03:71:43:54:2b:f3:69:77:6c:1d:4c:ed:d3:76:
                    13:32:02:34:e3:10:df:48:bb:6e:9e:fd:ed:d1:ab:
                    26:45:61:39:44:78:a1:d6:8b:83:c7:0c:1b:3a:a9:
                    f2:95:9a:5f:6d:ba:c8:a1:9a:53:9d:4c:21:30:86:
                    c7:4d:28:84:06:5a:da:ea:fa:a8:e7:01:92:ea:48:
                    42:8d:c4:cb:ce:4b:a3:f1:94:9b:dc:26:75:6c:10:
                    22:9f:54:8c:60:5b:b2:d6:7a:ff:0f:5c:8f:f4:a4:
                    f5:cc:52:57:cd:24:7f:f4:13:23:16:d3:7f:c1:14:
                    8e:17:20:c1:15:a6:be:3e:e8:5b:ac:8a:be:bd:25:
                    c7:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:21:65:06:A9:B7:29:4C:C4:54:E8:8C:CD:88:53:FC:45:48:2E:C8
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/BiFlBqm3KUzEVOiMzYhT_EVILsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:90:8c:74:35:88:55:05:95:f8:13:77:53:f2:fd:6b:b3:bf:
         2a:64:30:30:90:54:da:02:00:84:7d:32:23:09:fd:f7:09:80:
         8f:4e:d3:e1:96:f4:9b:ef:c9:ba:2c:1c:6a:fc:11:61:19:db:
         57:a7:e1:c2:74:c2:ac:86:5d:00:64:18:e9:4b:cd:0f:57:9b:
         2a:c6:1e:fc:f9:10:a0:4b:a0:5e:89:e8:d7:c4:2d:64:58:7c:
         94:32:35:6c:25:1a:2b:b1:b1:f6:55:67:4e:bd:b3:cd:49:53:
         10:3a:36:66:71:78:72:83:d9:27:d4:55:5c:09:77:94:86:26:
         83:9b:44:87:44:de:82:36:77:ad:bf:4d:9d:e0:bb:0c:77:0c:
         45:2a:8d:e3:58:32:58:df:b5:6d:4f:a7:4e:8e:15:da:ab:0f:
         29:76:e1:1a:43:ff:c5:f8:29:8a:97:20:96:ef:88:1c:35:0f:
         e3:ac:47:a7:08:66:a5:d4:40:ee:de:6b:a9:c9:40:47:b9:11:
         fc:b2:97:9f:4e:ee:98:19:f5:2b:60:5d:01:cd:93:d0:dc:cd:
         be:6d:ba:62:23:bd:89:21:ef:3b:22:e1:50:68:ea:d3:a9:7c:
         1a:87:0d:a1:9f:a8:d4:2d:5a:64:77:4f:41:b5:df:b3:7c:62:
         b2:5d:10:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6C67maB5D7hE+6Nj6xCZECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjYwNjAxMTEyMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjIxNjUwNmE5YjcyOTRjYzQ1NGU4OGNjZDg4NTNmYzQ1NDgyZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEg515pnXoVGLWUhlhjtyDmpTpZa
4tC7M+MiY6QBfX9gDEldIIhXsZ0ocHzaGzdcGlEXJKI89144unLnp6Elo0zsDXMC
UVwzfil8m6Kl+GPHYeejMby0pHad/Y+LTPML6NlmQdGt6wVH2HvlvsMeeqMprhRa
dz6YA3FDVCvzaXdsHUzt03YTMgI04xDfSLtunv3t0asmRWE5RHih1ouDxwwbOqny
lZpfbbrIoZpTnUwhMIbHTSiEBlra6vqo5wGS6khCjcTLzkuj8ZSb3CZ1bBAin1SM
YFuy1nr/D1yP9KT1zFJXzSR/9BMjFtN/wRSOFyDBFaa+PuhbrIq+vSXHfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYhZQaptylMxFTojM2IU/xFSC7IMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvQmlGbEJxbTNLVXpFVk9pTXpZaFRfRVZJTHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV8gMA0G
CSqGSIb3DQEBCwUAA4IBAQDPkIx0NYhVBZX4E3dT8v1rs78qZDAwkFTaAgCEfTIj
Cf33CYCPTtPhlvSb78m6LBxq/BFhGdtXp+HCdMKshl0AZBjpS80PV5sqxh78+RCg
S6BeiejXxC1kWHyUMjVsJRorsbH2VWdOvbPNSVMQOjZmcXhyg9kn1FVcCXeUhiaD
m0SHRN6CNnetv02d4LsMdwxFKo3jWDJY37VtT6dOjhXaqw8pduEaQ//F+CmKlyCW
74gcNQ/jrEenCGal1EDu3mupyUBHuRH8spefTu6YGfUrYF0BzZPQ3M2+bbpiI72J
Ie87IuFQaOrTqXwahw2hn6jULVpkd09Btd+zfGKyXRDY
-----END CERTIFICATE-----