Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/blvAUQ_vYzlmQ7upxenWGMgFKTU.roa
File:                     blvAUQ_vYzlmQ7upxenWGMgFKTU.roa (raw, json)
Hash identifier:          yNaiIOARrLN2kHH5nOuqLzuUV9KxxDnEpy1TNN43VTU=
Subject key identifier:   6E:5B:C0:51:0F:EF:63:39:66:43:BB:A9:C5:E9:D6:18:C8:05:29:35
Certificate issuer:       /CN=cbff7fd7ee11eff8914a3150fcd16a648a3c7f30
Certificate serial:       019B7910D047EA474DA37C692A3C3736A1B1
Authority key identifier: CB:FF:7F:D7:EE:11:EF:F8:91:4A:31:50:FC:D1:6A:64:8A:3C:7F:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/blvAUQ_vYzlmQ7upxenWGMgFKTU.roa
Signing time:             Thu 01 Jan 2026 10:18:23 +0000
ROA not before:           Thu 01 Jan 2026 10:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203741
IP address blocks:        91.195.46.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:d0:47:ea:47:4d:a3:7c:69:2a:3c:37:36:a1:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbff7fd7ee11eff8914a3150fcd16a648a3c7f30
        Validity
            Not Before: Jan  1 10:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e5bc0510fef63396643bba9c5e9d618c8052935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1e:b9:42:4e:fb:b2:b2:e5:9d:0a:dd:81:74:
                    0e:0b:61:fb:35:e2:f7:a2:79:b0:1e:67:8c:1f:bc:
                    2a:8a:45:ca:6a:50:fc:bc:4b:c1:e2:08:25:41:62:
                    e4:1d:f9:68:c9:f3:d0:f0:0b:f3:a3:54:de:e9:aa:
                    9d:11:73:0b:f3:d9:b6:2d:25:09:bc:e7:fd:16:64:
                    06:2a:7a:e7:24:6e:5a:5d:43:ac:7a:d8:8e:89:c8:
                    a3:ae:2c:17:d7:e3:3d:f9:1b:2b:2e:26:00:5d:0f:
                    f6:ed:19:51:9f:41:2c:54:64:9e:23:91:d5:db:59:
                    0c:e0:95:06:13:7b:03:e8:78:71:e4:5d:7f:14:92:
                    3c:32:11:81:87:a1:53:3c:50:ba:bc:d6:55:93:cc:
                    0a:4f:64:e9:0c:e1:f2:ec:a5:59:a9:93:98:4a:1b:
                    97:f8:c2:91:3f:9b:8c:27:fa:2d:b1:d5:b5:b6:5d:
                    da:9c:32:b3:b2:53:df:5e:3b:29:ea:91:63:48:78:
                    da:5a:e8:4a:38:e6:f6:57:a5:73:45:d1:2e:ee:7f:
                    7f:e9:c9:0d:fb:fa:be:bd:96:8e:81:2c:62:54:1d:
                    b2:8f:bc:68:0d:a7:00:67:65:ad:00:a0:57:df:2d:
                    35:cf:f0:21:a7:56:bd:89:3f:56:45:b6:c4:be:f0:
                    48:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:5B:C0:51:0F:EF:63:39:66:43:BB:A9:C5:E9:D6:18:C8:05:29:35
            X509v3 Authority Key Identifier:
                keyid:CB:FF:7F:D7:EE:11:EF:F8:91:4A:31:50:FC:D1:6A:64:8A:3C:7F:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/blvAUQ_vYzlmQ7upxenWGMgFKTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/858143-af0c-493e-8ed1-9f5f780569a1/1/y_9_1-4R7_iRSjFQ_NFqZIo8fzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:5d:4a:53:eb:6a:9e:9b:b4:5f:2d:45:8f:54:ad:fb:d7:80:
         69:db:0b:84:09:65:21:3f:6a:bc:c0:24:4e:39:60:82:36:e6:
         e3:29:35:d1:3c:cc:cf:bb:16:df:c2:76:23:17:f4:a8:22:50:
         d0:95:b3:fd:38:df:a6:7a:06:18:79:27:71:c5:d7:c9:9d:6c:
         2e:9e:a7:ae:e0:fe:0d:14:3e:9d:2e:1b:36:89:d3:2b:a3:09:
         9d:4a:42:2f:49:55:d1:72:0f:06:27:98:1d:4a:01:e9:83:c8:
         97:40:fd:25:8c:1c:f0:98:76:c1:f5:80:6b:db:c5:ca:2e:b7:
         59:25:68:5f:95:5d:b8:03:64:06:c1:4a:66:9a:8c:fa:d8:a8:
         5b:51:41:ae:fa:fb:dc:91:2c:55:13:ca:e0:f8:e9:63:3f:ac:
         04:4c:71:b8:4f:e9:27:5e:6c:86:84:31:34:48:37:cb:bd:b5:
         d9:b4:1d:79:24:b9:cd:b5:07:36:d4:ba:0e:e5:5a:7d:ad:d8:
         23:44:52:18:e6:e2:e1:51:32:bd:ed:08:83:64:0f:4f:f1:47:
         18:46:8e:01:ec:b7:c3:bf:31:c3:93:72:93:86:86:00:6a:2b:
         dc:15:64:d8:66:63:2b:54:f3:72:7e:b6:59:6c:d1:de:f9:19:
         94:e7:f9:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ENBH6kdNo3xpKjw3NqGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZmY3ZmQ3ZWUxMWVmZjg5MTRhMzE1MGZjZDE2YTY0OGEz
YzdmMzAwHhcNMjYwMTAxMTAxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTViYzA1MTBmZWY2MzM5NjY0M2JiYTljNWU5ZDYxOGM4MDUyOTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxh65Qk77srLlnQrdgXQOC2H7NeL3
onmwHmeMH7wqikXKalD8vEvB4gglQWLkHfloyfPQ8Avzo1Te6aqdEXML89m2LSUJ
vOf9FmQGKnrnJG5aXUOsetiOicijriwX1+M9+RsrLiYAXQ/27RlRn0EsVGSeI5HV
21kM4JUGE3sD6Hhx5F1/FJI8MhGBh6FTPFC6vNZVk8wKT2TpDOHy7KVZqZOYShuX
+MKRP5uMJ/otsdW1tl3anDKzslPfXjsp6pFjSHjaWuhKOOb2V6VzRdEu7n9/6ckN
+/q+vZaOgSxiVB2yj7xoDacAZ2WtAKBX3y01z/Ahp1a9iT9WRbbEvvBIRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5bwFEP72M5ZkO7qcXp1hjIBSk1MB8GA1UdIwQY
MBaAFMv/f9fuEe/4kUoxUPzRamSKPH8wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveV85XzEtNFI3X2lSU2pGUV9ORnFaSW84ZnpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NTgxNDMtYWYwYy00OTNlLThlZDEt
OWY1Zjc4MDU2OWExLzEvYmx2QVVRX3ZZemxtUTd1cHhlbldHTWdGS1RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NTgxNDMtYWYwYy00OTNlLThlZDEtOWY1Zjc4MDU2OWEx
LzEveV85XzEtNFI3X2lSU2pGUV9ORnFaSW84ZnpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8MuMA0G
CSqGSIb3DQEBCwUAA4IBAQAyXUpT62qem7RfLUWPVK3714Bp2wuECWUhP2q8wCRO
OWCCNubjKTXRPMzPuxbfwnYjF/SoIlDQlbP9ON+megYYeSdxxdfJnWwunqeu4P4N
FD6dLhs2idMrowmdSkIvSVXRcg8GJ5gdSgHpg8iXQP0ljBzwmHbB9YBr28XKLrdZ
JWhflV24A2QGwUpmmoz62KhbUUGu+vvckSxVE8rg+OljP6wETHG4T+knXmyGhDE0
SDfLvbXZtB15JLnNtQc21LoO5Vp9rdgjRFIY5uLhUTK97QiDZA9P8UcYRo4B7LfD
vzHDk3KThoYAaivcFWTYZmMrVPNyfrZZbNHe+RmU5/k+
-----END CERTIFICATE-----