Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/BDv1bnHvaLtWajfUeKcw3pIG_Ok.roa
File:                     BDv1bnHvaLtWajfUeKcw3pIG_Ok.roa (raw, json)
Hash identifier:          69EUlopn2Prmu5cUFMolg4m3eko2E4egAqnT2et0qIE=
Subject key identifier:   04:3B:F5:6E:71:EF:68:BB:56:6A:37:D4:78:A7:30:DE:92:06:FC:E9
Certificate issuer:       /CN=58a763f0c467abaa701d968c3749c6dad03489b0
Certificate serial:       019ECBA5FE372F51445E39AA831D760AB4A5
Authority key identifier: 58:A7:63:F0:C4:67:AB:AA:70:1D:96:8C:37:49:C6:DA:D0:34:89:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WKdj8MRnq6pwHZaMN0nG2tA0ibA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/BDv1bnHvaLtWajfUeKcw3pIG_Ok.roa
Signing time:             Mon 15 Jun 2026 14:18:33 +0000
ROA not before:           Mon 15 Jun 2026 14:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55002
IP address blocks:        193.228.234.0/24 maxlen: 24
                          2001:67c:1314::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/WKdj8MRnq6pwHZaMN0nG2tA0ibA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/WKdj8MRnq6pwHZaMN0nG2tA0ibA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WKdj8MRnq6pwHZaMN0nG2tA0ibA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 02:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cb:a5:fe:37:2f:51:44:5e:39:aa:83:1d:76:0a:b4:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58a763f0c467abaa701d968c3749c6dad03489b0
        Validity
            Not Before: Jun 15 14:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=043bf56e71ef68bb566a37d478a730de9206fce9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:45:af:3a:64:33:0e:bd:ac:38:01:b8:1a:d2:
                    86:6c:0d:45:55:98:bd:ef:77:d1:8c:5b:ef:68:43:
                    23:03:33:b9:69:28:5f:b5:7a:e5:a0:a6:8a:cb:3f:
                    c9:eb:45:66:ab:62:e7:75:ae:84:dc:18:c5:6f:a1:
                    06:83:ce:0e:77:3f:52:3b:e8:7c:a0:7a:27:14:4d:
                    d5:34:e9:cc:ee:df:88:dd:80:8e:fd:d6:8c:23:38:
                    e3:35:dd:eb:8c:03:0a:32:91:1e:7d:01:02:b6:9f:
                    54:69:33:96:ec:a7:b2:fd:c7:52:98:a8:de:c6:b5:
                    8f:27:66:f0:16:70:37:c7:87:8e:31:8c:9c:48:82:
                    02:43:ee:44:e8:2d:96:12:17:7d:c4:3f:2e:41:b5:
                    2a:2f:1e:fb:27:01:40:65:07:fc:92:0b:75:f8:e7:
                    a1:dd:11:26:5b:af:08:31:13:2c:5b:3d:54:53:4e:
                    37:f9:55:33:4d:ab:ab:e2:eb:56:19:81:2b:0e:70:
                    f8:ba:91:31:8e:9d:a6:47:3c:d7:90:ba:96:7f:4b:
                    a8:20:70:81:54:e6:1f:68:35:b0:0a:6b:54:08:b8:
                    f4:18:6e:83:0e:d1:93:2e:6b:c2:54:f1:e3:25:9b:
                    c6:fd:5a:17:ab:74:55:fa:c2:dc:5b:d0:81:bd:f1:
                    81:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:3B:F5:6E:71:EF:68:BB:56:6A:37:D4:78:A7:30:DE:92:06:FC:E9
            X509v3 Authority Key Identifier:
                keyid:58:A7:63:F0:C4:67:AB:AA:70:1D:96:8C:37:49:C6:DA:D0:34:89:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WKdj8MRnq6pwHZaMN0nG2tA0ibA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/BDv1bnHvaLtWajfUeKcw3pIG_Ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/WKdj8MRnq6pwHZaMN0nG2tA0ibA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.234.0/24
                IPv6:
                  2001:67c:1314::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:d6:20:af:8a:b4:f9:79:25:f9:c6:a0:4d:df:e8:23:70:85:
         45:04:cc:a5:23:4b:a6:e8:ce:ef:2d:75:3b:12:2d:8a:94:c9:
         2b:88:3c:9a:6b:c0:91:0b:2e:f0:fb:aa:2a:12:b6:00:4a:e3:
         33:9e:bb:9a:dd:4a:eb:17:5d:0f:9b:05:50:3a:49:33:e2:fd:
         e0:95:6b:07:15:6a:d7:8e:8c:2b:ad:69:17:ee:2e:6a:31:2f:
         1f:70:bb:1e:f6:45:4d:a1:5d:f5:20:e5:96:1c:13:17:5b:07:
         f6:20:39:db:b2:1c:4e:cd:96:39:39:35:6e:98:cf:85:a7:44:
         26:37:b1:0c:89:cb:90:eb:0d:aa:80:53:95:de:f5:41:ef:1b:
         0d:85:5f:ae:a4:75:b4:00:f3:21:42:33:0a:84:89:94:d0:1b:
         39:45:71:87:5a:3e:1a:16:e5:75:59:e2:59:ae:eb:76:3d:c1:
         a7:2d:d3:63:64:f1:e3:9d:a7:5d:ff:b7:6d:13:64:57:3f:40:
         1a:dd:ad:9c:6d:91:d7:9a:a1:02:51:47:a9:1a:d9:a2:e7:36:
         40:fd:ea:3b:bc:90:3d:43:03:c3:2a:08:06:a8:e6:c3:df:88:
         6f:1f:b7:62:38:7f:98:a3:52:ca:e8:89:54:20:a5:5f:b2:67:
         9d:7c:b8:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ7Lpf43L1FEXjmqgx12CrSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YTc2M2YwYzQ2N2FiYWE3MDFkOTY4YzM3NDljNmRhZDAz
NDg5YjAwHhcNMjYwNjE1MTQxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDNiZjU2ZTcxZWY2OGJiNTY2YTM3ZDQ3OGE3MzBkZTkyMDZmY2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UWvOmQzDr2sOAG4GtKGbA1FVZi9
73fRjFvvaEMjAzO5aShftXrloKaKyz/J60Vmq2Lnda6E3BjFb6EGg84Odz9SO+h8
oHonFE3VNOnM7t+I3YCO/daMIzjjNd3rjAMKMpEefQECtp9UaTOW7Key/cdSmKje
xrWPJ2bwFnA3x4eOMYycSIICQ+5E6C2WEhd9xD8uQbUqLx77JwFAZQf8kgt1+Oeh
3REmW68IMRMsWz1UU043+VUzTaur4utWGYErDnD4upExjp2mRzzXkLqWf0uoIHCB
VOYfaDWwCmtUCLj0GG6DDtGTLmvCVPHjJZvG/VoXq3RV+sLcW9CBvfGBcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAQ79W5x72i7Vmo31HinMN6SBvzpMB8GA1UdIwQY
MBaAFFinY/DEZ6uqcB2WjDdJxtrQNImwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0tkajhNUm5xNnB3SFphTU4wbkcydEEwaWJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC81ZDY0OTEtMDhmZi00OTRkLTg0MzMt
MDk4ZjdjNWZkOTc1LzEvQkR2MWJuSHZhTHRXYWpmVWVLY3czcElHX09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC81ZDY0OTEtMDhmZi00OTRkLTg0MzMtMDk4ZjdjNWZkOTc1
LzEvV0tkajhNUm5xNnB3SFphTU4wbkcydEEwaWJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAweTqMA8E
AgACMAkDBwAgAQZ8ExQwDQYJKoZIhvcNAQELBQADggEBAGvWIK+KtPl5JfnGoE3f
6CNwhUUEzKUjS6bozu8tdTsSLYqUySuIPJprwJELLvD7qioStgBK4zOeu5rdSusX
XQ+bBVA6STPi/eCVawcVateOjCutaRfuLmoxLx9wux72RU2hXfUg5ZYcExdbB/Yg
OduyHE7Nljk5NW6Yz4WnRCY3sQyJy5DrDaqAU5Xe9UHvGw2FX66kdbQA8yFCMwqE
iZTQGzlFcYdaPhoW5XVZ4lmu63Y9wact02Nk8eOdp13/t20TZFc/QBrdrZxtkdea
oQJRR6ka2aLnNkD96ju8kD1DA8MqCAao5sPfiG8ft2I4f5ijUsroiVQgpV+yZ518
uN4=
-----END CERTIFICATE-----