Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Bfl6B41y_HwVYG3ZZcTNWMAmdDE.roa
File:                     Bfl6B41y_HwVYG3ZZcTNWMAmdDE.roa (raw, json)
Hash identifier:          cWU/utD9qaRQc3PI2aBn6sdwppNmFZPgAh1wvegCJhA=
Subject key identifier:   05:F9:7A:07:8D:72:FC:7C:15:60:6D:D9:65:C4:CD:58:C0:26:74:31
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019D2F235723C04C3D8C242CD1E510CFABBE
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Bfl6B41y_HwVYG3ZZcTNWMAmdDE.roa
Signing time:             Fri 27 Mar 2026 11:52:18 +0000
ROA not before:           Fri 27 Mar 2026 11:52:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199656
IP address blocks:        192.71.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 08:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2f:23:57:23:c0:4c:3d:8c:24:2c:d1:e5:10:cf:ab:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Mar 27 11:52:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05f97a078d72fc7c15606dd965c4cd58c0267431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7e:98:b4:71:35:79:34:6e:ce:b8:77:76:01:
                    f1:57:bb:bf:2e:8a:29:af:41:82:c6:fe:07:4a:dd:
                    e8:11:e2:5c:fc:3e:3d:36:66:fb:bc:f2:ae:67:e9:
                    d2:cd:78:df:49:99:81:fc:1a:b5:bc:75:c3:82:dc:
                    e5:01:a1:a2:e1:f6:7d:8b:a5:5e:d2:c7:d9:6c:84:
                    b4:9e:79:8a:f5:12:b8:3d:e4:d5:8e:ba:5b:d3:9b:
                    31:aa:b8:a7:47:dc:fd:15:4c:f8:38:c9:2a:10:f2:
                    04:77:01:a7:7c:c0:e9:ce:78:c8:15:19:0d:de:25:
                    44:86:d9:4f:4a:82:45:d3:ef:36:3f:dd:eb:48:04:
                    57:35:3a:a4:83:9c:ed:c0:60:52:fc:7b:76:ae:5d:
                    67:1d:13:e0:7c:a1:d7:3b:00:9b:f3:cb:a6:53:b0:
                    cc:46:38:57:7c:83:b3:92:04:c2:54:ac:26:1c:e3:
                    19:a2:8f:77:c5:b2:1e:7f:fa:ff:71:e4:6b:e3:91:
                    c5:bf:b7:32:01:75:14:3b:63:5d:2a:08:8c:47:6b:
                    e3:15:57:7d:c8:4a:a0:58:f7:8e:0a:2c:b8:0f:56:
                    bd:8d:d3:68:a0:2d:4a:34:00:98:52:05:23:67:7e:
                    c9:77:5e:b8:20:41:c2:4f:f7:90:38:24:56:ad:ad:
                    64:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:F9:7A:07:8D:72:FC:7C:15:60:6D:D9:65:C4:CD:58:C0:26:74:31
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Bfl6B41y_HwVYG3ZZcTNWMAmdDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.71.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:a9:1b:95:68:31:44:ff:0e:42:fb:3b:0e:9e:12:46:6f:b5:
         45:08:bc:cf:f4:c6:81:fa:3a:45:35:2f:ae:92:b2:73:57:8f:
         25:fa:4b:b3:a8:12:82:90:00:27:b7:54:34:dc:af:52:70:2d:
         40:de:b4:92:c6:9d:17:26:79:b1:b0:cc:20:1e:a3:68:35:64:
         49:16:71:d2:8a:7d:f4:cb:1e:17:d0:f8:07:f2:09:72:40:9b:
         5a:0e:7c:53:70:0c:97:61:1b:91:74:f1:9c:96:bc:26:d4:e3:
         b8:8e:99:23:0b:a3:01:72:6d:41:2e:55:11:2c:e8:25:b0:2d:
         f5:6f:3b:51:21:ce:6a:4c:97:fe:48:4c:df:e9:95:0a:2d:8f:
         a0:25:dc:7a:51:36:a5:6c:34:da:d4:86:1c:c0:e8:9d:68:21:
         84:00:d3:bd:e9:25:0d:8c:0b:2b:3a:bb:41:34:48:6e:c8:af:
         d5:44:3e:ea:ce:aa:5c:a2:4b:b7:7d:9c:f7:f1:73:2f:21:da:
         2a:85:d7:21:03:35:d0:57:93:30:91:ce:3b:39:5a:f3:03:f2:
         26:90:8d:c1:f4:27:84:5d:f3:b9:b0:2c:fe:d0:a5:37:96:05:
         46:85:ff:bb:74:a4:ba:6b:1c:a8:f2:36:be:c9:7d:60:e3:3e:
         35:dc:17:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0vI1cjwEw9jCQs0eUQz6u+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjYwMzI3MTE1MjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWY5N2EwNzhkNzJmYzdjMTU2MDZkZDk2NWM0Y2Q1OGMwMjY3NDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtX6YtHE1eTRuzrh3dgHxV7u/Loop
r0GCxv4HSt3oEeJc/D49Nmb7vPKuZ+nSzXjfSZmB/Bq1vHXDgtzlAaGi4fZ9i6Ve
0sfZbIS0nnmK9RK4PeTVjrpb05sxqrinR9z9FUz4OMkqEPIEdwGnfMDpznjIFRkN
3iVEhtlPSoJF0+82P93rSARXNTqkg5ztwGBS/Ht2rl1nHRPgfKHXOwCb88umU7DM
RjhXfIOzkgTCVKwmHOMZoo93xbIef/r/ceRr45HFv7cyAXUUO2NdKgiMR2vjFVd9
yEqgWPeOCiy4D1a9jdNooC1KNACYUgUjZ37Jd164IEHCT/eQOCRWra1k6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAX5egeNcvx8FWBt2WXEzVjAJnQxMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvQmZsNkI0MXlfSHdWWUczWlpjVE5XTUFtZERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEerMA0G
CSqGSIb3DQEBCwUAA4IBAQCyqRuVaDFE/w5C+zsOnhJGb7VFCLzP9MaB+jpFNS+u
krJzV48l+kuzqBKCkAAnt1Q03K9ScC1A3rSSxp0XJnmxsMwgHqNoNWRJFnHSin30
yx4X0PgH8glyQJtaDnxTcAyXYRuRdPGclrwm1OO4jpkjC6MBcm1BLlURLOglsC31
bztRIc5qTJf+SEzf6ZUKLY+gJdx6UTalbDTa1IYcwOidaCGEANO96SUNjAsrOrtB
NEhuyK/VRD7qzqpcoku3fZz38XMvIdoqhdchAzXQV5Mwkc47OVrzA/ImkI3B9CeE
XfO5sCz+0KU3lgVGhf+7dKS6axyo8ja+yX1g4z413BeN
-----END CERTIFICATE-----