Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/BCl7MB3_y2oxXQzotATLHKx4ipA.roa
File:                     BCl7MB3_y2oxXQzotATLHKx4ipA.roa (raw, json)
Hash identifier:          cuzPfN/+DidXUdzwKXKugyiHRnAz67hGoOQ7sgfzzcQ=
Subject key identifier:   04:29:7B:30:1D:FF:CB:6A:31:5D:0C:E8:B4:04:CB:1C:AC:78:8A:90
Certificate issuer:       /CN=6161470d39be4ba2dd5df8fa47b16396278e670a
Certificate serial:       019DF428360779A31BA955FB74A52FABE771
Authority key identifier: 61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/BCl7MB3_y2oxXQzotATLHKx4ipA.roa
Signing time:             Mon 04 May 2026 18:02:49 +0000
ROA not before:           Mon 04 May 2026 18:02:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198361
IP address blocks:        89.126.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f4:28:36:07:79:a3:1b:a9:55:fb:74:a5:2f:ab:e7:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6161470d39be4ba2dd5df8fa47b16396278e670a
        Validity
            Not Before: May  4 18:02:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04297b301dffcb6a315d0ce8b404cb1cac788a90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b0:37:0d:05:f3:4a:09:0a:4c:a8:2c:58:2c:
                    f7:8a:7e:99:c3:8b:d3:e3:4f:40:d2:fa:50:41:62:
                    b8:fb:07:07:9a:12:40:ca:d3:78:e2:50:12:f9:38:
                    c1:12:42:99:7b:a6:a4:f5:d4:8e:90:b8:b6:dd:5f:
                    94:a6:f7:1a:2a:1e:a3:09:9c:81:4f:f4:af:80:2d:
                    30:d2:73:d9:e7:ba:f8:09:06:42:2c:28:a5:a2:a0:
                    34:2a:f2:f8:bc:96:1e:48:86:cb:3b:67:bd:ba:2c:
                    4d:86:8b:1b:32:68:a5:cd:cf:c4:65:6a:f3:ed:72:
                    b7:77:f3:49:3f:8a:13:c9:ca:95:37:f4:91:5a:83:
                    15:98:34:47:8f:8a:8f:d0:06:10:62:10:e9:03:57:
                    b3:4e:85:2c:2b:b5:8c:4b:61:c5:ea:5a:21:81:28:
                    90:43:b4:67:d2:cf:64:dd:95:f8:27:15:46:32:d7:
                    2c:2f:5e:91:9d:bd:f2:8a:04:53:d0:e0:76:46:32:
                    7f:ab:69:83:e2:e8:90:47:cd:18:c6:03:25:78:c2:
                    e5:af:0d:f9:c8:e3:5d:fd:29:70:c8:8d:d0:5a:37:
                    d6:57:14:9b:8f:fd:8b:2e:83:d1:49:90:83:ec:da:
                    fe:66:7a:14:6b:6e:4f:a9:e1:37:30:71:c7:2b:b5:
                    5f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:29:7B:30:1D:FF:CB:6A:31:5D:0C:E8:B4:04:CB:1C:AC:78:8A:90
            X509v3 Authority Key Identifier:
                keyid:61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/BCl7MB3_y2oxXQzotATLHKx4ipA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.126.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:4f:d4:bb:f3:d8:91:aa:b8:67:52:5d:a7:9b:c5:24:0d:e3:
         b7:fd:e3:ff:17:49:e1:c5:99:7b:6c:76:55:40:6c:16:c5:13:
         af:56:62:34:c1:89:4b:d3:97:5c:f6:f0:a1:a8:41:b7:e8:e2:
         13:2b:38:26:d8:7f:8f:6e:2f:ed:d4:f0:55:24:80:87:e9:bf:
         1d:15:b3:b6:45:ad:17:43:4f:6c:e5:1d:9d:7c:43:9e:7a:de:
         9e:41:c9:1f:c5:b8:48:a8:99:f5:49:b0:e7:81:24:60:42:5a:
         2b:30:98:52:fd:66:74:5a:68:54:f4:e2:d5:67:8d:a2:cb:6a:
         a8:47:dd:77:d4:78:de:74:1b:01:ef:a9:3b:e4:bc:2a:7a:f9:
         25:1e:11:42:a8:7a:c6:23:d2:4e:a2:14:98:2f:0b:aa:03:1f:
         ad:89:80:a5:a4:27:7b:87:63:74:a0:4c:33:d7:3c:a4:be:85:
         64:cf:c8:79:a8:e2:da:41:80:73:0c:35:ac:ce:7a:d3:a4:7c:
         38:85:37:ae:a0:41:f4:14:28:66:f4:e3:a1:7d:60:06:d9:c7:
         24:10:3d:35:01:68:fb:46:e2:cd:a1:79:aa:36:e5:2d:c9:1d:
         bf:8c:97:6d:cb:9e:b7:e2:bf:5f:e4:0d:83:fd:a4:a0:61:bf:
         a6:ba:e7:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ30KDYHeaMbqVX7dKUvq+dxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNjE0NzBkMzliZTRiYTJkZDVkZjhmYTQ3YjE2Mzk2Mjc4
ZTY3MGEwHhcNMjYwNTA0MTgwMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDI5N2IzMDFkZmZjYjZhMzE1ZDBjZThiNDA0Y2IxY2FjNzg4YTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rA3DQXzSgkKTKgsWCz3in6Zw4vT
409A0vpQQWK4+wcHmhJAytN44lAS+TjBEkKZe6ak9dSOkLi23V+UpvcaKh6jCZyB
T/SvgC0w0nPZ57r4CQZCLCiloqA0KvL4vJYeSIbLO2e9uixNhosbMmilzc/EZWrz
7XK3d/NJP4oTycqVN/SRWoMVmDRHj4qP0AYQYhDpA1ezToUsK7WMS2HF6lohgSiQ
Q7Rn0s9k3ZX4JxVGMtcsL16Rnb3yigRT0OB2RjJ/q2mD4uiQR80YxgMleMLlrw35
yONd/SlwyI3QWjfWVxSbj/2LLoPRSZCD7Nr+ZnoUa25PqeE3MHHHK7VfWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQpezAd/8tqMV0M6LQEyxyseIqQMB8GA1UdIwQY
MBaAFGFhRw05vkui3V34+kexY5YnjmcKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTkt
YzI0MGJmYzljYmMxLzEvQkNsN01CM195Mm94WFF6b3RBVExIS3g0aXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTktYzI0MGJmYzljYmMx
LzEvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX7qMA0G
CSqGSIb3DQEBCwUAA4IBAQCnT9S789iRqrhnUl2nm8UkDeO3/eP/F0nhxZl7bHZV
QGwWxROvVmI0wYlL05dc9vChqEG36OITKzgm2H+Pbi/t1PBVJICH6b8dFbO2Ra0X
Q09s5R2dfEOeet6eQckfxbhIqJn1SbDngSRgQlorMJhS/WZ0WmhU9OLVZ42iy2qo
R9131HjedBsB76k75LwqevklHhFCqHrGI9JOohSYLwuqAx+tiYClpCd7h2N0oEwz
1zykvoVkz8h5qOLaQYBzDDWsznrTpHw4hTeuoEH0FChm9OOhfWAG2cckED01AWj7
RuLNoXmqNuUtyR2/jJdty5634r9f5A2D/aSgYb+muud6
-----END CERTIFICATE-----