Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/BT6gT2aXUKobQoi0V8TrSbNpCIg.roa
File:                     BT6gT2aXUKobQoi0V8TrSbNpCIg.roa (raw, json)
Hash identifier:          11Cz/ogVHj/bpFBPmz3A/2aEj7h9dMBvKj8VckkwRKk=
Subject key identifier:   05:3E:A0:4F:66:97:50:AA:1B:42:88:B4:57:C4:EB:49:B3:69:08:88
Certificate issuer:       /CN=70bf553042f1a43827dc034500bbd1068a7297ca
Certificate serial:       019E16E65F09C56192E0E3D4371747CAD546
Authority key identifier: 70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/BT6gT2aXUKobQoi0V8TrSbNpCIg.roa
Signing time:             Mon 11 May 2026 11:57:36 +0000
ROA not before:           Mon 11 May 2026 11:57:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        186.247.35.0/24 maxlen: 24
                          186.247.36.0/24 maxlen: 24
                          186.247.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 00:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:16:e6:5f:09:c5:61:92:e0:e3:d4:37:17:47:ca:d5:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bf553042f1a43827dc034500bbd1068a7297ca
        Validity
            Not Before: May 11 11:57:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=053ea04f669750aa1b4288b457c4eb49b3690888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e0:29:9b:01:6f:4b:e5:51:1f:f4:71:0e:de:
                    09:5d:6f:1a:cb:e7:e6:07:5b:f0:51:b0:16:4b:fe:
                    c5:bd:76:66:83:6b:41:50:1a:4f:2b:5a:b0:5a:f4:
                    87:2c:5f:15:8c:ff:ed:29:b7:17:d2:f2:a0:84:c6:
                    77:20:ea:e9:cc:5e:99:d0:03:9b:fc:fb:3d:6e:75:
                    00:d2:33:2e:5d:5e:ad:de:87:ec:8b:30:25:b8:be:
                    b8:f1:45:4a:d7:bb:49:3d:c1:f0:52:97:10:2c:41:
                    11:cb:b2:e2:92:d0:92:95:86:52:02:99:2f:ad:1d:
                    ab:64:9f:aa:77:03:ae:1f:05:ac:27:91:7a:58:b8:
                    5b:79:da:7e:8e:a8:6d:1a:22:00:06:d4:b4:4f:94:
                    53:a8:da:dd:5d:f3:79:3a:91:0a:cb:af:e8:39:b5:
                    ee:d9:1c:4b:b1:c3:18:6b:89:1d:6e:e4:c4:5f:af:
                    46:49:f4:5e:24:c5:7d:01:95:6e:63:f9:54:f2:61:
                    3a:43:da:2c:63:05:f5:11:67:24:c4:09:f2:ff:8d:
                    b6:8a:9a:c1:be:53:6d:3e:57:8c:aa:d4:d8:46:b5:
                    b4:eb:c8:3b:6e:08:1e:40:0d:f4:88:e8:ad:6d:31:
                    6f:74:0a:54:07:b8:ba:f1:31:63:2f:8b:d7:07:4e:
                    42:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:3E:A0:4F:66:97:50:AA:1B:42:88:B4:57:C4:EB:49:B3:69:08:88
            X509v3 Authority Key Identifier:
                keyid:70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/BT6gT2aXUKobQoi0V8TrSbNpCIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  186.247.35.0-186.247.36.255
                  186.247.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:40:ce:9b:3d:92:c6:a9:fc:f7:34:15:12:24:35:a6:36:9e:
         60:52:d1:15:e4:10:95:c4:be:0f:bd:a1:22:36:b5:78:2a:56:
         c1:ed:6d:c8:77:0a:f9:e6:46:1f:d0:a1:d9:f9:6f:21:8a:c9:
         e0:9b:d9:7b:8a:d0:7c:07:73:53:25:57:1d:34:45:1d:1d:33:
         ea:0c:90:3a:15:34:03:18:80:19:9b:8b:fe:c7:18:a1:9b:6d:
         17:8c:0f:2d:13:6c:09:67:fa:e1:2d:91:bc:3c:60:3d:0c:ce:
         66:ef:3f:ec:47:17:d8:e4:f7:d6:46:17:74:cc:b3:10:8f:49:
         5b:5a:87:a5:6d:27:e7:5e:03:aa:29:2f:ad:95:e9:69:58:d7:
         70:85:a0:9e:51:37:23:f7:31:86:2e:1d:73:a3:55:11:25:ca:
         a8:ab:d2:b5:94:7b:4d:2a:ac:fc:0f:47:a1:65:e9:a2:9a:54:
         dc:d4:80:d9:e7:08:f2:0e:b3:b4:35:de:4f:a9:60:40:ba:a5:
         53:0d:93:ef:8e:39:3b:34:95:e8:f2:8d:03:57:a4:9f:5b:2c:
         47:ea:4c:1d:16:46:53:da:1c:f8:80:31:a1:78:eb:a2:0c:70:
         db:a9:79:83:c7:ba:7a:52:f7:bd:07:53:64:5e:f9:ca:cd:97:
         06:98:d2:93
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ4W5l8JxWGS4OPUNxdHytVGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmY1NTMwNDJmMWE0MzgyN2RjMDM0NTAwYmJkMTA2OGE3
Mjk3Y2EwHhcNMjYwNTExMTE1NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTNlYTA0ZjY2OTc1MGFhMWI0Mjg4YjQ1N2M0ZWI0OWIzNjkwODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOApmwFvS+VRH/RxDt4JXW8ay+fm
B1vwUbAWS/7FvXZmg2tBUBpPK1qwWvSHLF8VjP/tKbcX0vKghMZ3IOrpzF6Z0AOb
/Ps9bnUA0jMuXV6t3ofsizAluL648UVK17tJPcHwUpcQLEERy7LiktCSlYZSApkv
rR2rZJ+qdwOuHwWsJ5F6WLhbedp+jqhtGiIABtS0T5RTqNrdXfN5OpEKy6/oObXu
2RxLscMYa4kdbuTEX69GSfReJMV9AZVuY/lU8mE6Q9osYwX1EWckxAny/422iprB
vlNtPleMqtTYRrW068g7bggeQA30iOitbTFvdApUB7i68TFjL4vXB05CAQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAU+oE9ml1CqG0KItFfE60mzaQiIMB8GA1UdIwQY
MBaAFHC/VTBC8aQ4J9wDRQC70QaKcpfKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYt
NTM1ODQwMWZiNzk2LzEvQlQ2Z1QyYVhVS29iUW9pMFY4VHJTYk5wQ0lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYtNTM1ODQwMWZiNzk2
LzEvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAC69yMD
BAC69yQDBAC69y0wDQYJKoZIhvcNAQELBQADggEBADZAzps9ksap/Pc0FRIkNaY2
nmBS0RXkEJXEvg+9oSI2tXgqVsHtbch3CvnmRh/Qodn5byGKyeCb2XuK0HwHc1Ml
Vx00RR0dM+oMkDoVNAMYgBmbi/7HGKGbbReMDy0TbAln+uEtkbw8YD0MzmbvP+xH
F9jk99ZGF3TMsxCPSVtah6VtJ+deA6opL62V6WlY13CFoJ5RNyP3MYYuHXOjVREl
yqir0rWUe00qrPwPR6Fl6aKaVNzUgNnnCPIOs7Q13k+pYEC6pVMNk++OOTs0lejy
jQNXpJ9bLEfqTB0WRlPaHPiAMaF466IMcNupeYPHunpS970HU2Re+crNlwaY0pM=
-----END CERTIFICATE-----