Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/Bf-kgPolKWlpqLCjiXuRyWUMvOg.roa
File:                     Bf-kgPolKWlpqLCjiXuRyWUMvOg.roa (raw, json)
Hash identifier:          MYsif03ryw6vdmDjCofd2KTIbWmT1q0FEmKDj3mHFcA=
Subject key identifier:   05:FF:A4:80:FA:25:29:69:69:A8:B0:A3:89:7B:91:C9:65:0C:BC:E8
Certificate issuer:       /CN=2d3c3987e7c34b366aa0f09c40ea4c80bfed0e01
Certificate serial:       019DDDF84A06D493E773461AEA751D499F32
Authority key identifier: 2D:3C:39:87:E7:C3:4B:36:6A:A0:F0:9C:40:EA:4C:80:BF:ED:0E:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LTw5h-fDSzZqoPCcQOpMgL_tDgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/Bf-kgPolKWlpqLCjiXuRyWUMvOg.roa
Signing time:             Thu 30 Apr 2026 10:38:49 +0000
ROA not before:           Thu 30 Apr 2026 10:38:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205960
IP address blocks:        194.150.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/LTw5h-fDSzZqoPCcQOpMgL_tDgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/LTw5h-fDSzZqoPCcQOpMgL_tDgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LTw5h-fDSzZqoPCcQOpMgL_tDgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:dd:f8:4a:06:d4:93:e7:73:46:1a:ea:75:1d:49:9f:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d3c3987e7c34b366aa0f09c40ea4c80bfed0e01
        Validity
            Not Before: Apr 30 10:38:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05ffa480fa25296969a8b0a3897b91c9650cbce8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:07:48:6a:8a:c3:01:33:c9:da:49:a0:d8:1f:
                    c2:13:f8:00:66:d9:99:df:d5:da:eb:28:53:55:49:
                    76:ad:d1:d2:d9:a2:89:83:a8:3e:1f:bc:d8:2c:73:
                    36:ac:cc:cb:6b:3b:4b:01:0a:4b:28:a3:e4:8f:d8:
                    67:08:f2:a8:23:7a:c4:18:99:74:7e:fb:55:38:a9:
                    d8:5b:32:27:1f:59:b4:ef:99:7d:cd:51:be:ad:46:
                    8e:26:59:ff:1c:0a:4f:5c:84:c5:41:43:a8:7f:a1:
                    3c:b5:5b:f7:22:37:21:81:15:8d:33:a9:2b:89:0d:
                    d2:9f:4a:de:56:2c:1d:98:7a:18:a8:a6:b7:29:e1:
                    c8:90:fd:38:f7:e5:5e:29:b6:c6:a0:58:ea:4d:d3:
                    e4:de:ef:7e:b2:43:fe:f2:db:74:5d:3d:71:3e:02:
                    bd:87:7e:db:20:03:cd:9d:a1:41:5e:70:71:49:8f:
                    56:af:3b:e1:c2:69:98:23:ff:93:c1:fe:9f:b3:3b:
                    d2:56:86:4d:07:04:7f:cf:b3:e1:2e:00:a8:0c:a0:
                    72:c0:c9:fb:0b:8c:78:0d:47:52:f9:16:30:12:1c:
                    b8:c6:4d:38:21:2a:a1:d2:e5:f6:ff:80:19:4c:ff:
                    7b:57:37:d3:b7:d2:c1:1a:63:ea:4a:84:02:be:d1:
                    ae:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:FF:A4:80:FA:25:29:69:69:A8:B0:A3:89:7B:91:C9:65:0C:BC:E8
            X509v3 Authority Key Identifier:
                keyid:2D:3C:39:87:E7:C3:4B:36:6A:A0:F0:9C:40:EA:4C:80:BF:ED:0E:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LTw5h-fDSzZqoPCcQOpMgL_tDgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/Bf-kgPolKWlpqLCjiXuRyWUMvOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/LTw5h-fDSzZqoPCcQOpMgL_tDgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:52:33:bb:89:53:15:2a:63:02:61:bc:62:cb:2f:cb:51:d9:
         89:46:90:e3:2f:e0:78:72:61:39:8a:8a:76:b4:83:c7:e2:66:
         97:d5:11:b8:e5:8f:53:32:3e:28:4f:5f:01:05:06:11:37:41:
         ff:0d:cb:07:14:ab:a3:2a:49:f6:a3:5c:ab:90:06:7f:66:aa:
         d2:a0:cf:79:60:c4:b4:56:f0:bd:f1:d8:21:13:00:97:21:e3:
         f9:fa:cd:57:c4:63:95:57:cd:6b:c0:18:51:90:de:d0:2a:02:
         77:22:b0:4d:20:af:21:d4:b7:41:be:06:8d:ad:90:f1:dd:6b:
         98:a5:93:70:7e:e8:ef:1c:41:e7:36:e9:5b:b6:59:13:a6:fa:
         36:32:c2:ea:b2:41:61:23:8c:c1:b7:47:94:3d:3a:2e:1e:a5:
         c2:05:4f:c0:af:8e:6b:84:45:30:10:d4:d6:06:c6:bc:54:3f:
         58:e4:43:cb:76:ae:42:d4:53:97:00:f7:8d:fc:ec:1c:e5:97:
         cc:e6:93:73:a5:96:8d:aa:49:10:2e:4d:44:c0:f6:5b:0e:bd:
         6b:05:de:eb:d2:d4:65:85:00:f9:2a:5c:44:31:52:50:8f:1c:
         93:32:e9:7e:18:af:1a:7a:65:70:c2:e9:26:11:94:00:f0:47:
         7f:40:23:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3d+EoG1JPnc0Ya6nUdSZ8yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkM2MzOTg3ZTdjMzRiMzY2YWEwZjA5YzQwZWE0YzgwYmZl
ZDBlMDEwHhcNMjYwNDMwMTAzODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWZmYTQ4MGZhMjUyOTY5NjlhOGIwYTM4OTdiOTFjOTY1MGNiY2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAdIaorDATPJ2kmg2B/CE/gAZtmZ
39Xa6yhTVUl2rdHS2aKJg6g+H7zYLHM2rMzLaztLAQpLKKPkj9hnCPKoI3rEGJl0
fvtVOKnYWzInH1m075l9zVG+rUaOJln/HApPXITFQUOof6E8tVv3IjchgRWNM6kr
iQ3Sn0reViwdmHoYqKa3KeHIkP049+VeKbbGoFjqTdPk3u9+skP+8tt0XT1xPgK9
h37bIAPNnaFBXnBxSY9WrzvhwmmYI/+Twf6fszvSVoZNBwR/z7PhLgCoDKBywMn7
C4x4DUdS+RYwEhy4xk04ISqh0uX2/4AZTP97VzfTt9LBGmPqSoQCvtGukwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAX/pID6JSlpaaiwo4l7kcllDLzoMB8GA1UdIwQY
MBaAFC08OYfnw0s2aqDwnEDqTIC/7Q4BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFR3NWgtZkRTelpxb1BDY1FPcE1nTF90RGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNjhhNmMtOTIxYi00ZTBiLWJhN2Ut
M2E2ZGU5OWVkZTQ3LzEvQmYta2dQb2xLV2xwcUxDamlYdVJ5V1VNdk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNjhhNmMtOTIxYi00ZTBiLWJhN2UtM2E2ZGU5OWVkZTQ3
LzEvTFR3NWgtZkRTelpxb1BDY1FPcE1nTF90RGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpZJMA0G
CSqGSIb3DQEBCwUAA4IBAQA9UjO7iVMVKmMCYbxiyy/LUdmJRpDjL+B4cmE5iop2
tIPH4maX1RG45Y9TMj4oT18BBQYRN0H/DcsHFKujKkn2o1yrkAZ/ZqrSoM95YMS0
VvC98dghEwCXIeP5+s1XxGOVV81rwBhRkN7QKgJ3IrBNIK8h1LdBvgaNrZDx3WuY
pZNwfujvHEHnNulbtlkTpvo2MsLqskFhI4zBt0eUPTouHqXCBU/Ar45rhEUwENTW
Bsa8VD9Y5EPLdq5C1FOXAPeN/Owc5ZfM5pNzpZaNqkkQLk1EwPZbDr1rBd7r0tRl
hQD5KlxEMVJQjxyTMul+GK8aemVwwukmEZQA8Ed/QCPA
-----END CERTIFICATE-----