Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/bwRIv1c5S7xzVYu9CsBTF5SQ4VI.roa
File:                     bwRIv1c5S7xzVYu9CsBTF5SQ4VI.roa (raw, json)
Hash identifier:          f1srm+mK+omZ7wJeknrGO2ak0ZuQHPl4UmcSJtHamwo=
Subject key identifier:   6F:04:48:BF:57:39:4B:BC:73:55:8B:BD:0A:C0:53:17:94:90:E1:52
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019D19F4DAAC3616FE8027D037572843407A
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/bwRIv1c5S7xzVYu9CsBTF5SQ4VI.roa
Signing time:             Mon 23 Mar 2026 09:09:30 +0000
ROA not before:           Mon 23 Mar 2026 09:09:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199914
IP address blocks:        194.176.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:19:f4:da:ac:36:16:fe:80:27:d0:37:57:28:43:40:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Mar 23 09:09:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f0448bf57394bbc73558bbd0ac053179490e152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a6:97:b9:5e:5d:c2:2b:8c:dc:06:6f:e9:ba:
                    67:d0:36:80:21:f7:4f:a0:2f:a0:b3:c7:2d:88:c5:
                    f0:2c:3e:7e:29:38:8f:92:cc:50:d4:45:a6:85:9f:
                    b6:6f:97:e4:4f:31:b4:56:08:21:70:14:dd:94:bc:
                    1b:fc:eb:ec:74:b9:fe:e0:17:b2:20:2a:8d:63:19:
                    62:60:70:ec:20:63:31:99:f6:c3:3f:d3:0b:84:34:
                    d3:96:91:b6:21:71:77:61:31:bf:e1:d9:d2:e5:5d:
                    1a:a7:ad:9a:77:39:d7:fb:72:bc:d3:17:48:22:dd:
                    23:aa:02:3c:3f:7f:02:4c:50:c2:35:16:48:2e:8f:
                    7a:0a:70:df:cd:3c:c7:0a:c8:91:97:01:52:41:2b:
                    22:00:4c:df:c1:b0:a0:4e:21:ab:2e:50:3c:29:41:
                    1b:d3:4b:08:76:c7:c5:80:9a:83:be:3d:61:3f:7b:
                    6d:ba:e0:c9:12:9b:76:ad:22:69:b7:83:fc:c8:a3:
                    b8:58:22:49:fc:81:23:cf:98:df:a9:45:9c:be:2d:
                    e1:77:c7:b4:90:99:8e:3b:62:5a:1d:02:45:ba:39:
                    09:d7:dd:d1:5f:f8:ec:40:fc:f4:60:b1:9d:87:d3:
                    7a:b1:54:61:fc:e5:bb:b0:f3:8e:08:e8:f4:03:0e:
                    fb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:04:48:BF:57:39:4B:BC:73:55:8B:BD:0A:C0:53:17:94:90:E1:52
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/bwRIv1c5S7xzVYu9CsBTF5SQ4VI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.176.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:6d:99:d3:55:2e:92:55:ca:f3:f0:dd:23:41:ea:bd:7c:ec:
         3a:3d:57:da:ad:07:a7:4b:7e:de:52:65:03:a4:89:71:ba:ac:
         07:96:c6:b3:05:d4:35:d2:22:94:d7:81:2a:1e:da:e5:f1:4b:
         26:ec:ac:cb:df:40:f2:00:38:c8:5c:d1:f7:b8:02:63:a2:0f:
         99:29:c0:7a:39:d0:f3:42:01:74:60:2b:41:10:24:31:52:84:
         9e:29:45:2f:7a:33:67:62:12:63:dc:9c:e7:9f:bd:58:0e:fa:
         76:dc:5e:7b:7d:b2:12:df:34:ef:c9:18:21:26:2d:2d:2a:0a:
         64:c5:8e:73:e1:c7:d5:60:3b:8a:71:9d:6c:69:1d:85:a1:b3:
         56:86:a9:b3:ec:19:f7:7d:82:4d:58:98:0a:3b:68:53:49:8f:
         a9:56:20:f1:5d:65:54:8f:43:7f:50:de:6d:9c:fc:42:f9:04:
         e9:d5:d9:cf:4d:ea:0d:ae:fe:cb:45:ab:d2:fb:59:cd:76:96:
         f1:b3:80:2e:09:e7:40:61:9a:2e:0c:3d:a6:4d:77:e9:83:35:
         ff:85:0d:6b:f1:11:c8:c1:89:55:4a:44:1c:47:36:d7:e9:1a:
         08:a5:76:db:f7:25:c4:ac:a9:67:94:97:8d:b9:71:25:d6:b9:
         92:27:ce:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Z9NqsNhb+gCfQN1coQ0B6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMzIzMDkwOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjA0NDhiZjU3Mzk0YmJjNzM1NThiYmQwYWMwNTMxNzk0OTBlMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaaXuV5dwiuM3AZv6bpn0DaAIfdP
oC+gs8ctiMXwLD5+KTiPksxQ1EWmhZ+2b5fkTzG0VgghcBTdlLwb/OvsdLn+4Bey
ICqNYxliYHDsIGMxmfbDP9MLhDTTlpG2IXF3YTG/4dnS5V0ap62adznX+3K80xdI
It0jqgI8P38CTFDCNRZILo96CnDfzTzHCsiRlwFSQSsiAEzfwbCgTiGrLlA8KUEb
00sIdsfFgJqDvj1hP3ttuuDJEpt2rSJpt4P8yKO4WCJJ/IEjz5jfqUWcvi3hd8e0
kJmOO2JaHQJFujkJ193RX/jsQPz0YLGdh9N6sVRh/OW7sPOOCOj0Aw77OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8ESL9XOUu8c1WLvQrAUxeUkOFSMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvYndSSXYxYzVTN3h6Vll1OUNzQlRGNVNRNFZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrC4MA0G
CSqGSIb3DQEBCwUAA4IBAQCebZnTVS6SVcrz8N0jQeq9fOw6PVfarQenS37eUmUD
pIlxuqwHlsazBdQ10iKU14EqHtrl8Usm7KzL30DyADjIXNH3uAJjog+ZKcB6OdDz
QgF0YCtBECQxUoSeKUUvejNnYhJj3Jznn71YDvp23F57fbIS3zTvyRghJi0tKgpk
xY5z4cfVYDuKcZ1saR2FobNWhqmz7Bn3fYJNWJgKO2hTSY+pViDxXWVUj0N/UN5t
nPxC+QTp1dnPTeoNrv7LRavS+1nNdpbxs4AuCedAYZouDD2mTXfpgzX/hQ1r8RHI
wYlVSkQcRzbX6RoIpXbb9yXErKlnlJeNuXEl1rmSJ86m
-----END CERTIFICATE-----