Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/BJykqy8SJAY1Pj63C4xxZYzmMUE.roa
File:                     BJykqy8SJAY1Pj63C4xxZYzmMUE.roa (raw, json)
Hash identifier:          aRsMWeHFOWBzyV1TadiHgdPDjCwIv1NjMtEQScq2vQg=
Subject key identifier:   04:9C:A4:AB:2F:12:24:06:35:3E:3E:B7:0B:8C:71:65:8C:E6:31:41
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019DFC4DC381580DAC3B3738876F7501D2BF
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/BJykqy8SJAY1Pj63C4xxZYzmMUE.roa
Signing time:             Wed 06 May 2026 08:00:47 +0000
ROA not before:           Wed 06 May 2026 08:00:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55177
IP address blocks:        188.255.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:4d:c3:81:58:0d:ac:3b:37:38:87:6f:75:01:d2:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May  6 08:00:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=049ca4ab2f122406353e3eb70b8c71658ce63141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a4:a0:f8:13:d8:3d:f9:98:b2:8d:d1:3b:55:
                    14:52:19:99:e3:40:38:ed:e8:43:b8:a1:5f:5e:96:
                    b5:9a:d0:65:56:d9:66:33:a6:b5:cb:30:fb:ee:1d:
                    eb:06:af:57:91:ec:d9:e8:88:03:52:fa:42:d8:d4:
                    20:08:90:77:73:37:e0:87:87:71:d3:41:38:57:47:
                    23:35:08:66:1d:f3:61:7c:f5:6a:a9:61:f2:a6:5c:
                    f8:14:9d:63:02:41:a5:cb:80:89:88:8a:23:95:b9:
                    e6:e5:88:5b:de:dd:13:a4:05:7f:b7:be:b4:2e:e2:
                    85:a5:77:be:9c:5a:bc:6d:0a:9d:93:a3:57:a3:6a:
                    88:3e:44:55:1e:bf:68:0c:88:af:41:13:a9:a5:51:
                    b1:d1:48:c7:c3:65:a7:37:7b:9a:5e:a9:cd:c1:9f:
                    9b:c9:61:0c:f6:0a:12:ce:1d:fe:96:7f:45:04:4d:
                    98:53:93:ac:5a:c0:16:06:74:46:88:1b:62:6a:1e:
                    4c:ed:13:4e:00:61:2d:88:f8:88:59:6f:4b:d4:cb:
                    02:87:c8:e8:9c:76:39:ad:79:29:fe:c1:59:2e:7e:
                    8b:dd:12:de:a1:72:36:aa:da:47:09:2c:ed:6e:ed:
                    05:20:ad:98:07:68:86:f9:16:23:c2:8e:35:e1:be:
                    b6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:9C:A4:AB:2F:12:24:06:35:3E:3E:B7:0B:8C:71:65:8C:E6:31:41
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/BJykqy8SJAY1Pj63C4xxZYzmMUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:c7:33:76:8a:dc:69:a3:b9:e8:e7:e0:d6:31:4e:99:ad:7c:
         4d:34:b1:79:a3:c8:c1:ae:fb:48:f1:78:a4:07:9a:14:d3:ac:
         48:3f:a6:2e:db:8c:86:3e:17:fb:12:4e:ee:82:27:3e:c9:57:
         78:30:c1:b4:c7:4b:b9:74:02:21:23:2e:b3:85:b3:0f:c7:33:
         16:e0:27:f2:89:94:31:99:ab:a3:b2:8d:30:cf:02:f9:79:72:
         bf:85:5e:13:09:c1:83:61:86:ab:11:55:b0:f3:1e:fe:7a:05:
         57:7d:d4:91:fc:98:a0:ff:fa:e2:43:03:ad:72:88:2a:0d:02:
         bd:a9:e1:12:b9:31:63:4c:28:6c:ad:1a:a5:5b:3c:26:cb:d6:
         b7:dd:78:ab:56:4f:c5:67:3a:6f:4e:b6:5d:8a:0d:35:86:bc:
         b4:bd:4e:b4:09:91:32:39:3f:e7:f2:db:3b:46:86:d4:a9:a3:
         3c:59:cf:9d:30:89:26:15:ec:13:7f:b8:45:49:66:2d:06:0e:
         be:aa:f7:6a:26:e5:83:bd:4e:f0:4f:67:53:00:49:68:01:3c:
         77:b0:e1:d2:b6:6c:5b:8b:5a:46:df:34:5b:b6:be:7a:53:6b:
         53:66:61:62:d1:88:40:bb:56:6d:9f:30:53:7c:b3:c8:c3:da:
         9f:bd:9a:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ38TcOBWA2sOzc4h291AdK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTA2MDgwMDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDljYTRhYjJmMTIyNDA2MzUzZTNlYjcwYjhjNzE2NThjZTYzMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqSg+BPYPfmYso3RO1UUUhmZ40A4
7ehDuKFfXpa1mtBlVtlmM6a1yzD77h3rBq9XkezZ6IgDUvpC2NQgCJB3czfgh4dx
00E4V0cjNQhmHfNhfPVqqWHyplz4FJ1jAkGly4CJiIojlbnm5Yhb3t0TpAV/t760
LuKFpXe+nFq8bQqdk6NXo2qIPkRVHr9oDIivQROppVGx0UjHw2WnN3uaXqnNwZ+b
yWEM9goSzh3+ln9FBE2YU5OsWsAWBnRGiBtiah5M7RNOAGEtiPiIWW9L1MsCh8jo
nHY5rXkp/sFZLn6L3RLeoXI2qtpHCSztbu0FIK2YB2iG+RYjwo414b62awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAScpKsvEiQGNT4+twuMcWWM5jFBMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvQkp5a3F5OFNKQVkxUGo2M0M0eHhaWXptTVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/sMA0G
CSqGSIb3DQEBCwUAA4IBAQAYxzN2itxpo7no5+DWMU6ZrXxNNLF5o8jBrvtI8Xik
B5oU06xIP6Yu24yGPhf7Ek7ugic+yVd4MMG0x0u5dAIhIy6zhbMPxzMW4CfyiZQx
maujso0wzwL5eXK/hV4TCcGDYYarEVWw8x7+egVXfdSR/Jig//riQwOtcogqDQK9
qeESuTFjTChsrRqlWzwmy9a33XirVk/FZzpvTrZdig01hry0vU60CZEyOT/n8ts7
RobUqaM8Wc+dMIkmFewTf7hFSWYtBg6+qvdqJuWDvU7wT2dTAEloATx3sOHStmxb
i1pG3zRbtr56U2tTZmFi0YhAu1ZtnzBTfLPIw9qfvZqe
-----END CERTIFICATE-----