Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/bwACBPcgAgsWgYY3mJ0HLpmzIP8.roa
File:                     bwACBPcgAgsWgYY3mJ0HLpmzIP8.roa (raw, json)
Hash identifier:          wTYcB1ROyHiKv0j+pScBCYj7kUKPkXBEZlP3invF7Cg=
Subject key identifier:   6F:00:02:04:F7:20:02:0B:16:81:86:37:98:9D:07:2E:99:B3:20:FF
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019DD48DB364DC0D0CB31BD71BA20CF81614
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/bwACBPcgAgsWgYY3mJ0HLpmzIP8.roa
Signing time:             Tue 28 Apr 2026 14:45:49 +0000
ROA not before:           Tue 28 Apr 2026 14:45:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204490
IP address blocks:        109.248.226.0/24 maxlen: 24
                          185.17.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:8d:b3:64:dc:0d:0c:b3:1b:d7:1b:a2:0c:f8:16:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Apr 28 14:45:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f000204f720020b16818637989d072e99b320ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3a:05:e9:a0:40:6c:90:a7:ae:5d:c3:8e:f6:
                    91:87:e7:88:a1:b8:c5:2a:65:04:be:da:6c:7f:83:
                    42:24:d4:f0:b8:21:d0:27:06:21:04:bb:70:b5:28:
                    ba:e5:0d:68:c8:92:f3:48:b2:ec:ee:6c:91:dd:e2:
                    89:90:ad:e3:d1:97:0e:4e:7c:e2:a7:5b:5c:32:b5:
                    1d:3b:db:2b:e7:d6:43:fa:ff:32:40:e0:5f:ce:6e:
                    a6:1f:de:8b:ec:63:fa:cc:c3:43:a0:fd:ee:a3:3a:
                    cc:0f:e7:8c:ba:d1:a5:30:96:28:1f:ac:1f:f8:89:
                    cc:f0:ab:fd:47:c5:d9:59:f3:c9:2d:3c:2a:5c:c1:
                    99:82:86:c7:fc:d5:5c:af:7f:ba:79:20:c8:08:89:
                    4d:f8:e4:da:26:2c:98:74:5b:c0:cb:56:38:6f:ab:
                    04:a0:47:bb:4c:53:dc:1a:6d:aa:b6:32:cf:f2:d5:
                    1c:5d:3d:d6:f3:b0:c6:f5:31:1a:97:85:af:04:be:
                    f2:b2:3f:61:92:ff:b4:22:df:19:9d:3e:1c:14:45:
                    32:2d:c7:4a:8a:39:db:eb:b0:f4:27:88:56:f0:8e:
                    b5:47:e6:e9:e3:0c:08:58:bd:ad:cf:db:34:95:e9:
                    17:30:79:85:66:9b:e9:82:2f:8f:f5:54:98:fa:bd:
                    3e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:00:02:04:F7:20:02:0B:16:81:86:37:98:9D:07:2E:99:B3:20:FF
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/bwACBPcgAgsWgYY3mJ0HLpmzIP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.226.0/24
                  185.17.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:53:31:5e:74:57:1f:c2:39:68:67:8f:5e:88:da:df:76:21:
         b8:76:64:7c:dc:69:dd:1e:8b:b4:bd:28:0e:d9:33:97:34:50:
         76:cc:c7:ca:87:64:b3:6c:7b:6d:df:80:f5:24:d8:31:f1:36:
         0e:04:94:42:38:6f:2b:eb:56:c3:cf:37:eb:b8:bd:9f:0e:f3:
         6e:0e:63:99:82:54:5d:32:52:1f:35:00:cd:56:96:94:3b:86:
         76:2b:0c:f9:f7:bd:14:e6:bd:74:69:af:fe:99:12:44:6e:5c:
         75:f4:50:ff:f8:02:cd:eb:77:de:34:cd:94:e7:cb:d7:eb:d3:
         49:d0:9e:2f:b1:7d:d8:d8:0a:49:15:a4:4e:03:f3:13:b2:1b:
         f9:3e:4e:7c:f0:4b:c4:e8:a8:7a:ce:76:3f:01:1f:8d:2c:9f:
         5c:a9:e9:6f:c0:af:ef:28:01:a8:10:88:f0:37:28:fc:8b:4c:
         55:47:90:b5:3a:c8:1a:8a:8a:2c:1f:53:f2:40:a6:b3:dc:e6:
         01:24:5c:c4:dc:b2:83:51:e6:4e:c1:ad:27:f4:d4:d8:a3:24:
         82:51:59:67:9d:8d:0f:db:ab:e3:87:5a:36:0c:1f:76:a8:08:
         b6:e1:34:70:cf:07:0a:19:57:52:75:b7:c4:9d:88:a7:31:44:
         2e:58:68:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3UjbNk3A0MsxvXG6IM+BYUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwNDI4MTQ0NTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjAwMDIwNGY3MjAwMjBiMTY4MTg2Mzc5ODlkMDcyZTk5YjMyMGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjoF6aBAbJCnrl3DjvaRh+eIobjF
KmUEvtpsf4NCJNTwuCHQJwYhBLtwtSi65Q1oyJLzSLLs7myR3eKJkK3j0ZcOTnzi
p1tcMrUdO9sr59ZD+v8yQOBfzm6mH96L7GP6zMNDoP3uozrMD+eMutGlMJYoH6wf
+InM8Kv9R8XZWfPJLTwqXMGZgobH/NVcr3+6eSDICIlN+OTaJiyYdFvAy1Y4b6sE
oEe7TFPcGm2qtjLP8tUcXT3W87DG9TEal4WvBL7ysj9hkv+0It8ZnT4cFEUyLcdK
ijnb67D0J4hW8I61R+bp4wwIWL2tz9s0lekXMHmFZpvpgi+P9VSY+r0+SQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG8AAgT3IAILFoGGN5idBy6ZsyD/MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvYndBQ0JQY2dBZ3NXZ1lZM21KMEhMcG16SVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbfjiAwQA
uRFAMA0GCSqGSIb3DQEBCwUAA4IBAQABUzFedFcfwjloZ49eiNrfdiG4dmR83Gnd
Hou0vSgO2TOXNFB2zMfKh2SzbHtt34D1JNgx8TYOBJRCOG8r61bDzzfruL2fDvNu
DmOZglRdMlIfNQDNVpaUO4Z2Kwz5970U5r10aa/+mRJEblx19FD/+ALN63feNM2U
58vX69NJ0J4vsX3Y2ApJFaROA/MTshv5Pk588EvE6Kh6znY/AR+NLJ9cqelvwK/v
KAGoEIjwNyj8i0xVR5C1OsgaioosH1PyQKaz3OYBJFzE3LKDUeZOwa0n9NTYoySC
UVlnnY0P26vjh1o2DB92qAi24TRwzwcKGVdSdbfEnYinMUQuWGjL
-----END CERTIFICATE-----