Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/_BfUEuTWI4mH7z3tL2xj4fNLk8w.roa
File:                     _BfUEuTWI4mH7z3tL2xj4fNLk8w.roa (raw, json)
Hash identifier:          PZxV1RVfs2NX+n/RPHStsER54mLHjvguw+Y+i8qfbk0=
Subject key identifier:   FC:17:D4:12:E4:D6:23:89:87:EF:3D:ED:2F:6C:63:E1:F3:4B:93:CC
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019DB3E2ED64C82CACE438F4FBF2D9D5FEC4
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/_BfUEuTWI4mH7z3tL2xj4fNLk8w.roa
Signing time:             Wed 22 Apr 2026 06:31:26 +0000
ROA not before:           Wed 22 Apr 2026 06:31:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5650
IP address blocks:        85.232.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:e2:ed:64:c8:2c:ac:e4:38:f4:fb:f2:d9:d5:fe:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: Apr 22 06:31:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc17d412e4d6238987ef3ded2f6c63e1f34b93cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6d:0c:f2:b9:3c:4c:11:9a:70:08:b1:fc:c9:
                    78:47:1b:b8:7a:61:68:92:aa:86:c5:12:78:af:c1:
                    f2:4e:32:f9:ec:28:5d:c7:54:86:79:18:b7:05:53:
                    3c:4c:1b:18:2c:a4:6d:e5:31:48:de:d1:b7:b1:c2:
                    9a:c9:b7:f2:b5:d4:d2:16:5f:bb:9d:93:e8:dd:0a:
                    da:39:1c:bd:c7:6a:11:22:44:a9:22:00:23:53:93:
                    a7:d6:cf:43:03:f3:85:6c:37:ca:90:20:92:4c:4c:
                    4d:22:0f:53:be:db:bc:d7:1a:b7:9d:35:ff:17:ff:
                    4d:d5:7a:0c:41:e5:f0:c5:a5:a7:1a:04:57:79:cf:
                    56:c4:55:7e:88:d3:49:2b:c9:d5:23:83:39:c0:f6:
                    22:db:ac:1f:03:6c:40:5c:5e:60:77:80:2a:78:46:
                    17:86:c4:97:67:b7:ce:4f:3e:7b:fe:23:dc:7e:cc:
                    3f:8c:64:01:d5:88:ef:9a:de:09:f0:79:64:50:e3:
                    5e:60:92:33:dc:f2:b9:25:30:85:0a:8f:45:a8:ef:
                    77:d3:1e:40:e9:15:78:7d:83:94:a3:00:a3:63:9d:
                    79:ae:90:34:0f:44:f1:80:e8:cc:45:2c:11:c8:8f:
                    4a:49:33:52:96:a3:46:74:ce:a9:20:ca:bc:7b:5d:
                    98:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:17:D4:12:E4:D6:23:89:87:EF:3D:ED:2F:6C:63:E1:F3:4B:93:CC
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/_BfUEuTWI4mH7z3tL2xj4fNLk8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         29:aa:84:7c:15:4b:71:19:23:c4:22:ff:de:0b:4f:52:5f:27:
         91:47:3d:8d:94:1f:65:b2:87:7c:24:3a:ab:6f:57:34:86:ff:
         75:b7:83:76:ef:cf:b1:e4:46:4b:7a:ee:c2:32:1b:8a:68:12:
         77:45:02:80:3a:20:53:1b:9f:d0:35:6e:a1:89:96:93:bd:d3:
         94:61:55:f0:57:e9:17:2d:e2:7b:99:7d:93:9b:5b:c2:48:4e:
         26:ec:a2:13:78:b2:c9:8b:e0:df:40:2c:e8:f2:30:ad:2a:ef:
         27:83:30:52:2e:4f:e4:32:25:a7:70:95:1f:f4:d3:88:4e:87:
         c4:5b:34:97:17:0d:3f:e8:4a:a2:0b:4c:84:44:31:de:e4:e8:
         ca:e9:2a:db:19:65:32:38:9f:1b:4c:36:7c:41:60:6d:9a:b1:
         9e:61:47:52:6d:d8:cd:fb:ff:04:1a:07:94:56:f8:24:0f:01:
         03:03:ca:b9:32:2c:5a:45:2c:db:56:07:01:76:9c:67:29:f7:
         9c:66:02:da:5a:e6:14:65:94:bf:69:8f:79:7c:3e:6c:1c:0d:
         ca:1d:aa:0f:86:e6:c2:6c:70:16:c5:dc:ea:83:fc:f2:69:c1:
         df:38:33:53:81:dc:75:8c:11:73:30:37:4c:4d:30:64:a9:a0:
         94:a7:8a:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2z4u1kyCys5Dj0+/LZ1f7EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNDIyMDYzMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzE3ZDQxMmU0ZDYyMzg5ODdlZjNkZWQyZjZjNjNlMWYzNGI5M2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx20M8rk8TBGacAix/Ml4Rxu4emFo
kqqGxRJ4r8HyTjL57Chdx1SGeRi3BVM8TBsYLKRt5TFI3tG3scKaybfytdTSFl+7
nZPo3QraORy9x2oRIkSpIgAjU5On1s9DA/OFbDfKkCCSTExNIg9Tvtu81xq3nTX/
F/9N1XoMQeXwxaWnGgRXec9WxFV+iNNJK8nVI4M5wPYi26wfA2xAXF5gd4AqeEYX
hsSXZ7fOTz57/iPcfsw/jGQB1Yjvmt4J8HlkUONeYJIz3PK5JTCFCo9FqO930x5A
6RV4fYOUowCjY515rpA0D0TxgOjMRSwRyI9KSTNSlqNGdM6pIMq8e12YwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwX1BLk1iOJh+897S9sY+HzS5PMMB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvX0JmVUV1VFdJNG1IN3ozdEwyeGo0Zk5Mazh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVeigMA0G
CSqGSIb3DQEBCwUAA4IBAQApqoR8FUtxGSPEIv/eC09SXyeRRz2NlB9lsod8JDqr
b1c0hv91t4N278+x5EZLeu7CMhuKaBJ3RQKAOiBTG5/QNW6hiZaTvdOUYVXwV+kX
LeJ7mX2Tm1vCSE4m7KITeLLJi+DfQCzo8jCtKu8ngzBSLk/kMiWncJUf9NOITofE
WzSXFw0/6EqiC0yERDHe5OjK6SrbGWUyOJ8bTDZ8QWBtmrGeYUdSbdjN+/8EGgeU
VvgkDwEDA8q5MixaRSzbVgcBdpxnKfecZgLaWuYUZZS/aY95fD5sHA3KHaoPhubC
bHAWxdzqg/zyacHfODNTgdx1jBFzMDdMTTBkqaCUp4oF
-----END CERTIFICATE-----