Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/f3271e-2f59-43e2-81e7-c6b028fad956/1/BBATvh4xeWeL839jiNfIKPcK8JA.roa
File:                     BBATvh4xeWeL839jiNfIKPcK8JA.roa (raw, json)
Hash identifier:          VpG3w6G88UCXf4PVa4Xkm7ESG9W4N22rBINybDK9cYA=
Subject key identifier:   04:10:13:BE:1E:31:79:67:8B:F3:7F:63:88:D7:C8:28:F7:0A:F0:90
Certificate issuer:       /CN=6d0d6d2c4941ae758c49520acb7577f232ae4626
Certificate serial:       019DF932D863A0618AA8B1C59C58EFB65EEC
Authority key identifier: 6D:0D:6D:2C:49:41:AE:75:8C:49:52:0A:CB:75:77:F2:32:AE:46:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQ1tLElBrnWMSVIKy3V38jKuRiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/f3271e-2f59-43e2-81e7-c6b028fad956/1/BBATvh4xeWeL839jiNfIKPcK8JA.roa
Signing time:             Tue 05 May 2026 17:32:32 +0000
ROA not before:           Tue 05 May 2026 17:32:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197950
IP address blocks:        2001:678:1274::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/f3271e-2f59-43e2-81e7-c6b028fad956/1/bQ1tLElBrnWMSVIKy3V38jKuRiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/f3271e-2f59-43e2-81e7-c6b028fad956/1/bQ1tLElBrnWMSVIKy3V38jKuRiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQ1tLElBrnWMSVIKy3V38jKuRiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f9:32:d8:63:a0:61:8a:a8:b1:c5:9c:58:ef:b6:5e:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d0d6d2c4941ae758c49520acb7577f232ae4626
        Validity
            Not Before: May  5 17:32:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=041013be1e3179678bf37f6388d7c828f70af090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:09:a9:93:1d:c1:b9:f9:32:20:f0:c6:5b:28:
                    11:4d:5d:fa:53:3a:d4:ea:2e:21:bd:37:99:d5:92:
                    cc:b5:b5:12:40:84:41:76:af:f2:3d:1f:c8:6b:1d:
                    60:bc:d2:4b:3c:21:87:9c:b0:aa:2d:12:32:9d:7b:
                    53:a4:1c:0f:5d:75:97:f0:55:24:62:16:88:f9:14:
                    71:3b:4a:37:50:9f:22:0a:9d:c6:e8:34:c6:12:2b:
                    38:b4:d9:b3:92:6b:4c:94:24:1c:73:8c:b7:9a:00:
                    0c:54:dd:eb:c9:81:9b:7d:72:b2:7b:93:4f:7b:d9:
                    c9:d5:ac:52:5d:9c:39:08:ec:c6:4a:da:60:c6:eb:
                    90:66:67:30:f0:75:fe:40:6a:5f:91:ad:cc:64:70:
                    99:1d:d2:95:ea:4f:3a:39:59:f4:56:6e:bb:ab:74:
                    5b:b9:1a:59:d9:e3:f6:8c:1a:cc:cd:67:e4:5d:f8:
                    e5:9f:93:79:dc:a0:5b:00:61:0a:11:4c:91:84:dc:
                    37:ed:c8:82:91:2a:11:5c:72:7c:03:95:76:f8:a3:
                    0f:a4:f2:94:9c:e3:c9:0f:45:a1:b1:6a:cf:64:93:
                    1a:9e:a9:14:c0:9b:d9:35:cb:9a:24:fe:5f:b3:55:
                    41:e0:c1:55:43:89:ec:0d:b4:59:fb:8c:9d:a6:bb:
                    ea:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:10:13:BE:1E:31:79:67:8B:F3:7F:63:88:D7:C8:28:F7:0A:F0:90
            X509v3 Authority Key Identifier:
                keyid:6D:0D:6D:2C:49:41:AE:75:8C:49:52:0A:CB:75:77:F2:32:AE:46:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQ1tLElBrnWMSVIKy3V38jKuRiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/f3271e-2f59-43e2-81e7-c6b028fad956/1/BBATvh4xeWeL839jiNfIKPcK8JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/f3271e-2f59-43e2-81e7-c6b028fad956/1/bQ1tLElBrnWMSVIKy3V38jKuRiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1274::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:c5:f2:07:00:3e:51:91:39:c3:62:ef:22:29:1f:ac:1d:5b:
         48:6e:fd:d3:dc:fe:d2:38:5f:8f:5b:55:63:27:b3:64:8e:a0:
         ea:d5:e0:7c:c9:fe:37:7e:64:8b:af:46:a3:2c:4a:f6:dd:ad:
         24:12:4b:96:39:dc:11:67:90:ef:16:f5:34:55:c7:a6:52:97:
         ca:06:5b:6c:e4:92:50:8c:19:66:4a:42:95:29:47:cf:18:97:
         88:8c:f8:1e:c6:19:30:9d:6d:c8:36:e6:e2:db:ad:f1:42:b2:
         32:f2:04:74:3b:83:88:63:4d:dc:b2:8a:e8:60:6d:a6:c7:73:
         f0:47:b6:4a:52:dd:a1:82:0f:72:db:bc:17:b9:42:8e:5a:c0:
         68:df:e5:54:14:05:b9:95:02:29:09:63:79:ce:69:63:19:ae:
         06:57:4b:ea:b1:43:3e:92:3f:81:fd:e7:eb:71:54:e6:99:36:
         03:6d:e3:87:e7:54:69:70:a2:c4:b4:cf:48:76:ab:f8:7f:f4:
         d3:25:38:89:1f:58:65:74:57:6a:de:e8:d4:fd:ee:a6:5b:f7:
         60:bc:37:8f:11:bd:63:49:5f:09:fc:cd:67:d6:f8:94:2a:18:
         a9:f9:ac:ab:56:8e:db:22:eb:63:ad:5f:5c:2e:e2:89:f9:d7:
         e5:11:00:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ35MthjoGGKqLHFnFjvtl7sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMGQ2ZDJjNDk0MWFlNzU4YzQ5NTIwYWNiNzU3N2YyMzJh
ZTQ2MjYwHhcNMjYwNTA1MTczMjMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDEwMTNiZTFlMzE3OTY3OGJmMzdmNjM4OGQ3YzgyOGY3MGFmMDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowmpkx3BufkyIPDGWygRTV36UzrU
6i4hvTeZ1ZLMtbUSQIRBdq/yPR/Iax1gvNJLPCGHnLCqLRIynXtTpBwPXXWX8FUk
YhaI+RRxO0o3UJ8iCp3G6DTGEis4tNmzkmtMlCQcc4y3mgAMVN3ryYGbfXKye5NP
e9nJ1axSXZw5COzGStpgxuuQZmcw8HX+QGpfka3MZHCZHdKV6k86OVn0Vm67q3Rb
uRpZ2eP2jBrMzWfkXfjln5N53KBbAGEKEUyRhNw37ciCkSoRXHJ8A5V2+KMPpPKU
nOPJD0WhsWrPZJManqkUwJvZNcuaJP5fs1VB4MFVQ4nsDbRZ+4ydprvqXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAQQE74eMXlni/N/Y4jXyCj3CvCQMB8GA1UdIwQY
MBaAFG0NbSxJQa51jElSCst1d/IyrkYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlExdExFbEJybldNU1ZJS3kzVjM4akt1UmlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mMzI3MWUtMmY1OS00M2UyLTgxZTct
YzZiMDI4ZmFkOTU2LzEvQkJBVHZoNHhlV2VMODM5amlOZklLUGNLOEpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mMzI3MWUtMmY1OS00M2UyLTgxZTctYzZiMDI4ZmFkOTU2
LzEvYlExdExFbEJybldNU1ZJS3kzVjM4akt1UmlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBJ0
MA0GCSqGSIb3DQEBCwUAA4IBAQBOxfIHAD5RkTnDYu8iKR+sHVtIbv3T3P7SOF+P
W1VjJ7NkjqDq1eB8yf43fmSLr0ajLEr23a0kEkuWOdwRZ5DvFvU0VcemUpfKBlts
5JJQjBlmSkKVKUfPGJeIjPgexhkwnW3INubi263xQrIy8gR0O4OIY03csoroYG2m
x3PwR7ZKUt2hgg9y27wXuUKOWsBo3+VUFAW5lQIpCWN5zmljGa4GV0vqsUM+kj+B
/efrcVTmmTYDbeOH51RpcKLEtM9Idqv4f/TTJTiJH1hldFdq3ujU/e6mW/dgvDeP
Eb1jSV8J/M1n1viUKhip+ayrVo7bIutjrV9cLuKJ+dflEQB2
-----END CERTIFICATE-----