Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/bgaW-821yLoSyNN-uIV8dLZ09Fk.roa
File:                     bgaW-821yLoSyNN-uIV8dLZ09Fk.roa (raw, json)
Hash identifier:          cVScBzeCdeTPlvYnxP+yGRvQaD/vw3vWP67W4LQOLvo=
Subject key identifier:   6E:06:96:FB:CD:B5:C8:BA:12:C8:D3:7E:B8:85:7C:74:B6:74:F4:59
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019CE69502D2D114FB1D48DFC2E1A1BB3C4F
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/bgaW-821yLoSyNN-uIV8dLZ09Fk.roa
Signing time:             Fri 13 Mar 2026 09:44:10 +0000
ROA not before:           Fri 13 Mar 2026 09:44:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26769
IP address blocks:        89.126.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:95:02:d2:d1:14:fb:1d:48:df:c2:e1:a1:bb:3c:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Mar 13 09:44:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e0696fbcdb5c8ba12c8d37eb8857c74b674f459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f3:69:bb:53:02:9f:47:23:5f:ab:b2:f4:71:
                    30:2f:a7:0f:34:6e:e8:b4:45:69:7e:2c:d6:68:71:
                    e5:f5:4f:0c:2f:35:3a:b6:87:0a:90:e8:de:7f:ce:
                    7f:ba:a6:44:7c:90:8c:31:7b:74:53:2d:5d:fe:91:
                    ac:fb:76:50:db:4b:9d:31:2a:38:08:ed:35:f0:e8:
                    13:7b:ab:47:0b:8f:70:c1:93:0c:01:c5:98:4a:0a:
                    58:65:c3:58:9e:63:be:ac:a8:31:c2:82:9b:28:9a:
                    68:5c:0c:37:07:19:b5:ce:1d:34:47:3c:6a:df:45:
                    01:12:8e:fe:2f:00:89:67:7f:e0:82:c0:e3:c0:ee:
                    72:2d:e2:67:64:16:aa:90:e6:b1:36:83:d6:cd:14:
                    77:95:64:3b:4f:47:35:c1:9b:94:88:79:54:cb:0a:
                    f9:32:31:ff:ec:16:8d:c6:01:c6:88:4d:55:b5:ca:
                    b5:f1:be:dd:92:6b:cb:fc:ae:91:59:a3:68:33:a2:
                    84:aa:26:77:48:e1:32:0b:38:8f:ec:56:4b:63:92:
                    cd:d0:75:7a:8b:f4:f7:ae:81:7f:e2:ad:63:37:d4:
                    8d:48:87:b8:b3:e5:3a:6e:c7:18:3f:2c:54:ab:c4:
                    0a:ca:c2:fe:b5:27:8b:7e:f6:08:54:e6:e5:26:7a:
                    b6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:06:96:FB:CD:B5:C8:BA:12:C8:D3:7E:B8:85:7C:74:B6:74:F4:59
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/bgaW-821yLoSyNN-uIV8dLZ09Fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.126.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ea:f6:7b:38:36:c2:24:1f:15:b6:6b:eb:b7:12:72:53:e8:
         3f:3a:31:92:c6:95:bf:f2:94:4b:f0:97:ae:20:41:5e:1a:fa:
         06:83:b3:c0:52:99:c3:3d:84:9d:da:83:49:b8:6c:27:97:ed:
         d7:d7:f9:04:a3:c9:db:41:69:ef:66:0e:ad:38:fb:64:fa:33:
         5c:62:99:d6:ac:f1:52:24:b6:9b:ec:0f:08:7e:b6:df:bc:2c:
         7c:65:39:6a:20:e2:c6:df:3c:32:2d:48:6b:b8:66:ab:99:4b:
         f3:3e:99:e3:93:a5:36:23:d7:bd:63:2d:56:77:ce:9a:2b:f4:
         5b:84:99:ad:b6:59:8f:92:cc:41:f4:65:90:41:da:93:25:eb:
         41:e7:03:6c:61:57:02:d6:7b:29:ed:86:68:2c:3d:8e:c7:92:
         50:46:5b:1d:1b:9b:7a:c0:0f:c8:fa:d4:01:f2:1b:73:8e:d1:
         7c:a0:01:e4:ba:0a:44:8a:ac:e6:e0:8e:a8:eb:84:ed:7e:15:
         5e:c2:b3:1e:1a:9f:7b:ad:05:99:57:a5:fe:53:fd:75:57:3b:
         28:73:b4:08:f9:03:7b:35:91:3f:75:35:04:96:3e:a9:1a:c6:
         35:c9:57:3b:b9:37:62:57:d0:ec:c4:25:0b:e2:af:82:4b:ab:
         64:53:36:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzmlQLS0RT7HUjfwuGhuzxPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwMzEzMDk0NDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTA2OTZmYmNkYjVjOGJhMTJjOGQzN2ViODg1N2M3NGI2NzRmNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/Npu1MCn0cjX6uy9HEwL6cPNG7o
tEVpfizWaHHl9U8MLzU6tocKkOjef85/uqZEfJCMMXt0Uy1d/pGs+3ZQ20udMSo4
CO018OgTe6tHC49wwZMMAcWYSgpYZcNYnmO+rKgxwoKbKJpoXAw3Bxm1zh00Rzxq
30UBEo7+LwCJZ3/ggsDjwO5yLeJnZBaqkOaxNoPWzRR3lWQ7T0c1wZuUiHlUywr5
MjH/7BaNxgHGiE1Vtcq18b7dkmvL/K6RWaNoM6KEqiZ3SOEyCziP7FZLY5LN0HV6
i/T3roF/4q1jN9SNSIe4s+U6bscYPyxUq8QKysL+tSeLfvYIVOblJnq2BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG4GlvvNtci6EsjTfriFfHS2dPRZMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvYmdhVy04MjF5TG9TeU5OLXVJVjhkTFowOUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX7iMA0G
CSqGSIb3DQEBCwUAA4IBAQCS6vZ7ODbCJB8VtmvrtxJyU+g/OjGSxpW/8pRL8Jeu
IEFeGvoGg7PAUpnDPYSd2oNJuGwnl+3X1/kEo8nbQWnvZg6tOPtk+jNcYpnWrPFS
JLab7A8IfrbfvCx8ZTlqIOLG3zwyLUhruGarmUvzPpnjk6U2I9e9Yy1Wd86aK/Rb
hJmttlmPksxB9GWQQdqTJetB5wNsYVcC1nsp7YZoLD2Ox5JQRlsdG5t6wA/I+tQB
8htzjtF8oAHkugpEiqzm4I6o64TtfhVewrMeGp97rQWZV6X+U/11Vzsoc7QI+QN7
NZE/dTUElj6pGsY1yVc7uTdiV9DsxCUL4q+CS6tkUzaX
-----END CERTIFICATE-----