Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/BxU_QLYCv-NeFxAvHuVsehzq1Ms.roa
File:                     BxU_QLYCv-NeFxAvHuVsehzq1Ms.roa (raw, json)
Hash identifier:          ET+EI9D2GwXgCmETdUOtJ2GyqY2jX7dUpkPSLtH/MJo=
Subject key identifier:   07:15:3F:40:B6:02:BF:E3:5E:17:10:2F:1E:E5:6C:7A:1C:EA:D4:CB
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019DCF5F70C4AA797C47FF5D86DA51686D1F
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/BxU_QLYCv-NeFxAvHuVsehzq1Ms.roa
Signing time:             Mon 27 Apr 2026 14:37:11 +0000
ROA not before:           Mon 27 Apr 2026 14:37:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46559
IP address blocks:        216.236.4.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:5f:70:c4:aa:79:7c:47:ff:5d:86:da:51:68:6d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 27 14:37:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=07153f40b602bfe35e17102f1ee56c7a1cead4cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:88:c9:55:7c:dc:79:c5:57:ce:d1:f7:ef:71:
                    90:0a:79:76:87:6b:20:a7:d6:4e:92:7b:17:a7:7b:
                    23:70:98:12:99:32:4e:63:a3:98:d1:a9:71:29:01:
                    bc:e0:f4:f4:af:c7:38:c2:d8:1d:74:8a:73:7e:16:
                    a7:14:29:a9:6d:30:8c:36:56:b7:a4:66:e6:75:a2:
                    fb:1f:2d:cb:a3:14:cb:1e:bf:1c:f3:a2:83:1f:60:
                    13:e8:12:be:59:b1:4c:f1:cf:49:69:11:de:88:ff:
                    da:18:43:2d:2b:23:2d:65:70:07:61:2d:96:dd:6f:
                    99:fd:57:19:c8:6f:04:28:f1:d1:78:09:2f:9c:cc:
                    3e:84:eb:60:79:76:20:6d:28:b9:2d:73:4a:10:af:
                    de:ab:ba:85:65:a8:2a:56:1c:32:f4:43:a4:ee:a2:
                    da:a5:ff:9f:76:37:c5:6a:b1:aa:f0:08:8a:7a:d9:
                    97:e9:53:67:46:2c:0c:c2:0a:21:b7:57:e4:1c:fb:
                    80:cc:95:29:a8:53:2e:18:7b:c4:19:8b:cd:5b:7a:
                    d3:21:a6:08:85:44:5e:d0:65:62:27:66:3d:6a:a3:
                    41:ce:be:ca:17:5c:e7:2f:ff:a7:e7:9d:c3:61:29:
                    44:4b:29:3b:8c:17:f0:04:36:e2:30:b2:f8:2d:8d:
                    3c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:15:3F:40:B6:02:BF:E3:5E:17:10:2F:1E:E5:6C:7A:1C:EA:D4:CB
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/BxU_QLYCv-NeFxAvHuVsehzq1Ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.236.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:ca:cf:91:fa:3f:12:be:ca:71:8c:0a:ba:65:20:3b:86:ff:
         4d:04:ac:97:fb:63:c1:7c:7e:18:57:73:a0:71:c2:d9:25:c4:
         2f:17:2c:69:e2:8d:de:00:ca:bd:36:4d:ca:24:eb:ae:e0:43:
         94:12:c6:91:16:be:6c:c6:fd:f9:e6:eb:a3:10:9b:cd:09:3c:
         ac:a8:6c:64:b6:18:84:c6:6f:e4:aa:c3:f6:63:fe:6b:70:c6:
         73:1b:f2:cb:83:ea:71:c6:87:7e:33:95:76:08:32:04:04:6e:
         6a:25:8a:90:4a:7a:4a:3d:06:4a:f6:aa:d8:50:d1:d7:a1:f9:
         b8:be:a5:1b:b0:54:2e:35:b5:9a:1d:02:1d:e6:12:95:a9:2f:
         e7:e4:c9:aa:bf:28:a4:0c:6f:58:34:4b:75:e3:a0:9d:f5:58:
         4d:3e:d8:cb:6d:99:ca:38:c1:42:69:57:98:d1:98:7d:b0:6b:
         84:29:6b:25:96:e5:f1:eb:f7:dd:fe:cb:bd:fa:7c:1f:1d:fb:
         38:d6:04:b2:3f:0b:73:19:71:3e:1d:31:66:23:09:78:91:12:
         b5:1b:52:5e:d9:9e:36:42:c9:3f:84:98:9c:7e:f1:da:ad:4a:
         40:93:ec:90:b9:30:a7:fd:a4:85:16:1f:23:1c:a5:1a:e2:41:
         75:e7:6a:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3PX3DEqnl8R/9dhtpRaG0fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDI3MTQzNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzE1M2Y0MGI2MDJiZmUzNWUxNzEwMmYxZWU1NmM3YTFjZWFkNGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4jJVXzcecVXztH373GQCnl2h2sg
p9ZOknsXp3sjcJgSmTJOY6OY0alxKQG84PT0r8c4wtgddIpzfhanFCmpbTCMNla3
pGbmdaL7Hy3LoxTLHr8c86KDH2AT6BK+WbFM8c9JaRHeiP/aGEMtKyMtZXAHYS2W
3W+Z/VcZyG8EKPHReAkvnMw+hOtgeXYgbSi5LXNKEK/eq7qFZagqVhwy9EOk7qLa
pf+fdjfFarGq8AiKetmX6VNnRiwMwgoht1fkHPuAzJUpqFMuGHvEGYvNW3rTIaYI
hURe0GViJ2Y9aqNBzr7KF1znL/+n553DYSlESyk7jBfwBDbiMLL4LY08bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcVP0C2Ar/jXhcQLx7lbHoc6tTLMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvQnhVX1FMWUN2LU5lRnhBdkh1VnNlaHpxMU1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2OwEMA0G
CSqGSIb3DQEBCwUAA4IBAQBLys+R+j8SvspxjAq6ZSA7hv9NBKyX+2PBfH4YV3Og
ccLZJcQvFyxp4o3eAMq9Nk3KJOuu4EOUEsaRFr5sxv355uujEJvNCTysqGxkthiE
xm/kqsP2Y/5rcMZzG/LLg+pxxod+M5V2CDIEBG5qJYqQSnpKPQZK9qrYUNHXofm4
vqUbsFQuNbWaHQId5hKVqS/n5MmqvyikDG9YNEt146Cd9VhNPtjLbZnKOMFCaVeY
0Zh9sGuEKWslluXx6/fd/su9+nwfHfs41gSyPwtzGXE+HTFmIwl4kRK1G1Je2Z42
Qsk/hJicfvHarUpAk+yQuTCn/aSFFh8jHKUa4kF152om
-----END CERTIFICATE-----