Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/BOpDj9O5HVfOitBF2luTW4iqfg8.roa
File:                     BOpDj9O5HVfOitBF2luTW4iqfg8.roa (raw, json)
Hash identifier:          rJJylU5TJKs4KdXAQOEGLtGPNJZVDTHP3mloiSNNuu8=
Subject key identifier:   04:EA:43:8F:D3:B9:1D:57:CE:8A:D0:45:DA:5B:93:5B:88:AA:7E:0F
Certificate issuer:       /CN=5f7f70250082c3e056f3fe528bd77b06e20e407c
Certificate serial:       019CC2B7BE0AC463675778C51B2F6A3F9792
Authority key identifier: 5F:7F:70:25:00:82:C3:E0:56:F3:FE:52:8B:D7:7B:06:E2:0E:40:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X39wJQCCw-BW8_5Si9d7BuIOQHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/BOpDj9O5HVfOitBF2luTW4iqfg8.roa
Signing time:             Fri 06 Mar 2026 10:35:47 +0000
ROA not before:           Fri 06 Mar 2026 10:35:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        185.136.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/X39wJQCCw-BW8_5Si9d7BuIOQHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/X39wJQCCw-BW8_5Si9d7BuIOQHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X39wJQCCw-BW8_5Si9d7BuIOQHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:b7:be:0a:c4:63:67:57:78:c5:1b:2f:6a:3f:97:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f7f70250082c3e056f3fe528bd77b06e20e407c
        Validity
            Not Before: Mar  6 10:35:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04ea438fd3b91d57ce8ad045da5b935b88aa7e0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:aa:00:0d:6e:c3:fa:1c:51:40:e6:0a:29:e1:
                    3d:8d:b0:ce:72:b8:07:3f:b5:bf:de:61:f7:26:72:
                    86:a5:80:65:86:4c:0c:ce:50:e6:f7:3e:31:33:24:
                    fa:57:ae:ec:3d:02:6d:7b:24:75:0d:48:43:66:c1:
                    82:ec:d8:09:56:e1:e7:64:92:44:e6:50:0f:22:e6:
                    12:ac:c8:8d:32:f6:88:74:46:78:29:a6:4e:a8:14:
                    ed:39:27:75:32:78:f9:8b:e5:10:87:a0:87:76:40:
                    cf:60:1e:eb:45:7e:c5:2b:e3:54:b6:f2:54:11:3c:
                    7c:de:60:13:e4:3f:6e:0c:23:9b:64:bf:22:3f:0a:
                    dd:f3:91:ad:f3:f4:ea:27:f1:ec:c4:9a:52:ec:cc:
                    00:84:1a:2d:ab:a8:53:b7:65:af:85:86:a9:af:ee:
                    8a:0e:69:76:95:0d:ab:dc:91:19:91:a4:28:cb:20:
                    98:97:38:89:5d:f5:0c:6d:13:08:0c:af:2f:d8:87:
                    0d:4c:35:d7:68:04:34:0b:d8:a8:1c:24:4f:ab:97:
                    6e:38:a9:25:81:d4:a7:b3:e5:4a:d1:5c:14:36:ac:
                    fa:b6:8b:e0:bd:ba:04:2a:f9:da:92:a8:48:92:ec:
                    fd:eb:e1:fe:ff:2a:30:2e:5b:06:a0:66:86:a5:bc:
                    e6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:EA:43:8F:D3:B9:1D:57:CE:8A:D0:45:DA:5B:93:5B:88:AA:7E:0F
            X509v3 Authority Key Identifier:
                keyid:5F:7F:70:25:00:82:C3:E0:56:F3:FE:52:8B:D7:7B:06:E2:0E:40:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X39wJQCCw-BW8_5Si9d7BuIOQHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/BOpDj9O5HVfOitBF2luTW4iqfg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/4e9414-bc4d-4f2c-b9f1-23f0c04d2c17/1/X39wJQCCw-BW8_5Si9d7BuIOQHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:1d:b7:4e:81:16:d2:c9:f4:cf:33:63:bc:79:06:c3:a2:54:
         31:05:ce:33:6b:65:40:6c:91:7a:e9:b5:6c:83:85:cd:99:57:
         24:50:06:bd:79:55:62:1b:2d:fe:e5:27:1a:ee:0f:34:89:93:
         8c:f7:dc:81:96:ec:9c:d3:ac:7d:ab:51:42:03:f4:da:1a:d4:
         fe:71:30:8a:ba:11:8e:5c:5b:c5:f4:be:f4:91:97:da:e8:84:
         af:e9:45:e1:d7:03:9e:6d:ae:91:55:ad:e9:06:94:80:0c:31:
         bb:0c:79:a4:ad:53:68:e4:2a:a6:39:12:38:44:fb:be:5c:50:
         07:8c:f0:84:98:fb:6c:69:f8:e7:27:12:fc:77:39:22:8b:25:
         cc:f8:43:ee:aa:f6:b8:e6:c2:58:a0:1b:63:f6:df:d0:1b:14:
         a9:43:11:47:02:97:ed:54:e0:e6:4e:c7:e9:cc:5b:32:3f:5d:
         ce:43:3d:de:a9:84:ae:a1:9c:77:f7:3f:28:60:dc:86:c3:a9:
         8c:14:5d:93:5e:11:87:1b:3d:8d:50:0a:b6:4f:88:01:99:ce:
         6e:9b:ab:26:4b:83:3a:c0:2a:85:a7:99:5f:39:79:a7:0b:65:
         4b:c5:03:e3:7a:e7:09:95:de:95:4f:6c:23:b1:c4:d4:01:45:
         89:10:d4:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzCt74KxGNnV3jFGy9qP5eSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmN2Y3MDI1MDA4MmMzZTA1NmYzZmU1MjhiZDc3YjA2ZTIw
ZTQwN2MwHhcNMjYwMzA2MTAzNTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGVhNDM4ZmQzYjkxZDU3Y2U4YWQwNDVkYTViOTM1Yjg4YWE3ZTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKoADW7D+hxRQOYKKeE9jbDOcrgH
P7W/3mH3JnKGpYBlhkwMzlDm9z4xMyT6V67sPQJteyR1DUhDZsGC7NgJVuHnZJJE
5lAPIuYSrMiNMvaIdEZ4KaZOqBTtOSd1Mnj5i+UQh6CHdkDPYB7rRX7FK+NUtvJU
ETx83mAT5D9uDCObZL8iPwrd85Gt8/TqJ/HsxJpS7MwAhBotq6hTt2WvhYapr+6K
Dml2lQ2r3JEZkaQoyyCYlziJXfUMbRMIDK8v2IcNTDXXaAQ0C9ioHCRPq5duOKkl
gdSns+VK0VwUNqz6tovgvboEKvnakqhIkuz96+H+/yowLlsGoGaGpbzm0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATqQ4/TuR1XzorQRdpbk1uIqn4PMB8GA1UdIwQY
MBaAFF9/cCUAgsPgVvP+UovXewbiDkB8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDM5d0pRQ0N3LUJXOF81U2k5ZDdCdUlPUUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80ZTk0MTQtYmM0ZC00ZjJjLWI5ZjEt
MjNmMGMwNGQyYzE3LzEvQk9wRGo5TzVIVmZPaXRCRjJsdVRXNGlxZmc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80ZTk0MTQtYmM0ZC00ZjJjLWI5ZjEtMjNmMGMwNGQyYzE3
LzEvWDM5d0pRQ0N3LUJXOF81U2k5ZDdCdUlPUUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYgPMA0G
CSqGSIb3DQEBCwUAA4IBAQAVHbdOgRbSyfTPM2O8eQbDolQxBc4za2VAbJF66bVs
g4XNmVckUAa9eVViGy3+5Sca7g80iZOM99yBluyc06x9q1FCA/TaGtT+cTCKuhGO
XFvF9L70kZfa6ISv6UXh1wOeba6RVa3pBpSADDG7DHmkrVNo5CqmORI4RPu+XFAH
jPCEmPtsafjnJxL8dzkiiyXM+EPuqva45sJYoBtj9t/QGxSpQxFHApftVODmTsfp
zFsyP13OQz3eqYSuoZx39z8oYNyGw6mMFF2TXhGHGz2NUAq2T4gBmc5um6smS4M6
wCqFp5lfOXmnC2VLxQPjeucJld6VT2wjscTUAUWJENRw
-----END CERTIFICATE-----