Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bttPx2fdXkSt4Jy1Xygmc3pxOak.roa
File:                     bttPx2fdXkSt4Jy1Xygmc3pxOak.roa (raw, json)
Hash identifier:          qYj+lsWBrbqmTGLi8BRpLTBF50YOaXptxSQ/tD/svyA=
Subject key identifier:   6E:DB:4F:C7:67:DD:5E:44:AD:E0:9C:B5:5F:28:26:73:7A:71:39:A9
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019E744D0DB09BB7EF223FA3F9517D62F030
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bttPx2fdXkSt4Jy1Xygmc3pxOak.roa
Signing time:             Fri 29 May 2026 15:14:27 +0000
ROA not before:           Fri 29 May 2026 15:14:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50049
IP address blocks:        193.124.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:74:4d:0d:b0:9b:b7:ef:22:3f:a3:f9:51:7d:62:f0:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 29 15:14:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6edb4fc767dd5e44ade09cb55f2826737a7139a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:45:4d:b3:ed:8a:ad:3e:7e:cc:2c:20:d2:b2:
                    48:1c:2e:0d:97:e8:14:c3:21:74:8a:c4:18:4f:49:
                    20:3a:73:b7:c0:62:65:cc:11:7f:44:a9:4d:1b:5a:
                    5b:bc:b3:84:33:eb:33:a5:e7:63:2b:5a:a6:ae:40:
                    13:76:d6:bd:d0:70:77:9d:5c:55:e6:90:e3:15:34:
                    25:01:4d:4d:cd:b1:2b:04:d1:0b:f2:ce:62:b6:ac:
                    5a:52:15:9c:34:be:50:e9:3a:f7:54:b2:f7:fc:11:
                    08:d1:33:17:0f:98:ff:6b:7d:cd:eb:f3:90:c4:4b:
                    6d:c0:f5:1a:6b:41:0f:21:0a:f9:89:d1:11:77:16:
                    eb:88:b2:40:93:c7:4c:97:04:5a:f0:1f:1f:e9:fb:
                    59:d1:d0:ad:f7:82:67:07:9e:a7:b8:23:07:e7:c5:
                    ef:12:dd:f0:3c:2b:45:3c:20:d1:0d:b3:64:09:76:
                    b5:11:ee:31:92:17:b6:4b:3e:f5:f0:af:6c:5c:56:
                    91:65:8d:93:db:bd:71:3f:4e:91:d0:96:9f:7a:2a:
                    86:d5:55:3c:96:5f:8a:49:20:4b:5d:80:7c:5b:f5:
                    cd:95:8b:3b:c6:48:18:df:3f:0c:4e:76:b6:28:05:
                    35:28:4f:62:8b:bd:a6:5b:74:92:db:2d:de:45:03:
                    2c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:DB:4F:C7:67:DD:5E:44:AD:E0:9C:B5:5F:28:26:73:7A:71:39:A9
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bttPx2fdXkSt4Jy1Xygmc3pxOak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:bf:6e:96:2b:92:57:83:a6:18:b8:66:7b:25:c7:64:2d:38:
         3f:32:24:47:0e:aa:f4:2c:e9:4b:ce:39:0c:c1:4a:f8:7d:73:
         9f:11:20:ca:be:a5:9d:ad:b5:af:58:f1:e7:73:d9:5e:eb:21:
         56:bb:63:b8:cd:2f:0e:9d:ce:4d:da:e5:ae:ce:52:d7:c3:e7:
         71:be:11:91:47:c9:2d:3c:2f:1a:83:c3:39:93:c0:6c:25:43:
         9d:d9:70:33:49:33:72:d3:c3:10:31:7f:04:24:5e:c2:25:6d:
         2d:28:d3:e5:cc:a8:65:b1:a0:d0:87:d5:f3:95:49:f5:25:88:
         f9:bd:18:d9:57:08:2a:cb:b3:01:4c:f8:28:0b:7d:7e:14:b8:
         e7:78:4f:31:cf:f3:8f:09:c9:9e:1e:79:5f:63:f5:d9:32:b1:
         a5:21:d1:b1:28:b6:bb:c5:87:f5:4f:54:64:93:01:5b:58:94:
         42:7f:62:00:f7:93:cf:71:ed:76:9c:34:a6:3f:df:bc:14:69:
         a9:29:25:9a:48:9d:fb:17:c2:ef:10:4b:40:df:93:03:d7:78:
         cc:ed:8a:f1:37:1b:51:50:d0:b2:c7:5d:de:fd:6f:bc:3c:1c:
         4d:a0:94:0d:e4:7e:b9:7e:d4:e9:57:85:2f:4e:07:a6:8b:ff:
         4b:44:e6:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ50TQ2wm7fvIj+j+VF9YvAwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNTI5MTUxNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWRiNGZjNzY3ZGQ1ZTQ0YWRlMDljYjU1ZjI4MjY3MzdhNzEzOWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkVNs+2KrT5+zCwg0rJIHC4Nl+gU
wyF0isQYT0kgOnO3wGJlzBF/RKlNG1pbvLOEM+szpedjK1qmrkATdta90HB3nVxV
5pDjFTQlAU1NzbErBNEL8s5itqxaUhWcNL5Q6Tr3VLL3/BEI0TMXD5j/a33N6/OQ
xEttwPUaa0EPIQr5idERdxbriLJAk8dMlwRa8B8f6ftZ0dCt94JnB56nuCMH58Xv
Et3wPCtFPCDRDbNkCXa1Ee4xkhe2Sz718K9sXFaRZY2T271xP06R0JafeiqG1VU8
ll+KSSBLXYB8W/XNlYs7xkgY3z8MTna2KAU1KE9ii72mW3SS2y3eRQMs7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7bT8dn3V5EreCctV8oJnN6cTmpMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYnR0UHgyZmRYa1N0NEp5MVh5Z21jM3B4T2FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXyFMA0G
CSqGSIb3DQEBCwUAA4IBAQB4v26WK5JXg6YYuGZ7JcdkLTg/MiRHDqr0LOlLzjkM
wUr4fXOfESDKvqWdrbWvWPHnc9le6yFWu2O4zS8Onc5N2uWuzlLXw+dxvhGRR8kt
PC8ag8M5k8BsJUOd2XAzSTNy08MQMX8EJF7CJW0tKNPlzKhlsaDQh9XzlUn1JYj5
vRjZVwgqy7MBTPgoC31+FLjneE8xz/OPCcmeHnlfY/XZMrGlIdGxKLa7xYf1T1Rk
kwFbWJRCf2IA95PPce12nDSmP9+8FGmpKSWaSJ37F8LvEEtA35MD13jM7YrxNxtR
UNCyx13e/W+8PBxNoJQN5H65ftTpV4UvTgemi/9LRObo
-----END CERTIFICATE-----