Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/BgdvT6nVmsZZhgGtJ4EwhcgGgms.roa
File:                     BgdvT6nVmsZZhgGtJ4EwhcgGgms.roa (raw, json)
Hash identifier:          U1+DAKicTvcHzMySi+J0gQy0xKoZudxgF5TYzAEj4Nw=
Subject key identifier:   06:07:6F:4F:A9:D5:9A:C6:59:86:01:AD:27:81:30:85:C8:06:82:6B
Certificate issuer:       /CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
Certificate serial:       019EEFC303F5F41F82A881F93C02E9C9DB98
Authority key identifier: 6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/BgdvT6nVmsZZhgGtJ4EwhcgGgms.roa
Signing time:             Mon 22 Jun 2026 14:36:35 +0000
ROA not before:           Mon 22 Jun 2026 14:36:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198969
IP address blocks:        153.51.160.0/22 maxlen: 24
                          153.51.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ef:c3:03:f5:f4:1f:82:a8:81:f9:3c:02:e9:c9:db:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
        Validity
            Not Before: Jun 22 14:36:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06076f4fa9d59ac6598601ad27813085c806826b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:fa:b7:81:6a:fc:0c:94:6b:91:b4:c4:65:ec:
                    dc:b3:98:a5:f1:ef:8d:f2:47:be:e9:86:22:e7:9e:
                    f1:da:8e:8c:cd:d7:46:0c:1d:70:26:01:15:d8:97:
                    e7:e2:c3:4d:2e:08:a7:4f:37:98:cb:54:ea:44:40:
                    b4:9c:98:21:8a:1a:08:45:fa:40:0c:34:fb:be:99:
                    16:bb:2c:87:62:62:a0:59:8c:bf:a7:03:30:38:d6:
                    40:6a:03:96:7f:22:18:a0:4e:f4:bc:0d:40:1a:fd:
                    b8:57:c4:f5:e2:60:94:4b:24:b8:25:53:de:4c:66:
                    57:9a:a5:55:ac:4b:28:0d:97:01:8a:b8:36:71:73:
                    03:d3:c8:ab:6f:1b:b0:9d:85:cb:53:f9:ba:30:d4:
                    cb:82:bf:ff:5f:c6:39:4e:d2:6c:60:e4:58:01:63:
                    cf:c4:01:58:6e:ce:83:b1:7d:9e:84:6d:a8:c6:ba:
                    c4:69:08:ab:b3:94:df:f0:89:0c:a6:93:5e:57:7f:
                    2f:94:16:ab:ff:7d:7b:a5:a0:75:a9:81:94:e5:65:
                    15:0d:a9:b8:ae:f5:22:b6:89:19:5d:4a:c1:cd:b8:
                    82:94:c7:b3:8f:4e:84:46:d7:83:9c:6b:15:f3:3d:
                    a7:60:49:bf:03:c1:6b:57:1c:66:b3:96:ce:d1:60:
                    cd:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:07:6F:4F:A9:D5:9A:C6:59:86:01:AD:27:81:30:85:C8:06:82:6B
            X509v3 Authority Key Identifier:
                keyid:6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/BgdvT6nVmsZZhgGtJ4EwhcgGgms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.51.160.0/22
                  153.51.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:a6:17:ce:39:7d:f5:a1:b2:3a:3a:0e:fc:ac:3a:5f:34:39:
         72:1e:ad:fe:99:b5:e4:ac:0f:0b:25:1f:d0:39:d9:2a:01:60:
         37:16:61:b6:67:17:4e:9a:1b:7b:52:13:49:ef:0b:1c:4b:12:
         f2:db:f4:41:70:56:88:d3:44:90:6a:94:a8:d0:6f:7e:2d:a5:
         21:00:2b:fa:77:9f:4b:96:ab:6c:a2:3e:de:79:a9:07:5e:bf:
         25:4d:1c:cd:7a:ce:00:e4:ba:9b:de:be:b8:ab:89:3e:22:d7:
         d9:79:4e:59:6e:c7:a0:15:a6:65:19:85:0b:60:b9:c3:7d:76:
         0a:41:d1:77:9f:50:5f:b9:1b:25:9c:c1:74:45:32:62:4d:74:
         b9:34:1b:93:4f:c9:17:4a:f3:b2:3b:9b:02:24:d2:49:86:a3:
         ea:ce:93:02:3a:c3:17:31:f6:c2:65:e3:d7:ea:21:42:62:7d:
         4f:ec:9f:02:e5:53:fb:95:a7:17:30:e2:5f:69:3f:75:41:2c:
         23:27:55:20:a0:16:12:a9:54:2d:1c:76:fc:0e:c2:8a:e7:ef:
         4c:f6:46:3e:9a:07:8d:e3:b1:a4:77:bb:c9:96:e7:4c:5c:33:
         2f:9c:6e:47:73:39:32:33:d6:73:3f:1d:1e:45:6a:8e:b1:b1:
         7f:94:e2:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7vwwP19B+CqIH5PALpyduYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMTA0ZjFlNGFiYWVjMWVmZjgwZjI2MmM2MmY5NmMyNTQz
OGM4ZTEwHhcNMjYwNjIyMTQzNjM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjA3NmY0ZmE5ZDU5YWM2NTk4NjAxYWQyNzgxMzA4NWM4MDY4MjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfq3gWr8DJRrkbTEZezcs5il8e+N
8ke+6YYi557x2o6MzddGDB1wJgEV2Jfn4sNNLginTzeYy1TqREC0nJghihoIRfpA
DDT7vpkWuyyHYmKgWYy/pwMwONZAagOWfyIYoE70vA1AGv24V8T14mCUSyS4JVPe
TGZXmqVVrEsoDZcBirg2cXMD08irbxuwnYXLU/m6MNTLgr//X8Y5TtJsYORYAWPP
xAFYbs6DsX2ehG2oxrrEaQirs5Tf8IkMppNeV38vlBar/317paB1qYGU5WUVDam4
rvUitokZXUrBzbiClMezj06ERteDnGsV8z2nYEm/A8FrVxxms5bO0WDN7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAYHb0+p1ZrGWYYBrSeBMIXIBoJrMB8GA1UdIwQY
MBaAFGsQTx5Kuuwe/4DyYsYvlsJUOMjhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMt
MzBjOWRlMjA1YWZjLzEvQmdkdlQ2blZtc1paaGdHdEo0RXdoY2dHZ21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMtMzBjOWRlMjA1YWZj
LzEvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCmTOgAwQA
mTOrMA0GCSqGSIb3DQEBCwUAA4IBAQCLphfOOX31obI6Og78rDpfNDlyHq3+mbXk
rA8LJR/QOdkqAWA3FmG2ZxdOmht7UhNJ7wscSxLy2/RBcFaI00SQapSo0G9+LaUh
ACv6d59Llqtsoj7eeakHXr8lTRzNes4A5Lqb3r64q4k+ItfZeU5ZbsegFaZlGYUL
YLnDfXYKQdF3n1BfuRslnMF0RTJiTXS5NBuTT8kXSvOyO5sCJNJJhqPqzpMCOsMX
MfbCZePX6iFCYn1P7J8C5VP7lacXMOJfaT91QSwjJ1UgoBYSqVQtHHb8DsKK5+9M
9kY+mgeN47Gkd7vJludMXDMvnG5HczkyM9ZzPx0eRWqOsbF/lOKX
-----END CERTIFICATE-----