Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/BexX-gnSjKhqW72JybHXEQ1EWWA.roa
File:                     BexX-gnSjKhqW72JybHXEQ1EWWA.roa (raw, json)
Hash identifier:          fzUHtXqKikSH+d+/TppNNCq40eVbwkZppsrv0BJEnf0=
Subject key identifier:   05:EC:57:FA:09:D2:8C:A8:6A:5B:BD:89:C9:B1:D7:11:0D:44:59:60
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019CBDC94E2920D599DB345388A4AB6E7D65
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/BexX-gnSjKhqW72JybHXEQ1EWWA.roa
Signing time:             Thu 05 Mar 2026 11:36:52 +0000
ROA not before:           Thu 05 Mar 2026 11:36:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49023
IP address blocks:        80.96.60.0/22 maxlen: 22
                          194.153.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 20:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:c9:4e:29:20:d5:99:db:34:53:88:a4:ab:6e:7d:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Mar  5 11:36:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05ec57fa09d28ca86a5bbd89c9b1d7110d445960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f3:6a:d6:e9:d6:93:a7:6f:44:a3:39:0c:13:
                    44:16:e0:b9:2d:57:81:75:c7:f7:24:66:9a:d0:03:
                    80:af:f8:23:e3:4f:0d:02:f2:2b:fe:50:e6:0d:45:
                    50:df:97:f8:4b:69:35:aa:f2:26:19:4d:65:bb:2b:
                    06:9b:27:c5:df:78:55:df:0d:53:94:0c:38:d9:f1:
                    c4:31:15:46:69:90:28:a8:2a:25:25:c6:d8:87:13:
                    41:b4:fb:28:0b:f0:54:90:45:7c:d3:0e:57:bd:d0:
                    f7:ee:13:70:99:47:80:ad:ea:d9:bf:9d:41:8c:df:
                    7f:3a:2e:b4:bf:9d:e9:78:73:90:27:12:08:7d:2b:
                    57:db:5c:9b:b1:ba:a3:96:2f:e3:74:1e:16:42:d9:
                    12:2e:c9:36:3c:47:7b:6e:0b:44:9c:02:b1:d0:5d:
                    58:4c:d5:98:7e:db:ca:e0:bc:9d:5a:f4:47:69:e8:
                    14:e9:93:ce:df:ee:1e:3b:ed:f4:79:14:45:8a:9a:
                    63:87:2a:d4:fc:c1:95:3b:4e:10:0c:bd:2b:ed:09:
                    5e:a2:33:7c:22:18:a6:9b:41:5e:d8:5a:78:53:42:
                    b8:17:c0:06:a5:52:ae:cb:21:ae:43:5e:10:3a:88:
                    82:26:84:10:f7:50:e5:59:6b:99:e0:c3:a9:41:86:
                    99:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:EC:57:FA:09:D2:8C:A8:6A:5B:BD:89:C9:B1:D7:11:0D:44:59:60
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/BexX-gnSjKhqW72JybHXEQ1EWWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.60.0/22
                  194.153.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:6c:d2:a5:cf:86:4c:52:a8:75:67:42:f1:69:74:56:98:6c:
         67:38:8f:f4:58:51:fb:60:53:ba:e2:91:8f:d8:6c:55:55:c4:
         cf:b6:11:13:55:0b:06:eb:e4:5b:f4:06:06:c1:7f:6b:a2:1d:
         bf:22:fe:ac:91:7f:bb:ae:4b:d0:17:d8:37:9c:f7:55:ec:56:
         fb:0f:bd:ba:2b:44:71:9d:6c:be:21:a0:e0:fb:04:e9:a7:48:
         46:37:42:1c:57:70:09:99:57:f0:2b:9b:79:72:c4:e0:8e:28:
         d1:bf:06:23:b3:fd:5d:c0:00:19:fd:8c:ef:96:5e:94:11:5b:
         fa:e1:cc:00:67:d2:2d:d4:71:75:2d:74:fa:19:d9:e7:07:7d:
         7f:e3:8c:98:2d:b6:12:41:35:29:11:5b:d7:80:25:fa:80:92:
         ec:75:3f:60:7b:70:77:f6:11:62:f1:d7:e1:1b:62:ec:97:84:
         6b:e9:1c:d7:3b:de:c1:81:c1:a8:44:b7:02:13:b3:d8:7d:9f:
         75:14:7b:76:5c:96:f7:37:43:7a:ba:af:1d:51:98:93:7a:a4:
         5d:f8:b2:c1:6a:e6:eb:dd:04:97:15:56:df:b4:59:91:bf:56:
         3d:d6:5a:8b:90:8b:ce:af:4d:97:37:08:cf:5e:80:06:c0:40:
         cb:dd:3a:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZy9yU4pINWZ2zRTiKSrbn1lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMzA1MTEzNjUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWVjNTdmYTA5ZDI4Y2E4NmE1YmJkODljOWIxZDcxMTBkNDQ1OTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/Nq1unWk6dvRKM5DBNEFuC5LVeB
dcf3JGaa0AOAr/gj408NAvIr/lDmDUVQ35f4S2k1qvImGU1luysGmyfF33hV3w1T
lAw42fHEMRVGaZAoqColJcbYhxNBtPsoC/BUkEV80w5XvdD37hNwmUeArerZv51B
jN9/Oi60v53peHOQJxIIfStX21ybsbqjli/jdB4WQtkSLsk2PEd7bgtEnAKx0F1Y
TNWYftvK4LydWvRHaegU6ZPO3+4eO+30eRRFippjhyrU/MGVO04QDL0r7QleojN8
Ihimm0Fe2Fp4U0K4F8AGpVKuyyGuQ14QOoiCJoQQ91DlWWuZ4MOpQYaZ3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAXsV/oJ0oyoalu9icmx1xENRFlgMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvQmV4WC1nblNqS2hxVzcySnliSFhFUTFFV1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUGA8AwQA
wpn7MA0GCSqGSIb3DQEBCwUAA4IBAQBhbNKlz4ZMUqh1Z0LxaXRWmGxnOI/0WFH7
YFO64pGP2GxVVcTPthETVQsG6+Rb9AYGwX9roh2/Iv6skX+7rkvQF9g3nPdV7Fb7
D726K0RxnWy+IaDg+wTpp0hGN0IcV3AJmVfwK5t5csTgjijRvwYjs/1dwAAZ/Yzv
ll6UEVv64cwAZ9It1HF1LXT6GdnnB31/44yYLbYSQTUpEVvXgCX6gJLsdT9ge3B3
9hFi8dfhG2Lsl4Rr6RzXO97BgcGoRLcCE7PYfZ91FHt2XJb3N0N6uq8dUZiTeqRd
+LLBaubr3QSXFVbftFmRv1Y91lqLkIvOr02XNwjPXoAGwEDL3TqE
-----END CERTIFICATE-----