Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/496525-2c0d-43e4-8188-5fbc230abdc2/1/BJcL0KvH6AI5ExZWVXNWRZwwO-E.roa
File:                     BJcL0KvH6AI5ExZWVXNWRZwwO-E.roa (raw, json)
Hash identifier:          AqKqM8Pe8tueSnfFPwVkIZ4FhIaObjZ6OacmM2csdkg=
Subject key identifier:   04:97:0B:D0:AB:C7:E8:02:39:13:16:56:55:73:56:45:9C:30:3B:E1
Certificate issuer:       /CN=6ecd5cad4d3306c4f72c42afc06e5cd1fbafe3a3
Certificate serial:       019DB15BA646BFE1A2793DB03DE657BF0205
Authority key identifier: 6E:CD:5C:AD:4D:33:06:C4:F7:2C:42:AF:C0:6E:5C:D1:FB:AF:E3:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bs1crU0zBsT3LEKvwG5c0fuv46M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/496525-2c0d-43e4-8188-5fbc230abdc2/1/BJcL0KvH6AI5ExZWVXNWRZwwO-E.roa
Signing time:             Tue 21 Apr 2026 18:44:26 +0000
ROA not before:           Tue 21 Apr 2026 18:44:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202651
IP address blocks:        37.205.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/496525-2c0d-43e4-8188-5fbc230abdc2/1/bs1crU0zBsT3LEKvwG5c0fuv46M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/496525-2c0d-43e4-8188-5fbc230abdc2/1/bs1crU0zBsT3LEKvwG5c0fuv46M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bs1crU0zBsT3LEKvwG5c0fuv46M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Apr 2026 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b1:5b:a6:46:bf:e1:a2:79:3d:b0:3d:e6:57:bf:02:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ecd5cad4d3306c4f72c42afc06e5cd1fbafe3a3
        Validity
            Not Before: Apr 21 18:44:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04970bd0abc7e80239131656557356459c303be1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b2:db:71:3e:87:d0:7b:6d:de:53:4f:dd:96:
                    7b:38:9e:be:9e:ba:0b:06:6e:41:29:6a:53:ce:a6:
                    63:36:f9:65:48:be:90:ab:8d:6f:b7:a5:b4:be:3f:
                    e1:f4:12:1a:4d:bc:e5:cb:7b:22:85:32:d0:c7:22:
                    27:46:f4:cc:f5:96:9c:bd:78:2b:13:90:e7:cb:68:
                    f9:ae:6e:d6:25:76:ff:46:0c:7a:af:1c:ef:21:f0:
                    10:98:eb:5a:63:0e:39:18:71:f2:9e:68:73:9d:e4:
                    cf:0b:ad:36:26:cb:08:7a:51:24:b0:22:10:2a:fc:
                    b9:92:fa:60:f5:90:1d:68:e2:cd:ff:e4:fa:87:1d:
                    68:f5:03:00:d6:84:50:ea:83:20:58:da:e8:1d:a7:
                    9a:43:f7:0a:aa:73:64:c2:3f:be:e8:25:fd:54:96:
                    c1:5b:05:2a:21:2e:b1:c9:98:c3:e0:9e:4a:cf:33:
                    0d:91:72:de:9e:df:28:bc:49:b2:cf:2e:8e:b1:e8:
                    ec:6c:02:f4:9e:8f:bb:13:1d:5b:5f:6d:4f:b9:6d:
                    03:0d:55:4e:fb:22:d9:41:a4:2b:65:a1:d4:90:fd:
                    ab:2d:13:22:b1:7e:c3:ce:62:9e:12:fc:93:f9:84:
                    d8:57:e0:31:d4:fe:77:94:63:77:fa:50:bf:22:04:
                    6e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:97:0B:D0:AB:C7:E8:02:39:13:16:56:55:73:56:45:9C:30:3B:E1
            X509v3 Authority Key Identifier:
                keyid:6E:CD:5C:AD:4D:33:06:C4:F7:2C:42:AF:C0:6E:5C:D1:FB:AF:E3:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bs1crU0zBsT3LEKvwG5c0fuv46M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/496525-2c0d-43e4-8188-5fbc230abdc2/1/BJcL0KvH6AI5ExZWVXNWRZwwO-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/496525-2c0d-43e4-8188-5fbc230abdc2/1/bs1crU0zBsT3LEKvwG5c0fuv46M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.205.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:6a:a1:61:9d:e7:75:bb:ec:15:34:83:b5:fd:de:90:fa:9d:
         7c:1a:6f:b3:48:25:41:ba:75:33:f8:6c:0a:0c:65:8e:15:91:
         38:25:3c:02:45:bf:92:0f:2d:b5:ab:45:31:ed:ce:c3:9b:fd:
         28:54:45:10:74:5b:be:00:2b:98:57:9c:a5:85:bd:07:63:9f:
         b5:ed:9c:8d:fd:49:1d:86:f1:18:06:21:f1:a9:22:07:30:49:
         a3:07:c8:9e:ee:b1:db:dd:e2:2d:1a:7d:0a:2a:24:ae:6f:11:
         8a:70:77:5d:9d:a3:85:a3:65:e2:1b:71:5a:95:62:d8:6e:e8:
         7b:7d:b3:07:67:54:c2:fa:9c:3b:e3:ef:5c:da:c8:c9:34:9b:
         14:5f:a2:4c:08:02:c8:6c:8e:c4:20:21:46:eb:25:a2:4c:e9:
         df:a7:54:18:9b:cf:27:5b:80:52:28:90:e3:f4:79:99:53:76:
         b7:cd:a8:b2:4f:79:83:80:b7:6c:4b:95:b7:42:28:7d:e0:30:
         bb:0f:40:d8:c8:36:e0:4d:78:e8:db:1a:5c:87:32:07:6f:af:
         c3:7a:8b:58:63:41:f4:d4:44:d2:24:3e:c8:11:43:7f:2a:72:
         59:c2:61:6d:f8:b4:e1:4d:ec:34:c7:65:6c:80:b2:0b:63:5a:
         64:26:49:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2xW6ZGv+GieT2wPeZXvwIFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlY2Q1Y2FkNGQzMzA2YzRmNzJjNDJhZmMwNmU1Y2QxZmJh
ZmUzYTMwHhcNMjYwNDIxMTg0NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDk3MGJkMGFiYzdlODAyMzkxMzE2NTY1NTczNTY0NTljMzAzYmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLLbcT6H0Htt3lNP3ZZ7OJ6+nroL
Bm5BKWpTzqZjNvllSL6Qq41vt6W0vj/h9BIaTbzly3sihTLQxyInRvTM9ZacvXgr
E5Dny2j5rm7WJXb/Rgx6rxzvIfAQmOtaYw45GHHynmhzneTPC602JssIelEksCIQ
Kvy5kvpg9ZAdaOLN/+T6hx1o9QMA1oRQ6oMgWNroHaeaQ/cKqnNkwj++6CX9VJbB
WwUqIS6xyZjD4J5KzzMNkXLent8ovEmyzy6OsejsbAL0no+7Ex1bX21PuW0DDVVO
+yLZQaQrZaHUkP2rLRMisX7DzmKeEvyT+YTYV+Ax1P53lGN3+lC/IgRulQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASXC9Crx+gCORMWVlVzVkWcMDvhMB8GA1UdIwQY
MBaAFG7NXK1NMwbE9yxCr8BuXNH7r+OjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnMxY3JVMHpCc1QzTEVLdndHNWMwZnV2NDZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi80OTY1MjUtMmMwZC00M2U0LTgxODgt
NWZiYzIzMGFiZGMyLzEvQkpjTDBLdkg2QUk1RXhaV1ZYTldSWnd3Ty1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi80OTY1MjUtMmMwZC00M2U0LTgxODgtNWZiYzIzMGFiZGMy
LzEvYnMxY3JVMHpCc1QzTEVLdndHNWMwZnV2NDZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJc13MA0G
CSqGSIb3DQEBCwUAA4IBAQAQaqFhned1u+wVNIO1/d6Q+p18Gm+zSCVBunUz+GwK
DGWOFZE4JTwCRb+SDy21q0Ux7c7Dm/0oVEUQdFu+ACuYV5ylhb0HY5+17ZyN/Ukd
hvEYBiHxqSIHMEmjB8ie7rHb3eItGn0KKiSubxGKcHddnaOFo2XiG3FalWLYbuh7
fbMHZ1TC+pw74+9c2sjJNJsUX6JMCALIbI7EICFG6yWiTOnfp1QYm88nW4BSKJDj
9HmZU3a3zaiyT3mDgLdsS5W3Qih94DC7D0DYyDbgTXjo2xpchzIHb6/DeotYY0H0
1ETSJD7IEUN/KnJZwmFt+LThTew0x2VsgLILY1pkJkmr
-----END CERTIFICATE-----