Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/bjot4b3E6nFOB3m3PoYlSW85ajQ.roa
File:                     bjot4b3E6nFOB3m3PoYlSW85ajQ.roa (raw, json)
Hash identifier:          CtA6MMmy0n2/AhNaEa3R53oBEYwsN+optXLqB6oS7ic=
Subject key identifier:   6E:3A:2D:E1:BD:C4:EA:71:4E:07:79:B7:3E:86:25:49:6F:39:6A:34
Certificate issuer:       /CN=65ea93d88a202d51d34d2a903597e76b8f17f0ea
Certificate serial:       019DF865C556F5CC1C5125550F540DF9A560
Authority key identifier: 65:EA:93:D8:8A:20:2D:51:D3:4D:2A:90:35:97:E7:6B:8F:17:F0:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/bjot4b3E6nFOB3m3PoYlSW85ajQ.roa
Signing time:             Tue 05 May 2026 13:48:32 +0000
ROA not before:           Tue 05 May 2026 13:48:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199785
IP address blocks:        213.165.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 13:48:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:65:c5:56:f5:cc:1c:51:25:55:0f:54:0d:f9:a5:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65ea93d88a202d51d34d2a903597e76b8f17f0ea
        Validity
            Not Before: May  5 13:48:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e3a2de1bdc4ea714e0779b73e8625496f396a34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:00:38:04:f0:31:c7:ae:53:b4:ae:fb:e9:ab:
                    c1:4f:c6:7d:b3:e8:e9:38:63:8e:e5:ad:26:6e:45:
                    ea:71:c1:fd:26:fb:d0:ba:fd:85:9c:8c:d0:c7:34:
                    16:53:67:1b:72:83:a3:58:70:ff:48:84:11:13:cd:
                    0e:54:63:ee:07:a8:2d:ce:71:ef:2e:48:c4:0a:54:
                    7a:61:5d:80:96:ac:72:b2:cb:ae:81:47:77:fb:e7:
                    b1:a4:8c:7a:20:a6:b6:39:cd:10:96:d9:09:32:87:
                    31:dc:0f:31:d8:df:f9:3e:63:d0:6d:82:d6:35:d2:
                    6c:20:77:b8:45:f6:f6:87:79:f3:99:25:ce:c3:ea:
                    c5:15:64:25:98:79:23:22:9f:65:3c:09:d2:08:f8:
                    aa:01:fd:8e:f5:27:6d:b1:38:28:8c:36:e2:b6:28:
                    1b:b4:1c:a3:91:85:82:b3:6f:c5:ca:8f:5f:e8:80:
                    d9:f1:a7:7d:72:29:fb:b2:5e:9d:db:80:3d:cf:f4:
                    91:8d:59:57:00:ad:06:ec:86:1d:9f:28:85:a2:03:
                    5d:e1:ae:a8:d3:d0:24:d6:48:39:9b:63:ce:1e:30:
                    a4:0e:9e:37:68:8a:25:f8:1a:4f:fa:db:6d:5c:aa:
                    1a:ed:a2:4c:58:2b:62:f5:37:e3:6d:b8:6d:7f:6f:
                    66:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:3A:2D:E1:BD:C4:EA:71:4E:07:79:B7:3E:86:25:49:6F:39:6A:34
            X509v3 Authority Key Identifier:
                keyid:65:EA:93:D8:8A:20:2D:51:D3:4D:2A:90:35:97:E7:6B:8F:17:F0:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/bjot4b3E6nFOB3m3PoYlSW85ajQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.165.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:b4:99:53:56:94:9d:c0:77:e3:e9:f6:4e:0e:70:27:03:d6:
         22:43:ab:a5:bf:16:0d:ad:45:ea:35:53:3e:47:ad:02:da:f1:
         10:58:3a:18:33:2f:ba:83:d3:09:bc:f3:f1:6b:25:06:0d:7d:
         91:d4:fc:68:38:ac:74:5a:7b:b0:21:46:54:e9:2a:93:f5:cc:
         b7:df:42:15:1e:f3:84:38:34:12:c9:3b:68:3a:1c:99:06:36:
         db:6c:9b:3c:d4:5a:54:8c:d4:63:b3:85:9e:af:60:76:c7:d1:
         1f:c7:9a:04:c3:5a:ac:19:aa:e4:a9:26:d0:04:80:bb:36:11:
         fb:d2:85:12:00:6a:25:3a:eb:2d:ed:31:c7:d1:e5:51:00:16:
         4b:89:a6:71:6c:b2:1d:fc:fa:cb:b0:d7:b0:72:bb:58:73:77:
         3d:e4:8d:15:1f:04:8e:34:9a:36:9a:5b:3d:dd:98:4e:d2:8d:
         27:38:79:e8:56:c3:3c:79:31:23:60:e7:9c:8a:10:46:be:28:
         aa:9c:ba:be:32:06:f8:6e:11:e3:c5:f1:57:d5:b2:e3:61:f1:
         15:1f:b7:d8:d1:6f:d6:68:29:b9:3b:23:7a:e0:bc:9f:3d:3d:
         83:9a:81:13:a2:cd:91:16:14:a5:47:a6:15:5a:6e:c6:bc:1c:
         5e:d0:af:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ34ZcVW9cwcUSVVD1QN+aVgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZWE5M2Q4OGEyMDJkNTFkMzRkMmE5MDM1OTdlNzZiOGYx
N2YwZWEwHhcNMjYwNTA1MTM0ODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTNhMmRlMWJkYzRlYTcxNGUwNzc5YjczZTg2MjU0OTZmMzk2YTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAA4BPAxx65TtK776avBT8Z9s+jp
OGOO5a0mbkXqccH9JvvQuv2FnIzQxzQWU2cbcoOjWHD/SIQRE80OVGPuB6gtznHv
LkjEClR6YV2AlqxyssuugUd3++expIx6IKa2Oc0QltkJMocx3A8x2N/5PmPQbYLW
NdJsIHe4Rfb2h3nzmSXOw+rFFWQlmHkjIp9lPAnSCPiqAf2O9SdtsTgojDbitigb
tByjkYWCs2/Fyo9f6IDZ8ad9cin7sl6d24A9z/SRjVlXAK0G7IYdnyiFogNd4a6o
09Ak1kg5m2POHjCkDp43aIol+BpP+tttXKoa7aJMWCti9Tfjbbhtf29mSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG46LeG9xOpxTgd5tz6GJUlvOWo0MB8GA1UdIwQY
MBaAFGXqk9iKIC1R000qkDWX52uPF/DqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmVxVDJJb2dMVkhUVFNxUU5aZm5hNDhYOE9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC81NGVhYzAtNzFmZC00NmU5LTllMWIt
Y2UxYmJhNjkxYjM3LzEvYmpvdDRiM0U2bkZPQjNtM1BvWWxTVzg1YWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC81NGVhYzAtNzFmZC00NmU5LTllMWItY2UxYmJhNjkxYjM3
LzEvWmVxVDJJb2dMVkhUVFNxUU5aZm5hNDhYOE9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aU0MA0G
CSqGSIb3DQEBCwUAA4IBAQCZtJlTVpSdwHfj6fZODnAnA9YiQ6ulvxYNrUXqNVM+
R60C2vEQWDoYMy+6g9MJvPPxayUGDX2R1PxoOKx0WnuwIUZU6SqT9cy330IVHvOE
ODQSyTtoOhyZBjbbbJs81FpUjNRjs4Wer2B2x9Efx5oEw1qsGarkqSbQBIC7NhH7
0oUSAGolOust7THH0eVRABZLiaZxbLId/PrLsNewcrtYc3c95I0VHwSONJo2mls9
3ZhO0o0nOHnoVsM8eTEjYOecihBGviiqnLq+Mgb4bhHjxfFX1bLjYfEVH7fY0W/W
aCm5OyN64LyfPT2DmoETos2RFhSlR6YVWm7GvBxe0K9t
-----END CERTIFICATE-----