Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/bcgYn6i6szRgiqTef_V2TVLz0_A.roa
File:                     bcgYn6i6szRgiqTef_V2TVLz0_A.roa (raw, json)
Hash identifier:          DRHxg4qnrjdE5Fr30c+nCCNxRklO15CgLQ5tWP25jjE=
Subject key identifier:   6D:C8:18:9F:A8:BA:B3:34:60:8A:A4:DE:7F:F5:76:4D:52:F3:D3:F0
Certificate issuer:       /CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
Certificate serial:       019DB3C1F73FF9FD91F697EB796A2F0140E9
Authority key identifier: B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/bcgYn6i6szRgiqTef_V2TVLz0_A.roa
Signing time:             Wed 22 Apr 2026 05:55:26 +0000
ROA not before:           Wed 22 Apr 2026 05:55:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        45.89.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 17:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:c1:f7:3f:f9:fd:91:f6:97:eb:79:6a:2f:01:40:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
        Validity
            Not Before: Apr 22 05:55:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6dc8189fa8bab334608aa4de7ff5764d52f3d3f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:91:85:9e:9f:49:83:42:ba:85:96:c1:a5:ef:
                    96:92:52:4f:bc:54:88:d1:68:08:dd:93:9b:a2:81:
                    cb:39:8c:15:4b:ab:45:97:92:5d:a3:75:6c:94:bb:
                    0c:bc:be:3b:7f:c2:4c:a2:02:c3:95:20:26:44:a2:
                    d1:a0:fe:6d:22:f8:49:85:5a:6a:a7:a0:ae:e5:0c:
                    98:84:aa:71:4e:20:4f:cd:be:29:d0:dd:ea:47:9d:
                    47:00:0a:eb:1c:f7:d3:ad:d6:72:1c:03:2f:55:0d:
                    43:8a:a4:36:9c:a5:d7:e9:e6:9b:6f:26:84:4c:c3:
                    d7:e1:b6:82:d8:15:e4:85:ab:42:11:32:80:05:21:
                    c8:e0:48:08:0c:a5:49:69:73:e7:d7:64:7e:13:c5:
                    57:3a:6e:83:b7:21:7a:f4:67:3d:7f:53:91:ad:91:
                    a1:ec:4a:3a:2c:0f:1b:38:17:85:77:70:8c:79:87:
                    d3:f5:7a:b7:c7:be:bb:4b:27:06:53:14:6c:23:18:
                    32:6e:b1:39:c6:f5:1f:33:7d:05:4f:f3:bf:8e:6a:
                    e4:10:a6:cd:b4:76:c8:54:a2:27:2d:4a:09:05:be:
                    44:19:b1:9e:8d:75:d7:29:4e:3e:95:cd:c1:05:4b:
                    40:76:bb:c8:fd:85:30:86:02:e0:62:cc:a4:a3:07:
                    e4:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:C8:18:9F:A8:BA:B3:34:60:8A:A4:DE:7F:F5:76:4D:52:F3:D3:F0
            X509v3 Authority Key Identifier:
                keyid:B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/bcgYn6i6szRgiqTef_V2TVLz0_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:09:d1:45:08:f7:e0:5a:47:6e:48:9a:8b:26:53:0e:70:d9:
         27:27:91:fd:9a:4e:4e:47:dc:14:3f:74:0e:f1:31:73:80:82:
         89:39:23:a5:df:18:a4:1e:4c:5b:cd:77:b4:79:26:69:b4:26:
         41:e5:b9:f6:65:7f:de:10:9a:b9:3d:00:9a:3c:c7:17:2a:77:
         99:d5:1e:13:c9:16:56:0f:ed:73:cc:33:68:c6:ec:bb:74:76:
         30:8f:de:f0:ff:b4:e1:98:25:17:7e:1e:25:41:d0:0c:a4:96:
         7f:6a:15:bd:1c:c0:8f:5f:68:d7:53:08:be:57:b8:12:53:75:
         36:3e:0e:c7:6c:9a:47:4e:16:c7:f0:7b:37:69:31:1f:a9:16:
         f6:bd:f1:be:45:31:8d:3d:b8:f9:e3:d2:c2:01:79:93:18:4f:
         b9:2f:8f:25:6d:ad:99:c1:d2:ab:f6:22:29:27:86:3c:ac:7d:
         41:61:42:04:27:ac:41:4e:f8:5b:18:ab:21:6e:d3:09:66:2d:
         3e:30:9d:a1:da:86:fd:95:29:f2:73:dd:df:18:d7:79:5c:39:
         ab:4e:c1:67:8e:a1:3f:03:1d:dc:24:cd:f9:30:22:74:c6:9f:
         bb:be:34:ab:a7:b8:c4:41:af:00:f2:6b:5e:63:0e:a2:00:ec:
         62:43:ff:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2zwfc/+f2R9pfreWovAUDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5M2Q0OTA4ZDljNDNhODVmODViZTE5MzM0YTI2ZjVkNTEz
NTBiY2IwHhcNMjYwNDIyMDU1NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGM4MTg5ZmE4YmFiMzM0NjA4YWE0ZGU3ZmY1NzY0ZDUyZjNkM2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5GFnp9Jg0K6hZbBpe+WklJPvFSI
0WgI3ZObooHLOYwVS6tFl5Jdo3VslLsMvL47f8JMogLDlSAmRKLRoP5tIvhJhVpq
p6Cu5QyYhKpxTiBPzb4p0N3qR51HAArrHPfTrdZyHAMvVQ1DiqQ2nKXX6eabbyaE
TMPX4baC2BXkhatCETKABSHI4EgIDKVJaXPn12R+E8VXOm6DtyF69Gc9f1ORrZGh
7Eo6LA8bOBeFd3CMeYfT9Xq3x767SycGUxRsIxgybrE5xvUfM30FT/O/jmrkEKbN
tHbIVKInLUoJBb5EGbGejXXXKU4+lc3BBUtAdrvI/YUwhgLgYsykowfkOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3IGJ+ourM0YIqk3n/1dk1S89PwMB8GA1UdIwQY
MBaAFLk9SQjZxDqF+FvhkzSib11RNQvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAt
NTI4NzQ2MTFjZDIxLzEvYmNnWW42aTZzelJnaXFUZWZfVjJUVkx6MF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAtNTI4NzQ2MTFjZDIx
LzEvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVnfMA0G
CSqGSIb3DQEBCwUAA4IBAQBsCdFFCPfgWkduSJqLJlMOcNknJ5H9mk5OR9wUP3QO
8TFzgIKJOSOl3xikHkxbzXe0eSZptCZB5bn2ZX/eEJq5PQCaPMcXKneZ1R4TyRZW
D+1zzDNoxuy7dHYwj97w/7ThmCUXfh4lQdAMpJZ/ahW9HMCPX2jXUwi+V7gSU3U2
Pg7HbJpHThbH8Hs3aTEfqRb2vfG+RTGNPbj549LCAXmTGE+5L48lba2ZwdKr9iIp
J4Y8rH1BYUIEJ6xBTvhbGKshbtMJZi0+MJ2h2ob9lSnyc93fGNd5XDmrTsFnjqE/
Ax3cJM35MCJ0xp+7vjSrp7jEQa8A8mteYw6iAOxiQ/8C
-----END CERTIFICATE-----