Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/BkyymijHtvnmphSnKiCDqu37ZsU.roa
File:                     BkyymijHtvnmphSnKiCDqu37ZsU.roa (raw, json)
Hash identifier:          EX6GJVuE4khL++u0hqcGSWjiKPUqf8H74EStuVJiesc=
Subject key identifier:   06:4C:B2:9A:28:C7:B6:F9:E6:A6:14:A7:2A:20:83:AA:ED:FB:66:C5
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019F03ECC4B8B57AD0E6D3ED62E140B0E65D
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/BkyymijHtvnmphSnKiCDqu37ZsU.roa
Signing time:             Fri 26 Jun 2026 12:34:36 +0000
ROA not before:           Fri 26 Jun 2026 12:34:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        109.229.216.0/23 maxlen: 24
                          185.220.199.0/24 maxlen: 24
                          213.110.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:03:ec:c4:b8:b5:7a:d0:e6:d3:ed:62:e1:40:b0:e6:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jun 26 12:34:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=064cb29a28c7b6f9e6a614a72a2083aaedfb66c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2b:60:1b:da:6a:20:04:3c:64:52:b5:a9:72:
                    d5:3c:7d:e8:12:5b:f8:54:66:7c:0c:e5:e2:99:7a:
                    90:fc:2b:9b:3e:d5:37:a9:47:b8:0c:13:06:61:7e:
                    75:70:ab:95:4b:e9:a0:ac:9b:9d:c5:f7:35:a3:7f:
                    08:1a:74:ec:92:c3:c6:05:9a:c3:b3:29:06:33:08:
                    32:82:f9:59:e9:2e:95:b4:e1:4f:0e:24:d0:dd:3f:
                    fc:ec:f4:92:5e:1f:a3:b1:70:40:cc:1c:fd:4c:15:
                    f1:63:65:61:ca:8e:7d:3b:89:37:e9:98:3b:17:ef:
                    e1:67:77:1b:ba:d7:0d:be:36:4b:27:02:85:61:76:
                    0c:9e:0e:4c:82:f6:34:08:a1:55:d6:98:bb:6f:67:
                    e9:ab:45:6f:89:37:ef:cc:a1:05:19:c5:90:f9:cf:
                    ae:ba:a7:60:4c:cf:cb:2e:09:ce:bf:90:a1:fa:76:
                    00:fe:82:82:da:ab:e9:7e:8e:d7:21:48:43:6e:ce:
                    d2:dc:ed:5d:6f:eb:24:52:25:6f:ea:07:97:e4:d8:
                    18:c2:00:6b:01:9c:b6:72:77:bb:21:08:02:b9:e2:
                    be:6f:c8:1e:25:eb:de:9f:a5:86:cc:28:5f:c0:36:
                    ac:7f:7b:f0:68:6a:3b:30:3e:73:3b:7b:7c:c4:8a:
                    6c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:4C:B2:9A:28:C7:B6:F9:E6:A6:14:A7:2A:20:83:AA:ED:FB:66:C5
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/BkyymijHtvnmphSnKiCDqu37ZsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.229.216.0/23
                  185.220.199.0/24
                  213.110.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:16:be:45:a3:21:49:0d:af:99:06:6e:84:db:b5:84:9a:02:
         cf:8f:21:2e:eb:8c:79:35:35:d0:d0:4c:8d:bf:8f:54:f7:9d:
         b9:fa:52:f5:45:23:fe:4d:b3:25:43:c2:58:be:51:0a:49:80:
         88:76:ae:d8:7b:8b:58:77:8a:04:79:5e:14:0d:83:9f:92:84:
         1e:a2:80:b4:3f:ea:f3:ad:fe:f1:62:0a:b9:55:47:23:34:ef:
         5a:88:5f:2d:60:3b:17:c2:df:90:06:0c:3a:41:0a:9b:ea:4c:
         8f:00:7b:75:d1:bc:9f:2a:bc:36:f3:22:b6:36:cf:76:45:da:
         d2:18:0e:1c:cd:6b:6f:58:3b:d3:95:83:15:f7:f5:9d:b3:45:
         9a:0e:b5:ec:ac:fd:d5:eb:e0:19:04:87:49:63:db:dc:40:34:
         3f:51:30:77:d0:b3:02:2c:67:8b:13:87:96:9b:7d:b2:9a:2f:
         42:19:e8:ee:9b:f2:a5:53:1b:f5:a5:a5:8c:58:f8:10:96:df:
         a9:6e:86:06:1e:94:59:47:57:f5:e9:6a:ae:84:e8:8e:5c:0d:
         9e:00:7b:4a:58:f9:18:a7:78:18:58:ea:34:50:99:6d:e0:37:
         74:c8:3d:d5:28:72:6c:8e:35:69:fc:eb:4f:22:f5:cb:c2:cb:
         a4:51:89:71
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ8D7MS4tXrQ5tPtYuFAsOZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwNjI2MTIzNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjRjYjI5YTI4YzdiNmY5ZTZhNjE0YTcyYTIwODNhYWVkZmI2NmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlitgG9pqIAQ8ZFK1qXLVPH3oElv4
VGZ8DOXimXqQ/CubPtU3qUe4DBMGYX51cKuVS+mgrJudxfc1o38IGnTsksPGBZrD
sykGMwgygvlZ6S6VtOFPDiTQ3T/87PSSXh+jsXBAzBz9TBXxY2Vhyo59O4k36Zg7
F+/hZ3cbutcNvjZLJwKFYXYMng5MgvY0CKFV1pi7b2fpq0VviTfvzKEFGcWQ+c+u
uqdgTM/LLgnOv5Ch+nYA/oKC2qvpfo7XIUhDbs7S3O1db+skUiVv6geX5NgYwgBr
AZy2cne7IQgCueK+b8geJeven6WGzChfwDasf3vwaGo7MD5zO3t8xIpsnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAZMspoox7b55qYUpyogg6rt+2bFMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvQmt5eW1pakh0dm5tcGhTbktpQ0RxdTM3WnNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBbeXYAwQA
udzHAwQC1W5EMA0GCSqGSIb3DQEBCwUAA4IBAQBCFr5FoyFJDa+ZBm6E27WEmgLP
jyEu64x5NTXQ0EyNv49U9525+lL1RSP+TbMlQ8JYvlEKSYCIdq7Ye4tYd4oEeV4U
DYOfkoQeooC0P+rzrf7xYgq5VUcjNO9aiF8tYDsXwt+QBgw6QQqb6kyPAHt10byf
Krw28yK2Ns92RdrSGA4czWtvWDvTlYMV9/Wds0WaDrXsrP3V6+AZBIdJY9vcQDQ/
UTB30LMCLGeLE4eWm32ymi9CGejum/KlUxv1paWMWPgQlt+pboYGHpRZR1f16Wqu
hOiOXA2eAHtKWPkYp3gYWOo0UJlt4Dd0yD3VKHJsjjVp/OtPIvXLwsukUYlx
-----END CERTIFICATE-----