Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/bpWAciHQFwR6zjMurwONoCmcNLg.roa
File:                     bpWAciHQFwR6zjMurwONoCmcNLg.roa (raw, json)
Hash identifier:          Xu4hjVBt6w0gcdY9cLH/oFA8EkonrM6JBYJ0kS976Cg=
Subject key identifier:   6E:95:80:72:21:D0:17:04:7A:CE:33:2E:AF:03:8D:A0:29:9C:34:B8
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E81BD9ABA5E0FAB9C8F10D5D4C325959D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/bpWAciHQFwR6zjMurwONoCmcNLg.roa
Signing time:             Mon 01 Jun 2026 05:52:27 +0000
ROA not before:           Mon 01 Jun 2026 05:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154383
IP address blocks:        188.255.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:81:bd:9a:ba:5e:0f:ab:9c:8f:10:d5:d4:c3:25:95:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jun  1 05:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e95807221d017047ace332eaf038da0299c34b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d5:d9:91:25:cf:84:fd:79:da:07:48:d8:4d:
                    a2:e3:87:07:d0:12:e7:8d:f5:c0:0d:d8:0e:d8:03:
                    d0:56:93:70:db:73:8b:a5:6f:51:8d:18:cb:2b:39:
                    8d:d2:ea:5f:a8:fb:b4:e3:58:fc:74:f1:34:6b:d5:
                    db:1c:5e:c4:ac:08:35:8b:9a:65:30:63:4b:bb:eb:
                    ed:35:8f:a1:5f:d8:09:91:85:0b:90:b1:d7:b4:79:
                    91:4f:fd:4e:99:11:b0:72:90:b2:89:9c:09:26:2a:
                    f2:ce:dd:3c:2c:05:ad:06:81:96:30:f2:2d:89:8d:
                    85:14:ae:6a:33:ec:30:70:02:91:ba:73:a1:78:73:
                    cb:06:2e:11:17:82:3e:9a:fe:73:e2:be:c3:1b:67:
                    94:15:61:90:b7:25:ea:d1:f9:05:33:a8:9d:a6:10:
                    cc:e6:96:da:6c:2c:bc:ec:69:81:2f:f3:98:98:4e:
                    84:94:dc:d8:6f:31:bf:e7:e7:ad:e5:7b:f1:86:db:
                    2a:9e:fe:de:2e:ec:17:2c:af:0c:06:05:29:5d:5b:
                    5d:dd:08:85:88:eb:97:6d:17:ab:b8:e5:c6:53:ca:
                    4d:69:3c:20:50:7c:c8:c9:c1:f2:8a:76:40:71:7e:
                    de:ac:2a:98:10:d8:34:be:75:50:80:6b:9a:15:be:
                    8f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:95:80:72:21:D0:17:04:7A:CE:33:2E:AF:03:8D:A0:29:9C:34:B8
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/bpWAciHQFwR6zjMurwONoCmcNLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:fa:1d:cf:98:95:0a:11:00:5b:d6:91:39:5e:b8:0d:c2:85:
         78:b2:20:c5:71:93:c8:3f:8f:ec:96:0f:6d:18:75:59:4c:ad:
         90:19:b7:41:c9:a0:df:6b:bf:e8:55:dc:ce:05:30:68:fa:40:
         c5:63:66:08:28:b3:87:ce:2b:3e:7d:5a:18:34:24:e9:f4:9c:
         8a:0f:42:27:87:c0:df:bc:cd:ff:e7:d9:54:39:74:63:94:3c:
         44:ce:c6:8c:58:b2:8f:f9:ba:70:b0:01:8c:81:89:1a:97:a8:
         6a:2b:ba:11:65:ee:ed:b8:45:e0:f2:db:a5:66:d9:bd:13:ed:
         2d:c2:35:5c:00:26:f3:97:bd:87:59:1d:82:ac:1f:e8:07:74:
         f8:55:15:ab:8e:40:fa:55:cc:3c:b3:c9:00:e5:32:54:3b:ce:
         ad:4d:da:db:4e:67:c4:8a:82:aa:7d:90:b1:88:27:48:75:3a:
         20:31:e1:8e:ed:52:79:82:fa:ba:bb:2d:21:26:39:95:c7:89:
         5d:98:41:62:9b:0f:10:18:68:84:8e:f2:22:03:51:9d:8c:c2:
         b0:9f:87:3d:15:b3:22:cf:56:d1:c7:1a:f8:5e:d4:f6:29:5a:
         da:28:fb:6a:d3:f0:78:52:6d:77:01:ec:14:68:99:99:69:ab:
         ec:a1:00:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6BvZq6Xg+rnI8Q1dTDJZWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNjAxMDU1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTk1ODA3MjIxZDAxNzA0N2FjZTMzMmVhZjAzOGRhMDI5OWMzNGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9XZkSXPhP152gdI2E2i44cH0BLn
jfXADdgO2APQVpNw23OLpW9RjRjLKzmN0upfqPu041j8dPE0a9XbHF7ErAg1i5pl
MGNLu+vtNY+hX9gJkYULkLHXtHmRT/1OmRGwcpCyiZwJJiryzt08LAWtBoGWMPIt
iY2FFK5qM+wwcAKRunOheHPLBi4RF4I+mv5z4r7DG2eUFWGQtyXq0fkFM6idphDM
5pbabCy87GmBL/OYmE6ElNzYbzG/5+et5Xvxhtsqnv7eLuwXLK8MBgUpXVtd3QiF
iOuXbReruOXGU8pNaTwgUHzIycHyinZAcX7erCqYENg0vnVQgGuaFb6POQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6VgHIh0BcEes4zLq8DjaApnDS4MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvYnBXQWNpSFFGd1I2empNdXJ3T05vQ21jTkxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/5MA0G
CSqGSIb3DQEBCwUAA4IBAQAk+h3PmJUKEQBb1pE5XrgNwoV4siDFcZPIP4/slg9t
GHVZTK2QGbdByaDfa7/oVdzOBTBo+kDFY2YIKLOHzis+fVoYNCTp9JyKD0Inh8Df
vM3/59lUOXRjlDxEzsaMWLKP+bpwsAGMgYkal6hqK7oRZe7tuEXg8tulZtm9E+0t
wjVcACbzl72HWR2CrB/oB3T4VRWrjkD6Vcw8s8kA5TJUO86tTdrbTmfEioKqfZCx
iCdIdTogMeGO7VJ5gvq6uy0hJjmVx4ldmEFimw8QGGiEjvIiA1GdjMKwn4c9FbMi
z1bRxxr4XtT2KVraKPtq0/B4Um13AewUaJmZaavsoQAx
-----END CERTIFICATE-----