Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/8a344e-0ed8-42b2-a744-a9e8468710a3/1/BV_wbDPbUT8cQpcSNghKFwGtfvA.roa
File:                     BV_wbDPbUT8cQpcSNghKFwGtfvA.roa (raw, json)
Hash identifier:          ICfuWyqr7El/ZDMz8MEEp0z3PKwy83J5F2WdPeRDG0A=
Subject key identifier:   05:5F:F0:6C:33:DB:51:3F:1C:42:97:12:36:08:4A:17:01:AD:7E:F0
Certificate issuer:       /CN=c8d335041718b18830b1f58c15d3518510fe6118
Certificate serial:       019E92FC04157EE4DE1EA3FDCF64DF5C25EA
Authority key identifier: C8:D3:35:04:17:18:B1:88:30:B1:F5:8C:15:D3:51:85:10:FE:61:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yNM1BBcYsYgwsfWMFdNRhRD-YRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/8a344e-0ed8-42b2-a744-a9e8468710a3/1/BV_wbDPbUT8cQpcSNghKFwGtfvA.roa
Signing time:             Thu 04 Jun 2026 14:14:09 +0000
ROA not before:           Thu 04 Jun 2026 14:14:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29286
IP address blocks:        2a03:b7c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/8a344e-0ed8-42b2-a744-a9e8468710a3/1/yNM1BBcYsYgwsfWMFdNRhRD-YRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/8a344e-0ed8-42b2-a744-a9e8468710a3/1/yNM1BBcYsYgwsfWMFdNRhRD-YRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yNM1BBcYsYgwsfWMFdNRhRD-YRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:fc:04:15:7e:e4:de:1e:a3:fd:cf:64:df:5c:25:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8d335041718b18830b1f58c15d3518510fe6118
        Validity
            Not Before: Jun  4 14:14:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=055ff06c33db513f1c42971236084a1701ad7ef0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e5:f5:a0:b6:f6:a2:1c:87:c2:34:1e:5e:7a:
                    b5:cd:1c:af:41:50:86:11:43:5c:f0:78:d8:7a:50:
                    75:e1:78:41:69:6f:93:ae:b3:39:8e:57:1a:66:f6:
                    24:57:ab:9f:31:56:e3:fe:c7:60:eb:f3:74:28:6f:
                    8e:7f:25:69:fa:bf:fa:ed:c0:72:02:09:8a:f1:9e:
                    06:25:d2:e7:af:54:15:23:fc:5f:d3:4a:44:7e:32:
                    bf:03:a4:c9:ba:ba:1f:db:7e:03:51:b5:9a:6a:a1:
                    ee:94:00:91:57:c1:ab:e3:3f:c4:21:08:c7:64:c3:
                    c3:a8:73:fb:bc:b8:5f:e0:7a:89:17:db:c6:28:7e:
                    dd:b1:7b:dd:b2:3d:e2:5c:eb:67:eb:bc:56:fb:4c:
                    13:5d:b5:f8:f4:56:e5:25:07:0b:f1:ff:41:83:30:
                    25:9f:c4:79:03:6c:f1:01:c7:a9:04:12:36:ca:d6:
                    0e:ac:8e:f2:d3:53:70:d5:cc:c5:32:ff:a0:f9:ee:
                    f2:96:78:3a:74:01:af:35:96:07:b1:64:c8:bb:3b:
                    6d:c5:aa:b9:8b:95:30:1c:11:a0:92:7e:4b:6c:75:
                    a9:06:e5:fb:6a:a6:38:33:c3:86:bf:f5:40:c5:ad:
                    79:83:23:51:9b:86:57:30:4b:3a:71:b9:25:34:81:
                    8f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:5F:F0:6C:33:DB:51:3F:1C:42:97:12:36:08:4A:17:01:AD:7E:F0
            X509v3 Authority Key Identifier:
                keyid:C8:D3:35:04:17:18:B1:88:30:B1:F5:8C:15:D3:51:85:10:FE:61:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNM1BBcYsYgwsfWMFdNRhRD-YRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/8a344e-0ed8-42b2-a744-a9e8468710a3/1/BV_wbDPbUT8cQpcSNghKFwGtfvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/8a344e-0ed8-42b2-a744-a9e8468710a3/1/yNM1BBcYsYgwsfWMFdNRhRD-YRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:b7c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:5b:a0:9e:d5:1a:96:2a:f4:f4:02:6b:28:d6:e2:9e:20:e3:
         2b:5f:90:04:2d:26:be:6f:69:c9:8d:5c:69:f0:b9:28:a0:bc:
         00:d5:5b:28:20:f5:0d:1d:df:13:69:fa:65:be:fe:ac:c9:05:
         c5:f5:1e:2f:b2:f8:1c:2c:a5:b0:6b:f9:cd:62:19:14:e8:b4:
         0e:7b:b6:bf:f1:33:a3:68:a7:47:4a:da:0f:24:a0:bb:17:6a:
         ef:4a:a1:c1:b5:14:86:1f:b9:f6:7f:4a:c4:73:7e:0f:cc:1e:
         f8:ea:47:7d:09:ad:3b:7c:0e:31:cd:61:30:3a:b4:d8:e2:07:
         26:02:a3:5c:3d:f3:75:13:4b:6a:6c:af:3b:30:9d:3c:7f:86:
         ce:94:47:44:70:d4:74:03:8f:8d:1e:8e:2c:55:c9:10:de:18:
         35:89:85:a2:66:f5:e5:28:a2:29:64:5b:06:96:3b:af:f2:88:
         d3:25:dd:65:28:3d:a1:0c:80:d2:42:2d:33:01:e3:d1:72:64:
         25:17:8e:5f:3c:5e:99:56:ae:68:03:64:6e:aa:c3:df:9e:5a:
         73:a8:c9:d1:67:67:79:62:37:28:d1:5a:af:0d:e3:ad:6c:44:
         f8:21:34:f3:be:fd:db:6c:9b:b8:8f:b1:bb:6c:2e:9f:c0:4e:
         43:7f:9f:c8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6S/AQVfuTeHqP9z2TfXCXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDMzNTA0MTcxOGIxODgzMGIxZjU4YzE1ZDM1MTg1MTBm
ZTYxMTgwHhcNMjYwNjA0MTQxNDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTVmZjA2YzMzZGI1MTNmMWM0Mjk3MTIzNjA4NGExNzAxYWQ3ZWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuX1oLb2ohyHwjQeXnq1zRyvQVCG
EUNc8HjYelB14XhBaW+TrrM5jlcaZvYkV6ufMVbj/sdg6/N0KG+OfyVp+r/67cBy
AgmK8Z4GJdLnr1QVI/xf00pEfjK/A6TJurof234DUbWaaqHulACRV8Gr4z/EIQjH
ZMPDqHP7vLhf4HqJF9vGKH7dsXvdsj3iXOtn67xW+0wTXbX49FblJQcL8f9BgzAl
n8R5A2zxAcepBBI2ytYOrI7y01Nw1czFMv+g+e7ylng6dAGvNZYHsWTIuzttxaq5
i5UwHBGgkn5LbHWpBuX7aqY4M8OGv/VAxa15gyNRm4ZXMEs6cbklNIGPiQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAVf8Gwz21E/HEKXEjYIShcBrX7wMB8GA1UdIwQY
MBaAFMjTNQQXGLGIMLH1jBXTUYUQ/mEYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5NMUJCY1lzWWd3c2ZXTUZkTlJoUkQtWVJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84YTM0NGUtMGVkOC00MmIyLWE3NDQt
YTllODQ2ODcxMGEzLzEvQlZfd2JEUGJVVDhjUXBjU05naEtGd0d0ZnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84YTM0NGUtMGVkOC00MmIyLWE3NDQtYTllODQ2ODcxMGEz
LzEveU5NMUJCY1lzWWd3c2ZXTUZkTlJoUkQtWVJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgO3wDAN
BgkqhkiG9w0BAQsFAAOCAQEAlFugntUalir09AJrKNbiniDjK1+QBC0mvm9pyY1c
afC5KKC8ANVbKCD1DR3fE2n6Zb7+rMkFxfUeL7L4HCylsGv5zWIZFOi0Dnu2v/Ez
o2inR0raDySguxdq70qhwbUUhh+59n9KxHN+D8we+OpHfQmtO3wOMc1hMDq02OIH
JgKjXD3zdRNLamyvOzCdPH+GzpRHRHDUdAOPjR6OLFXJEN4YNYmFomb15SiiKWRb
BpY7r/KI0yXdZSg9oQyA0kItMwHj0XJkJReOXzxemVauaANkbqrD355ac6jJ0Wdn
eWI3KNFarw3jrWxE+CE0877922ybuI+xu2wun8BOQ3+fyA==
-----END CERTIFICATE-----