Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/BeOlGfd4kyL56CFBTNlFeg1iQCc.roa
File:                     BeOlGfd4kyL56CFBTNlFeg1iQCc.roa (raw, json)
Hash identifier:          6DQD4VPy7IHhfQDtQNtD6rCp0/TWA+VmwTvJtNQ72aQ=
Subject key identifier:   05:E3:A5:19:F7:78:93:22:F9:E8:21:41:4C:D9:45:7A:0D:62:40:27
Certificate issuer:       /CN=b8c8aa18730f4a83e2852c5692551abb5b1ee7ea
Certificate serial:       019D0AE58FDED7A8D120A81F1CBFBEE6A60C
Authority key identifier: B8:C8:AA:18:73:0F:4A:83:E2:85:2C:56:92:55:1A:BB:5B:1E:E7:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/BeOlGfd4kyL56CFBTNlFeg1iQCc.roa
Signing time:             Fri 20 Mar 2026 10:58:29 +0000
ROA not before:           Fri 20 Mar 2026 10:58:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209697
IP address blocks:        89.38.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 10:58:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:e5:8f:de:d7:a8:d1:20:a8:1f:1c:bf:be:e6:a6:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8c8aa18730f4a83e2852c5692551abb5b1ee7ea
        Validity
            Not Before: Mar 20 10:58:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05e3a519f7789322f9e821414cd9457a0d624027
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:2b:cc:27:ec:22:30:64:1a:ea:b8:d6:a8:d8:
                    59:a9:5a:4e:76:08:53:e2:e8:78:77:b4:b0:4e:d7:
                    bf:4b:e0:94:c3:58:67:00:d1:0d:0d:9b:fb:ba:9a:
                    65:6f:36:ba:fa:6a:05:80:ed:9c:60:92:6e:da:b6:
                    e4:c7:e7:7b:a3:9f:8f:3f:5e:f3:b9:15:20:11:36:
                    df:42:b7:0c:a5:35:a7:c9:07:8c:04:89:fd:1e:7e:
                    89:22:04:17:d5:96:f2:87:98:90:4d:d1:84:c1:fe:
                    aa:15:32:39:fa:88:72:89:7e:e5:2d:08:59:f5:85:
                    59:c0:a1:19:2b:81:b2:a8:e5:91:00:c6:7f:e5:96:
                    65:b0:90:e8:5b:b8:ea:3d:fa:8b:40:59:18:af:4a:
                    8b:6d:50:7a:60:31:72:45:55:d8:b6:47:ca:67:a5:
                    2d:ba:f4:3e:5b:19:67:26:46:17:86:80:3b:10:55:
                    e9:4c:9a:78:b7:d5:57:93:e3:b5:8d:8a:e1:96:8e:
                    7f:67:f5:22:78:3a:8a:4a:6d:20:53:66:89:ae:39:
                    25:ba:af:57:64:f7:34:ff:72:c6:0d:74:3b:e3:f4:
                    e9:5f:25:b1:0a:bb:dd:6f:71:70:42:41:f7:30:0f:
                    95:cd:bc:3a:2b:e0:8b:5a:b2:e6:a1:44:44:eb:43:
                    e3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:E3:A5:19:F7:78:93:22:F9:E8:21:41:4C:D9:45:7A:0D:62:40:27
            X509v3 Authority Key Identifier:
                keyid:B8:C8:AA:18:73:0F:4A:83:E2:85:2C:56:92:55:1A:BB:5B:1E:E7:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uMiqGHMPSoPihSxWklUau1se5-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/BeOlGfd4kyL56CFBTNlFeg1iQCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/a94992-566b-4b6f-a689-a57604a3f6bb/1/uMiqGHMPSoPihSxWklUau1se5-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:d6:d1:97:35:81:7f:c6:58:10:54:3f:b2:23:79:72:44:bf:
         ee:76:6f:4a:0f:5b:7f:01:c9:ff:f1:d9:47:4c:4a:bb:b2:1b:
         eb:8c:a9:21:67:02:4a:a5:ac:6f:30:d7:4a:03:c5:0d:cd:de:
         ba:ce:bc:c4:66:7d:52:e6:47:7f:eb:8f:4e:40:1e:97:2b:7d:
         2f:01:51:78:a0:5e:27:37:1d:e0:d6:1d:e2:b3:ae:8c:d4:8f:
         e0:d0:ec:61:e9:74:d1:a3:f4:56:52:df:52:5a:3c:2b:23:c2:
         d7:5c:21:bc:e6:3a:eb:e1:9c:a7:d5:21:0d:76:61:f6:29:db:
         2b:ee:9e:d1:24:d7:5b:a3:37:c9:c5:5a:bb:be:25:b1:05:93:
         6a:30:1c:6e:68:7d:af:95:4b:3f:83:67:34:46:e1:fe:31:f5:
         8d:7f:be:d3:cb:f2:b4:ef:32:67:5f:a1:ff:1c:73:f3:22:04:
         ad:02:d7:0f:48:7a:61:e5:40:4d:d1:c2:db:24:e1:7a:be:32:
         1e:0d:2a:62:77:f7:2d:6c:1b:e7:5e:b7:46:ea:c2:43:bc:2c:
         bc:43:6d:a3:ca:b1:a8:fc:c0:9b:36:cd:be:1e:ce:7c:a5:2c:
         1c:f3:75:ee:c0:cf:d3:8e:10:df:7d:cb:b5:13:1c:bf:46:7f:
         53:fc:7c:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0K5Y/e16jRIKgfHL++5qYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YzhhYTE4NzMwZjRhODNlMjg1MmM1NjkyNTUxYWJiNWIx
ZWU3ZWEwHhcNMjYwMzIwMTA1ODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWUzYTUxOWY3Nzg5MzIyZjllODIxNDE0Y2Q5NDU3YTBkNjI0MDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyvMJ+wiMGQa6rjWqNhZqVpOdghT
4uh4d7SwTte/S+CUw1hnANENDZv7upplbza6+moFgO2cYJJu2rbkx+d7o5+PP17z
uRUgETbfQrcMpTWnyQeMBIn9Hn6JIgQX1Zbyh5iQTdGEwf6qFTI5+ohyiX7lLQhZ
9YVZwKEZK4GyqOWRAMZ/5ZZlsJDoW7jqPfqLQFkYr0qLbVB6YDFyRVXYtkfKZ6Ut
uvQ+WxlnJkYXhoA7EFXpTJp4t9VXk+O1jYrhlo5/Z/UieDqKSm0gU2aJrjkluq9X
ZPc0/3LGDXQ74/TpXyWxCrvdb3FwQkH3MA+Vzbw6K+CLWrLmoURE60PjewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXjpRn3eJMi+eghQUzZRXoNYkAnMB8GA1UdIwQY
MBaAFLjIqhhzD0qD4oUsVpJVGrtbHufqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU1pcUdITVBTb1BpaFN4V2tsVWF1MXNlNS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9hOTQ5OTItNTY2Yi00YjZmLWE2ODkt
YTU3NjA0YTNmNmJiLzEvQmVPbEdmZDRreUw1NkNGQlRObEZlZzFpUUNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9hOTQ5OTItNTY2Yi00YjZmLWE2ODktYTU3NjA0YTNmNmJi
LzEvdU1pcUdITVBTb1BpaFN4V2tsVWF1MXNlNS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSYoMA0G
CSqGSIb3DQEBCwUAA4IBAQCj1tGXNYF/xlgQVD+yI3lyRL/udm9KD1t/Acn/8dlH
TEq7shvrjKkhZwJKpaxvMNdKA8UNzd66zrzEZn1S5kd/649OQB6XK30vAVF4oF4n
Nx3g1h3is66M1I/g0Oxh6XTRo/RWUt9SWjwrI8LXXCG85jrr4Zyn1SENdmH2Kdsr
7p7RJNdbozfJxVq7viWxBZNqMBxuaH2vlUs/g2c0RuH+MfWNf77Ty/K07zJnX6H/
HHPzIgStAtcPSHph5UBN0cLbJOF6vjIeDSpid/ctbBvnXrdG6sJDvCy8Q22jyrGo
/MCbNs2+Hs58pSwc83XuwM/TjhDffcu1Exy/Rn9T/HzU
-----END CERTIFICATE-----