Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/BtCNlgamcI6Ma-wZFnew2vnFPRs.roa
File:                     BtCNlgamcI6Ma-wZFnew2vnFPRs.roa (raw, json)
Hash identifier:          YSOjx8REj2MurF5gh71HAfXJ3X1NdW83+aFnSHflfsg=
Subject key identifier:   06:D0:8D:96:06:A6:70:8E:8C:6B:EC:19:16:77:B0:DA:F9:C5:3D:1B
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019DF838EA66C1B1479BA676518F34017591
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/BtCNlgamcI6Ma-wZFnew2vnFPRs.roa
Signing time:             Tue 05 May 2026 12:59:32 +0000
ROA not before:           Tue 05 May 2026 12:59:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48207
IP address blocks:        80.71.152.0/24 maxlen: 24
                          80.71.159.0/24 maxlen: 24
                          193.42.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:38:ea:66:c1:b1:47:9b:a6:76:51:8f:34:01:75:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: May  5 12:59:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06d08d9606a6708e8c6bec191677b0daf9c53d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:21:98:1c:9f:dc:cd:c4:78:6c:7f:55:ce:f0:
                    aa:3d:d0:a3:87:bd:4e:0f:21:b4:f2:a4:04:fa:b3:
                    7a:0d:b9:d6:89:20:5a:5b:bd:35:c7:45:ba:36:e0:
                    79:d1:7f:23:d9:b7:c0:f6:f3:d0:11:76:4a:40:ff:
                    2e:54:10:66:49:aa:72:e6:b0:f4:c8:2c:ea:92:fb:
                    2f:bf:09:2d:2f:3e:b3:38:a0:6b:34:92:cd:42:87:
                    48:40:85:a3:71:b3:8a:05:d8:92:57:9d:06:66:e7:
                    0f:fa:ad:f4:bf:93:a5:45:b1:0a:31:96:f4:84:00:
                    1e:cf:87:62:40:6c:4f:96:fc:fd:4c:95:75:f4:0b:
                    fb:b5:96:6a:dc:3c:f1:62:86:5c:a9:f0:19:8f:00:
                    66:d2:27:ed:7e:e4:c5:a6:b7:96:84:01:25:30:d1:
                    14:66:17:b3:35:da:0a:28:8b:4d:40:8e:26:79:15:
                    ca:c9:cd:3f:26:12:2e:f1:ac:57:46:5c:62:4d:4a:
                    b8:0c:ec:95:57:5e:88:59:3f:65:c0:96:fb:66:64:
                    47:f3:5a:1c:63:01:af:37:c6:c9:cc:f0:93:af:a5:
                    41:0a:64:3b:b3:09:35:b1:41:95:45:fe:fc:5c:e1:
                    ae:e0:16:ba:9b:da:2a:74:b4:5e:63:41:a9:2a:f1:
                    0b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D0:8D:96:06:A6:70:8E:8C:6B:EC:19:16:77:B0:DA:F9:C5:3D:1B
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/BtCNlgamcI6Ma-wZFnew2vnFPRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.152.0/24
                  80.71.159.0/24
                  193.42.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:e7:02:48:e2:27:81:59:9c:1f:70:5c:23:05:09:fc:55:52:
         20:e6:33:66:5f:d3:5c:f9:a3:fe:cb:ad:e4:2a:1c:89:7d:e7:
         89:b6:4e:46:0d:61:53:fa:19:f4:32:dc:20:c5:52:75:2d:4b:
         14:22:30:20:ee:50:31:8f:18:62:1e:c1:e2:e7:4e:05:d0:64:
         bb:41:b6:49:f6:fd:49:e8:01:54:fe:27:8d:66:17:c0:22:56:
         89:3c:40:39:e8:65:25:18:e3:c2:ad:66:76:31:f5:e7:34:ad:
         00:b3:34:14:63:dc:92:16:b3:a8:d5:4e:b7:ca:16:66:70:21:
         da:a8:fd:d6:ac:4b:7b:2c:4e:7f:2c:3c:80:51:0b:0f:f1:61:
         00:3f:ab:24:1f:3e:b3:05:f4:74:a0:1a:7d:57:65:82:eb:94:
         9f:0f:04:fb:f7:ad:2f:95:94:8b:50:27:24:63:4c:8f:62:65:
         56:29:40:62:1b:0a:f5:62:4a:71:2f:9d:10:5d:62:c9:03:e1:
         b6:37:c6:12:6d:f2:9f:9f:ca:a7:a8:ba:04:02:38:a1:91:cb:
         b4:b6:a3:db:16:6c:c4:af:b1:8f:9a:a2:b6:2f:7b:f6:35:e3:
         8d:17:49:fa:bc:cb:3a:d6:02:ea:70:b7:35:c8:2d:28:1b:88:
         a7:30:e5:b9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ34OOpmwbFHm6Z2UY80AXWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNTA1MTI1OTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQwOGQ5NjA2YTY3MDhlOGM2YmVjMTkxNjc3YjBkYWY5YzUzZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCGYHJ/czcR4bH9VzvCqPdCjh71O
DyG08qQE+rN6DbnWiSBaW701x0W6NuB50X8j2bfA9vPQEXZKQP8uVBBmSapy5rD0
yCzqkvsvvwktLz6zOKBrNJLNQodIQIWjcbOKBdiSV50GZucP+q30v5OlRbEKMZb0
hAAez4diQGxPlvz9TJV19Av7tZZq3DzxYoZcqfAZjwBm0iftfuTFpreWhAElMNEU
ZhezNdoKKItNQI4meRXKyc0/JhIu8axXRlxiTUq4DOyVV16IWT9lwJb7ZmRH81oc
YwGvN8bJzPCTr6VBCmQ7swk1sUGVRf78XOGu4Ba6m9oqdLReY0GpKvELnQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAbQjZYGpnCOjGvsGRZ3sNr5xT0bMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvQnRDTmxnYW1jSTZNYS13WkZuZXcydm5GUFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUEeYAwQA
UEefAwQAwSp2MA0GCSqGSIb3DQEBCwUAA4IBAQAn5wJI4ieBWZwfcFwjBQn8VVIg
5jNmX9Nc+aP+y63kKhyJfeeJtk5GDWFT+hn0MtwgxVJ1LUsUIjAg7lAxjxhiHsHi
504F0GS7QbZJ9v1J6AFU/ieNZhfAIlaJPEA56GUlGOPCrWZ2MfXnNK0AszQUY9yS
FrOo1U63yhZmcCHaqP3WrEt7LE5/LDyAUQsP8WEAP6skHz6zBfR0oBp9V2WC65Sf
DwT7960vlZSLUCckY0yPYmVWKUBiGwr1YkpxL50QXWLJA+G2N8YSbfKfn8qnqLoE
Ajihkcu0tqPbFmzEr7GPmqK2L3v2NeONF0n6vMs61gLqcLc1yC0oG4inMOW5
-----END CERTIFICATE-----