Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/278ff7-94a7-4fc2-aed8-8d1da9f38a0b/1/sMBS9OzucQLYRw4kO5MEHGEFHUU.roa
File:                     sMBS9OzucQLYRw4kO5MEHGEFHUU.roa (raw, json)
Hash identifier:          tUsaSUdwGiplp3q5jaJRxYUheCxbRt91fnz6Ktk8t8A=
Subject key identifier:   B0:C0:52:F4:EC:EE:71:02:D8:47:0E:24:3B:93:04:1C:61:05:1D:45
Certificate issuer:       /CN=bf3a6f67b622443b3718ba580df16dd5be8a12bb
Certificate serial:       019F2368AD84268917AD89920AA8F1E41AA7
Authority key identifier: BF:3A:6F:67:B6:22:44:3B:37:18:BA:58:0D:F1:6D:D5:BE:8A:12:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vzpvZ7YiRDs3GLpYDfFt1b6KErs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/278ff7-94a7-4fc2-aed8-8d1da9f38a0b/1/sMBS9OzucQLYRw4kO5MEHGEFHUU.roa
Signing time:             Thu 02 Jul 2026 15:18:10 +0000
ROA not before:           Thu 02 Jul 2026 15:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197997
IP address blocks:        194.0.32.0/24 maxlen: 24
                          2001:678:3c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/278ff7-94a7-4fc2-aed8-8d1da9f38a0b/1/vzpvZ7YiRDs3GLpYDfFt1b6KErs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/278ff7-94a7-4fc2-aed8-8d1da9f38a0b/1/vzpvZ7YiRDs3GLpYDfFt1b6KErs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vzpvZ7YiRDs3GLpYDfFt1b6KErs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:ad:84:26:89:17:ad:89:92:0a:a8:f1:e4:1a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf3a6f67b622443b3718ba580df16dd5be8a12bb
        Validity
            Not Before: Jul  2 15:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0c052f4ecee7102d8470e243b93041c61051d45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:dd:2c:2e:97:b5:9c:ce:8b:d6:00:86:f3:78:
                    9a:f6:74:da:de:a2:73:1b:c5:93:3a:e9:6a:7e:82:
                    1f:0e:c5:ff:f5:4d:75:51:ef:84:b9:8d:56:89:90:
                    6b:e6:6c:b3:d0:68:71:42:2a:6b:41:ef:d3:99:9e:
                    fb:8f:1f:d6:99:af:5c:a5:ec:9b:d1:35:f6:76:eb:
                    39:7d:75:53:6f:d6:5a:ae:71:49:31:67:d5:81:2f:
                    66:dd:e5:91:10:d3:93:64:7a:40:c1:fa:36:19:6a:
                    d7:59:dc:79:27:70:8f:dc:02:c4:25:27:a7:56:30:
                    b6:9b:93:e0:62:5c:b5:23:1c:75:9e:43:1f:2a:e7:
                    b3:da:86:65:3e:39:de:6b:5e:69:63:f5:32:78:ba:
                    0e:9e:90:8b:e0:63:8e:1b:9a:99:bc:94:27:0c:94:
                    d3:73:a7:63:34:bc:a3:7f:81:70:30:b1:d4:27:7a:
                    82:cd:26:ba:55:8c:c7:04:36:26:93:c8:c9:58:2e:
                    5b:25:2b:99:52:54:50:30:76:b9:21:40:5b:09:ef:
                    8a:a0:c6:0e:88:3d:91:d2:54:53:25:a2:f6:77:8c:
                    c4:9e:57:d5:c9:33:0b:11:3b:78:5d:db:60:66:dd:
                    d9:8d:89:91:a8:a3:25:e7:a3:ee:6f:ec:2e:b9:2e:
                    95:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C0:52:F4:EC:EE:71:02:D8:47:0E:24:3B:93:04:1C:61:05:1D:45
            X509v3 Authority Key Identifier:
                keyid:BF:3A:6F:67:B6:22:44:3B:37:18:BA:58:0D:F1:6D:D5:BE:8A:12:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vzpvZ7YiRDs3GLpYDfFt1b6KErs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/278ff7-94a7-4fc2-aed8-8d1da9f38a0b/1/sMBS9OzucQLYRw4kO5MEHGEFHUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/278ff7-94a7-4fc2-aed8-8d1da9f38a0b/1/vzpvZ7YiRDs3GLpYDfFt1b6KErs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.32.0/24
                IPv6:
                  2001:678:3c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:6b:2e:1b:99:b9:73:16:b6:bd:81:25:08:2e:87:4f:ff:4d:
         3d:22:45:5c:ad:6e:f0:dc:09:4e:ad:00:e2:9c:79:de:26:e7:
         ee:34:8c:c1:e6:5f:d9:44:b8:02:c1:cf:8e:e3:65:79:24:44:
         02:69:b4:75:f7:02:4e:eb:2d:9c:e5:f9:7d:77:55:99:0a:c5:
         92:a0:4d:25:bd:09:29:38:eb:a3:ab:a3:7a:d9:3a:98:a3:f0:
         05:4f:fd:96:58:f3:0b:f8:28:9e:3e:fd:91:6b:ee:07:ea:b6:
         b5:79:d5:5a:13:d4:ec:08:b0:06:03:95:58:23:7c:66:15:d7:
         84:67:3b:87:e0:54:a0:e3:7f:97:77:4f:8d:90:f3:81:6b:0f:
         09:c0:00:27:40:97:4e:f6:9b:d2:74:d6:86:54:e0:a8:66:18:
         64:51:bc:5e:1d:c9:fe:c1:9f:1d:9a:b6:41:51:21:6d:d1:98:
         23:3a:75:09:d4:aa:1b:a3:6b:96:6d:80:a0:5b:b1:94:66:ec:
         dc:f0:82:87:5e:9d:72:d9:87:45:40:9c:e5:e2:ea:50:23:10:
         65:47:31:64:c5:48:2e:04:7e:f9:3d:b4:a7:18:0f:2c:0e:15:
         50:3f:33:f2:8e:c1:68:d0:c3:ed:a6:68:3c:55:7d:02:d4:b2:
         fe:73:62:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ8jaK2EJokXrYmSCqjx5BqnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmM2E2ZjY3YjYyMjQ0M2IzNzE4YmE1ODBkZjE2ZGQ1YmU4
YTEyYmIwHhcNMjYwNzAyMTUxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGMwNTJmNGVjZWU3MTAyZDg0NzBlMjQzYjkzMDQxYzYxMDUxZDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt0sLpe1nM6L1gCG83ia9nTa3qJz
G8WTOulqfoIfDsX/9U11Ue+EuY1WiZBr5myz0GhxQiprQe/TmZ77jx/Wma9cpeyb
0TX2dus5fXVTb9ZarnFJMWfVgS9m3eWRENOTZHpAwfo2GWrXWdx5J3CP3ALEJSen
VjC2m5PgYly1Ixx1nkMfKuez2oZlPjnea15pY/UyeLoOnpCL4GOOG5qZvJQnDJTT
c6djNLyjf4FwMLHUJ3qCzSa6VYzHBDYmk8jJWC5bJSuZUlRQMHa5IUBbCe+KoMYO
iD2R0lRTJaL2d4zEnlfVyTMLETt4XdtgZt3ZjYmRqKMl56Pub+wuuS6VtQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLDAUvTs7nEC2EcOJDuTBBxhBR1FMB8GA1UdIwQY
MBaAFL86b2e2IkQ7Nxi6WA3xbdW+ihK7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnpwdlo3WWlSRHMzR0xwWURmRnQxYjZLRXJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8yNzhmZjctOTRhNy00ZmMyLWFlZDgt
OGQxZGE5ZjM4YTBiLzEvc01CUzlPenVjUUxZUnc0a081TUVIR0VGSFVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8yNzhmZjctOTRhNy00ZmMyLWFlZDgtOGQxZGE5ZjM4YTBi
LzEvdnpwdlo3WWlSRHMzR0xwWURmRnQxYjZLRXJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgAgMA8E
AgACMAkDBwAgAQZ4ADwwDQYJKoZIhvcNAQELBQADggEBAG9rLhuZuXMWtr2BJQgu
h0//TT0iRVytbvDcCU6tAOKced4m5+40jMHmX9lEuALBz47jZXkkRAJptHX3Ak7r
LZzl+X13VZkKxZKgTSW9CSk466Oro3rZOpij8AVP/ZZY8wv4KJ4+/ZFr7gfqtrV5
1VoT1OwIsAYDlVgjfGYV14RnO4fgVKDjf5d3T42Q84FrDwnAACdAl072m9J01oZU
4KhmGGRRvF4dyf7Bnx2atkFRIW3RmCM6dQnUqhuja5ZtgKBbsZRm7NzwgodenXLZ
h0VAnOXi6lAjEGVHMWTFSC4Efvk9tKcYDywOFVA/M/KOwWjQw+2maDxVfQLUsv5z
YlI=
-----END CERTIFICATE-----
Generated at Fri Jul 3 20:52:38 2026 by rpki-client