Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/BbmHTTcg1yu3XVQ5e1l3w3DBd9k.roa
File:                     BbmHTTcg1yu3XVQ5e1l3w3DBd9k.roa (raw, json)
Hash identifier:          cdKQ8M3ifUJ08goAxWDG9E7iVAwX4bOSbeqamce+C78=
Subject key identifier:   05:B9:87:4D:37:20:D7:2B:B7:5D:54:39:7B:59:77:C3:70:C1:77:D9
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019EB62DC024FB400A53A0A1506F5439781E
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/BbmHTTcg1yu3XVQ5e1l3w3DBd9k.roa
Signing time:             Thu 11 Jun 2026 10:15:12 +0000
ROA not before:           Thu 11 Jun 2026 10:15:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216334
IP address blocks:        89.125.28.0/24 maxlen: 24
                          89.125.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 18:49:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b6:2d:c0:24:fb:40:0a:53:a0:a1:50:6f:54:39:78:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun 11 10:15:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05b9874d3720d72bb75d54397b5977c370c177d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:22:e5:79:31:ea:ae:4f:99:a6:8e:2f:c1:3b:
                    33:cc:6d:f5:d4:d5:2b:c1:e8:06:40:d6:b2:1d:20:
                    bd:1c:5b:8b:2b:ce:6b:00:74:55:73:64:cf:83:69:
                    3a:85:d2:31:ea:99:40:2e:aa:b1:0d:ae:8d:c8:ad:
                    ef:84:e7:2c:55:fd:58:19:7b:c8:cd:91:f4:f7:b1:
                    4e:a8:8f:fc:9a:a2:cc:60:86:1f:9b:3e:6b:29:b5:
                    79:bc:e5:1f:14:67:7d:17:77:e3:b9:5e:aa:f7:c0:
                    8e:d8:15:f7:c0:a9:68:b9:d9:3e:74:75:3b:f1:d3:
                    0d:59:31:05:fa:d7:95:83:d4:90:94:54:30:91:24:
                    33:cd:bb:4b:e6:d0:f9:20:43:93:73:2f:4c:c6:97:
                    8b:cd:ef:26:ce:83:22:0d:bb:4f:dc:a6:da:7b:57:
                    3b:9f:da:75:d0:f4:da:c6:24:61:db:9d:13:01:b5:
                    6b:ae:23:6f:de:a4:8e:1f:75:41:d9:81:75:9b:c8:
                    10:00:40:a2:49:fe:ee:5f:d0:ea:f0:b9:79:23:a6:
                    10:ce:fd:d5:1b:0b:25:b5:32:99:48:5e:d3:4a:5f:
                    de:2f:3c:0a:e6:5c:e5:87:37:bc:55:30:98:b5:b9:
                    b9:b6:fc:44:f2:c4:49:51:6c:d2:a3:bf:7d:72:bf:
                    31:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:B9:87:4D:37:20:D7:2B:B7:5D:54:39:7B:59:77:C3:70:C1:77:D9
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/BbmHTTcg1yu3XVQ5e1l3w3DBd9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.28.0/24
                  89.125.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:5e:6e:12:c3:96:8d:41:01:ab:66:9e:83:e9:ae:09:8c:2f:
         4b:ca:6f:91:9a:7b:23:46:7b:79:0b:1e:45:48:ef:a9:11:c4:
         e2:a0:25:b6:f8:70:2c:c3:bd:d3:22:ba:fe:f1:40:51:53:e4:
         36:0a:a7:5c:99:6f:70:46:2e:6d:ed:99:04:4e:9b:76:ba:58:
         4d:65:83:a7:80:4e:f7:02:8a:ec:49:c3:f7:81:ef:ea:20:79:
         b7:48:d5:89:75:ca:d0:a6:ff:ac:a8:6c:3e:b9:d4:1f:29:8b:
         cc:4a:50:02:7e:80:74:f5:9f:f2:09:5f:84:3b:8f:32:af:43:
         48:dd:00:b1:de:c9:d5:a5:f3:42:ad:5b:db:89:ff:2c:8e:6c:
         96:5a:f4:be:8c:22:52:6a:d6:b3:c2:fc:0d:22:07:ad:5f:e8:
         76:ab:74:f6:dd:44:f4:92:a6:a4:07:84:16:37:9b:06:32:a2:
         56:f3:b4:7f:8c:d2:af:a3:d3:92:5e:43:53:91:c6:dc:25:13:
         a6:84:4a:4e:d6:ac:ba:58:fa:9b:db:4b:63:2d:c8:f4:c5:e2:
         fe:76:7f:c9:9b:8e:b2:e2:f9:d8:6d:db:b3:27:9b:49:be:78:
         e2:e1:71:b9:e8:92:44:27:ba:df:55:9f:f8:72:a4:ef:98:5c:
         c0:cb:a2:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ62LcAk+0AKU6ChUG9UOXgeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNjExMTAxNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWI5ODc0ZDM3MjBkNzJiYjc1ZDU0Mzk3YjU5NzdjMzcwYzE3N2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiLleTHqrk+Zpo4vwTszzG311NUr
wegGQNayHSC9HFuLK85rAHRVc2TPg2k6hdIx6plALqqxDa6NyK3vhOcsVf1YGXvI
zZH097FOqI/8mqLMYIYfmz5rKbV5vOUfFGd9F3fjuV6q98CO2BX3wKloudk+dHU7
8dMNWTEF+teVg9SQlFQwkSQzzbtL5tD5IEOTcy9MxpeLze8mzoMiDbtP3Kbae1c7
n9p10PTaxiRh250TAbVrriNv3qSOH3VB2YF1m8gQAECiSf7uX9Dq8Ll5I6YQzv3V
GwsltTKZSF7TSl/eLzwK5lzlhze8VTCYtbm5tvxE8sRJUWzSo799cr8xtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAW5h003INcrt11UOXtZd8NwwXfZMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvQmJtSFRUY2cxeXUzWFZRNWUxbDN3M0RCZDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWX0cAwQA
WX0iMA0GCSqGSIb3DQEBCwUAA4IBAQBVXm4Sw5aNQQGrZp6D6a4JjC9Lym+Rmnsj
Rnt5Cx5FSO+pEcTioCW2+HAsw73TIrr+8UBRU+Q2CqdcmW9wRi5t7ZkETpt2ulhN
ZYOngE73AorsScP3ge/qIHm3SNWJdcrQpv+sqGw+udQfKYvMSlACfoB09Z/yCV+E
O48yr0NI3QCx3snVpfNCrVvbif8sjmyWWvS+jCJSatazwvwNIgetX+h2q3T23UT0
kqakB4QWN5sGMqJW87R/jNKvo9OSXkNTkcbcJROmhEpO1qy6WPqb20tjLcj0xeL+
dn/Jm46y4vnYbduzJ5tJvnji4XG56JJEJ7rfVZ/4cqTvmFzAy6K7
-----END CERTIFICATE-----