Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/bdvOdORq1R90uFfrxYw4iBM7kqg.roa
File:                     bdvOdORq1R90uFfrxYw4iBM7kqg.roa (raw, json)
Hash identifier:          4NNR+K8RfDGHTLo6ea+O3NVX7BGGwrS0QYCsrB8x0h0=
Subject key identifier:   6D:DB:CE:74:E4:6A:D5:1F:74:B8:57:EB:C5:8C:38:88:13:3B:92:A8
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019D76919B7AD06250808DD42D55EA510C28
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/bdvOdORq1R90uFfrxYw4iBM7kqg.roa
Signing time:             Fri 10 Apr 2026 08:45:47 +0000
ROA not before:           Fri 10 Apr 2026 08:45:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207550
IP address blocks:        85.232.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 Apr 2026 21:31:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:91:9b:7a:d0:62:50:80:8d:d4:2d:55:ea:51:0c:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: Apr 10 08:45:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ddbce74e46ad51f74b857ebc58c3888133b92a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:86:0d:f4:9f:5b:4a:6b:6a:07:42:32:33:10:
                    ce:ef:90:51:a0:bf:1a:23:a6:69:28:53:51:45:bf:
                    a0:01:b1:00:20:b3:6d:05:ee:4b:96:d1:f8:4f:8d:
                    7b:15:e8:7b:4e:b1:53:be:64:85:a8:21:be:a7:02:
                    7e:2d:e7:b3:1f:ed:c2:6c:34:ca:83:2f:3a:26:86:
                    6c:9f:e4:29:95:fe:91:45:53:bd:88:12:03:72:2f:
                    9f:29:3c:d4:46:6e:bd:c3:30:a3:e1:ad:24:b4:41:
                    a6:ad:1d:80:cf:45:f7:fe:ad:40:66:01:75:0a:ec:
                    14:23:1c:7e:a8:04:b9:5e:ee:20:6c:f2:62:9c:fd:
                    44:37:6b:91:26:92:7b:a2:59:09:45:88:9f:fb:24:
                    c4:27:e8:b9:ab:c6:ce:17:75:d1:c5:bb:02:45:e6:
                    2a:4a:ea:f9:20:6b:1e:37:bd:f1:5b:41:bd:ef:7e:
                    b2:57:81:7b:76:aa:1e:b9:75:0a:27:fa:d1:11:0c:
                    f4:a3:2d:3b:73:ce:d7:60:36:aa:8d:86:58:b2:b3:
                    e1:21:e8:f7:7b:01:40:ee:e0:16:92:e5:c2:c6:a5:
                    88:fc:55:27:28:21:c4:ca:7c:fd:15:14:73:8c:ee:
                    28:36:ea:73:23:59:d5:5f:cd:12:78:39:3e:09:da:
                    ec:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:DB:CE:74:E4:6A:D5:1F:74:B8:57:EB:C5:8C:38:88:13:3B:92:A8
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/bdvOdORq1R90uFfrxYw4iBM7kqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:bd:32:19:81:26:64:b8:a8:28:0e:12:c2:fb:a2:55:3e:39:
         d5:d4:fb:3f:b9:c7:fd:61:27:f5:a8:1b:da:61:46:2c:39:74:
         54:25:0e:56:58:28:0f:7c:13:4e:de:37:e2:29:c9:3b:9a:e3:
         76:ea:83:a1:71:cb:75:f2:43:70:02:c3:d4:dd:fd:18:45:0d:
         33:8b:74:7c:85:ac:b9:16:a1:90:db:a4:ca:8d:03:46:b9:96:
         81:fc:ef:49:91:a5:c4:43:cd:40:ec:81:41:2a:e3:65:49:7e:
         63:79:f0:88:da:76:1a:a2:fd:65:6f:38:ae:49:ab:92:eb:49:
         7f:1e:55:f6:1f:ca:92:43:f8:58:4a:e6:e9:29:3a:38:51:79:
         99:51:7b:c4:95:c3:ed:c6:fc:90:92:54:35:4f:5c:1d:c7:66:
         20:a7:46:5e:23:9b:75:3c:76:da:30:ee:f9:c9:e8:01:50:8a:
         60:1f:f3:2e:46:46:3e:19:22:22:1d:89:9a:49:81:28:12:46:
         24:67:c4:1b:cb:db:b2:16:37:6e:67:70:be:27:c0:b3:8e:06:
         86:35:38:ad:69:79:b4:02:c0:29:e3:43:cf:6c:e0:04:1c:cf:
         33:6f:0c:85:12:c6:e4:a9:ba:3f:66:3f:10:6f:c8:8b:34:04:
         ec:04:5e:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ12kZt60GJQgI3ULVXqUQwoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNDEwMDg0NTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGRiY2U3NGU0NmFkNTFmNzRiODU3ZWJjNThjMzg4ODEzM2I5MmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34YN9J9bSmtqB0IyMxDO75BRoL8a
I6ZpKFNRRb+gAbEAILNtBe5LltH4T417Feh7TrFTvmSFqCG+pwJ+LeezH+3CbDTK
gy86JoZsn+Qplf6RRVO9iBIDci+fKTzURm69wzCj4a0ktEGmrR2Az0X3/q1AZgF1
CuwUIxx+qAS5Xu4gbPJinP1EN2uRJpJ7olkJRYif+yTEJ+i5q8bOF3XRxbsCReYq
Sur5IGseN73xW0G9736yV4F7dqoeuXUKJ/rREQz0oy07c87XYDaqjYZYsrPhIej3
ewFA7uAWkuXCxqWI/FUnKCHEynz9FRRzjO4oNupzI1nVX80SeDk+CdrsYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3bznTkatUfdLhX68WMOIgTO5KoMB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvYmR2T2RPUnExUjkwdUZmcnhZdzRpQk03a3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVei7MA0G
CSqGSIb3DQEBCwUAA4IBAQCjvTIZgSZkuKgoDhLC+6JVPjnV1Ps/ucf9YSf1qBva
YUYsOXRUJQ5WWCgPfBNO3jfiKck7muN26oOhcct18kNwAsPU3f0YRQ0zi3R8hay5
FqGQ26TKjQNGuZaB/O9JkaXEQ81A7IFBKuNlSX5jefCI2nYaov1lbziuSauS60l/
HlX2H8qSQ/hYSubpKTo4UXmZUXvElcPtxvyQklQ1T1wdx2Ygp0ZeI5t1PHbaMO75
yegBUIpgH/MuRkY+GSIiHYmaSYEoEkYkZ8Qby9uyFjduZ3C+J8CzjgaGNTitaXm0
AsAp40PPbOAEHM8zbwyFEsbkqbo/Zj8Qb8iLNATsBF7C
-----END CERTIFICATE-----