Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/bg8CLiXzsT2ainYXySLl_0SGV04.roa
File:                     bg8CLiXzsT2ainYXySLl_0SGV04.roa (raw, json)
Hash identifier:          up+Za0KwgUNQ22eYgX/31Jrn7hYky0sB37o0IemIDfQ=
Subject key identifier:   6E:0F:02:2E:25:F3:B1:3D:9A:8A:76:17:C9:22:E5:FF:44:86:57:4E
Certificate issuer:       /CN=b3674e822f3876d27deaed5f66dbe9c1a422eb16
Certificate serial:       019E8EF08F312D4C225B6E7862C050215B4A
Authority key identifier: B3:67:4E:82:2F:38:76:D2:7D:EA:ED:5F:66:DB:E9:C1:A4:22:EB:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/bg8CLiXzsT2ainYXySLl_0SGV04.roa
Signing time:             Wed 03 Jun 2026 19:23:10 +0000
ROA not before:           Wed 03 Jun 2026 19:23:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        2a01:ef40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8e:f0:8f:31:2d:4c:22:5b:6e:78:62:c0:50:21:5b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3674e822f3876d27deaed5f66dbe9c1a422eb16
        Validity
            Not Before: Jun  3 19:23:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e0f022e25f3b13d9a8a7617c922e5ff4486574e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:89:a7:9e:b7:94:5f:13:25:70:eb:b5:46:b3:
                    a6:95:db:65:ac:60:05:51:ec:2e:5c:06:46:23:b3:
                    81:b3:d7:01:93:ca:72:02:ce:bb:64:79:e0:c9:37:
                    83:c4:28:14:5c:9d:05:af:60:b2:87:51:ef:16:12:
                    35:3a:e4:b9:a0:81:d6:70:e9:58:ef:6c:ec:7b:36:
                    4d:fe:36:04:69:5f:42:42:37:6a:db:8e:98:f9:8d:
                    2a:22:c5:d7:c9:e9:a1:00:68:b2:8a:43:93:ee:ce:
                    47:14:02:c1:c7:48:6c:54:a0:01:cf:a8:64:6a:69:
                    c2:df:64:76:50:3a:c0:cf:39:24:eb:74:79:63:da:
                    bc:e4:62:61:7b:c4:b5:d9:3a:9e:2c:44:0a:af:76:
                    51:4e:8e:69:fa:47:7a:62:65:dc:66:21:c6:86:c5:
                    c4:4c:0f:4a:ad:38:e5:b5:85:19:4a:aa:71:25:40:
                    33:ad:b0:da:8e:aa:8b:21:ec:a9:69:5a:02:33:e6:
                    a1:8b:fc:03:a5:73:b9:f6:38:bd:f3:54:d5:8e:48:
                    06:57:89:dc:04:31:aa:67:9e:42:27:9a:3b:86:f8:
                    88:52:20:d3:28:6b:ac:cb:d9:b8:2a:87:61:10:f9:
                    21:3d:ab:fa:01:03:3f:fc:54:d0:11:f4:12:56:e6:
                    c5:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:0F:02:2E:25:F3:B1:3D:9A:8A:76:17:C9:22:E5:FF:44:86:57:4E
            X509v3 Authority Key Identifier:
                keyid:B3:67:4E:82:2F:38:76:D2:7D:EA:ED:5F:66:DB:E9:C1:A4:22:EB:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/bg8CLiXzsT2ainYXySLl_0SGV04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ef40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:ea:d4:75:4d:25:0e:78:61:87:c5:7a:e1:58:f2:63:cc:b3:
         41:99:02:d4:9b:2e:35:9c:05:be:c1:f2:31:12:2c:61:21:20:
         63:94:18:39:88:1c:af:a7:58:4e:c6:47:ec:cf:59:aa:6c:6a:
         b2:bf:95:30:be:a7:aa:dd:6e:7b:ba:7e:ac:20:74:a4:71:49:
         18:59:fd:55:f2:ad:fa:ff:3c:7f:3f:fc:02:b1:e6:bc:13:05:
         d8:cc:4d:e8:93:40:3a:44:25:e5:27:c7:8a:6e:94:13:29:5a:
         8c:0f:38:4c:ed:1d:e9:99:08:cd:ab:7b:f8:89:5b:f2:47:b5:
         db:24:8e:38:f2:63:0b:83:4f:62:a7:17:16:33:81:67:8d:12:
         e2:7d:1f:87:45:5e:e8:1d:62:ad:b3:fc:20:32:b3:0f:0e:a5:
         15:b5:d2:7f:43:5c:76:eb:1d:97:6c:dd:4d:2d:79:f6:5e:4e:
         db:ec:3a:ae:2c:91:a3:96:02:cf:e6:b1:a7:31:19:2b:db:16:
         24:07:c3:6e:5d:15:85:66:8b:a9:c9:dd:42:40:d9:c5:a3:38:
         d6:fe:4a:25:e2:12:af:7b:b6:11:96:01:7e:5b:77:58:98:4c:
         8b:1c:d2:89:3b:f6:b6:f9:84:9a:bf:c1:9d:fa:6d:87:c0:5f:
         79:aa:f8:92
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6O8I8xLUwiW254YsBQIVtKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNjc0ZTgyMmYzODc2ZDI3ZGVhZWQ1ZjY2ZGJlOWMxYTQy
MmViMTYwHhcNMjYwNjAzMTkyMzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTBmMDIyZTI1ZjNiMTNkOWE4YTc2MTdjOTIyZTVmZjQ0ODY1NzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4mnnreUXxMlcOu1RrOmldtlrGAF
UewuXAZGI7OBs9cBk8pyAs67ZHngyTeDxCgUXJ0Fr2Cyh1HvFhI1OuS5oIHWcOlY
72zsezZN/jYEaV9CQjdq246Y+Y0qIsXXyemhAGiyikOT7s5HFALBx0hsVKABz6hk
amnC32R2UDrAzzkk63R5Y9q85GJhe8S12TqeLEQKr3ZRTo5p+kd6YmXcZiHGhsXE
TA9KrTjltYUZSqpxJUAzrbDajqqLIeypaVoCM+ahi/wDpXO59ji981TVjkgGV4nc
BDGqZ55CJ5o7hviIUiDTKGusy9m4KodhEPkhPav6AQM//FTQEfQSVubFAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG4PAi4l87E9mop2F8ki5f9EhldOMB8GA1UdIwQY
MBaAFLNnToIvOHbSfertX2bb6cGkIusWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczJkT2dpODRkdEo5NnUxZlp0dnB3YVFpNnhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8zOTMyNTEtYjQ4OC00MGQzLWJlMzkt
ZjhmMDhmZTY0ODM4LzEvYmc4Q0xpWHpzVDJhaW5ZWHlTTGxfMFNHVjA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8zOTMyNTEtYjQ4OC00MGQzLWJlMzktZjhmMDhmZTY0ODM4
LzEvczJkT2dpODRkdEo5NnUxZlp0dnB3YVFpNnhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHvQDAN
BgkqhkiG9w0BAQsFAAOCAQEAf+rUdU0lDnhhh8V64VjyY8yzQZkC1JsuNZwFvsHy
MRIsYSEgY5QYOYgcr6dYTsZH7M9Zqmxqsr+VML6nqt1ue7p+rCB0pHFJGFn9VfKt
+v88fz/8ArHmvBMF2MxN6JNAOkQl5SfHim6UEylajA84TO0d6ZkIzat7+Ilb8ke1
2ySOOPJjC4NPYqcXFjOBZ40S4n0fh0Ve6B1irbP8IDKzDw6lFbXSf0Ncdusdl2zd
TS159l5O2+w6riyRo5YCz+axpzEZK9sWJAfDbl0VhWaLqcndQkDZxaM41v5KJeIS
r3u2EZYBflt3WJhMixzSiTv2tvmEmr/Bnfpth8Bfear4kg==
-----END CERTIFICATE-----