Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BGTt_GGZg2H3M1wSCAPiqA7DHY8.roa
File:                     BGTt_GGZg2H3M1wSCAPiqA7DHY8.roa (raw, json)
Hash identifier:          qo2cHpjMkZ0fBUl8GwGrGV7608nOe5mOH2VpaRWiDHI=
Subject key identifier:   04:64:ED:FC:61:99:83:61:F7:33:5C:12:08:03:E2:A8:0E:C3:1D:8F
Certificate issuer:       /CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
Certificate serial:       019F2368D48F4D7C9237FA8795811F465112
Authority key identifier: BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BGTt_GGZg2H3M1wSCAPiqA7DHY8.roa
Signing time:             Thu 02 Jul 2026 15:18:20 +0000
ROA not before:           Thu 02 Jul 2026 15:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197210
IP address blocks:        81.5.141.0/24 maxlen: 24
                          82.152.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:d4:8f:4d:7c:92:37:fa:87:95:81:1f:46:51:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be5b8a2b106d334b0c6c61e177aa62f44fe0e3b6
        Validity
            Not Before: Jul  2 15:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0464edfc61998361f7335c120803e2a80ec31d8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:61:fb:8b:65:df:33:d6:cd:90:4a:e2:ca:31:
                    09:fb:4f:63:3c:52:7a:ed:d8:db:20:75:17:59:76:
                    2b:34:2c:51:4a:77:c4:72:0c:28:dc:59:f1:60:1a:
                    13:14:b5:f9:6b:56:be:13:4f:34:69:98:23:7e:2c:
                    d3:02:87:4d:af:c0:01:f3:65:39:70:5f:99:73:6a:
                    67:67:3a:e8:04:c8:b0:62:d7:0e:5c:6d:84:31:0b:
                    07:1d:c4:82:5b:c3:e2:eb:eb:a8:46:ed:11:2e:29:
                    bb:46:c8:c0:c0:43:10:07:ad:69:c4:ce:f7:1a:15:
                    91:df:7c:be:74:a4:87:45:61:10:04:50:1d:d2:f4:
                    7a:07:12:98:4f:41:10:51:c5:db:5e:a4:bd:31:b3:
                    e5:4c:3c:ef:f8:d7:99:e6:37:6b:0a:58:eb:b1:9f:
                    9b:99:ae:3d:a1:73:a5:d1:0f:91:a8:bc:38:8d:27:
                    b8:b8:a8:20:ba:d9:6e:e5:a7:10:fe:27:5d:31:2c:
                    ae:15:02:e9:16:7b:35:7b:9d:a4:2f:59:93:bc:88:
                    cf:a7:5b:2c:04:36:ee:51:15:9b:e9:14:be:56:db:
                    bb:b7:57:78:72:8a:c5:a7:6b:9d:58:65:8c:80:8a:
                    06:98:e9:b0:37:46:d9:25:45:3b:29:da:28:a7:b5:
                    63:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:64:ED:FC:61:99:83:61:F7:33:5C:12:08:03:E2:A8:0E:C3:1D:8F
            X509v3 Authority Key Identifier:
                keyid:BE:5B:8A:2B:10:6D:33:4B:0C:6C:61:E1:77:AA:62:F4:4F:E0:E3:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vluKKxBtM0sMbGHhd6pi9E_g47Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BGTt_GGZg2H3M1wSCAPiqA7DHY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vluKKxBtM0sMbGHhd6pi9E_g47Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.5.141.0/24
                  82.152.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:44:b7:25:ff:9d:45:9f:d8:06:94:18:5f:30:1a:df:4c:95:
         f2:76:01:25:d7:ab:09:26:ee:06:22:10:7e:e9:94:e7:1c:02:
         33:bf:91:19:8d:73:73:33:b3:35:14:48:60:e5:9b:2e:86:79:
         11:48:88:84:11:4c:60:01:1b:48:32:f1:d6:d1:51:cd:26:17:
         db:ab:54:c3:b0:b2:63:87:12:ef:20:02:a4:8f:c5:81:ae:cc:
         f6:8b:e5:2e:4b:a5:e2:8c:59:c8:3e:c0:d7:cc:ea:1c:97:0c:
         00:a5:2b:b4:b3:2d:63:17:ad:dd:7b:45:75:6a:07:de:86:e2:
         17:4b:d5:cd:7c:6f:45:8e:ff:74:15:6b:ef:b4:4e:df:af:72:
         88:fb:91:24:d3:5b:c2:b8:07:1e:53:20:da:ea:4d:d7:9f:82:
         64:b7:ac:fb:4c:67:1f:a7:f7:58:52:9d:e0:6f:0c:82:7b:2b:
         b4:fb:67:f0:56:96:6b:bf:a0:6a:08:e5:00:83:f5:f1:d6:e5:
         6c:8b:ff:5d:9d:9e:13:04:b2:e9:0a:dd:bd:29:86:19:ae:b7:
         8e:98:84:dd:87:8a:f0:36:0d:f4:28:3a:e4:85:20:13:b0:f1:
         31:be:ee:ce:c4:b9:f8:09:03:f1:a9:12:9e:e0:e6:00:83:9c:
         88:23:46:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ8jaNSPTXySN/qHlYEfRlESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNWI4YTJiMTA2ZDMzNGIwYzZjNjFlMTc3YWE2MmY0NGZl
MGUzYjYwHhcNMjYwNzAyMTUxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDY0ZWRmYzYxOTk4MzYxZjczMzVjMTIwODAzZTJhODBlYzMxZDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGH7i2XfM9bNkEriyjEJ+09jPFJ6
7djbIHUXWXYrNCxRSnfEcgwo3FnxYBoTFLX5a1a+E080aZgjfizTAodNr8AB82U5
cF+Zc2pnZzroBMiwYtcOXG2EMQsHHcSCW8Pi6+uoRu0RLim7RsjAwEMQB61pxM73
GhWR33y+dKSHRWEQBFAd0vR6BxKYT0EQUcXbXqS9MbPlTDzv+NeZ5jdrCljrsZ+b
ma49oXOl0Q+RqLw4jSe4uKggutlu5acQ/iddMSyuFQLpFns1e52kL1mTvIjPp1ss
BDbuURWb6RS+Vtu7t1d4corFp2udWGWMgIoGmOmwN0bZJUU7Kdoop7Vj6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFARk7fxhmYNh9zNcEggD4qgOwx2PMB8GA1UdIwQY
MBaAFL5biisQbTNLDGxh4XeqYvRP4OO2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQkdUdF9HR1pnMkgzTTF3U0NBUGlxQTdESFk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvdmx1S0t4QnRNMHNNYkdIaGQ2cGk5RV9nNDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUQWNAwQA
UpjeMA0GCSqGSIb3DQEBCwUAA4IBAQAsRLcl/51Fn9gGlBhfMBrfTJXydgEl16sJ
Ju4GIhB+6ZTnHAIzv5EZjXNzM7M1FEhg5ZsuhnkRSIiEEUxgARtIMvHW0VHNJhfb
q1TDsLJjhxLvIAKkj8WBrsz2i+UuS6XijFnIPsDXzOoclwwApSu0sy1jF63de0V1
agfehuIXS9XNfG9Fjv90FWvvtE7fr3KI+5Ek01vCuAceUyDa6k3Xn4Jkt6z7TGcf
p/dYUp3gbwyCeyu0+2fwVpZrv6BqCOUAg/Xx1uVsi/9dnZ4TBLLpCt29KYYZrreO
mITdh4rwNg30KDrkhSATsPExvu7OxLn4CQPxqRKe4OYAg5yII0bF
-----END CERTIFICATE-----
Generated at Fri Jul 3 18:17:29 2026 by rpki-client