Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Bvj3BLx5YrCarcrQKsVyR54Q7DU.roa
File:                     Bvj3BLx5YrCarcrQKsVyR54Q7DU.roa (raw, json)
Hash identifier:          QrFabVXvwCuSssbw2fUJn1u1f0bkLcsMrmq2CSsDpA4=
Subject key identifier:   06:F8:F7:04:BC:79:62:B0:9A:AD:CA:D0:2A:C5:72:47:9E:10:EC:35
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E82E6412197B61B03EE845654C8014D60
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Bvj3BLx5YrCarcrQKsVyR54Q7DU.roa
Signing time:             Mon 01 Jun 2026 11:16:28 +0000
ROA not before:           Mon 01 Jun 2026 11:16:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199030
IP address blocks:        82.153.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:e6:41:21:97:b6:1b:03:ee:84:56:54:c8:01:4d:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  1 11:16:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06f8f704bc7962b09aadcad02ac572479e10ec35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:8a:aa:85:3c:48:87:33:4f:4e:bf:d9:05:fc:
                    61:0b:8f:72:31:d0:7b:2c:5e:bb:f3:73:cc:59:75:
                    ea:97:18:c3:f1:49:c3:21:83:d1:ea:9c:2a:04:42:
                    e5:7c:c7:0c:8a:9e:94:83:cd:59:a2:c0:42:06:72:
                    8a:24:6d:03:58:ab:10:41:29:36:e9:b0:17:3d:16:
                    4b:e0:ee:b4:81:74:1f:56:37:10:a9:22:dc:be:25:
                    22:7d:d2:63:e7:21:71:85:53:77:e3:26:c9:71:bd:
                    ea:08:51:a7:58:93:f3:93:9b:73:25:8b:02:70:13:
                    35:c6:76:b5:3d:18:16:84:c3:f6:0e:4b:77:ef:9d:
                    8d:dd:4b:d9:da:06:e4:81:6e:57:54:9b:04:f8:23:
                    6b:f0:7d:04:6d:43:18:3d:07:20:46:ff:59:30:96:
                    e9:18:25:b6:89:12:4f:ed:22:f6:00:c9:db:7c:51:
                    3e:25:b6:97:00:18:a8:4c:a9:c3:c4:5f:bb:34:ad:
                    11:b4:05:7e:63:5f:56:f3:be:21:8e:20:9e:16:1b:
                    4d:5c:40:49:f5:23:c2:37:1e:a5:d0:03:fe:27:a4:
                    da:44:62:b1:39:4e:f0:c0:e3:ad:ac:38:99:9f:15:
                    2f:df:f5:59:7d:d2:e3:32:9f:a6:a0:0c:c7:e5:60:
                    05:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:F8:F7:04:BC:79:62:B0:9A:AD:CA:D0:2A:C5:72:47:9E:10:EC:35
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Bvj3BLx5YrCarcrQKsVyR54Q7DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:4f:a8:b2:b1:12:a5:75:39:4e:c9:c4:74:b1:64:c1:92:8f:
         59:95:d6:c8:8b:dd:d6:82:7a:77:53:7c:86:73:92:d4:b2:dc:
         14:d9:31:13:db:a5:b3:fc:04:b5:2b:ee:db:d3:d1:d2:38:de:
         9f:61:3a:68:22:b8:ee:7e:f6:83:08:c6:48:47:cd:5a:c0:01:
         cc:6a:6e:51:38:0b:c9:ba:40:ad:ea:2b:f6:de:52:6b:9d:f0:
         e0:6d:22:92:04:e4:88:c1:b4:d6:19:b9:17:f4:96:b6:68:78:
         09:ae:85:4e:67:45:33:ea:03:a6:6d:96:c1:f6:94:a3:4b:4d:
         c5:c1:68:87:2d:fa:80:1b:17:37:2f:db:8f:9e:de:e2:62:d2:
         6f:ff:eb:59:42:e9:29:32:12:db:15:3f:e9:36:86:64:4d:80:
         27:39:b5:9f:57:e2:01:f4:2d:54:6d:91:ee:af:62:2d:13:a0:
         62:d2:98:72:55:64:c8:b3:3b:85:f1:b1:cc:e0:ba:d5:82:97:
         b5:8f:6c:9f:cd:35:31:35:1c:44:1c:7c:10:4d:6d:ed:39:eb:
         79:c1:33:f9:23:9e:fd:90:0b:d8:41:d4:2a:93:cb:f4:7d:bb:
         ac:ce:f9:8c:3b:75:06:c8:66:2f:d1:03:e1:64:97:6d:ea:0a:
         e8:03:ee:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6C5kEhl7YbA+6EVlTIAU1gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjAxMTExNjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmY4ZjcwNGJjNzk2MmIwOWFhZGNhZDAyYWM1NzI0NzllMTBlYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oqqhTxIhzNPTr/ZBfxhC49yMdB7
LF6783PMWXXqlxjD8UnDIYPR6pwqBELlfMcMip6Ug81ZosBCBnKKJG0DWKsQQSk2
6bAXPRZL4O60gXQfVjcQqSLcviUifdJj5yFxhVN34ybJcb3qCFGnWJPzk5tzJYsC
cBM1xna1PRgWhMP2Dkt3752N3UvZ2gbkgW5XVJsE+CNr8H0EbUMYPQcgRv9ZMJbp
GCW2iRJP7SL2AMnbfFE+JbaXABioTKnDxF+7NK0RtAV+Y19W874hjiCeFhtNXEBJ
9SPCNx6l0AP+J6TaRGKxOU7wwOOtrDiZnxUv3/VZfdLjMp+moAzH5WAFFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAb49wS8eWKwmq3K0CrFckeeEOw1MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQnZqM0JMeDVZckNhcmNyUUtzVnlSNTRRN0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnzMA0G
CSqGSIb3DQEBCwUAA4IBAQAwT6iysRKldTlOycR0sWTBko9ZldbIi93Wgnp3U3yG
c5LUstwU2TET26Wz/AS1K+7b09HSON6fYTpoIrjufvaDCMZIR81awAHMam5ROAvJ
ukCt6iv23lJrnfDgbSKSBOSIwbTWGbkX9Ja2aHgJroVOZ0Uz6gOmbZbB9pSjS03F
wWiHLfqAGxc3L9uPnt7iYtJv/+tZQukpMhLbFT/pNoZkTYAnObWfV+IB9C1UbZHu
r2ItE6Bi0phyVWTIszuF8bHM4LrVgpe1j2yfzTUxNRxEHHwQTW3tOet5wTP5I579
kAvYQdQqk8v0fbuszvmMO3UGyGYv0QPhZJdt6groA+5r
-----END CERTIFICATE-----