Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BIG6nBuxQiXzo3A8VVUzmGCYUXg.roa
File:                     BIG6nBuxQiXzo3A8VVUzmGCYUXg.roa (raw, json)
Hash identifier:          fzvbtoojQe9O9HxvUDJgqzSsNS0LqxyijfXmKyO6zrU=
Subject key identifier:   04:81:BA:9C:1B:B1:42:25:F3:A3:70:3C:55:55:33:98:60:98:51:78
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019EDEDB822FDCDA417B6FA5575D513AD672
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BIG6nBuxQiXzo3A8VVUzmGCYUXg.roa
Signing time:             Fri 19 Jun 2026 07:49:48 +0000
ROA not before:           Fri 19 Jun 2026 07:49:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26739
IP address blocks:        89.167.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:12:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:de:db:82:2f:dc:da:41:7b:6f:a5:57:5d:51:3a:d6:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jun 19 07:49:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0481ba9c1bb14225f3a3703c5555339860985178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:9c:79:a5:2a:e4:5b:a2:e6:4e:1c:ab:86:d9:
                    a5:75:7d:e5:88:c8:93:e1:5b:35:fd:34:ae:40:29:
                    9b:03:26:84:25:36:d9:78:74:4b:9f:16:db:fe:57:
                    27:23:db:40:25:7d:f8:52:ed:3f:7c:00:fe:8d:f2:
                    c6:d6:21:a9:64:3a:b3:4b:11:4d:d8:0c:2a:f0:ba:
                    d3:a9:98:17:ad:6f:4c:8a:c5:f5:c3:58:3f:db:97:
                    cb:72:87:70:73:e5:37:4c:31:a7:30:87:f9:89:f5:
                    53:33:ed:0f:91:03:2e:fc:94:d1:db:35:6d:54:7a:
                    13:25:6a:8e:5c:bf:57:8f:20:ba:ba:68:94:bf:fb:
                    28:72:ee:6e:16:2f:f0:db:54:79:fe:cf:fb:c3:5e:
                    4d:c4:2a:42:8c:cc:57:18:fb:fd:92:39:d5:9e:04:
                    59:a7:1a:46:de:c3:d5:40:39:83:82:d0:4a:c9:ce:
                    d8:4f:36:dd:d9:18:3c:89:73:5e:c0:79:26:69:b8:
                    dc:ad:35:ce:b4:99:cb:d3:28:b0:d0:74:f0:9e:cd:
                    33:b6:01:0e:f3:dd:70:8c:fc:b8:dc:fc:8b:e8:17:
                    28:aa:76:02:7f:b5:dd:ed:66:fd:37:d1:6c:8c:73:
                    bc:32:36:0f:d6:7c:91:c3:8e:54:94:80:9c:52:f8:
                    4d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:81:BA:9C:1B:B1:42:25:F3:A3:70:3C:55:55:33:98:60:98:51:78
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BIG6nBuxQiXzo3A8VVUzmGCYUXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.167.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:b3:8e:ef:52:1c:9a:de:30:89:41:9a:88:99:00:70:63:22:
         57:3c:63:2f:02:70:8e:b1:55:c6:4d:7b:b9:56:2a:08:5b:3a:
         24:23:41:7a:8a:4c:2a:5f:20:5a:0f:38:fd:12:2a:44:90:8b:
         23:d4:b3:5d:f5:56:e7:50:47:7e:45:fc:20:6d:d2:a9:97:94:
         2a:fe:87:8d:19:03:c2:0d:64:20:60:cd:ce:e5:bd:2d:96:e9:
         85:56:8d:4e:d7:cf:7d:d0:c0:53:e4:a7:e9:eb:0a:c6:e5:ee:
         03:36:81:32:52:e6:d8:32:da:26:6d:ac:77:72:08:0c:af:ad:
         0c:1f:ac:2e:f9:7a:a5:78:57:b6:fe:6c:1d:cc:4d:0c:a1:9f:
         ce:19:a4:e6:60:93:83:f5:a1:22:73:b0:5b:50:10:51:b0:1a:
         fa:1f:68:50:21:c5:50:77:4f:4d:54:98:c8:d6:14:e6:5d:5a:
         90:2d:32:03:39:ee:2b:97:6b:44:e1:ed:15:3d:eb:a2:d4:6a:
         c1:41:6c:0b:e5:a4:26:09:57:8e:67:e6:0a:e6:05:99:9d:99:
         24:d9:30:e4:16:8f:bb:7e:2d:03:06:24:9c:70:a0:db:19:92:
         dc:ce:96:a9:73:3a:54:44:f1:fb:01:06:69:1a:b1:3f:e8:b4:
         dc:7f:5e:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7e24Iv3NpBe2+lV11ROtZyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjYwNjE5MDc0OTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDgxYmE5YzFiYjE0MjI1ZjNhMzcwM2M1NTU1MzM5ODYwOTg1MTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Zx5pSrkW6LmThyrhtmldX3liMiT
4Vs1/TSuQCmbAyaEJTbZeHRLnxbb/lcnI9tAJX34Uu0/fAD+jfLG1iGpZDqzSxFN
2Awq8LrTqZgXrW9MisX1w1g/25fLcodwc+U3TDGnMIf5ifVTM+0PkQMu/JTR2zVt
VHoTJWqOXL9XjyC6umiUv/socu5uFi/w21R5/s/7w15NxCpCjMxXGPv9kjnVngRZ
pxpG3sPVQDmDgtBKyc7YTzbd2Rg8iXNewHkmabjcrTXOtJnL0yiw0HTwns0ztgEO
891wjPy43PyL6BcoqnYCf7Xd7Wb9N9FsjHO8MjYP1nyRw45UlICcUvhNiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASBupwbsUIl86NwPFVVM5hgmFF4MB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvQklHNm5CdXhRaVh6bzNBOFZWVXptR0NZVVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWaeBMA0G
CSqGSIb3DQEBCwUAA4IBAQAQs47vUhya3jCJQZqImQBwYyJXPGMvAnCOsVXGTXu5
VioIWzokI0F6ikwqXyBaDzj9EipEkIsj1LNd9VbnUEd+RfwgbdKpl5Qq/oeNGQPC
DWQgYM3O5b0tlumFVo1O18990MBT5Kfp6wrG5e4DNoEyUubYMtombax3cggMr60M
H6wu+XqleFe2/mwdzE0MoZ/OGaTmYJOD9aEic7BbUBBRsBr6H2hQIcVQd09NVJjI
1hTmXVqQLTIDOe4rl2tE4e0VPeui1GrBQWwL5aQmCVeOZ+YK5gWZnZkk2TDkFo+7
fi0DBiSccKDbGZLczpapczpURPH7AQZpGrE/6LTcf16F
-----END CERTIFICATE-----