Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/bpliBHQf1srTQdHcoNbSYzum3iw.roa
File:                     bpliBHQf1srTQdHcoNbSYzum3iw.roa (raw, json)
Hash identifier:          MnV3pxRWCN85TFBKQGOedJbS7vH1cW3AnKuxQi66K04=
Subject key identifier:   6E:99:62:04:74:1F:D6:CA:D3:41:D1:DC:A0:D6:D2:63:3B:A6:DE:2C
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019F12297B4A80E62700CD5B00A7C40B63B3
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/bpliBHQf1srTQdHcoNbSYzum3iw.roa
Signing time:             Mon 29 Jun 2026 06:55:36 +0000
ROA not before:           Mon 29 Jun 2026 06:55:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25369
IP address blocks:        83.245.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:12:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:12:29:7b:4a:80:e6:27:00:cd:5b:00:a7:c4:0b:63:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jun 29 06:55:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e996204741fd6cad341d1dca0d6d2633ba6de2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:81:5a:3d:86:ff:d7:43:25:d7:96:71:43:72:
                    65:26:3a:32:d8:39:59:5f:de:b4:d3:f8:7b:5d:cf:
                    fb:70:93:00:fa:4e:be:16:68:f9:d9:94:e3:7a:3d:
                    6e:4b:f3:69:1a:99:ad:09:4c:f5:ab:81:ee:40:cf:
                    f9:ae:51:53:f0:83:09:a3:f2:14:18:27:40:05:22:
                    75:7a:de:3f:32:51:b4:39:91:80:71:bf:5e:86:4e:
                    d3:c6:ea:37:68:48:48:eb:0d:0e:36:c0:a1:c7:80:
                    7e:9f:77:7d:c3:6f:4c:3d:b4:4f:7a:40:94:f2:2d:
                    ac:18:16:9b:af:65:f1:89:bb:57:ee:0d:fd:fc:56:
                    65:c3:f4:ee:a2:96:2c:56:af:ec:8b:0d:b2:ca:69:
                    84:b7:e3:c3:8a:b9:e3:a3:2f:5c:6a:36:b9:db:73:
                    26:f0:70:8a:ae:a1:9d:f2:36:4a:d5:26:82:a5:e8:
                    07:6e:83:b0:40:03:0e:3e:ff:d6:1d:46:33:e6:95:
                    14:d2:fa:4c:b2:37:1f:dc:b4:63:5a:d0:5e:c1:43:
                    11:00:61:34:af:34:3d:c0:55:75:16:08:fe:15:2b:
                    4c:f5:69:5c:65:60:07:c0:2b:30:7f:58:38:a2:00:
                    fb:45:a8:b5:c8:1b:68:da:ef:aa:6c:80:1c:87:b5:
                    5d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:99:62:04:74:1F:D6:CA:D3:41:D1:DC:A0:D6:D2:63:3B:A6:DE:2C
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/bpliBHQf1srTQdHcoNbSYzum3iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.245.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:77:5e:ca:d9:00:69:76:39:79:f6:83:5d:44:b2:8a:0b:03:
         a3:39:00:f4:25:54:f4:4d:e1:e3:a0:a9:41:a8:b0:c4:da:a9:
         f5:6f:1b:13:56:5e:7a:52:1f:68:06:7c:ac:38:93:cd:df:f2:
         41:06:75:14:33:cf:a6:1e:e7:98:dd:5b:d2:9a:30:36:16:14:
         98:26:b9:39:bc:39:f2:5f:ad:b3:63:09:59:bc:2c:a3:cc:c8:
         db:3d:35:65:7f:34:52:85:02:04:36:13:34:4f:ae:0c:68:26:
         b7:72:3d:8a:5c:67:e0:38:b3:69:50:e3:31:0c:f1:f6:c6:42:
         c0:b2:45:5b:23:4c:31:fd:ad:82:18:52:3d:1b:f5:3f:df:35:
         85:a1:0d:24:54:6d:3c:3b:78:d9:3c:6b:b2:9a:f8:06:b6:67:
         54:4c:e6:e5:99:a3:1a:7a:59:e4:95:c3:80:1c:b2:2c:96:b1:
         b4:38:7b:bd:11:05:a5:66:de:19:e1:c2:50:46:8b:33:ee:ab:
         ba:f3:82:dc:c3:fc:20:32:fc:8b:5b:f0:45:57:7d:3d:1b:9a:
         ee:1a:26:74:73:90:b3:74:ff:30:b7:7e:1e:7a:14:2f:e4:a7:
         62:f3:76:0e:d3:00:56:ac:b8:7d:83:7d:22:d1:4a:56:cd:0f:
         65:58:ad:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8SKXtKgOYnAM1bAKfEC2OzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjYwNjI5MDY1NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTk5NjIwNDc0MWZkNmNhZDM0MWQxZGNhMGQ2ZDI2MzNiYTZkZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6IFaPYb/10Ml15ZxQ3JlJjoy2DlZ
X9600/h7Xc/7cJMA+k6+Fmj52ZTjej1uS/NpGpmtCUz1q4HuQM/5rlFT8IMJo/IU
GCdABSJ1et4/MlG0OZGAcb9ehk7Txuo3aEhI6w0ONsChx4B+n3d9w29MPbRPekCU
8i2sGBabr2XxibtX7g39/FZlw/TuopYsVq/siw2yymmEt+PDirnjoy9caja523Mm
8HCKrqGd8jZK1SaCpegHboOwQAMOPv/WHUYz5pUU0vpMsjcf3LRjWtBewUMRAGE0
rzQ9wFV1Fgj+FStM9WlcZWAHwCswf1g4ogD7Rai1yBto2u+qbIAch7VdgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6ZYgR0H9bK00HR3KDW0mM7pt4sMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvYnBsaUJIUWYxc3JUUWRIY29OYlNZenVtM2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU/UOMA0G
CSqGSIb3DQEBCwUAA4IBAQBdd17K2QBpdjl59oNdRLKKCwOjOQD0JVT0TeHjoKlB
qLDE2qn1bxsTVl56Uh9oBnysOJPN3/JBBnUUM8+mHueY3VvSmjA2FhSYJrk5vDny
X62zYwlZvCyjzMjbPTVlfzRShQIENhM0T64MaCa3cj2KXGfgOLNpUOMxDPH2xkLA
skVbI0wx/a2CGFI9G/U/3zWFoQ0kVG08O3jZPGuymvgGtmdUTOblmaMaelnklcOA
HLIslrG0OHu9EQWlZt4Z4cJQRosz7qu684Lcw/wgMvyLW/BFV309G5ruGiZ0c5Cz
dP8wt34eehQv5Kdi83YO0wBWrLh9g30i0UpWzQ9lWK38
-----END CERTIFICATE-----