Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/bXVS5mI2QC2X8Npqw2zgeMvzZio.roa
File:                     bXVS5mI2QC2X8Npqw2zgeMvzZio.roa (raw, json)
Hash identifier:          YihnpRgvmynX6iNjPt2Vld1lT9ag6tArhPWgTRWMFzI=
Subject key identifier:   6D:75:52:E6:62:36:40:2D:97:F0:DA:6A:C3:6C:E0:78:CB:F3:66:2A
Certificate issuer:       /CN=174f8cb77c4d069d34abbf513d695ea99a3e7f1a
Certificate serial:       019F12EE52DA632C693F9371678DB54805B3
Authority key identifier: 17:4F:8C:B7:7C:4D:06:9D:34:AB:BF:51:3D:69:5E:A9:9A:3E:7F:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F0-Mt3xNBp00q79RPWleqZo-fxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/bXVS5mI2QC2X8Npqw2zgeMvzZio.roa
Signing time:             Mon 29 Jun 2026 10:30:36 +0000
ROA not before:           Mon 29 Jun 2026 10:30:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198857
IP address blocks:        91.223.250.0/24 maxlen: 24
                          194.113.248.0/24 maxlen: 24
                          194.116.154.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/F0-Mt3xNBp00q79RPWleqZo-fxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/F0-Mt3xNBp00q79RPWleqZo-fxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F0-Mt3xNBp00q79RPWleqZo-fxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:12:ee:52:da:63:2c:69:3f:93:71:67:8d:b5:48:05:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=174f8cb77c4d069d34abbf513d695ea99a3e7f1a
        Validity
            Not Before: Jun 29 10:30:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d7552e66236402d97f0da6ac36ce078cbf3662a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a9:2d:8e:b8:11:11:08:21:16:3e:6f:39:a9:
                    09:af:6e:78:df:d3:03:93:b9:db:41:22:55:f6:a1:
                    cc:cb:9b:3f:c7:a2:77:f0:42:a3:54:31:d0:54:85:
                    0c:33:ef:51:c8:b4:ed:e2:3d:2f:89:b3:44:47:4c:
                    16:82:be:65:5d:32:a6:e6:f3:c4:86:8c:9d:83:d1:
                    82:0b:7e:54:b1:0e:87:88:f2:3e:82:16:c9:da:b7:
                    f0:31:da:1c:ef:2e:e8:2f:03:90:15:b2:08:87:01:
                    52:9d:93:ca:70:a8:d4:f1:e6:b1:d0:4e:7c:3c:1c:
                    ff:09:14:3d:c8:cb:6f:0e:f1:d5:c2:87:37:cb:9c:
                    d0:ed:7c:f2:86:4e:bb:bb:db:ee:53:c0:20:df:ae:
                    f6:77:ce:f7:93:f7:2a:94:88:b8:93:f2:ee:97:31:
                    69:54:e3:0b:0a:22:07:e7:9a:5e:74:ed:0a:d0:f7:
                    ad:95:03:39:d0:46:be:19:d5:60:dc:5c:e7:bf:41:
                    56:99:50:a7:52:02:e4:94:a0:fc:7f:dd:44:f1:f7:
                    0f:c3:aa:4b:91:64:97:88:35:8a:f7:30:ff:cd:9c:
                    43:dd:60:ba:6a:f9:c9:be:c2:27:1b:49:6f:72:b7:
                    19:5d:36:76:95:c0:47:54:48:33:86:59:d6:74:20:
                    de:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:75:52:E6:62:36:40:2D:97:F0:DA:6A:C3:6C:E0:78:CB:F3:66:2A
            X509v3 Authority Key Identifier:
                keyid:17:4F:8C:B7:7C:4D:06:9D:34:AB:BF:51:3D:69:5E:A9:9A:3E:7F:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F0-Mt3xNBp00q79RPWleqZo-fxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/bXVS5mI2QC2X8Npqw2zgeMvzZio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/34471f-0baf-433b-b86a-acd742fe0986/1/F0-Mt3xNBp00q79RPWleqZo-fxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.250.0/24
                  194.113.248.0/24
                  194.116.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:a0:da:6f:98:0c:ae:de:7c:c0:f7:53:29:44:19:e5:c4:ca:
         18:60:83:e3:01:de:1a:23:cb:11:c4:04:36:8c:56:5a:7c:8c:
         c1:2b:51:72:53:7f:0f:50:03:0a:6d:bc:90:bb:8b:c7:de:bf:
         73:d1:d1:fa:78:e9:75:d3:ed:2b:04:c8:33:e6:a8:12:4b:28:
         36:b3:fe:af:47:a8:45:d3:fc:d4:d8:52:ba:a0:02:44:75:57:
         52:c5:01:fd:7d:85:26:ac:df:f2:d1:c1:e3:16:69:7b:ac:3f:
         d9:b0:b4:17:cb:f7:05:21:d3:bf:a1:ae:5a:97:ed:8f:7c:65:
         34:52:03:ea:3f:41:3f:59:fe:26:87:37:fe:4a:fc:5a:ff:31:
         c5:0e:50:33:46:d5:a2:ca:bb:0b:c5:8d:63:55:6f:ce:25:7b:
         1c:59:83:1b:24:7c:d9:c9:5c:42:e3:fc:1e:c9:be:77:18:90:
         1b:74:a4:ff:b6:af:e9:2f:96:f5:d9:da:cc:1a:d2:db:cb:c1:
         24:05:c3:f5:45:c0:4f:f0:e7:dc:bf:a9:fe:c4:cf:9a:89:95:
         1f:6b:6b:c5:aa:d7:10:39:45:fc:9c:8b:7c:e3:22:86:fe:3b:
         48:61:d6:c8:ae:11:d3:bc:47:8f:bb:6e:0a:18:f2:22:12:f5:
         2e:d9:89:55
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ8S7lLaYyxpP5NxZ421SAWzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NGY4Y2I3N2M0ZDA2OWQzNGFiYmY1MTNkNjk1ZWE5OWEz
ZTdmMWEwHhcNMjYwNjI5MTAzMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDc1NTJlNjYyMzY0MDJkOTdmMGRhNmFjMzZjZTA3OGNiZjM2NjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqktjrgREQghFj5vOakJr25439MD
k7nbQSJV9qHMy5s/x6J38EKjVDHQVIUMM+9RyLTt4j0vibNER0wWgr5lXTKm5vPE
hoydg9GCC35UsQ6HiPI+ghbJ2rfwMdoc7y7oLwOQFbIIhwFSnZPKcKjU8eax0E58
PBz/CRQ9yMtvDvHVwoc3y5zQ7Xzyhk67u9vuU8Ag3672d873k/cqlIi4k/LulzFp
VOMLCiIH55pedO0K0PetlQM50Ea+GdVg3Fznv0FWmVCnUgLklKD8f91E8fcPw6pL
kWSXiDWK9zD/zZxD3WC6avnJvsInG0lvcrcZXTZ2lcBHVEgzhlnWdCDe6wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG11UuZiNkAtl/DaasNs4HjL82YqMB8GA1UdIwQY
MBaAFBdPjLd8TQadNKu/UT1pXqmaPn8aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjAtTXQzeE5CcDAwcTc5UlBXbGVxWm8tZnhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zNDQ3MWYtMGJhZi00MzNiLWI4NmEt
YWNkNzQyZmUwOTg2LzEvYlhWUzVtSTJRQzJYOE5wcXcyemdlTXZ6WmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zNDQ3MWYtMGJhZi00MzNiLWI4NmEtYWNkNzQyZmUwOTg2
LzEvRjAtTXQzeE5CcDAwcTc5UlBXbGVxWm8tZnhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9/6AwQA
wnH4AwQBwnSaMA0GCSqGSIb3DQEBCwUAA4IBAQCroNpvmAyu3nzA91MpRBnlxMoY
YIPjAd4aI8sRxAQ2jFZafIzBK1FyU38PUAMKbbyQu4vH3r9z0dH6eOl10+0rBMgz
5qgSSyg2s/6vR6hF0/zU2FK6oAJEdVdSxQH9fYUmrN/y0cHjFml7rD/ZsLQXy/cF
IdO/oa5al+2PfGU0UgPqP0E/Wf4mhzf+Svxa/zHFDlAzRtWiyrsLxY1jVW/OJXsc
WYMbJHzZyVxC4/weyb53GJAbdKT/tq/pL5b12drMGtLby8EkBcP1RcBP8Ofcv6n+
xM+aiZUfa2vFqtcQOUX8nIt84yKG/jtIYdbIrhHTvEePu24KGPIiEvUu2YlV
-----END CERTIFICATE-----
Generated at Wed Jul 1 04:19:43 2026 by rpki-client