Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Bq_Yq2JHrAaJJHF9yLAqL5rB7lc.roa
File:                     Bq_Yq2JHrAaJJHF9yLAqL5rB7lc.roa (raw, json)
Hash identifier:          fdB1s5gHlSMOCNBP6f1YeXF7RQ1z3eDBgEt/mLV5PmY=
Subject key identifier:   06:AF:D8:AB:62:47:AC:06:89:24:71:7D:C8:B0:2A:2F:9A:C1:EE:57
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019DC574E9DA54EE83DDCDC5403897E961DC
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Bq_Yq2JHrAaJJHF9yLAqL5rB7lc.roa
Signing time:             Sat 25 Apr 2026 16:24:26 +0000
ROA not before:           Sat 25 Apr 2026 16:24:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215938
IP address blocks:        85.133.153.0/24 maxlen: 24
                          85.133.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 13:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c5:74:e9:da:54:ee:83:dd:cd:c5:40:38:97:e9:61:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Apr 25 16:24:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06afd8ab6247ac068924717dc8b02a2f9ac1ee57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:67:0e:f9:d2:85:d4:95:83:a8:d3:73:60:03:
                    30:bd:da:c2:ad:ce:dd:2f:07:07:6e:d8:52:50:25:
                    57:c4:32:62:b0:d9:a1:92:e7:34:4f:53:de:72:c4:
                    2a:8a:ca:a5:40:5d:26:8b:c7:33:a6:23:40:31:f6:
                    89:1a:cc:04:7a:ed:1b:af:4d:84:59:a9:53:ac:3c:
                    3d:15:f3:cd:a4:ba:50:42:2b:06:61:06:3f:ed:63:
                    4f:28:ff:68:42:64:40:15:b2:3a:e8:15:5a:3a:c2:
                    f8:f4:50:80:c7:1d:93:d5:20:7b:be:40:fb:c1:03:
                    60:bc:86:87:dc:34:38:dc:a8:69:80:a7:23:2a:12:
                    03:9b:66:c2:7f:17:f7:10:44:dd:d4:9f:8d:e6:a7:
                    cd:99:b9:d7:1f:53:d0:df:1a:04:f0:61:89:28:e7:
                    fe:eb:a3:3e:ec:4b:eb:90:f3:e2:f4:30:35:c2:7c:
                    10:da:b5:ba:0f:7b:02:89:af:f2:38:37:d0:39:3c:
                    ad:e9:3c:b0:61:a1:4d:4c:e3:ba:a0:4d:6a:fc:e8:
                    d9:25:54:65:c2:1e:17:54:fe:bc:6c:84:74:56:5a:
                    14:59:96:9c:87:87:00:5d:1a:88:1f:e0:d9:0d:b7:
                    e3:84:0e:97:e8:62:7b:8c:0e:1a:14:29:5e:86:57:
                    11:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:AF:D8:AB:62:47:AC:06:89:24:71:7D:C8:B0:2A:2F:9A:C1:EE:57
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Bq_Yq2JHrAaJJHF9yLAqL5rB7lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.153.0/24
                  85.133.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:bf:97:84:01:2b:ec:ff:63:b1:48:7b:a2:b1:b7:05:fe:73:
         1b:33:42:c2:43:0f:cf:6a:4d:a6:9d:80:4c:4f:14:4b:95:92:
         5f:51:11:c4:88:a6:12:78:74:a2:12:1a:09:b7:2e:43:82:a9:
         91:87:00:85:cd:3e:49:8c:a5:53:f4:06:52:42:71:18:a2:46:
         10:ea:8b:71:20:92:65:a2:a8:0a:69:ef:48:50:2f:70:26:0a:
         1a:cb:45:6a:d2:e8:6f:18:b8:ec:18:52:b6:be:3b:4a:d3:f4:
         f1:d0:98:6f:b6:99:1b:b8:d9:65:e0:19:33:22:4e:3c:5f:ce:
         e9:0d:d7:64:5a:a4:de:60:fc:fb:57:10:f0:9c:7a:94:ec:00:
         d8:07:66:7c:06:a0:1e:5f:ad:65:ec:80:f0:69:44:94:45:44:
         0d:b8:67:52:c8:46:94:0a:a2:0c:0d:16:ac:f7:10:21:c3:31:
         ec:51:87:03:67:30:1c:3f:f6:ad:28:ac:07:46:df:33:56:af:
         d1:f0:1b:a3:a2:2a:1a:a2:aa:dd:72:aa:75:ad:55:c6:d5:48:
         9f:6e:6d:72:a6:8b:9c:b8:91:4f:b5:63:ad:ee:85:9a:ec:a3:
         cf:1e:30:4a:b0:d6:86:a4:59:81:a1:0f:89:d6:ce:39:30:38:
         91:12:48:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3FdOnaVO6D3c3FQDiX6WHcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwNDI1MTYyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmFmZDhhYjYyNDdhYzA2ODkyNDcxN2RjOGIwMmEyZjlhYzFlZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2cO+dKF1JWDqNNzYAMwvdrCrc7d
LwcHbthSUCVXxDJisNmhkuc0T1PecsQqisqlQF0mi8czpiNAMfaJGswEeu0br02E
WalTrDw9FfPNpLpQQisGYQY/7WNPKP9oQmRAFbI66BVaOsL49FCAxx2T1SB7vkD7
wQNgvIaH3DQ43KhpgKcjKhIDm2bCfxf3EETd1J+N5qfNmbnXH1PQ3xoE8GGJKOf+
66M+7EvrkPPi9DA1wnwQ2rW6D3sCia/yODfQOTyt6TywYaFNTOO6oE1q/OjZJVRl
wh4XVP68bIR0VloUWZach4cAXRqIH+DZDbfjhA6X6GJ7jA4aFClehlcRFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAav2KtiR6wGiSRxfciwKi+awe5XMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvQnFfWXEySkhyQWFKSkhGOXlMQXFMNXJCN2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVYWZAwQA
VYXZMA0GCSqGSIb3DQEBCwUAA4IBAQAqv5eEASvs/2OxSHuisbcF/nMbM0LCQw/P
ak2mnYBMTxRLlZJfURHEiKYSeHSiEhoJty5DgqmRhwCFzT5JjKVT9AZSQnEYokYQ
6otxIJJloqgKae9IUC9wJgoay0Vq0uhvGLjsGFK2vjtK0/Tx0JhvtpkbuNll4Bkz
Ik48X87pDddkWqTeYPz7VxDwnHqU7ADYB2Z8BqAeX61l7IDwaUSURUQNuGdSyEaU
CqIMDRas9xAhwzHsUYcDZzAcP/atKKwHRt8zVq/R8Bujoioaoqrdcqp1rVXG1Uif
bm1ypoucuJFPtWOt7oWa7KPPHjBKsNaGpFmBoQ+J1s45MDiREkh2
-----END CERTIFICATE-----