Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/BP8jozzkXBduCbvsdbiFc55UWM8.roa
File:                     BP8jozzkXBduCbvsdbiFc55UWM8.roa (raw, json)
Hash identifier:          Owbv8ZtYGKkXIzJppq2Kn/1gbrwJNgLT7E6CRHcxYlg=
Subject key identifier:   04:FF:23:A3:3C:E4:5C:17:6E:09:BB:EC:75:B8:85:73:9E:54:58:CF
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019DE31A1038918AED291004F0C4B7627EA6
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/BP8jozzkXBduCbvsdbiFc55UWM8.roa
Signing time:             Fri 01 May 2026 10:33:49 +0000
ROA not before:           Fri 01 May 2026 10:33:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212591
IP address blocks:        5.44.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 16:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e3:1a:10:38:91:8a:ed:29:10:04:f0:c4:b7:62:7e:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May  1 10:33:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04ff23a33ce45c176e09bbec75b885739e5458cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:94:38:78:2d:d0:3f:1b:e9:c1:69:d0:b1:95:
                    6c:6a:8d:5d:a3:83:9b:43:4c:ec:cc:9c:49:b8:7a:
                    c2:6f:91:f6:47:8f:56:47:a3:37:cd:59:18:0f:11:
                    2b:11:a8:44:13:e5:d8:0b:25:bd:95:08:62:8e:2a:
                    c3:a3:ab:6b:ae:fa:24:33:ab:84:03:dd:bb:f4:2c:
                    88:ce:6a:92:28:31:37:12:6d:4a:6c:49:22:fa:9b:
                    71:af:6f:7c:7e:84:02:3a:bf:88:07:cd:21:84:56:
                    b7:25:e3:74:51:01:78:18:f0:37:c6:06:8a:72:00:
                    a5:ad:a0:ac:d3:b0:aa:c2:cb:1e:90:3a:3e:07:05:
                    33:5c:7e:fd:ce:02:b2:2b:cb:ec:ae:25:23:1b:fc:
                    9e:10:7b:72:5a:5b:db:23:76:db:f0:eb:c5:7a:72:
                    f9:f3:b6:e9:ad:26:66:a6:75:71:34:52:da:3b:1d:
                    4a:ec:18:e1:8c:ec:d3:b4:69:ba:81:fe:c2:02:25:
                    81:02:4b:89:9f:55:f0:3d:60:7b:b4:06:b1:f9:a7:
                    b0:8c:cb:74:49:d0:31:b0:1f:dd:d9:e7:3a:dc:c0:
                    be:33:70:90:f1:84:93:34:c9:c3:78:4d:96:14:71:
                    24:e9:db:8b:71:f1:60:b5:10:6b:01:25:a4:e6:c6:
                    c9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:FF:23:A3:3C:E4:5C:17:6E:09:BB:EC:75:B8:85:73:9E:54:58:CF
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/BP8jozzkXBduCbvsdbiFc55UWM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:37:d4:ef:10:78:64:49:af:5d:67:18:09:9f:ea:8f:98:ab:
         78:9b:ba:c0:6a:96:1e:ce:8e:b5:79:c8:52:ca:80:4a:be:4d:
         4b:7b:f0:b0:a5:f7:ef:82:61:c5:78:9c:01:80:39:ac:02:cb:
         fc:cd:9f:c2:27:57:30:75:3e:60:70:9a:5d:35:69:54:c4:f5:
         f6:35:f9:41:5e:08:fd:cf:b0:3b:16:b3:34:53:5b:ec:73:a8:
         78:03:a7:af:95:b4:1a:50:72:92:54:23:bf:34:4b:96:95:f7:
         21:8e:06:28:a9:5b:6e:50:52:41:e0:a7:03:21:83:d4:95:23:
         93:a8:b1:b0:cc:98:74:f3:d1:90:a1:24:7c:4d:03:71:8f:91:
         d6:9f:a6:fb:a7:75:1e:2c:d8:c4:85:d5:03:7c:16:e1:a3:82:
         d6:6d:09:90:e5:b4:76:03:e1:2a:63:64:fa:97:cb:bf:5e:ff:
         c6:06:04:3d:fb:40:e7:70:33:db:90:41:95:5c:a6:3a:0a:b0:
         30:61:21:dc:fd:27:49:f0:ee:73:e7:c8:47:95:5d:78:d8:29:
         49:c1:bc:a2:bb:d0:3d:df:ff:8e:60:e8:96:51:be:58:9e:3b:
         ec:c7:df:27:91:c2:0d:ea:c3:6c:a3:2a:20:c8:49:76:22:12:
         f9:ee:ee:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3jGhA4kYrtKRAE8MS3Yn6mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwNTAxMTAzMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGZmMjNhMzNjZTQ1YzE3NmUwOWJiZWM3NWI4ODU3MzllNTQ1OGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pQ4eC3QPxvpwWnQsZVsao1do4Ob
Q0zszJxJuHrCb5H2R49WR6M3zVkYDxErEahEE+XYCyW9lQhijirDo6trrvokM6uE
A9279CyIzmqSKDE3Em1KbEki+ptxr298foQCOr+IB80hhFa3JeN0UQF4GPA3xgaK
cgClraCs07CqwssekDo+BwUzXH79zgKyK8vsriUjG/yeEHtyWlvbI3bb8OvFenL5
87bprSZmpnVxNFLaOx1K7BjhjOzTtGm6gf7CAiWBAkuJn1XwPWB7tAax+aewjMt0
SdAxsB/d2ec63MC+M3CQ8YSTNMnDeE2WFHEk6duLcfFgtRBrASWk5sbJ/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAT/I6M85FwXbgm77HW4hXOeVFjPMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvQlA4am96emtYQmR1Q2J2c2RiaUZjNTVVV004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSz7MA0G
CSqGSIb3DQEBCwUAA4IBAQCmN9TvEHhkSa9dZxgJn+qPmKt4m7rAapYezo61echS
yoBKvk1Le/CwpffvgmHFeJwBgDmsAsv8zZ/CJ1cwdT5gcJpdNWlUxPX2NflBXgj9
z7A7FrM0U1vsc6h4A6evlbQaUHKSVCO/NEuWlfchjgYoqVtuUFJB4KcDIYPUlSOT
qLGwzJh089GQoSR8TQNxj5HWn6b7p3UeLNjEhdUDfBbho4LWbQmQ5bR2A+EqY2T6
l8u/Xv/GBgQ9+0DncDPbkEGVXKY6CrAwYSHc/SdJ8O5z58hHlV142ClJwbyiu9A9
3/+OYOiWUb5Ynjvsx98nkcIN6sNsoyogyEl2IhL57u5h
-----END CERTIFICATE-----