Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bsnNB4rP81tbIoHuQNyWXQDNZiM.roa
File:                     bsnNB4rP81tbIoHuQNyWXQDNZiM.roa (raw, json)
Hash identifier:          CqNI5BCojdl+LeeWlQ9W6VllGbYdSUcONctsW8YpEQ0=
Subject key identifier:   6E:C9:CD:07:8A:CF:F3:5B:5B:22:81:EE:40:DC:96:5D:00:CD:66:23
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       0197CC548E597075A955DF3AA646AF1C8E74
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bsnNB4rP81tbIoHuQNyWXQDNZiM.roa
Signing time:             Wed 02 Jul 2025 18:09:42 +0000
ROA not before:           Wed 02 Jul 2025 18:09:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        185.227.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cc:54:8e:59:70:75:a9:55:df:3a:a6:46:af:1c:8e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jul  2 18:09:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ec9cd078acff35b5b2281ee40dc965d00cd6623
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3d:7a:87:6c:bf:57:14:bb:ff:33:ee:ee:98:
                    10:b2:b2:5b:a4:58:a0:9b:0f:ec:76:58:87:bc:c6:
                    ce:34:c0:ab:d0:0d:87:52:11:77:1b:ef:f4:be:33:
                    4e:09:b6:e5:c7:f7:66:54:ca:e3:19:6c:58:d1:d4:
                    28:45:6f:ea:6b:1e:e7:b7:78:6d:b2:72:46:b2:80:
                    65:4f:63:89:b4:80:93:70:ec:78:71:1c:e5:a4:5b:
                    eb:4e:c3:29:62:7a:ae:62:86:d7:15:c0:14:11:7e:
                    cd:f5:dc:14:6b:68:35:78:16:7a:68:a6:93:f9:e3:
                    7e:d5:da:dd:cb:ff:c2:56:76:af:61:9a:da:d5:d7:
                    18:80:7f:4e:25:23:83:44:81:e6:ae:52:63:8f:0c:
                    c5:c1:e7:fd:7b:5c:04:35:57:78:4b:83:70:0b:e1:
                    c3:bb:81:f9:a8:68:a7:03:95:55:69:00:ce:ed:af:
                    2c:11:fe:58:a6:87:98:6a:44:33:47:58:fc:0c:17:
                    fc:96:b4:57:07:05:e2:50:77:99:7a:5a:9c:9d:f1:
                    cc:3f:08:c9:be:9f:70:65:5c:60:43:fa:e5:d3:0a:
                    bc:b5:0a:7f:c9:68:c9:22:07:2e:0b:8c:9d:20:3d:
                    ab:ef:ae:89:f9:54:a2:73:c9:f7:c8:cd:54:8a:f8:
                    4c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C9:CD:07:8A:CF:F3:5B:5B:22:81:EE:40:DC:96:5D:00:CD:66:23
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bsnNB4rP81tbIoHuQNyWXQDNZiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:4d:31:3f:ab:8e:29:b5:b9:d5:07:0b:2d:74:e4:18:84:35:
         14:28:68:00:68:ee:d0:b2:a0:b6:42:4f:f7:a1:ff:9c:42:75:
         2a:89:a2:44:04:67:c7:e1:7b:02:0e:4d:b7:ac:ac:42:1b:20:
         3e:73:4c:41:43:5e:2b:d7:a1:0a:ea:3b:8b:4e:01:70:5a:07:
         e6:a6:9e:ef:70:53:9d:d7:4c:ee:c4:b6:e9:07:0b:79:15:37:
         0b:4f:da:17:fd:74:57:bb:1c:b7:2f:ef:ae:13:37:8f:07:80:
         ca:f2:58:9d:ac:09:fb:b5:ff:8b:f2:69:ab:c3:c9:39:c4:c4:
         90:06:e5:bb:4c:1f:ed:6c:52:d4:86:27:82:82:30:27:86:f7:
         dd:e7:35:7b:78:a8:1d:07:66:05:74:ce:1c:d0:21:51:00:df:
         b7:63:57:b5:67:3f:83:f0:7c:38:0d:cf:11:a9:6a:d9:78:26:
         b3:63:2a:71:1b:d7:db:b3:d5:b7:5e:74:e8:a8:a6:92:c8:9f:
         61:9e:a0:0a:de:9f:fa:59:bf:b7:e0:17:74:1f:94:51:22:81:
         c8:99:55:33:e7:13:94:84:b3:be:91:a4:78:61:34:4a:d3:7e:
         6f:17:7c:64:97:5e:70:2e:dd:ea:dd:3e:86:bc:f1:f4:05:20:
         8a:f3:15:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfMVI5ZcHWpVd86pkavHI50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwNzAyMTgwOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWM5Y2QwNzhhY2ZmMzViNWIyMjgxZWU0MGRjOTY1ZDAwY2Q2NjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtT16h2y/VxS7/zPu7pgQsrJbpFig
mw/sdliHvMbONMCr0A2HUhF3G+/0vjNOCbblx/dmVMrjGWxY0dQoRW/qax7nt3ht
snJGsoBlT2OJtICTcOx4cRzlpFvrTsMpYnquYobXFcAUEX7N9dwUa2g1eBZ6aKaT
+eN+1drdy//CVnavYZra1dcYgH9OJSODRIHmrlJjjwzFwef9e1wENVd4S4NwC+HD
u4H5qGinA5VVaQDO7a8sEf5YpoeYakQzR1j8DBf8lrRXBwXiUHeZelqcnfHMPwjJ
vp9wZVxgQ/rl0wq8tQp/yWjJIgcuC4ydID2r766J+VSic8n3yM1UivhMCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7JzQeKz/NbWyKB7kDcll0AzWYjMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvYnNuTkI0clA4MXRiSW9IdVFOeVdYUUROWmlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueNFMA0G
CSqGSIb3DQEBCwUAA4IBAQDRTTE/q44ptbnVBwstdOQYhDUUKGgAaO7QsqC2Qk/3
of+cQnUqiaJEBGfH4XsCDk23rKxCGyA+c0xBQ14r16EK6juLTgFwWgfmpp7vcFOd
10zuxLbpBwt5FTcLT9oX/XRXuxy3L++uEzePB4DK8lidrAn7tf+L8mmrw8k5xMSQ
BuW7TB/tbFLUhieCgjAnhvfd5zV7eKgdB2YFdM4c0CFRAN+3Y1e1Zz+D8Hw4Dc8R
qWrZeCazYypxG9fbs9W3XnToqKaSyJ9hnqAK3p/6Wb+34Bd0H5RRIoHImVUz5xOU
hLO+kaR4YTRK035vF3xkl15wLt3q3T6GvPH0BSCK8xWc
-----END CERTIFICATE-----