Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/b5MC2G9gfifDOdjy6C8MLfgBcQA.roa
File:                     b5MC2G9gfifDOdjy6C8MLfgBcQA.roa (raw, json)
Hash identifier:          o6vD4Gp4Mae4yiPr18V+Pjs9nO1iI0pHfiXFAFd7bkA=
Subject key identifier:   6F:93:02:D8:6F:60:7E:27:C3:39:D8:F2:E8:2F:0C:2D:F8:01:71:00
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       0197FE8BDEFA0749C7932670DE9CB3C1868A
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/b5MC2G9gfifDOdjy6C8MLfgBcQA.roa
Signing time:             Sat 12 Jul 2025 12:11:08 +0000
ROA not before:           Sat 12 Jul 2025 12:11:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        83.147.232.0/22 maxlen: 24
                          178.253.16.0/24 maxlen: 24
                          178.253.38.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 03:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fe:8b:de:fa:07:49:c7:93:26:70:de:9c:b3:c1:86:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Jul 12 12:11:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f9302d86f607e27c339d8f2e82f0c2df8017100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f7:9d:83:76:3b:4f:33:87:16:75:0d:c9:29:
                    42:8f:f3:f0:8c:3d:38:60:3d:4e:b8:31:0e:1a:5f:
                    89:6a:91:21:43:68:c6:42:03:ab:a4:81:0c:da:e1:
                    0c:72:7c:87:a4:dc:ed:6c:7a:22:1b:24:fc:ab:6c:
                    f1:4a:57:ae:65:8e:e2:71:90:db:14:5a:01:40:27:
                    88:60:3c:36:2f:e0:0b:a3:15:da:7b:6a:b4:9a:25:
                    43:58:7d:e1:9b:d8:67:52:99:05:55:14:5f:cd:d4:
                    99:e9:27:f3:0b:05:fc:4c:ef:a1:ce:e7:89:58:7b:
                    d7:04:28:82:38:a1:52:c7:a8:fe:75:2e:3d:9d:37:
                    66:07:8b:05:40:9f:83:a2:1d:39:73:bc:83:79:40:
                    2a:26:28:80:06:49:4a:f1:ba:6b:27:e5:b8:8b:ed:
                    76:c5:8a:66:e8:82:e8:37:42:b0:30:aa:b2:94:b5:
                    7a:6a:05:de:bc:6c:19:b9:e7:d7:18:ee:59:12:c9:
                    b4:d4:df:75:7f:d9:f6:1f:55:04:b8:dd:7d:dc:ae:
                    cf:4d:40:51:15:13:ae:c5:f6:f2:39:86:59:7f:ac:
                    18:5c:91:2d:af:fd:6b:14:f7:e0:47:33:68:2b:89:
                    b3:77:b4:fe:8f:93:ba:fc:97:46:ab:ad:13:95:37:
                    29:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:93:02:D8:6F:60:7E:27:C3:39:D8:F2:E8:2F:0C:2D:F8:01:71:00
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/b5MC2G9gfifDOdjy6C8MLfgBcQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.232.0/22
                  178.253.16.0/24
                  178.253.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c3:1e:8f:33:91:32:6c:06:c9:50:94:41:18:ae:fd:88:49:15:
         6c:70:9c:68:7b:94:95:66:1c:3a:47:11:fa:d0:52:c1:71:f4:
         cc:ed:e0:b3:50:48:56:9b:91:2d:31:bb:4d:8e:3c:ed:e1:34:
         96:f9:13:6f:d3:40:67:fb:0b:4e:8d:fe:47:7c:52:3f:a6:c0:
         32:42:ca:d0:11:68:09:4f:59:7a:38:7c:a0:73:88:2d:e2:0f:
         08:8c:00:1f:16:89:f7:f4:a3:e7:10:e7:25:73:7f:e4:9f:c5:
         3c:17:59:2d:37:37:15:f1:e8:9f:e1:fb:4c:21:02:7e:f3:1b:
         08:01:f9:55:48:f9:18:69:b7:8e:ff:ef:36:b9:e7:e2:f4:4b:
         3d:1e:b3:70:b2:23:ce:70:70:17:31:91:2d:1f:52:db:c6:d2:
         df:84:b8:b7:46:2b:b1:46:70:9e:21:f5:f1:a9:30:b9:75:50:
         de:60:fa:2b:b9:dd:89:ad:33:a9:96:c4:ff:85:7f:26:b0:ee:
         37:5b:87:58:99:6a:6f:5c:42:cb:9c:0b:55:77:61:73:17:4a:
         04:64:f3:ec:8d:4a:d5:30:0c:7c:3e:74:b0:b0:e1:8a:2f:13:
         14:e6:f6:1a:e4:3b:34:3c:b3:c3:18:54:40:20:2e:45:79:00:
         b2:ed:9c:4f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZf+i976B0nHkyZw3pyzwYaKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUwNzEyMTIxMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjkzMDJkODZmNjA3ZTI3YzMzOWQ4ZjJlODJmMGMyZGY4MDE3MTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvedg3Y7TzOHFnUNySlCj/PwjD04
YD1OuDEOGl+JapEhQ2jGQgOrpIEM2uEMcnyHpNztbHoiGyT8q2zxSleuZY7icZDb
FFoBQCeIYDw2L+ALoxXae2q0miVDWH3hm9hnUpkFVRRfzdSZ6SfzCwX8TO+hzueJ
WHvXBCiCOKFSx6j+dS49nTdmB4sFQJ+Doh05c7yDeUAqJiiABklK8bprJ+W4i+12
xYpm6ILoN0KwMKqylLV6agXevGwZuefXGO5ZEsm01N91f9n2H1UEuN193K7PTUBR
FROuxfbyOYZZf6wYXJEtr/1rFPfgRzNoK4mzd7T+j5O6/JdGq60TlTcpFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG+TAthvYH4nwznY8ugvDC34AXEAMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvYjVNQzJHOWdmaWZET2RqeTZDOE1MZmdCY1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCU5PoAwQA
sv0QAwQBsv0mMA0GCSqGSIb3DQEBCwUAA4IBAQDDHo8zkTJsBslQlEEYrv2ISRVs
cJxoe5SVZhw6RxH60FLBcfTM7eCzUEhWm5EtMbtNjjzt4TSW+RNv00Bn+wtOjf5H
fFI/psAyQsrQEWgJT1l6OHygc4gt4g8IjAAfFon39KPnEOclc3/kn8U8F1ktNzcV
8eif4ftMIQJ+8xsIAflVSPkYabeO/+82uefi9Es9HrNwsiPOcHAXMZEtH1LbxtLf
hLi3RiuxRnCeIfXxqTC5dVDeYPorud2JrTOplsT/hX8msO43W4dYmWpvXELLnAtV
d2FzF0oEZPPsjUrVMAx8PnSwsOGKLxMU5vYa5Ds0PLPDGFRAIC5FeQCy7ZxP
-----END CERTIFICATE-----