Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/KbtzbkJoBiqdAJoxwgfp_T-Kbfg.roa
File:                     KbtzbkJoBiqdAJoxwgfp_T-Kbfg.roa (raw, json)
Hash identifier:          aZgS+ihWCfC1vp+8bDD+54B9BXQ7wDfy0wamP1chOGE=
Subject key identifier:   29:BB:73:6E:42:68:06:2A:9D:00:9A:31:C2:07:E9:FD:3F:8A:6D:F8
Certificate issuer:       /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial:       01983BF43B5322DCC25F764E5D4E8CAEF660
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/KbtzbkJoBiqdAJoxwgfp_T-Kbfg.roa
Signing time:             Thu 24 Jul 2025 10:21:58 +0000
ROA not before:           Thu 24 Jul 2025 10:21:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57797
IP address blocks:        81.27.84.0/24 maxlen: 24
                          2a12:8ac0::/29 maxlen: 48
                          2a12:8ac0::/40 maxlen: 48
                          2a12:8ac1::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3b:f4:3b:53:22:dc:c2:5f:76:4e:5d:4e:8c:ae:f6:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
        Validity
            Not Before: Jul 24 10:21:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29bb736e4268062a9d009a31c207e9fd3f8a6df8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1d:60:19:e8:45:b6:13:82:ee:59:f8:c1:97:
                    bf:aa:72:54:58:ff:f1:d3:fe:80:a8:be:55:d0:bc:
                    bc:26:fe:01:6d:22:f5:f5:a3:61:5b:fe:b8:b1:2e:
                    b8:22:bd:08:a0:22:fc:68:82:b2:2a:3d:42:38:0b:
                    c0:e7:68:00:91:b4:64:cf:56:de:ba:a3:0f:73:12:
                    4c:69:52:96:96:9a:c1:a3:9d:7a:d2:0a:32:50:7f:
                    b3:59:ba:26:a3:2d:89:37:3e:d2:13:de:f8:22:e6:
                    c6:1c:d0:c4:94:b6:1b:4e:3c:78:72:23:4d:71:a3:
                    da:f3:28:0a:00:4c:35:fe:b2:40:af:18:b8:13:35:
                    b3:1b:d1:28:4a:24:42:af:59:ba:ac:04:fe:27:51:
                    cc:ea:7f:03:df:05:73:1d:dd:b1:dc:ef:e4:20:2f:
                    22:b9:55:88:19:d9:ae:df:b7:46:bc:b7:85:b6:d7:
                    44:46:c9:3b:00:a7:9e:19:c0:b5:85:c1:89:8b:6d:
                    21:26:7b:11:66:23:27:a5:90:b2:38:57:8e:74:3d:
                    80:b2:60:d7:16:dc:70:fb:11:32:72:c6:2b:28:6f:
                    06:fe:b0:d0:32:77:67:6e:76:11:de:17:ac:c4:b5:
                    5c:d0:60:22:f5:42:d4:51:ae:ce:77:f7:b0:dd:c7:
                    12:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:BB:73:6E:42:68:06:2A:9D:00:9A:31:C2:07:E9:FD:3F:8A:6D:F8
            X509v3 Authority Key Identifier:
                keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/KbtzbkJoBiqdAJoxwgfp_T-Kbfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.27.84.0/24
                IPv6:
                  2a12:8ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:3a:58:c1:48:18:77:34:e2:79:46:df:1e:a8:b2:12:23:9b:
         04:bd:3e:76:68:ae:82:4d:69:5a:cd:1e:78:1a:fa:48:3f:4c:
         ce:68:21:29:a5:59:2b:1e:04:b2:85:22:dd:6d:e8:7b:12:e9:
         f4:d1:bb:f2:05:64:5b:b4:42:9b:e9:6e:55:30:74:b0:3b:06:
         b1:3e:76:d5:23:86:62:a5:b4:f8:85:92:72:d9:33:45:22:43:
         4d:92:e2:00:a8:4f:b8:16:0c:54:44:7d:04:01:db:db:fb:e0:
         ff:43:af:45:f4:6e:18:4d:b4:a8:2d:b3:21:b3:f9:d8:4d:99:
         5b:79:fc:4f:38:16:db:13:7a:28:4b:c3:89:c0:6e:46:6f:b6:
         52:66:ff:ef:59:f5:51:88:57:98:82:80:15:7c:0d:7f:00:7c:
         88:da:16:59:82:e1:0c:a6:53:0c:1c:a1:5a:bc:12:e2:b5:4e:
         d5:a0:5d:02:03:01:37:99:94:78:23:b3:74:ec:15:45:47:bb:
         e7:20:b1:fa:3e:4d:30:0a:65:82:72:f5:d8:14:30:2d:15:18:
         15:d7:e1:37:fd:40:fa:e9:75:b2:0d:a3:ac:f1:37:7a:03:f4:
         60:74:d0:48:25:29:27:1a:3c:d2:1d:bb:4c:2f:9f:5f:f5:a8:
         a0:33:a4:57
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZg79DtTItzCX3ZOXU6MrvZgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjUwNzI0MTAyMTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWJiNzM2ZTQyNjgwNjJhOWQwMDlhMzFjMjA3ZTlmZDNmOGE2ZGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB1gGehFthOC7ln4wZe/qnJUWP/x
0/6AqL5V0Ly8Jv4BbSL19aNhW/64sS64Ir0IoCL8aIKyKj1COAvA52gAkbRkz1be
uqMPcxJMaVKWlprBo5160goyUH+zWbomoy2JNz7SE974IubGHNDElLYbTjx4ciNN
caPa8ygKAEw1/rJArxi4EzWzG9EoSiRCr1m6rAT+J1HM6n8D3wVzHd2x3O/kIC8i
uVWIGdmu37dGvLeFttdERsk7AKeeGcC1hcGJi20hJnsRZiMnpZCyOFeOdD2AsmDX
Ftxw+xEycsYrKG8G/rDQMndnbnYR3hesxLVc0GAi9ULUUa7Od/ew3ccSqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCm7c25CaAYqnQCaMcIH6f0/im34MB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvS2J0emJrSm9CaXFkQUpveHdnZnBfVC1LYmZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAURtUMA0E
AgACMAcDBQMqEorAMA0GCSqGSIb3DQEBCwUAA4IBAQBeOljBSBh3NOJ5Rt8eqLIS
I5sEvT52aK6CTWlazR54GvpIP0zOaCEppVkrHgSyhSLdbeh7Eun00bvyBWRbtEKb
6W5VMHSwOwaxPnbVI4ZipbT4hZJy2TNFIkNNkuIAqE+4FgxURH0EAdvb++D/Q69F
9G4YTbSoLbMhs/nYTZlbefxPOBbbE3ooS8OJwG5Gb7ZSZv/vWfVRiFeYgoAVfA1/
AHyI2hZZguEMplMMHKFavBLitU7VoF0CAwE3mZR4I7N07BVFR7vnILH6Pk0wCmWC
cvXYFDAtFRgV1+E3/UD66XWyDaOs8Td6A/RgdNBIJSknGjzSHbtML59f9aigM6RX
-----END CERTIFICATE-----