Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/BtUSMQYrMiXrz8PT4gbKkp8KMzo.roa
File:                     BtUSMQYrMiXrz8PT4gbKkp8KMzo.roa (raw, json)
Hash identifier:          MhygUK83+6wJufXl8GG1Zo7sHLD1N46TiaJVKQtyfzQ=
Subject key identifier:   06:D5:12:31:06:2B:32:25:EB:CF:C3:D3:E2:06:CA:92:9F:0A:33:3A
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0198194E1C0EE0886EA52F3F7C083D69EBBB
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/BtUSMQYrMiXrz8PT4gbKkp8KMzo.roa
Signing time:             Thu 17 Jul 2025 16:53:26 +0000
ROA not before:           Thu 17 Jul 2025 16:53:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211557
IP address blocks:        212.16.87.0/24 maxlen: 24
                          212.16.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:19:4e:1c:0e:e0:88:6e:a5:2f:3f:7c:08:3d:69:eb:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jul 17 16:53:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06d51231062b3225ebcfc3d3e206ca929f0a333a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:38:4c:ce:ad:cf:a7:57:a7:59:df:3f:ce:ff:
                    ee:e9:7c:f9:7b:ad:0d:72:1b:5b:53:08:7c:5f:51:
                    60:37:53:0e:ee:c4:0f:19:a8:8d:1e:3a:b5:08:91:
                    f9:71:f8:84:2c:ee:12:a4:f5:37:d2:4d:86:5b:ad:
                    f2:d0:f6:cd:bd:a7:26:90:c5:f9:49:f1:06:fc:8a:
                    8f:e8:f8:66:42:52:81:a2:cd:e4:14:66:5c:ac:63:
                    b8:e1:d1:e9:f1:4e:0b:d7:2d:da:8b:15:6e:89:96:
                    2c:b3:0c:a1:7a:db:3c:52:7e:20:70:c9:33:f3:05:
                    97:c9:38:9d:c4:f3:84:55:91:14:4b:a5:a9:37:d7:
                    bc:26:d8:e2:af:78:55:e3:1e:eb:9d:22:19:8b:b9:
                    99:7b:4d:20:76:18:7d:06:99:35:d1:51:c4:42:1b:
                    62:26:7d:ca:0d:fb:e0:e9:b7:e4:67:4f:dd:ac:90:
                    50:50:26:b8:0d:4b:8d:0d:a1:f0:96:db:0b:58:f2:
                    0a:6b:36:e4:7b:42:00:57:bd:4e:45:c5:71:fb:b7:
                    d5:60:5b:17:24:7b:36:c5:12:7e:29:b5:fd:b6:fd:
                    31:c9:c9:61:fc:1b:fd:33:0c:57:bc:3c:04:90:af:
                    4f:2a:70:d6:83:16:58:ba:44:16:79:e0:9f:26:da:
                    d1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D5:12:31:06:2B:32:25:EB:CF:C3:D3:E2:06:CA:92:9F:0A:33:3A
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/BtUSMQYrMiXrz8PT4gbKkp8KMzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.16.87.0/24
                  212.16.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:22:ac:1f:81:3f:a8:27:ea:4d:c8:71:dc:45:62:73:cb:40:
         08:f5:43:c4:a7:bb:8f:d2:3c:f2:bf:30:96:f3:99:e3:53:fe:
         95:aa:ff:24:96:d3:2f:f2:64:cf:65:e2:ed:b5:c4:fe:c1:16:
         7c:01:ea:87:0e:62:6c:aa:97:50:6b:ed:02:31:f4:e8:a4:7c:
         d8:ed:76:47:57:36:80:9c:c8:d1:75:b3:93:f2:ed:43:82:2e:
         a4:1c:79:e8:11:33:ba:db:c6:a0:71:99:34:b8:67:95:3d:d3:
         5b:75:9b:53:54:44:c2:0f:6e:cd:d4:4b:49:85:86:b7:25:80:
         02:9b:20:e0:2f:c1:16:62:16:b9:d0:d7:0d:72:4e:15:99:27:
         64:67:77:2b:ed:34:76:f4:89:af:33:1a:b7:40:ac:d1:38:bc:
         7a:35:9f:ae:db:83:e6:32:35:ea:44:2f:63:fd:85:c3:65:cf:
         b4:35:b4:ec:9c:f6:e3:fe:68:1d:26:5b:0a:dc:87:24:c3:cb:
         e1:bc:96:cb:8a:83:91:78:53:1d:2a:cd:43:27:66:ea:70:2e:
         8b:dc:1c:46:db:cf:3a:64:26:02:9e:49:5e:e7:bc:86:59:0a:
         df:3b:28:ad:53:26:c3:f1:fb:53:89:c7:e2:e9:c6:72:19:4a:
         4c:2d:71:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgZThwO4IhupS8/fAg9aeu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNzE3MTY1MzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQ1MTIzMTA2MmIzMjI1ZWJjZmMzZDNlMjA2Y2E5MjlmMGEzMzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjhMzq3Pp1enWd8/zv/u6Xz5e60N
chtbUwh8X1FgN1MO7sQPGaiNHjq1CJH5cfiELO4SpPU30k2GW63y0PbNvacmkMX5
SfEG/IqP6PhmQlKBos3kFGZcrGO44dHp8U4L1y3aixVuiZYsswyhets8Un4gcMkz
8wWXyTidxPOEVZEUS6WpN9e8Jtjir3hV4x7rnSIZi7mZe00gdhh9Bpk10VHEQhti
Jn3KDfvg6bfkZ0/drJBQUCa4DUuNDaHwltsLWPIKazbke0IAV71ORcVx+7fVYFsX
JHs2xRJ+KbX9tv0xyclh/Bv9MwxXvDwEkK9PKnDWgxZYukQWeeCfJtrRlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAbVEjEGKzIl68/D0+IGypKfCjM6MB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvQnRVU01RWXJNaVhyejhQVDRnYktrcDhLTXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1BBXAwQA
1BBeMA0GCSqGSIb3DQEBCwUAA4IBAQBWIqwfgT+oJ+pNyHHcRWJzy0AI9UPEp7uP
0jzyvzCW85njU/6Vqv8kltMv8mTPZeLttcT+wRZ8AeqHDmJsqpdQa+0CMfTopHzY
7XZHVzaAnMjRdbOT8u1Dgi6kHHnoETO628agcZk0uGeVPdNbdZtTVETCD27N1EtJ
hYa3JYACmyDgL8EWYha50NcNck4VmSdkZ3cr7TR29ImvMxq3QKzROLx6NZ+u24Pm
MjXqRC9j/YXDZc+0NbTsnPbj/mgdJlsK3Ickw8vhvJbLioOReFMdKs1DJ2bqcC6L
3BxG2886ZCYCnkle57yGWQrfOyitUybD8ftTicfi6cZyGUpMLXEl
-----END CERTIFICATE-----