Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/bmGSZIhDZ7omF5TcuRC3GMr8vZo.roa
File:                     bmGSZIhDZ7omF5TcuRC3GMr8vZo.roa (raw, json)
Hash identifier:          aa2GJMxBcb4lhY3ULNNCLoGJ/YB3WqwaeozmQDkZLmk=
Subject key identifier:   6E:61:92:64:88:43:67:BA:26:17:94:DC:B9:10:B7:18:CA:FC:BD:9A
Certificate issuer:       /CN=bb4dff5faeb944453a7c84b097e57c71c04f11fc
Certificate serial:       019812A83F455DADF81D9A8C8A41E0EA8C02
Authority key identifier: BB:4D:FF:5F:AE:B9:44:45:3A:7C:84:B0:97:E5:7C:71:C0:4F:11:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u03_X665REU6fISwl-V8ccBPEfw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/bmGSZIhDZ7omF5TcuRC3GMr8vZo.roa
Signing time:             Wed 16 Jul 2025 09:54:32 +0000
ROA not before:           Wed 16 Jul 2025 09:54:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25053
IP address blocks:        194.48.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/u03_X665REU6fISwl-V8ccBPEfw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/u03_X665REU6fISwl-V8ccBPEfw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u03_X665REU6fISwl-V8ccBPEfw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:12:a8:3f:45:5d:ad:f8:1d:9a:8c:8a:41:e0:ea:8c:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb4dff5faeb944453a7c84b097e57c71c04f11fc
        Validity
            Not Before: Jul 16 09:54:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e619264884367ba261794dcb910b718cafcbd9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f3:c2:c9:e5:7d:78:cd:62:36:ec:3b:2f:a6:
                    f2:78:d6:fa:93:8e:95:13:92:df:23:89:8e:46:b4:
                    09:78:e5:12:4d:54:47:3b:b2:57:45:ee:c1:c2:d1:
                    8d:a6:5b:0e:f6:73:3a:67:f0:5b:39:4a:8d:ec:4c:
                    50:bc:cd:1a:5a:3c:53:5f:79:1c:34:ce:40:34:27:
                    32:b9:c0:6d:55:89:30:d5:bd:1d:bb:8b:a1:b3:e0:
                    7f:04:44:29:31:6d:83:50:e2:ec:1e:d6:3b:25:83:
                    ed:17:f3:ef:3f:eb:db:a1:9a:36:7f:3c:fc:51:23:
                    34:3f:66:88:b2:55:4e:e4:3a:19:c1:58:a1:47:59:
                    d0:df:3c:49:42:2a:fb:6b:9d:72:fa:45:86:1c:de:
                    79:c3:03:c5:a4:10:59:86:c8:63:59:5b:b7:75:5d:
                    63:0d:de:00:d4:4b:ee:98:76:58:97:16:77:15:c3:
                    77:14:d8:ca:42:1c:d9:ba:a8:2b:21:8f:0b:06:05:
                    9c:5c:20:ab:53:9e:13:f6:bc:92:b5:23:72:08:5a:
                    2c:17:2a:0f:e4:9f:fb:95:57:3a:11:07:5b:7a:09:
                    e3:46:0b:6d:53:63:44:53:91:b2:fc:57:06:20:72:
                    b0:aa:07:d6:9d:32:8c:84:82:01:ce:6b:f1:0a:21:
                    03:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:61:92:64:88:43:67:BA:26:17:94:DC:B9:10:B7:18:CA:FC:BD:9A
            X509v3 Authority Key Identifier:
                keyid:BB:4D:FF:5F:AE:B9:44:45:3A:7C:84:B0:97:E5:7C:71:C0:4F:11:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u03_X665REU6fISwl-V8ccBPEfw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/bmGSZIhDZ7omF5TcuRC3GMr8vZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/u03_X665REU6fISwl-V8ccBPEfw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:5d:c8:8a:76:ca:bb:7a:7f:1b:86:18:72:6b:1c:db:ba:af:
         8b:e6:0f:3c:fe:93:a8:27:06:8c:44:79:fa:4d:7f:6c:13:fe:
         a2:50:b0:77:1c:ab:59:7f:3a:3c:e2:e4:d0:03:dd:7b:d4:40:
         f0:ef:6f:66:ed:c7:62:41:95:b0:9b:fd:ff:59:ae:09:ce:d0:
         ef:5f:35:23:5e:7e:1b:45:74:67:2a:38:1e:5b:2f:95:e8:8a:
         31:08:fb:83:d5:06:16:1c:14:1c:c9:d8:c7:39:75:98:6b:b3:
         70:0f:0c:cf:48:b3:07:1c:40:0b:eb:55:10:60:a6:67:99:d0:
         cc:3b:69:47:0b:86:5c:0b:b4:77:0a:20:4c:93:02:8b:3e:de:
         30:41:05:14:8c:11:2c:a2:97:a6:3d:36:cd:ed:39:9b:85:00:
         ca:a8:0c:ad:94:fd:a9:6b:4b:f2:7a:d7:ac:f5:9e:06:90:30:
         e2:65:c4:52:1c:88:af:44:37:9b:d0:89:81:fd:d1:a4:11:7b:
         b4:48:88:c2:04:9b:f7:2c:eb:cd:63:0c:04:41:7d:f8:92:44:
         5d:fe:0c:31:c8:18:05:c3:6f:41:99:64:ee:87:55:f5:63:db:
         44:bd:cb:46:1a:fb:9d:bf:a4:42:e8:07:6f:c8:e8:23:71:84:
         92:0c:1e:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgSqD9FXa34HZqMikHg6owCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNGRmZjVmYWViOTQ0NDUzYTdjODRiMDk3ZTU3YzcxYzA0
ZjExZmMwHhcNMjUwNzE2MDk1NDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTYxOTI2NDg4NDM2N2JhMjYxNzk0ZGNiOTEwYjcxOGNhZmNiZDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfPCyeV9eM1iNuw7L6byeNb6k46V
E5LfI4mORrQJeOUSTVRHO7JXRe7BwtGNplsO9nM6Z/BbOUqN7ExQvM0aWjxTX3kc
NM5ANCcyucBtVYkw1b0du4uhs+B/BEQpMW2DUOLsHtY7JYPtF/PvP+vboZo2fzz8
USM0P2aIslVO5DoZwVihR1nQ3zxJQir7a51y+kWGHN55wwPFpBBZhshjWVu3dV1j
Dd4A1EvumHZYlxZ3FcN3FNjKQhzZuqgrIY8LBgWcXCCrU54T9ryStSNyCFosFyoP
5J/7lVc6EQdbegnjRgttU2NEU5Gy/FcGIHKwqgfWnTKMhIIBzmvxCiEDawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5hkmSIQ2e6JheU3LkQtxjK/L2aMB8GA1UdIwQY
MBaAFLtN/1+uuURFOnyEsJflfHHATxH8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTAzX1g2NjVSRVU2ZklTd2wtVjhjY0JQRWZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9kMTM1MjYtYzFhYy00NWU0LWJlYmMt
NjZmNDE2N2Y4M2IyLzEvYm1HU1pJaERaN29tRjVUY3VSQzNHTXI4dlpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9kMTM1MjYtYzFhYy00NWU0LWJlYmMtNjZmNDE2N2Y4M2Iy
LzEvdTAzX1g2NjVSRVU2ZklTd2wtVjhjY0JQRWZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjBUMA0G
CSqGSIb3DQEBCwUAA4IBAQCZXciKdsq7en8bhhhyaxzbuq+L5g88/pOoJwaMRHn6
TX9sE/6iULB3HKtZfzo84uTQA9171EDw729m7cdiQZWwm/3/Wa4JztDvXzUjXn4b
RXRnKjgeWy+V6IoxCPuD1QYWHBQcydjHOXWYa7NwDwzPSLMHHEAL61UQYKZnmdDM
O2lHC4ZcC7R3CiBMkwKLPt4wQQUUjBEsopemPTbN7TmbhQDKqAytlP2pa0vyetes
9Z4GkDDiZcRSHIivRDeb0ImB/dGkEXu0SIjCBJv3LOvNYwwEQX34kkRd/gwxyBgF
w29BmWTuh1X1Y9tEvctGGvudv6RC6AdvyOgjcYSSDB43
-----END CERTIFICATE-----