Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/BdNsDTUXgDmRE6U5W6OmFoniLBw.roa
File:                     BdNsDTUXgDmRE6U5W6OmFoniLBw.roa (raw, json)
Hash identifier:          lxCPTbTR4UHKE3LL6lrAFwQ5MBeOXjaWDoerVowhzcg=
Subject key identifier:   05:D3:6C:0D:35:17:80:39:91:13:A5:39:5B:A3:A6:16:89:E2:2C:1C
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       01980E6BE66F2A332FFC59AE462BF882ED9D
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/BdNsDTUXgDmRE6U5W6OmFoniLBw.roa
Signing time:             Tue 15 Jul 2025 14:10:09 +0000
ROA not before:           Tue 15 Jul 2025 14:10:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206705
IP address blocks:        2a03:5840:12c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0e:6b:e6:6f:2a:33:2f:fc:59:ae:46:2b:f8:82:ed:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jul 15 14:10:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05d36c0d351780399113a5395ba3a61689e22c1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:65:dc:8b:73:7a:c3:32:56:3e:55:d9:ee:fd:
                    8b:49:82:12:33:13:d0:77:b0:f4:8f:94:9a:ea:3b:
                    9b:17:55:8b:e3:8f:c4:80:05:28:b8:8d:a3:11:12:
                    9c:8e:fd:c3:5e:2f:fd:bd:33:d3:47:b4:a7:31:96:
                    16:a2:9a:85:22:f2:36:92:09:30:3d:6f:c6:a7:18:
                    3c:d1:15:65:8c:01:c4:7e:d4:d5:a1:52:f3:64:e9:
                    35:5d:f1:8c:9a:43:04:d6:39:45:0a:81:f7:58:98:
                    48:23:c6:d8:a4:18:40:f7:6b:d8:71:3b:67:c2:21:
                    5f:af:aa:23:f0:42:75:10:2e:af:68:02:99:b4:3c:
                    3c:80:77:d2:51:ce:62:88:dc:c9:48:15:76:64:4b:
                    41:cf:7a:ab:aa:a6:f6:5c:c8:06:3e:24:93:f0:55:
                    b4:0b:8f:c7:41:6c:b6:89:47:68:48:cc:2f:ca:bb:
                    2e:60:70:2f:0e:d2:3c:d1:08:8c:81:9c:be:3c:ae:
                    ad:f8:b6:72:34:2c:37:2a:2a:57:b6:2c:d6:2f:bb:
                    b1:ca:56:69:ea:c7:d7:63:1a:fc:e4:c1:db:e5:f3:
                    46:d0:fc:f1:25:53:5e:a7:21:72:56:ca:03:7e:da:
                    f2:bd:90:a5:3e:1d:b5:f5:e0:57:b3:f0:70:b0:b7:
                    67:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:D3:6C:0D:35:17:80:39:91:13:A5:39:5B:A3:A6:16:89:E2:2C:1C
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/BdNsDTUXgDmRE6U5W6OmFoniLBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:12c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:c8:99:63:ab:4b:eb:b9:06:bf:28:8e:14:84:d1:43:40:6a:
         1d:1f:43:fb:cb:f2:9a:40:3d:7a:96:c1:de:fa:6f:bc:41:2b:
         c5:4b:2e:19:9a:d5:fb:b5:30:3e:53:a6:d8:8e:bf:30:1d:fc:
         04:bd:21:e2:cc:3b:ff:a3:40:53:ba:4f:12:14:d5:29:25:24:
         5e:a1:9c:10:4a:3b:87:ee:b1:59:e8:f6:2f:a5:83:be:e5:92:
         fb:51:83:55:20:e9:6a:32:a6:28:61:bb:45:46:88:32:80:cc:
         21:a2:f8:77:c0:31:d1:b0:0d:4e:dc:b1:2a:1c:5a:ed:d1:db:
         31:a6:99:b7:73:95:3b:42:25:72:51:33:1b:e4:12:de:77:6e:
         fe:c3:2f:0b:55:b8:fa:df:94:75:26:e9:77:a2:c3:13:77:d5:
         3f:13:5d:68:da:fa:af:82:a3:1a:e8:71:42:95:51:96:0f:53:
         79:05:fb:8c:97:51:26:7e:20:06:e5:ec:43:dd:76:e3:73:09:
         c1:c6:a3:ac:44:5e:80:2b:9a:38:b8:47:c4:5e:77:55:14:0d:
         17:98:ce:3d:79:c3:d3:e0:58:f3:b5:05:de:2a:6c:f1:2d:cb:
         3f:0d:fb:8f:b6:c4:4a:16:34:e5:0d:44:bc:49:56:37:e3:a7:
         44:ce:c4:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgOa+ZvKjMv/FmuRiv4gu2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwNzE1MTQxMDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWQzNmMwZDM1MTc4MDM5OTExM2E1Mzk1YmEzYTYxNjg5ZTIyYzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2Xci3N6wzJWPlXZ7v2LSYISMxPQ
d7D0j5Sa6jubF1WL44/EgAUouI2jERKcjv3DXi/9vTPTR7SnMZYWopqFIvI2kgkw
PW/Gpxg80RVljAHEftTVoVLzZOk1XfGMmkME1jlFCoH3WJhII8bYpBhA92vYcTtn
wiFfr6oj8EJ1EC6vaAKZtDw8gHfSUc5iiNzJSBV2ZEtBz3qrqqb2XMgGPiST8FW0
C4/HQWy2iUdoSMwvyrsuYHAvDtI80QiMgZy+PK6t+LZyNCw3KipXtizWL7uxylZp
6sfXYxr85MHb5fNG0PzxJVNepyFyVsoDftryvZClPh219eBXs/BwsLdnnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAXTbA01F4A5kROlOVujphaJ4iwcMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvQmROc0RUVVhnRG1SRTZVNVc2T21Gb25pTEJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEs
MA0GCSqGSIb3DQEBCwUAA4IBAQBqyJljq0vruQa/KI4UhNFDQGodH0P7y/KaQD16
lsHe+m+8QSvFSy4ZmtX7tTA+U6bYjr8wHfwEvSHizDv/o0BTuk8SFNUpJSReoZwQ
SjuH7rFZ6PYvpYO+5ZL7UYNVIOlqMqYoYbtFRogygMwhovh3wDHRsA1O3LEqHFrt
0dsxppm3c5U7QiVyUTMb5BLed27+wy8LVbj635R1Jul3osMTd9U/E11o2vqvgqMa
6HFClVGWD1N5BfuMl1EmfiAG5exD3XbjcwnBxqOsRF6AK5o4uEfEXndVFA0XmM49
ecPT4FjztQXeKmzxLcs/DfuPtsRKFjTlDUS8SVY346dEzsRE
-----END CERTIFICATE-----