Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/B2JmCPoyhnai-DrPu98QS4-q4eY.roa
File:                     B2JmCPoyhnai-DrPu98QS4-q4eY.roa (raw, json)
Hash identifier:          woSQjHInZQrl0IFraZgxQZSnFc0QedADaWjQdsYiLbY=
Subject key identifier:   07:62:66:08:FA:32:86:76:A2:F8:3A:CF:BB:DF:10:4B:8F:AA:E1:E6
Certificate issuer:       /CN=177e11f5233e933999a2a0c68903fc275ae459e6
Certificate serial:       0197F5DFB69789656E5DD03779954E10DF68
Authority key identifier: 17:7E:11:F5:23:3E:93:39:99:A2:A0:C6:89:03:FC:27:5A:E4:59:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F34R9SM-kzmZoqDGiQP8J1rkWeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/B2JmCPoyhnai-DrPu98QS4-q4eY.roa
Signing time:             Thu 10 Jul 2025 19:46:08 +0000
ROA not before:           Thu 10 Jul 2025 19:46:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209783
IP address blocks:        185.63.113.0/24 maxlen: 24
                          2a14:fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/F34R9SM-kzmZoqDGiQP8J1rkWeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/F34R9SM-kzmZoqDGiQP8J1rkWeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F34R9SM-kzmZoqDGiQP8J1rkWeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f5:df:b6:97:89:65:6e:5d:d0:37:79:95:4e:10:df:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=177e11f5233e933999a2a0c68903fc275ae459e6
        Validity
            Not Before: Jul 10 19:46:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07626608fa328676a2f83acfbbdf104b8faae1e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:fd:d0:4e:03:6f:95:d6:d9:25:4b:c3:3f:0d:
                    da:55:9a:d6:d7:28:7d:54:7d:ad:e9:c8:58:26:2f:
                    d8:e7:f3:02:5b:57:d6:5b:0d:c6:7f:af:f7:7f:f7:
                    fe:a3:f6:65:00:19:05:4e:68:9a:1a:24:3b:0f:dd:
                    53:7b:61:9e:a5:ea:02:e7:c9:a9:4e:d6:c0:ff:99:
                    db:67:e0:c5:ab:e8:ba:c9:23:07:de:95:34:46:ce:
                    36:9f:c9:d8:5f:ba:fe:1b:de:b4:f6:f5:8c:d1:a0:
                    af:d9:b1:73:b2:2c:47:6f:9b:6f:cc:25:6d:98:54:
                    f4:2b:46:a9:69:1d:d1:e5:55:2b:20:a9:d9:f6:b8:
                    65:c9:38:21:e7:19:40:62:36:9a:a1:c9:5a:5f:c7:
                    45:0b:d9:b1:97:3c:31:45:f9:19:9d:6f:2d:b5:6c:
                    e8:7f:d1:5a:c3:c8:df:38:fa:04:54:ba:cf:ac:4f:
                    b4:98:39:14:06:5b:a9:df:52:77:b2:2e:a7:87:52:
                    5e:eb:8e:da:d1:1b:9b:8a:51:e4:a4:1f:4e:9f:e0:
                    29:ef:9d:65:55:38:84:1c:ae:19:ea:a7:dc:0a:ee:
                    85:94:5f:bd:e4:b6:21:fe:c3:63:7d:ba:f0:8a:70:
                    7e:fb:6c:5f:cb:28:fd:22:e0:8e:0b:97:19:60:f7:
                    1a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:62:66:08:FA:32:86:76:A2:F8:3A:CF:BB:DF:10:4B:8F:AA:E1:E6
            X509v3 Authority Key Identifier:
                keyid:17:7E:11:F5:23:3E:93:39:99:A2:A0:C6:89:03:FC:27:5A:E4:59:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F34R9SM-kzmZoqDGiQP8J1rkWeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/B2JmCPoyhnai-DrPu98QS4-q4eY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/F34R9SM-kzmZoqDGiQP8J1rkWeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.113.0/24
                IPv6:
                  2a14:fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ec:1c:e8:e0:51:c8:2d:50:01:e9:c3:93:f3:06:e8:a6:b0:dd:
         e2:b2:35:79:55:9f:f7:2b:83:3c:31:a5:8f:e5:41:54:d1:fe:
         9a:7e:70:4c:b8:ea:e8:c8:f6:9a:07:f2:53:40:f7:15:d4:c9:
         f6:8f:bb:dc:1d:fc:59:fd:f0:14:e8:2d:8a:5e:0f:0e:f8:8d:
         71:d4:b5:67:2a:9d:45:13:c4:63:0e:cf:f0:cf:b9:3b:9d:22:
         cd:44:1b:95:f9:8e:ee:1f:84:17:02:7a:68:be:72:ad:2c:aa:
         06:dd:14:86:70:ee:16:64:4d:93:e2:55:af:28:cb:80:c1:f0:
         64:33:db:e3:36:f9:ca:b7:87:eb:38:51:82:7e:f3:48:9e:ff:
         30:43:a0:c0:b3:3c:e6:53:22:4f:8b:0a:e9:5a:6e:a8:a0:3b:
         2a:83:54:4c:80:1b:46:b0:f9:7a:ba:a5:8f:2d:1b:99:aa:94:
         46:26:65:56:58:d6:3d:4d:fb:ff:a5:18:2a:86:85:2c:b8:c9:
         18:dd:f6:73:10:c6:10:80:19:79:2f:75:88:97:1f:84:f1:b9:
         0f:f3:53:6c:f8:a3:36:10:c9:13:7c:0b:7c:a5:3d:07:1a:61:
         1f:67:2f:7f:c3:2b:a9:97:f5:98:b5:33:65:f7:f9:6a:e8:83:
         04:f1:86:3f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZf137aXiWVuXdA3eZVOEN9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3N2UxMWY1MjMzZTkzMzk5OWEyYTBjNjg5MDNmYzI3NWFl
NDU5ZTYwHhcNMjUwNzEwMTk0NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzYyNjYwOGZhMzI4Njc2YTJmODNhY2ZiYmRmMTA0YjhmYWFlMWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwv3QTgNvldbZJUvDPw3aVZrW1yh9
VH2t6chYJi/Y5/MCW1fWWw3Gf6/3f/f+o/ZlABkFTmiaGiQ7D91Te2GepeoC58mp
TtbA/5nbZ+DFq+i6ySMH3pU0Rs42n8nYX7r+G9609vWM0aCv2bFzsixHb5tvzCVt
mFT0K0apaR3R5VUrIKnZ9rhlyTgh5xlAYjaaoclaX8dFC9mxlzwxRfkZnW8ttWzo
f9Faw8jfOPoEVLrPrE+0mDkUBlup31J3si6nh1Je647a0RubilHkpB9On+Ap751l
VTiEHK4Z6qfcCu6FlF+95LYh/sNjfbrwinB++2xfyyj9IuCOC5cZYPcaywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAdiZgj6MoZ2ovg6z7vfEEuPquHmMB8GA1UdIwQY
MBaAFBd+EfUjPpM5maKgxokD/Cda5FnmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjM0UjlTTS1rem1ab3FER2lRUDhKMXJrV2VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xMTlkY2QtODRlMS00OGQ1LWEyODAt
YWEwOWQ2ZTFmZmVlLzEvQjJKbUNQb3lobmFpLURyUHU5OFFTNC1xNGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xMTlkY2QtODRlMS00OGQ1LWEyODAtYWEwOWQ2ZTFmZmVl
LzEvRjM0UjlTTS1rem1ab3FER2lRUDhKMXJrV2VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuT9xMA0E
AgACMAcDBQMqFA/AMA0GCSqGSIb3DQEBCwUAA4IBAQDsHOjgUcgtUAHpw5PzBuim
sN3isjV5VZ/3K4M8MaWP5UFU0f6afnBMuOroyPaaB/JTQPcV1Mn2j7vcHfxZ/fAU
6C2KXg8O+I1x1LVnKp1FE8RjDs/wz7k7nSLNRBuV+Y7uH4QXAnpovnKtLKoG3RSG
cO4WZE2T4lWvKMuAwfBkM9vjNvnKt4frOFGCfvNInv8wQ6DAszzmUyJPiwrpWm6o
oDsqg1RMgBtGsPl6uqWPLRuZqpRGJmVWWNY9Tfv/pRgqhoUsuMkY3fZzEMYQgBl5
L3WIlx+E8bkP81Ns+KM2EMkTfAt8pT0HGmEfZy9/wyupl/WYtTNl9/lq6IME8YY/
-----END CERTIFICATE-----