Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/BtIMT-4USJtyS1lsLYEt6qDN400.roa
File:                     BtIMT-4USJtyS1lsLYEt6qDN400.roa (raw, json)
Hash identifier:          w0XBbm1CfKB2rAsHS+lyTSlzgkS8trTQYSzkZng5+7I=
Subject key identifier:   06:D2:0C:4F:EE:14:48:9B:72:4B:59:6C:2D:81:2D:EA:A0:CD:E3:4D
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       0197E41AFB367FE35E6A93F220D77D575D22
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/BtIMT-4USJtyS1lsLYEt6qDN400.roa
Signing time:             Mon 07 Jul 2025 08:57:42 +0000
ROA not before:           Mon 07 Jul 2025 08:57:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210732
IP address blocks:        45.8.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e4:1a:fb:36:7f:e3:5e:6a:93:f2:20:d7:7d:57:5d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jul  7 08:57:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06d20c4fee14489b724b596c2d812deaa0cde34d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:16:66:98:04:54:7a:7f:49:d6:e9:fe:8c:d1:
                    81:92:13:e4:32:29:07:53:b0:5d:ea:b1:77:0f:e4:
                    3a:c2:37:36:f6:4b:ed:cc:a7:08:22:5e:2e:f1:17:
                    98:02:a6:b9:38:b0:d7:81:74:93:d7:86:8a:42:c5:
                    53:c7:57:55:84:60:86:0b:b2:e0:56:d7:b6:4a:68:
                    9a:03:79:33:99:be:04:bc:53:9b:2f:29:5d:17:62:
                    0e:77:90:43:1c:24:1e:0a:61:42:5e:f5:75:e4:cf:
                    8e:06:74:10:74:4c:d7:de:a9:36:83:23:8f:3a:bb:
                    da:7e:ac:29:71:0a:27:f3:09:b0:d8:e7:ca:b8:62:
                    c3:50:cf:6c:8b:09:a2:76:08:67:a1:62:33:f5:3e:
                    db:35:42:85:60:0e:76:5d:75:d1:24:7a:28:18:5b:
                    71:9f:f0:42:1d:14:c7:46:0e:fe:a2:d9:ce:41:90:
                    74:87:27:c0:99:8e:ed:d1:cc:a0:1c:f7:9d:49:b6:
                    64:01:d3:55:fc:7d:7e:72:bf:02:7c:79:6e:a0:87:
                    c9:22:ce:a0:50:4e:29:b9:db:4f:e6:89:1d:7d:5a:
                    1c:dd:95:e1:a4:96:b7:1b:87:91:0a:69:01:b4:19:
                    34:ca:2a:9b:14:aa:28:66:f1:4c:0e:23:ec:c3:be:
                    f2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D2:0C:4F:EE:14:48:9B:72:4B:59:6C:2D:81:2D:EA:A0:CD:E3:4D
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/BtIMT-4USJtyS1lsLYEt6qDN400.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:53:a0:5f:19:2d:7f:bb:9e:3b:ea:5d:fd:cc:3f:1b:00:51:
         d4:e9:5c:7f:63:76:b3:cb:92:32:b5:b9:03:06:19:21:b7:43:
         70:1e:40:88:cc:62:2d:e6:5c:c0:23:61:f3:16:9b:3e:7c:4d:
         21:a7:d8:6a:ee:62:be:05:d4:31:7d:82:f0:90:15:75:72:b7:
         3b:ba:ae:d7:29:4d:5b:83:fa:c5:3d:39:7c:dc:35:f8:5d:95:
         c8:01:10:9b:b6:4b:a2:fe:82:62:a1:85:e2:5e:15:1d:13:1c:
         a0:33:35:ea:99:b6:35:9a:61:01:f2:3b:e6:ae:75:dc:54:3c:
         69:84:16:66:4c:01:81:bb:e1:79:ea:b5:2f:b9:53:51:1a:c0:
         5c:54:d1:47:92:44:0d:8d:9f:45:e5:cb:71:12:da:6d:96:95:
         ae:09:57:ce:5e:ee:68:f6:35:43:97:c9:5c:57:a0:29:82:26:
         17:44:38:2c:2c:d0:33:6b:11:47:ab:00:1d:9f:74:d9:55:ac:
         af:30:19:9d:61:51:84:42:9d:9b:e2:de:12:a4:f7:2e:49:1c:
         a3:a2:07:f6:f2:40:60:80:de:90:9f:b4:fa:9b:6c:c8:01:55:
         e0:f7:83:dc:b9:91:f4:56:c4:bc:bd:2e:71:f8:e5:37:49:ee:
         e8:4d:08:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfkGvs2f+NeapPyINd9V10iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwNzA3MDg1NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQyMGM0ZmVlMTQ0ODliNzI0YjU5NmMyZDgxMmRlYWEwY2RlMzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRZmmARUen9J1un+jNGBkhPkMikH
U7Bd6rF3D+Q6wjc29kvtzKcIIl4u8ReYAqa5OLDXgXST14aKQsVTx1dVhGCGC7Lg
Vte2SmiaA3kzmb4EvFObLyldF2IOd5BDHCQeCmFCXvV15M+OBnQQdEzX3qk2gyOP
OrvafqwpcQon8wmw2OfKuGLDUM9siwmidghnoWIz9T7bNUKFYA52XXXRJHooGFtx
n/BCHRTHRg7+otnOQZB0hyfAmY7t0cygHPedSbZkAdNV/H1+cr8CfHluoIfJIs6g
UE4pudtP5okdfVoc3ZXhpJa3G4eRCmkBtBk0yiqbFKooZvFMDiPsw77yYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbSDE/uFEibcktZbC2BLeqgzeNNMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvQnRJTVQtNFVTSnR5UzFsc0xZRXQ2cURONDAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjNMA0G
CSqGSIb3DQEBCwUAA4IBAQB/U6BfGS1/u5476l39zD8bAFHU6Vx/Y3azy5IytbkD
Bhkht0NwHkCIzGIt5lzAI2HzFps+fE0hp9hq7mK+BdQxfYLwkBV1crc7uq7XKU1b
g/rFPTl83DX4XZXIARCbtkui/oJioYXiXhUdExygMzXqmbY1mmEB8jvmrnXcVDxp
hBZmTAGBu+F56rUvuVNRGsBcVNFHkkQNjZ9F5ctxEtptlpWuCVfOXu5o9jVDl8lc
V6ApgiYXRDgsLNAzaxFHqwAdn3TZVayvMBmdYVGEQp2b4t4SpPcuSRyjogf28kBg
gN6Qn7T6m2zIAVXg94PcuZH0VsS8vS5x+OU3Se7oTQiY
-----END CERTIFICATE-----