Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/BCvFtufHlyuRosq-MyE5S8yW2W8.roa
File:                     BCvFtufHlyuRosq-MyE5S8yW2W8.roa (raw, json)
Hash identifier:          mTLc5zqKltaC6h5FTR+Z6cneLqnMsrRb4l3Oy6a6bbE=
Subject key identifier:   04:2B:C5:B6:E7:C7:97:2B:91:A2:CA:BE:33:21:39:4B:CC:96:D9:6F
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0197D5B69A0C8B8043690D25A697356A7049
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/BCvFtufHlyuRosq-MyE5S8yW2W8.roa
Signing time:             Fri 04 Jul 2025 13:53:23 +0000
ROA not before:           Fri 04 Jul 2025 13:53:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28753
IP address blocks:        185.125.51.0/24 maxlen: 24
                          185.172.130.0/24 maxlen: 24
                          185.172.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Jul 2025 01:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d5:b6:9a:0c:8b:80:43:69:0d:25:a6:97:35:6a:70:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul  4 13:53:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=042bc5b6e7c7972b91a2cabe3321394bcc96d96f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:1a:56:f4:eb:2e:5a:4e:db:44:b7:8a:43:ab:
                    da:b8:e6:10:a3:1d:f6:df:4f:00:d9:53:f3:26:bf:
                    eb:0b:d0:7d:9f:27:40:b4:ba:ea:cb:9a:4f:d6:45:
                    92:ce:65:3f:9f:dd:6c:28:59:09:ba:ff:5b:6a:38:
                    ba:00:83:f7:7f:bb:05:25:db:7d:80:f7:8e:92:46:
                    30:4b:36:d4:ea:ff:ec:3c:2f:5c:61:fd:48:c3:1a:
                    41:60:b0:9f:f6:1a:c4:c6:11:3e:ea:e4:2b:15:20:
                    e9:79:fd:3e:d5:cb:15:ec:ec:81:95:fa:27:5c:46:
                    f6:a1:d0:82:50:61:73:6a:0d:d9:b7:f3:6e:b5:23:
                    08:66:49:16:c7:09:ac:11:14:87:fe:e7:30:ab:93:
                    c3:90:23:33:2f:41:c1:1d:8b:7b:50:59:c1:59:d6:
                    e6:82:bb:2e:08:fa:05:2c:54:ca:9f:f5:fd:e1:41:
                    28:2d:26:f4:94:8f:4d:96:00:12:8b:46:53:ed:02:
                    ab:8e:1c:34:ff:5a:67:71:b0:43:92:12:23:70:8d:
                    e5:98:a2:3b:98:62:79:2e:fe:a8:b9:98:5e:2c:4a:
                    74:b7:3c:b4:81:04:27:4a:f2:94:26:57:48:e5:36:
                    5b:26:6e:b6:11:0f:76:27:69:f7:2b:c1:26:0c:b5:
                    6e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:2B:C5:B6:E7:C7:97:2B:91:A2:CA:BE:33:21:39:4B:CC:96:D9:6F
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/BCvFtufHlyuRosq-MyE5S8yW2W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.51.0/24
                  185.172.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:01:ce:9b:59:fc:89:b4:31:af:58:5e:65:11:93:f0:7f:72:
         fb:a4:16:88:7c:46:9a:57:b3:61:fd:99:50:d1:79:c4:62:8c:
         29:28:f9:f1:c3:97:08:3c:f9:b9:9a:44:c0:84:c5:2b:dd:f9:
         f2:9d:d1:e4:5d:95:ce:e6:49:ee:d1:5b:31:28:47:4e:f5:13:
         38:ed:dd:bf:49:76:18:55:e2:62:c4:17:d6:65:96:19:fa:5b:
         9d:19:5a:71:07:a6:0e:17:fd:9e:ae:dd:32:51:fa:51:5a:29:
         5c:45:c1:9f:38:9a:ce:f7:a5:74:68:5f:18:55:a1:da:54:55:
         6d:34:44:d1:ac:94:43:ba:32:17:4f:cf:e3:59:ea:11:19:56:
         92:32:47:e8:0e:2d:66:ca:2b:bc:da:44:f1:0c:4b:a6:09:86:
         94:d8:72:58:6e:ba:ca:c1:2c:8e:33:a3:70:68:f1:ae:01:0d:
         94:4f:66:4a:a2:7b:fc:e4:65:e4:0e:db:03:96:ee:fc:43:af:
         99:55:dd:dc:32:22:f9:b2:f6:be:79:03:8b:bb:4e:c5:31:82:
         50:58:81:90:f0:53:55:70:8b:b5:81:9e:65:56:47:4e:c6:80:
         26:bd:39:42:62:d0:b2:a6:28:da:bb:c9:77:fc:09:b8:42:ff:
         cb:5a:49:2b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfVtpoMi4BDaQ0lppc1anBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNzA0MTM1MzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDJiYzViNmU3Yzc5NzJiOTFhMmNhYmUzMzIxMzk0YmNjOTZkOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hpW9OsuWk7bRLeKQ6vauOYQox32
308A2VPzJr/rC9B9nydAtLrqy5pP1kWSzmU/n91sKFkJuv9baji6AIP3f7sFJdt9
gPeOkkYwSzbU6v/sPC9cYf1IwxpBYLCf9hrExhE+6uQrFSDpef0+1csV7OyBlfon
XEb2odCCUGFzag3Zt/NutSMIZkkWxwmsERSH/ucwq5PDkCMzL0HBHYt7UFnBWdbm
grsuCPoFLFTKn/X94UEoLSb0lI9NlgASi0ZT7QKrjhw0/1pncbBDkhIjcI3lmKI7
mGJ5Lv6ouZheLEp0tzy0gQQnSvKUJldI5TZbJm62EQ92J2n3K8EmDLVuMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAQrxbbnx5crkaLKvjMhOUvMltlvMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvQkN2RnR1ZkhseXVSb3NxLU15RTVTOHlXMlc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuX0zAwQB
uayCMA0GCSqGSIb3DQEBCwUAA4IBAQCfAc6bWfyJtDGvWF5lEZPwf3L7pBaIfEaa
V7Nh/ZlQ0XnEYowpKPnxw5cIPPm5mkTAhMUr3fnyndHkXZXO5knu0VsxKEdO9RM4
7d2/SXYYVeJixBfWZZYZ+ludGVpxB6YOF/2ert0yUfpRWilcRcGfOJrO96V0aF8Y
VaHaVFVtNETRrJRDujIXT8/jWeoRGVaSMkfoDi1myiu82kTxDEumCYaU2HJYbrrK
wSyOM6NwaPGuAQ2UT2ZKonv85GXkDtsDlu78Q6+ZVd3cMiL5sva+eQOLu07FMYJQ
WIGQ8FNVcIu1gZ5lVkdOxoAmvTlCYtCypijau8l3/Am4Qv/LWkkr
-----END CERTIFICATE-----