Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/BBPactuyA12vYUJgEQh5OwvreDs.roa
File:                     BBPactuyA12vYUJgEQh5OwvreDs.roa (raw, json)
Hash identifier:          ttO2DP5h7/EGUelfoeFXfAL9LYlPsjWVZTcFxah6mmI=
Subject key identifier:   04:13:DA:72:DB:B2:03:5D:AF:61:42:60:11:08:79:3B:0B:EB:78:3B
Certificate issuer:       /CN=fb2aa5acfc9bb0fe6b911f1ecad3eb54d45cb36f
Certificate serial:       0198266A6CDA65A129BC29EDDDFDDD7B3D3C
Authority key identifier: FB:2A:A5:AC:FC:9B:B0:FE:6B:91:1F:1E:CA:D3:EB:54:D4:5C:B3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-yqlrPybsP5rkR8eytPrVNRcs28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/BBPactuyA12vYUJgEQh5OwvreDs.roa
Signing time:             Sun 20 Jul 2025 05:59:25 +0000
ROA not before:           Sun 20 Jul 2025 05:59:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        188.208.196.0/24 maxlen: 24
                          2a06:f940::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/1-yqlrPybsP5rkR8eytPrVNRcs28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/1-yqlrPybsP5rkR8eytPrVNRcs28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-yqlrPybsP5rkR8eytPrVNRcs28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:26:6a:6c:da:65:a1:29:bc:29:ed:dd:fd:dd:7b:3d:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb2aa5acfc9bb0fe6b911f1ecad3eb54d45cb36f
        Validity
            Not Before: Jul 20 05:59:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0413da72dbb2035daf6142601108793b0beb783b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:66:0e:1a:27:1f:e0:6a:ec:1c:3c:4d:e9:60:
                    84:3e:99:65:7c:38:eb:6b:62:90:cb:54:0a:c5:d2:
                    5e:22:62:a9:d3:c1:b5:05:88:28:ed:9c:2c:04:3a:
                    9c:57:db:10:34:3c:62:ca:8e:f9:dc:e3:1e:de:7f:
                    10:87:50:53:17:44:0b:f0:54:4b:2f:3f:18:0a:2d:
                    7d:e4:e3:c3:5b:32:42:84:ab:dc:b9:05:53:cd:55:
                    f5:18:86:0b:8f:84:d1:e5:7c:fa:53:ec:9d:3d:83:
                    93:13:79:05:48:8d:a2:9d:00:fa:d2:7e:d9:2d:b6:
                    8c:9a:b6:22:4a:b2:a1:57:80:57:17:07:55:b4:d3:
                    bb:d8:80:90:4d:ef:25:f7:8d:11:9d:24:1c:73:cd:
                    14:56:9d:be:34:36:bd:6b:90:cd:f4:0b:60:cd:ee:
                    70:ca:41:b7:b4:38:b4:a7:84:20:cc:16:6e:b3:ea:
                    be:fe:93:cc:5a:d8:70:00:c9:43:5c:a1:68:32:c3:
                    08:ba:f0:ed:ee:12:50:cf:7a:0e:2a:f4:d4:c0:54:
                    bb:f1:d8:9b:6a:4d:85:7f:64:e5:9f:22:fa:1f:8d:
                    51:14:33:e2:a8:70:95:0e:01:6b:2a:f3:35:3d:20:
                    f1:5a:05:c6:a2:c9:0a:08:ce:88:8e:8c:89:e6:dc:
                    46:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:13:DA:72:DB:B2:03:5D:AF:61:42:60:11:08:79:3B:0B:EB:78:3B
            X509v3 Authority Key Identifier:
                keyid:FB:2A:A5:AC:FC:9B:B0:FE:6B:91:1F:1E:CA:D3:EB:54:D4:5C:B3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-yqlrPybsP5rkR8eytPrVNRcs28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/BBPactuyA12vYUJgEQh5OwvreDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/d9e7ed-3c0f-4a92-8716-ee057cf9c161/1/1-yqlrPybsP5rkR8eytPrVNRcs28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.208.196.0/24
                IPv6:
                  2a06:f940::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:67:d4:50:a4:c1:49:1c:d0:1b:e2:28:58:8c:6a:73:5b:37:
         00:cc:6c:6f:79:b6:13:3b:bc:46:41:4c:83:b6:95:72:16:88:
         ba:bc:c7:94:33:2c:8a:87:87:53:ee:bb:5e:63:da:20:4d:9f:
         9c:9b:ff:2f:76:54:1e:2c:76:f3:4b:39:a9:d5:27:09:d5:71:
         02:89:89:73:b8:82:bc:66:fc:7f:43:0d:23:5d:1c:03:8c:02:
         32:8b:ec:8c:89:31:e5:0b:61:51:a1:21:22:0e:d1:a1:3e:4c:
         be:3f:ce:0a:fb:2a:40:4b:03:ea:2a:4a:f4:5f:6a:01:b6:9d:
         73:51:7a:06:c8:02:31:85:7c:f7:c9:85:86:f6:ce:b8:1a:ee:
         0d:d7:91:b9:10:79:a3:11:dc:6c:19:a8:86:ef:25:d6:32:c4:
         5c:b9:8d:48:85:6c:e8:15:4b:0a:dd:3a:50:ff:60:d2:8b:f1:
         87:6b:54:69:50:a7:a3:19:b9:a0:91:87:e4:90:19:11:bd:c4:
         eb:9d:cc:38:16:c6:d0:8f:12:02:f9:c6:9f:81:83:0c:cd:e3:
         a3:cb:f8:04:af:c9:aa:49:cb:61:b8:77:2b:74:b8:40:4b:cf:
         2d:83:e8:f0:09:41:2b:d3:af:46:ea:4d:d2:61:b1:5e:1f:98:
         40:60:ec:49
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZgmamzaZaEpvCnt3f3dez08MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMmFhNWFjZmM5YmIwZmU2YjkxMWYxZWNhZDNlYjU0ZDQ1
Y2IzNmYwHhcNMjUwNzIwMDU1OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDEzZGE3MmRiYjIwMzVkYWY2MTQyNjAxMTA4NzkzYjBiZWI3ODNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWYOGicf4GrsHDxN6WCEPpllfDjr
a2KQy1QKxdJeImKp08G1BYgo7ZwsBDqcV9sQNDxiyo753OMe3n8Qh1BTF0QL8FRL
Lz8YCi195OPDWzJChKvcuQVTzVX1GIYLj4TR5Xz6U+ydPYOTE3kFSI2inQD60n7Z
LbaMmrYiSrKhV4BXFwdVtNO72ICQTe8l940RnSQcc80UVp2+NDa9a5DN9Atgze5w
ykG3tDi0p4QgzBZus+q+/pPMWthwAMlDXKFoMsMIuvDt7hJQz3oOKvTUwFS78dib
ak2Ff2TlnyL6H41RFDPiqHCVDgFrKvM1PSDxWgXGoskKCM6IjoyJ5txGZwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFAQT2nLbsgNdr2FCYBEIeTsL63g7MB8GA1UdIwQY
MBaAFPsqpaz8m7D+a5EfHsrT61TUXLNvMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS15cWxyUHlic1A1cmtSOGV5dFByVk5SY3MyOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjEvZDllN2VkLTNjMGYtNGE5Mi04NzE2
LWVlMDU3Y2Y5YzE2MS8xL0JCUGFjdHV5QTEydllVSmdFUWg1T3d2cmVEcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjEvZDllN2VkLTNjMGYtNGE5Mi04NzE2LWVlMDU3Y2Y5YzE2
MS8xLzEteXFsclB5YnNQNXJrUjhleXRQclZOUmNzMjguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBAC80MQw
DwQCAAIwCQMHACoG+UAAADANBgkqhkiG9w0BAQsFAAOCAQEAomfUUKTBSRzQG+Io
WIxqc1s3AMxsb3m2Ezu8RkFMg7aVchaIurzHlDMsioeHU+67XmPaIE2fnJv/L3ZU
Hix280s5qdUnCdVxAomJc7iCvGb8f0MNI10cA4wCMovsjIkx5QthUaEhIg7RoT5M
vj/OCvsqQEsD6ipK9F9qAbadc1F6BsgCMYV898mFhvbOuBruDdeRuRB5oxHcbBmo
hu8l1jLEXLmNSIVs6BVLCt06UP9g0ovxh2tUaVCnoxm5oJGH5JAZEb3E653MOBbG
0I8SAvnGn4GDDM3jo8v4BK/JqknLYbh3K3S4QEvPLYPo8AlBK9OvRupN0mGxXh+Y
QGDsSQ==
-----END CERTIFICATE-----