Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/BhhaVZH_zLgw-7V5KrucZChwwhw.roa
File:                     BhhaVZH_zLgw-7V5KrucZChwwhw.roa (raw, json)
Hash identifier:          SXHDmlGIby8EBzXCdDnMzBEiNJv0FwbWBrNb1gd2xxM=
Subject key identifier:   06:18:5A:55:91:FF:CC:B8:30:FB:B5:79:2A:BB:9C:64:28:70:C2:1C
Certificate issuer:       /CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
Certificate serial:       019A5E0EC5F85ED67E5C7EE772C229E5CDFC
Authority key identifier: C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/BhhaVZH_zLgw-7V5KrucZChwwhw.roa
Signing time:             Fri 07 Nov 2025 11:23:37 +0000
ROA not before:           Fri 07 Nov 2025 11:23:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35608
IP address blocks:        45.136.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 05:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5e:0e:c5:f8:5e:d6:7e:5c:7e:e7:72:c2:29:e5:cd:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65a1da1cb1c920ae2f9b748270fded8737a9184
        Validity
            Not Before: Nov  7 11:23:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06185a5591ffccb830fbb5792abb9c642870c21c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ff:20:87:51:bd:f9:e9:0c:75:eb:db:76:f5:
                    38:12:04:94:83:a5:52:6c:32:8d:e0:3e:37:c0:8d:
                    18:b9:7f:e1:6d:e9:61:dd:41:dc:00:c8:38:dd:61:
                    3e:ec:03:db:4e:d4:07:44:0e:f6:2b:d0:42:bb:14:
                    79:87:26:3e:e2:a6:e8:88:4d:6f:65:e7:b8:96:9c:
                    1e:57:f8:9f:1a:8e:4d:a8:eb:89:0b:fa:5a:e7:2e:
                    a6:82:da:6f:e6:71:8c:ee:85:55:97:cf:45:55:25:
                    29:08:ba:0d:49:ea:4f:e3:52:cd:a7:37:e0:a8:bc:
                    25:19:9e:7a:29:60:ad:42:40:c1:e0:d3:93:33:bc:
                    1a:9f:4b:3b:17:d6:b3:e6:82:0c:03:de:2d:fa:e4:
                    46:e0:c2:ac:87:e2:55:ff:88:a1:3e:fa:da:60:db:
                    6d:b0:af:02:6e:05:c9:69:6c:f7:51:d1:8f:2f:7c:
                    5b:a9:3b:68:8e:4b:55:bd:a4:94:2f:42:7e:ef:1a:
                    1b:99:87:11:6d:ce:1a:fb:a0:5a:8b:6d:09:de:be:
                    5b:68:8f:6b:38:75:88:85:ea:5e:fa:cd:1c:97:3e:
                    ce:90:e9:72:7f:e4:5e:a5:14:0e:18:fe:25:e3:5d:
                    3e:fc:3c:07:4d:7f:20:9b:45:01:40:75:ec:bb:21:
                    ea:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:18:5A:55:91:FF:CC:B8:30:FB:B5:79:2A:BB:9C:64:28:70:C2:1C
            X509v3 Authority Key Identifier:
                keyid:C6:5A:1D:A1:CB:1C:92:0A:E2:F9:B7:48:27:0F:DE:D8:73:7A:91:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xlodocsckgri-bdIJw_e2HN6kYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/BhhaVZH_zLgw-7V5KrucZChwwhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4f54b4-009f-46ce-9ac0-36bac8d91e2e/1/xlodocsckgri-bdIJw_e2HN6kYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:a1:77:07:9d:d8:9e:e9:06:48:09:82:01:3f:34:48:be:7b:
         9d:5d:8c:ee:1a:bc:f7:b8:eb:18:d3:e3:84:8c:18:ad:b4:8b:
         3f:9f:30:dc:be:12:f9:73:32:7c:a2:5b:41:c0:80:98:0e:55:
         45:60:c0:b4:62:92:06:cb:28:08:9e:c9:17:75:1e:1b:e0:5a:
         59:54:c1:b8:84:f5:51:a9:66:05:09:50:7c:26:05:bf:7b:c6:
         5e:a5:bf:79:05:bf:7a:46:d5:36:f8:90:24:1d:76:32:02:26:
         12:71:a7:a3:30:e7:88:2e:9c:4b:35:5b:fb:8e:ac:9b:e5:ac:
         6b:dc:b4:89:c8:36:13:fc:ca:e6:e2:8f:ba:10:ab:3f:db:bc:
         b0:d5:7b:91:e7:74:09:de:e6:aa:92:38:75:78:29:7c:ac:cd:
         7f:eb:ad:62:a5:5d:b0:ba:83:c7:25:0d:2d:53:05:2e:8a:30:
         75:54:02:26:e7:a6:a4:6d:d4:a8:a4:bd:18:b1:dc:65:7c:d1:
         ff:34:54:4b:40:9e:e6:33:06:1c:79:23:b5:86:37:23:3b:cd:
         db:09:2b:6b:7e:fe:df:75:7e:28:b3:78:4f:e8:d7:4c:48:ef:
         5c:96:29:4b:c5:7d:b5:4c:fe:d6:c7:17:a9:30:d3:14:a1:b4:
         9d:3f:96:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpeDsX4XtZ+XH7ncsIp5c38MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NWExZGExY2IxYzkyMGFlMmY5Yjc0ODI3MGZkZWQ4NzM3
YTkxODQwHhcNMjUxMTA3MTEyMzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjE4NWE1NTkxZmZjY2I4MzBmYmI1NzkyYWJiOWM2NDI4NzBjMjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP8gh1G9+ekMdevbdvU4EgSUg6VS
bDKN4D43wI0YuX/hbelh3UHcAMg43WE+7APbTtQHRA72K9BCuxR5hyY+4qboiE1v
Zee4lpweV/ifGo5NqOuJC/pa5y6mgtpv5nGM7oVVl89FVSUpCLoNSepP41LNpzfg
qLwlGZ56KWCtQkDB4NOTM7wan0s7F9az5oIMA94t+uRG4MKsh+JV/4ihPvraYNtt
sK8CbgXJaWz3UdGPL3xbqTtojktVvaSUL0J+7xobmYcRbc4a+6Bai20J3r5baI9r
OHWIhepe+s0clz7OkOlyf+RepRQOGP4l410+/DwHTX8gm0UBQHXsuyHqpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYYWlWR/8y4MPu1eSq7nGQocMIcMB8GA1UdIwQY
MBaAFMZaHaHLHJIK4vm3SCcP3thzepGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAt
MzZiYWM4ZDkxZTJlLzEvQmhoYVZaSF96TGd3LTdWNUtydWNaQ2h3d2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80ZjU0YjQtMDA5Zi00NmNlLTlhYzAtMzZiYWM4ZDkxZTJl
LzEveGxvZG9jc2NrZ3JpLWJkSUp3X2UySE42a1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYiQMA0G
CSqGSIb3DQEBCwUAA4IBAQBDoXcHndie6QZICYIBPzRIvnudXYzuGrz3uOsY0+OE
jBittIs/nzDcvhL5czJ8oltBwICYDlVFYMC0YpIGyygInskXdR4b4FpZVMG4hPVR
qWYFCVB8JgW/e8Zepb95Bb96RtU2+JAkHXYyAiYScaejMOeILpxLNVv7jqyb5axr
3LSJyDYT/Mrm4o+6EKs/27yw1XuR53QJ3uaqkjh1eCl8rM1/661ipV2wuoPHJQ0t
UwUuijB1VAIm56akbdSopL0YsdxlfNH/NFRLQJ7mMwYceSO1hjcjO83bCStrfv7f
dX4os3hP6NdMSO9clilLxX21TP7WxxepMNMUobSdP5aw
-----END CERTIFICATE-----