Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BkKF8LlUA4DSv5uJn2Yej4p6gLI.roa
File:                     BkKF8LlUA4DSv5uJn2Yej4p6gLI.roa (raw, json)
Hash identifier:          a5EvI41sBFBOScgX3CLmri28wM/gXecCetCgreOYFaY=
Subject key identifier:   06:42:85:F0:B9:54:03:80:D2:BF:9B:89:9F:66:1E:8F:8A:7A:80:B2
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0198DB50526D8CC4A8B3EA55C8EA5ED6C0B1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BkKF8LlUA4DSv5uJn2Yej4p6gLI.roa
Signing time:             Sun 24 Aug 2025 09:02:10 +0000
ROA not before:           Sun 24 Aug 2025 09:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208626
IP address blocks:        94.156.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 11:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:db:50:52:6d:8c:c4:a8:b3:ea:55:c8:ea:5e:d6:c0:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug 24 09:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=064285f0b9540380d2bf9b899f661e8f8a7a80b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:77:19:dd:63:63:6f:cc:00:8c:61:1b:de:89:
                    c4:e7:f5:84:5c:d5:e1:e3:ad:f9:4c:ff:62:b4:a1:
                    19:68:47:b5:94:c9:9d:04:af:f8:0e:0a:76:55:ef:
                    79:90:e3:0c:49:74:a5:2f:8f:8f:8d:6a:e1:2c:68:
                    6e:04:23:2a:93:bf:82:34:e1:44:bc:ac:e3:a0:fa:
                    0c:c7:d4:79:ea:4e:50:13:7f:4f:67:b5:c7:bc:27:
                    2c:00:e4:4c:3e:ee:20:1d:6d:5a:34:29:56:80:6d:
                    d6:e4:77:08:24:2b:f3:72:68:74:c7:d5:89:72:06:
                    0c:de:bd:c2:12:4f:d9:46:f3:ab:e6:58:09:88:6c:
                    67:e3:55:cc:48:96:72:1e:18:a7:bd:44:1b:a3:f4:
                    17:45:d8:98:d7:89:02:b2:2d:6b:5c:6f:f9:5a:43:
                    42:82:e2:25:ee:55:30:b1:84:5d:e8:e4:28:c0:0b:
                    4b:56:46:16:78:28:92:4e:f7:da:cf:f2:c0:59:b8:
                    0b:ce:19:4a:49:9e:c7:e6:ae:45:e8:73:5a:1d:d6:
                    63:fd:3a:ef:6e:c2:61:49:20:a9:30:1f:68:2f:2f:
                    07:34:8b:59:05:0f:40:05:fe:2e:55:82:1d:69:58:
                    9c:2f:23:55:2a:b3:b1:d7:c1:76:7e:62:fa:f5:68:
                    da:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:42:85:F0:B9:54:03:80:D2:BF:9B:89:9F:66:1E:8F:8A:7A:80:B2
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BkKF8LlUA4DSv5uJn2Yej4p6gLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:e4:f0:2a:f3:e2:cb:11:58:e1:46:e1:06:99:91:79:1a:25:
         44:5e:bb:c6:d3:1f:f6:f8:0b:0a:5a:8b:ef:ac:06:49:06:51:
         99:4a:0a:88:ff:44:42:fc:89:36:26:e3:57:fb:85:e0:c6:38:
         fd:3b:91:22:c4:03:3a:a5:85:1d:73:5f:46:7c:5a:ae:85:d0:
         93:48:b3:6c:07:a4:b8:40:59:97:76:c3:46:f8:43:58:ec:d8:
         f0:5e:4b:a6:3c:58:54:d2:dc:13:90:e9:08:fd:4a:49:0d:f5:
         0d:84:7a:a1:43:2a:75:78:a2:27:cd:fb:db:f7:15:6b:c3:df:
         e6:81:13:aa:25:92:9d:01:16:75:ba:46:5c:c7:35:61:ed:f2:
         03:93:c2:ad:bf:5f:3a:a7:29:23:68:33:55:6c:53:5c:e5:b9:
         41:3c:47:00:fe:1a:8a:f0:a9:a2:02:06:6d:23:c9:09:14:30:
         ea:21:02:08:d8:99:96:a3:34:b1:4c:ec:85:0c:38:0b:fe:2b:
         5b:84:63:75:59:11:dd:e1:98:e5:8d:7e:f8:6d:64:85:5d:aa:
         7d:81:00:39:f7:c4:8e:e6:f9:f2:7f:4b:b1:2a:7a:8c:9e:70:
         13:4e:91:81:40:e1:d5:6e:8f:37:94:5e:f5:cb:e2:90:20:b7:
         cf:f0:83:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjbUFJtjMSos+pVyOpe1sCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwODI0MDkwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQyODVmMGI5NTQwMzgwZDJiZjliODk5ZjY2MWU4ZjhhN2E4MGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHcZ3WNjb8wAjGEb3onE5/WEXNXh
4635TP9itKEZaEe1lMmdBK/4Dgp2Ve95kOMMSXSlL4+PjWrhLGhuBCMqk7+CNOFE
vKzjoPoMx9R56k5QE39PZ7XHvCcsAORMPu4gHW1aNClWgG3W5HcIJCvzcmh0x9WJ
cgYM3r3CEk/ZRvOr5lgJiGxn41XMSJZyHhinvUQbo/QXRdiY14kCsi1rXG/5WkNC
guIl7lUwsYRd6OQowAtLVkYWeCiSTvfaz/LAWbgLzhlKSZ7H5q5F6HNaHdZj/Trv
bsJhSSCpMB9oLy8HNItZBQ9ABf4uVYIdaVicLyNVKrOx18F2fmL69Wja5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZChfC5VAOA0r+biZ9mHo+KeoCyMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQmtLRjhMbFVBNERTdjV1Sm4yWWVqNHA2Z0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpwCMA0G
CSqGSIb3DQEBCwUAA4IBAQBY5PAq8+LLEVjhRuEGmZF5GiVEXrvG0x/2+AsKWovv
rAZJBlGZSgqI/0RC/Ik2JuNX+4Xgxjj9O5EixAM6pYUdc19GfFquhdCTSLNsB6S4
QFmXdsNG+ENY7NjwXkumPFhU0twTkOkI/UpJDfUNhHqhQyp1eKInzfvb9xVrw9/m
gROqJZKdARZ1ukZcxzVh7fIDk8Ktv186pykjaDNVbFNc5blBPEcA/hqK8KmiAgZt
I8kJFDDqIQII2JmWozSxTOyFDDgL/itbhGN1WRHd4ZjljX74bWSFXap9gQA598SO
5vnyf0uxKnqMnnATTpGBQOHVbo83lF71y+KQILfP8INr
-----END CERTIFICATE-----