Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BIpnBcEEAizScwIgehgOuqcXP1M.roa
File:                     BIpnBcEEAizScwIgehgOuqcXP1M.roa (raw, json)
Hash identifier:          rzdCbHQv8lgjMOShb3XZFqk4L1CuRKaCz9h44ylbQj4=
Subject key identifier:   04:8A:67:05:C1:04:02:2C:D2:73:02:20:7A:18:0E:BA:A7:17:3F:53
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       019A294510216DD034C74329CF107B75B819
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BIpnBcEEAizScwIgehgOuqcXP1M.roa
Signing time:             Tue 28 Oct 2025 05:23:02 +0000
ROA not before:           Tue 28 Oct 2025 05:23:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        188.209.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:29:45:10:21:6d:d0:34:c7:43:29:cf:10:7b:75:b8:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Oct 28 05:23:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=048a6705c104022cd27302207a180ebaa7173f53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:a4:02:c7:7e:2e:55:fb:a5:25:ad:4b:4c:cb:
                    5c:d9:ae:fd:b5:65:5c:00:07:66:27:db:f9:f8:bc:
                    7e:b1:59:74:53:6a:bb:18:92:b1:1a:9e:95:70:c5:
                    df:05:74:f0:db:78:fb:cf:94:1d:e8:b7:50:d9:dd:
                    f8:a5:cb:79:a1:0f:84:07:a0:a4:da:ad:06:15:c9:
                    c7:9a:92:85:e8:71:36:f0:12:d9:fa:ed:d4:e9:ef:
                    a1:e4:be:62:11:11:44:2f:c9:63:7d:86:31:a1:c8:
                    2d:19:05:d7:7b:9d:c0:d4:31:63:a4:cb:eb:82:2d:
                    41:6e:ad:68:70:55:0e:65:fd:44:13:ad:d6:d1:76:
                    94:05:8d:b1:97:70:a2:6a:60:b9:a9:96:99:29:85:
                    2b:a8:4d:76:81:47:05:ee:b6:46:3c:11:bd:a9:e6:
                    94:b0:07:e2:94:b4:37:1a:65:8b:7d:33:0d:52:f1:
                    bb:99:63:80:80:6b:ab:74:74:1f:86:31:e4:4a:d1:
                    a1:10:df:c3:91:e8:37:80:02:20:b9:21:11:ab:b2:
                    a1:90:03:ce:3c:71:42:13:c7:df:56:d9:b0:e6:34:
                    c9:65:b7:77:1d:9d:60:c7:ff:d2:cc:e4:0d:08:d1:
                    f1:9a:19:f0:53:e1:ca:6a:0a:31:9b:f5:ca:fa:6f:
                    e6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:8A:67:05:C1:04:02:2C:D2:73:02:20:7A:18:0E:BA:A7:17:3F:53
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BIpnBcEEAizScwIgehgOuqcXP1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:7f:ea:0f:d3:43:b0:40:54:71:b2:75:61:7b:8e:b0:81:59:
         5e:ea:aa:29:f6:3b:48:ee:8e:8c:91:da:bd:03:a4:74:a2:36:
         9a:8a:5b:77:c8:f2:c4:d3:d1:b7:fb:19:b9:3e:8a:01:1b:b2:
         e7:59:d5:59:c0:72:ec:58:36:62:05:70:2b:e4:5c:ed:ad:91:
         92:ff:5d:16:79:ef:25:2f:2c:28:d0:ea:8c:c4:6c:0c:90:1a:
         99:20:32:60:6d:f8:fd:fb:44:c9:89:e2:ff:45:48:14:b5:e4:
         d5:31:33:c4:67:f2:50:8d:cf:90:26:59:f3:b9:45:43:c0:5c:
         aa:88:68:ce:94:27:83:bd:6c:91:09:59:4d:33:f4:f6:93:b0:
         fb:b3:ee:40:12:72:a5:58:6c:48:47:cc:62:5b:67:26:f9:d5:
         55:90:c5:a8:14:f2:e3:5a:3d:a2:9f:63:e9:21:16:e5:96:6e:
         59:37:04:f9:4e:9e:e1:60:9b:70:49:64:60:42:5b:4b:2f:85:
         c4:92:85:14:bf:6b:2c:2a:0a:5c:c1:04:b0:b8:df:54:7c:62:
         3f:e2:2a:9f:92:19:01:07:69:4a:59:e5:f5:89:14:07:e0:79:
         6a:d0:98:8c:58:3f:79:1b:6c:26:b8:16:14:8c:8e:05:84:4e:
         2b:50:b6:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZopRRAhbdA0x0MpzxB7dbgZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUxMDI4MDUyMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDhhNjcwNWMxMDQwMjJjZDI3MzAyMjA3YTE4MGViYWE3MTczZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6aQCx34uVfulJa1LTMtc2a79tWVc
AAdmJ9v5+Lx+sVl0U2q7GJKxGp6VcMXfBXTw23j7z5Qd6LdQ2d34pct5oQ+EB6Ck
2q0GFcnHmpKF6HE28BLZ+u3U6e+h5L5iERFEL8ljfYYxocgtGQXXe53A1DFjpMvr
gi1Bbq1ocFUOZf1EE63W0XaUBY2xl3CiamC5qZaZKYUrqE12gUcF7rZGPBG9qeaU
sAfilLQ3GmWLfTMNUvG7mWOAgGurdHQfhjHkStGhEN/Dkeg3gAIguSERq7KhkAPO
PHFCE8ffVtmw5jTJZbd3HZ1gx//SzOQNCNHxmhnwU+HKagoxm/XK+m/mBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASKZwXBBAIs0nMCIHoYDrqnFz9TMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvQklwbkJjRUVBaXpTY3dJZ2VoZ091cWNYUDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGFMA0G
CSqGSIb3DQEBCwUAA4IBAQABf+oP00OwQFRxsnVhe46wgVle6qop9jtI7o6Mkdq9
A6R0ojaailt3yPLE09G3+xm5PooBG7LnWdVZwHLsWDZiBXAr5FztrZGS/10Wee8l
Lywo0OqMxGwMkBqZIDJgbfj9+0TJieL/RUgUteTVMTPEZ/JQjc+QJlnzuUVDwFyq
iGjOlCeDvWyRCVlNM/T2k7D7s+5AEnKlWGxIR8xiW2cm+dVVkMWoFPLjWj2in2Pp
IRbllm5ZNwT5Tp7hYJtwSWRgQltLL4XEkoUUv2ssKgpcwQSwuN9UfGI/4iqfkhkB
B2lKWeX1iRQH4Hlq0JiMWD95G2wmuBYUjI4FhE4rULY3
-----END CERTIFICATE-----