Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/BhaT-M-zQEVQbEPTvK_whwRLo3g.roa
File:                     BhaT-M-zQEVQbEPTvK_whwRLo3g.roa (raw, json)
Hash identifier:          yoydrscKhHCdRvyWQAObyBBT0xMyfOzTOU389MtWZv4=
Subject key identifier:   06:16:93:F8:CF:B3:40:45:50:6C:43:D3:BC:AF:F0:87:04:4B:A3:78
Certificate issuer:       /CN=4da4d6199aec828f6989e2e84cec17765bac5cd5
Certificate serial:       019711C381F693A058E64898E97ABF3139F3
Authority key identifier: 4D:A4:D6:19:9A:EC:82:8F:69:89:E2:E8:4C:EC:17:76:5B:AC:5C:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TaTWGZrsgo9pieLoTOwXdlusXNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/BhaT-M-zQEVQbEPTvK_whwRLo3g.roa
Signing time:             Tue 27 May 2025 12:41:54 +0000
ROA not before:           Tue 27 May 2025 12:41:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20776
IP address blocks:        80.243.240.0/20 maxlen: 20
                          80.243.240.0/21 maxlen: 21
                          80.243.248.0/21 maxlen: 21
                          82.197.96.0/19 maxlen: 23
                          82.197.112.0/20 maxlen: 20
                          82.197.126.0/24 maxlen: 24
                          89.16.0.0/19 maxlen: 19
                          89.16.0.0/20 maxlen: 20
                          89.16.0.0/21 maxlen: 21
                          89.16.8.0/21 maxlen: 21
                          89.16.16.0/20 maxlen: 20
                          89.16.16.0/21 maxlen: 21
                          89.16.24.0/21 maxlen: 21
                          92.49.64.0/19 maxlen: 19
                          92.49.64.0/20 maxlen: 20
                          92.49.64.0/21 maxlen: 21
                          92.49.72.0/21 maxlen: 21
                          92.49.80.0/20 maxlen: 20
                          92.49.96.0/19 maxlen: 21
                          92.49.96.0/20 maxlen: 21
                          92.49.96.0/21 maxlen: 21
                          92.49.104.0/24 maxlen: 24
                          92.49.105.0/24 maxlen: 24
                          92.49.106.0/24 maxlen: 24
                          92.49.107.0/24 maxlen: 24
                          92.49.108.0/22 maxlen: 22
                          92.49.112.0/20 maxlen: 20
                          92.49.112.0/21 maxlen: 21
                          92.49.120.0/21 maxlen: 21
                          92.49.125.0/24 maxlen: 24
                          93.176.0.0/19 maxlen: 19
                          93.176.0.0/20 maxlen: 20
                          93.176.16.0/20 maxlen: 20
                          93.176.32.0/20 maxlen: 20
                          93.176.48.0/20 maxlen: 20
                          109.62.0.0/17 maxlen: 24
                          109.62.0.0/19 maxlen: 19
                          109.62.0.0/21 maxlen: 21
                          109.62.4.0/22 maxlen: 22
                          109.62.8.0/24 maxlen: 24
                          109.62.9.0/24 maxlen: 24
                          109.62.10.0/23 maxlen: 23
                          109.62.12.0/23 maxlen: 23
                          109.62.14.0/24 maxlen: 24
                          109.62.15.0/24 maxlen: 24
                          109.62.16.0/21 maxlen: 21
                          109.62.24.0/23 maxlen: 23
                          109.62.26.0/24 maxlen: 24
                          109.62.27.0/24 maxlen: 24
                          109.62.28.0/22 maxlen: 22
                          109.62.56.0/21 maxlen: 21
                          109.62.56.0/22 maxlen: 22
                          109.62.60.0/22 maxlen: 22
                          109.62.64.0/24 maxlen: 24
                          109.62.66.0/24 maxlen: 24
                          109.62.67.0/24 maxlen: 24
                          109.62.68.0/22 maxlen: 23
                          109.62.68.0/23 maxlen: 23
                          109.62.70.0/23 maxlen: 23
                          109.62.72.0/21 maxlen: 21
                          109.62.72.0/22 maxlen: 22
                          109.62.76.0/22 maxlen: 22
                          109.62.80.0/20 maxlen: 20
                          109.62.80.0/21 maxlen: 21
                          109.62.88.0/21 maxlen: 21
                          109.62.96.0/20 maxlen: 20
                          185.13.218.0/23 maxlen: 23
                          188.115.64.0/18 maxlen: 18
                          188.115.64.0/19 maxlen: 19
                          188.115.64.0/20 maxlen: 20
                          188.115.80.0/20 maxlen: 20
                          188.115.96.0/19 maxlen: 19
                          188.115.96.0/21 maxlen: 21
                          188.115.104.0/21 maxlen: 21
                          188.115.112.0/20 maxlen: 20
                          188.115.112.0/22 maxlen: 22
                          188.115.116.0/22 maxlen: 22
                          188.115.120.0/21 maxlen: 21
                          217.175.160.0/19 maxlen: 24
                          217.175.168.0/21 maxlen: 21
                          217.175.168.0/24 maxlen: 24
                          217.175.169.0/24 maxlen: 24
                          217.175.170.0/24 maxlen: 24
                          217.175.171.0/24 maxlen: 24
                          217.175.172.0/24 maxlen: 24
                          217.175.174.0/23 maxlen: 23
                          217.175.176.0/21 maxlen: 21
                          217.175.176.0/22 maxlen: 22
                          217.175.180.0/22 maxlen: 22
                          217.175.184.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/TaTWGZrsgo9pieLoTOwXdlusXNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/TaTWGZrsgo9pieLoTOwXdlusXNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TaTWGZrsgo9pieLoTOwXdlusXNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 09:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:c3:81:f6:93:a0:58:e6:48:98:e9:7a:bf:31:39:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da4d6199aec828f6989e2e84cec17765bac5cd5
        Validity
            Not Before: May 27 12:41:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=061693f8cfb34045506c43d3bcaff087044ba378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:40:5f:99:5f:ae:e9:e1:ce:9c:8c:30:3f:55:
                    6f:72:7b:a2:09:b2:86:71:ba:c2:f9:d1:2c:38:dd:
                    bd:36:af:ac:e8:d1:df:e2:87:f5:80:60:17:1f:e0:
                    28:b5:d7:cc:c6:ec:5a:e9:59:25:71:9c:eb:05:65:
                    2e:6b:62:95:1e:a2:ed:e8:0a:ba:cc:52:37:6e:12:
                    fe:f9:30:c7:2c:12:0f:0a:43:f6:f7:9e:b0:b3:cd:
                    99:50:de:3e:80:ce:a1:04:40:29:0c:0e:2e:e8:74:
                    a7:44:71:31:dc:6d:85:8d:89:e5:11:9d:b6:57:42:
                    0d:e6:fc:9b:07:d6:21:bb:2c:98:c5:2a:d8:c7:8f:
                    5c:54:65:0c:7c:12:82:c3:86:c6:c2:78:6f:5a:50:
                    91:a3:34:60:44:23:4a:fb:8b:3a:0c:e9:0b:f9:2a:
                    3b:70:4d:ce:76:90:87:22:f1:4b:2a:38:b9:99:ff:
                    14:14:9a:1a:7f:0a:cb:65:76:65:9b:7b:d1:d4:da:
                    73:3e:e4:2e:c6:f9:ad:a1:19:f4:7c:4b:6e:d4:b9:
                    78:f9:40:fd:07:a0:36:9a:97:f3:01:3f:68:fd:22:
                    96:00:54:d1:a0:8b:09:92:92:34:97:ec:6a:42:39:
                    cf:5b:13:97:2b:53:5f:d7:b4:33:97:27:b8:67:2c:
                    77:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:16:93:F8:CF:B3:40:45:50:6C:43:D3:BC:AF:F0:87:04:4B:A3:78
            X509v3 Authority Key Identifier:
                keyid:4D:A4:D6:19:9A:EC:82:8F:69:89:E2:E8:4C:EC:17:76:5B:AC:5C:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TaTWGZrsgo9pieLoTOwXdlusXNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/BhaT-M-zQEVQbEPTvK_whwRLo3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/2c8482-5331-4e57-9974-40837d48473d/1/TaTWGZrsgo9pieLoTOwXdlusXNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.243.240.0/20
                  82.197.96.0/19
                  89.16.0.0/19
                  92.49.64.0/18
                  93.176.0.0/18
                  109.62.0.0/17
                  185.13.218.0/23
                  188.115.64.0/18
                  217.175.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         44:e1:4c:33:20:c5:12:c2:aa:2c:af:ca:a1:c7:af:d2:48:29:
         53:76:1a:93:5d:cf:fb:91:df:6a:00:de:a0:c1:95:ff:4a:93:
         53:65:93:a3:bd:d5:57:5e:c7:c4:6f:47:20:b3:01:dd:56:b8:
         2f:3a:0e:2c:f9:8e:d3:b6:71:89:e4:f5:88:54:bd:b4:82:dd:
         d0:49:67:98:8c:84:8e:5c:22:61:39:fb:2f:2d:3a:6e:c7:a7:
         40:b4:29:ad:b2:d3:3c:47:97:25:df:13:4d:f5:68:b4:72:42:
         2b:77:73:98:7d:16:55:41:7b:42:bb:39:82:42:10:b2:fe:ce:
         b8:4f:4b:b4:5a:3c:6a:03:f6:92:51:27:01:58:4f:6b:85:61:
         27:cf:d2:3e:70:21:a5:bc:ac:66:74:9b:06:86:0f:cc:74:6c:
         fa:08:66:e1:bd:82:ab:63:42:c2:df:d3:e0:de:cd:0f:a2:48:
         30:20:86:17:7e:7f:3c:c1:a0:de:89:78:04:f9:02:00:b3:72:
         47:a7:04:ad:73:11:95:75:04:e3:99:f9:9d:3b:79:da:89:a5:
         4f:e9:78:ba:b7:03:12:e8:1c:1f:36:8e:5a:a7:bb:29:93:9a:
         ee:3f:b0:23:28:a4:d8:47:f8:ce:fa:b3:cf:ef:0b:d7:e0:45:
         2d:0f:8f:9b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZcRw4H2k6BY5kiY6Xq/MTnzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTRkNjE5OWFlYzgyOGY2OTg5ZTJlODRjZWMxNzc2NWJh
YzVjZDUwHhcNMjUwNTI3MTI0MTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjE2OTNmOGNmYjM0MDQ1NTA2YzQzZDNiY2FmZjA4NzA0NGJhMzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEBfmV+u6eHOnIwwP1VvcnuiCbKG
cbrC+dEsON29Nq+s6NHf4of1gGAXH+AotdfMxuxa6VklcZzrBWUua2KVHqLt6Aq6
zFI3bhL++TDHLBIPCkP2956ws82ZUN4+gM6hBEApDA4u6HSnRHEx3G2FjYnlEZ22
V0IN5vybB9YhuyyYxSrYx49cVGUMfBKCw4bGwnhvWlCRozRgRCNK+4s6DOkL+So7
cE3OdpCHIvFLKji5mf8UFJoafwrLZXZlm3vR1NpzPuQuxvmtoRn0fEtu1Ll4+UD9
B6A2mpfzAT9o/SKWAFTRoIsJkpI0l+xqQjnPWxOXK1Nf17Qzlye4Zyx32wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFAYWk/jPs0BFUGxD07yv8IcES6N4MB8GA1UdIwQY
MBaAFE2k1hma7IKPaYni6EzsF3ZbrFzVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFUV0dacnNnbzlwaWVMb1RPd1hkbHVzWE5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yYzg0ODItNTMzMS00ZTU3LTk5NzQt
NDA4MzdkNDg0NzNkLzEvQmhhVC1NLXpRRVZRYkVQVHZLX3dod1JMbzNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yYzg0ODItNTMzMS00ZTU3LTk5NzQtNDA4MzdkNDg0NzNk
LzEvVGFUV0dacnNnbzlwaWVMb1RPd1hkbHVzWE5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQEUPPwAwQF
UsVgAwQFWRAAAwQGXDFAAwQGXbAAAwQHbT4AAwQBuQ3aAwQGvHNAAwQF2a+gMA0G
CSqGSIb3DQEBCwUAA4IBAQBE4UwzIMUSwqosr8qhx6/SSClTdhqTXc/7kd9qAN6g
wZX/SpNTZZOjvdVXXsfEb0cgswHdVrgvOg4s+Y7TtnGJ5PWIVL20gt3QSWeYjISO
XCJhOfsvLTpux6dAtCmtstM8R5cl3xNN9Wi0ckIrd3OYfRZVQXtCuzmCQhCy/s64
T0u0WjxqA/aSUScBWE9rhWEnz9I+cCGlvKxmdJsGhg/MdGz6CGbhvYKrY0LC39Pg
3s0PokgwIIYXfn88waDeiXgE+QIAs3JHpwStcxGVdQTjmfmdO3naiaVP6Xi6twMS
6BwfNo5ap7spk5ruP7AjKKTYR/jO+rPP7wvX4EUtD4+b
-----END CERTIFICATE-----
Generated at Tue Jun 10 19:46:22 2025 by rpki-client