Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/BU0K-jq4yCTRDFgFmlLWawEJYAU.roa
File:                     BU0K-jq4yCTRDFgFmlLWawEJYAU.roa (raw, json)
Hash identifier:          HyTY7vvT0OCEeAhfRH+8wyCsyeDuJjUYTouZKbB1WlU=
Subject key identifier:   05:4D:0A:FA:3A:B8:C8:24:D1:0C:58:05:9A:52:D6:6B:01:09:60:05
Certificate issuer:       /CN=67589d5fe4bb1c5bdb83a353c2737dc604341326
Certificate serial:       01973AA196C4C58F03AC69092327BDD601F7
Authority key identifier: 67:58:9D:5F:E4:BB:1C:5B:DB:83:A3:53:C2:73:7D:C6:04:34:13:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/BU0K-jq4yCTRDFgFmlLWawEJYAU.roa
Signing time:             Wed 04 Jun 2025 11:09:17 +0000
ROA not before:           Wed 04 Jun 2025 11:09:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210976
IP address blocks:        185.207.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3a:a1:96:c4:c5:8f:03:ac:69:09:23:27:bd:d6:01:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67589d5fe4bb1c5bdb83a353c2737dc604341326
        Validity
            Not Before: Jun  4 11:09:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=054d0afa3ab8c824d10c58059a52d66b01096005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f7:2b:c2:a1:d4:24:8f:3c:5d:5c:42:83:e2:
                    9a:9c:15:e3:54:a6:e8:61:7e:19:05:16:b9:19:00:
                    4c:b8:1e:7c:72:0b:f2:1d:e1:99:e4:ec:ed:6b:24:
                    1b:2b:ca:3b:84:3d:36:71:b9:00:9c:61:33:1d:e3:
                    a2:76:be:5b:15:77:b3:92:90:5d:23:ca:f7:29:31:
                    26:04:41:8e:30:de:a9:a2:9f:bd:59:e7:90:6e:9b:
                    93:e6:f5:8d:5f:22:76:fb:11:06:3e:b2:d2:cd:a6:
                    c0:f3:d3:fa:78:52:82:5f:12:40:5b:9e:9c:89:be:
                    e7:cd:9c:c1:10:67:f3:81:43:a5:61:27:68:96:78:
                    66:f7:92:96:36:6a:3c:3f:ca:73:a8:5f:6f:59:6b:
                    68:4d:ac:d3:9c:70:4c:9e:da:56:a9:e4:da:8d:9a:
                    c1:82:e4:42:d1:8d:23:70:f4:42:d1:d5:01:1a:31:
                    e9:5d:52:71:1b:6a:0a:76:a1:ac:e0:f5:24:bf:14:
                    c3:0f:2e:10:a6:30:6b:0f:89:d8:6b:81:e7:a3:f0:
                    f5:88:50:25:f3:3e:3f:bd:9d:3a:5a:3c:d6:59:97:
                    3f:b4:62:04:eb:cb:84:e6:53:ac:05:0c:66:54:a7:
                    6f:68:d3:6a:96:09:fb:1e:0c:2c:8a:3b:d9:b6:0a:
                    8c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:4D:0A:FA:3A:B8:C8:24:D1:0C:58:05:9A:52:D6:6B:01:09:60:05
            X509v3 Authority Key Identifier:
                keyid:67:58:9D:5F:E4:BB:1C:5B:DB:83:A3:53:C2:73:7D:C6:04:34:13:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/BU0K-jq4yCTRDFgFmlLWawEJYAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/733f9c-b115-49c8-959b-f58cb6480a7e/1/Z1idX-S7HFvbg6NTwnN9xgQ0EyY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:4b:24:cf:5b:52:17:bc:70:70:c1:7c:2e:a9:af:d8:d8:c0:
         cd:85:26:6c:1d:a0:6f:cf:62:63:51:af:fa:82:67:d5:64:6d:
         59:3d:b6:db:44:8d:08:83:2a:7f:25:d2:fc:0f:79:27:3b:ea:
         d9:b7:c0:e0:2d:13:96:38:84:02:7f:b4:95:f2:59:e5:5c:1f:
         21:30:c0:f0:02:bf:96:52:f8:45:3c:40:81:ae:cd:b4:2e:b0:
         06:77:eb:a9:47:73:98:ee:b8:b2:33:e1:e6:d5:82:0c:c8:8e:
         31:13:f5:e6:d7:6f:33:80:c2:0f:e9:7c:36:3b:6e:d5:a5:6e:
         a7:48:e8:8f:c1:e1:1d:82:9e:aa:71:90:d8:df:fd:ef:02:f0:
         cd:d1:fc:70:12:20:ba:e0:c4:70:48:e1:dd:5a:d6:87:a8:93:
         3a:25:67:f0:3e:52:1c:7d:4a:af:ec:bc:e3:d4:c5:18:5e:f3:
         f4:5a:6c:2e:cb:43:d5:81:28:a3:05:7a:e8:17:49:d8:3b:d3:
         13:d3:60:fb:7f:5e:8c:a3:18:fa:75:84:fe:ef:a2:5a:df:fe:
         e4:72:9a:a4:48:31:0b:f5:fe:60:5a:44:1d:d8:55:d6:8e:56:
         0a:0f:af:55:1c:ee:9e:71:53:da:33:df:1e:e7:da:ff:25:0a:
         88:2c:0d:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc6oZbExY8DrGkJIye91gH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NTg5ZDVmZTRiYjFjNWJkYjgzYTM1M2MyNzM3ZGM2MDQz
NDEzMjYwHhcNMjUwNjA0MTEwOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTRkMGFmYTNhYjhjODI0ZDEwYzU4MDU5YTUyZDY2YjAxMDk2MDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPcrwqHUJI88XVxCg+KanBXjVKbo
YX4ZBRa5GQBMuB58cgvyHeGZ5OztayQbK8o7hD02cbkAnGEzHeOidr5bFXezkpBd
I8r3KTEmBEGOMN6pop+9WeeQbpuT5vWNXyJ2+xEGPrLSzabA89P6eFKCXxJAW56c
ib7nzZzBEGfzgUOlYSdolnhm95KWNmo8P8pzqF9vWWtoTazTnHBMntpWqeTajZrB
guRC0Y0jcPRC0dUBGjHpXVJxG2oKdqGs4PUkvxTDDy4QpjBrD4nYa4Hno/D1iFAl
8z4/vZ06WjzWWZc/tGIE68uE5lOsBQxmVKdvaNNqlgn7HgwsijvZtgqMfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVNCvo6uMgk0QxYBZpS1msBCWAFMB8GA1UdIwQY
MBaAFGdYnV/kuxxb24OjU8JzfcYENBMmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjFpZFgtUzdIRnZiZzZOVHduTjl4Z1EwRXlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC83MzNmOWMtYjExNS00OWM4LTk1OWIt
ZjU4Y2I2NDgwYTdlLzEvQlUwSy1qcTR5Q1RSREZnRm1sTFdhd0VKWUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC83MzNmOWMtYjExNS00OWM4LTk1OWItZjU4Y2I2NDgwYTdl
LzEvWjFpZFgtUzdIRnZiZzZOVHduTjl4Z1EwRXlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc9DMA0G
CSqGSIb3DQEBCwUAA4IBAQAqSyTPW1IXvHBwwXwuqa/Y2MDNhSZsHaBvz2JjUa/6
gmfVZG1ZPbbbRI0Igyp/JdL8D3knO+rZt8DgLROWOIQCf7SV8lnlXB8hMMDwAr+W
UvhFPECBrs20LrAGd+upR3OY7riyM+Hm1YIMyI4xE/Xm128zgMIP6Xw2O27VpW6n
SOiPweEdgp6qcZDY3/3vAvDN0fxwEiC64MRwSOHdWtaHqJM6JWfwPlIcfUqv7Lzj
1MUYXvP0Wmwuy0PVgSijBXroF0nYO9MT02D7f16Moxj6dYT+76Ja3/7kcpqkSDEL
9f5gWkQd2FXWjlYKD69VHO6ecVPaM98e59r/JQqILA1H
-----END CERTIFICATE-----