Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/23968a-fa36-4654-bfbf-9404e177200e/1/BrgQXCLuJ84Be3x61GIA2EPz_cY.roa
File:                     BrgQXCLuJ84Be3x61GIA2EPz_cY.roa (raw, json)
Hash identifier:          5cowkMDuTzftle6S+PXtO8QaCOWyfMUV3y8GiwaAJ6M=
Subject key identifier:   06:B8:10:5C:22:EE:27:CE:01:7B:7C:7A:D4:62:00:D8:43:F3:FD:C6
Certificate issuer:       /CN=6ad70ef25e522c0d26e977a1d24ff77ead3ada19
Certificate serial:       01971C5B4C205E4BB556C504EB371BFAE044
Authority key identifier: 6A:D7:0E:F2:5E:52:2C:0D:26:E9:77:A1:D2:4F:F7:7E:AD:3A:DA:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/atcO8l5SLA0m6Xeh0k_3fq062hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/23968a-fa36-4654-bfbf-9404e177200e/1/BrgQXCLuJ84Be3x61GIA2EPz_cY.roa
Signing time:             Thu 29 May 2025 14:03:54 +0000
ROA not before:           Thu 29 May 2025 14:03:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21058
IP address blocks:        80.83.160.0/24 maxlen: 24
                          80.83.161.0/24 maxlen: 24
                          80.83.162.0/24 maxlen: 24
                          80.83.163.0/24 maxlen: 24
                          80.83.164.0/24 maxlen: 24
                          80.83.165.0/24 maxlen: 24
                          80.83.166.0/24 maxlen: 24
                          80.83.167.0/24 maxlen: 24
                          80.83.168.0/24 maxlen: 24
                          80.83.169.0/24 maxlen: 24
                          80.83.171.0/24 maxlen: 24
                          80.83.172.0/24 maxlen: 24
                          80.83.173.0/24 maxlen: 24
                          80.83.174.0/24 maxlen: 24
                          80.83.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/23968a-fa36-4654-bfbf-9404e177200e/1/atcO8l5SLA0m6Xeh0k_3fq062hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/23968a-fa36-4654-bfbf-9404e177200e/1/atcO8l5SLA0m6Xeh0k_3fq062hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/atcO8l5SLA0m6Xeh0k_3fq062hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 17:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1c:5b:4c:20:5e:4b:b5:56:c5:04:eb:37:1b:fa:e0:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ad70ef25e522c0d26e977a1d24ff77ead3ada19
        Validity
            Not Before: May 29 14:03:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06b8105c22ee27ce017b7c7ad46200d843f3fdc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:78:f5:1b:d0:10:3a:db:a2:fb:51:96:73:4d:
                    ee:f1:2d:4d:a8:31:a2:d4:6a:36:69:40:b1:49:94:
                    2c:f5:15:1a:bd:9b:16:af:8a:65:6c:da:0e:42:41:
                    c5:f1:3d:81:ce:9c:0c:cb:f6:67:ef:f7:e9:8b:40:
                    ca:9d:fa:84:ca:ec:bc:8e:9b:85:24:c3:cb:89:15:
                    39:be:b6:f4:8d:84:da:2e:be:d7:9e:7a:83:2e:c2:
                    41:f0:7f:a8:14:d0:ff:cb:c9:fa:1f:c6:e5:25:a4:
                    d4:9d:a7:4e:3c:d5:37:e6:4a:b3:85:b3:9c:15:a2:
                    b7:db:59:6f:69:c8:7d:05:78:4e:64:6a:a0:f8:ea:
                    59:d2:67:00:5c:5b:cd:92:33:fc:5f:51:f9:59:a7:
                    aa:c1:ae:d9:a5:3c:ad:27:29:3b:26:c1:7c:88:c5:
                    88:00:74:7d:36:0c:51:74:3f:12:2e:0b:fa:85:a8:
                    6f:fb:9c:1b:ab:16:28:10:a6:15:c8:aa:b1:23:06:
                    d4:e1:ce:99:74:35:89:1e:07:15:55:46:04:8c:90:
                    9a:a6:c4:ec:58:73:f8:99:2b:ba:96:2c:09:81:1f:
                    e9:7c:a4:51:b2:a8:fb:6b:c5:7d:fa:50:5a:8f:84:
                    b9:26:15:4f:52:07:6c:f5:8b:77:ce:9c:e4:3e:18:
                    79:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B8:10:5C:22:EE:27:CE:01:7B:7C:7A:D4:62:00:D8:43:F3:FD:C6
            X509v3 Authority Key Identifier:
                keyid:6A:D7:0E:F2:5E:52:2C:0D:26:E9:77:A1:D2:4F:F7:7E:AD:3A:DA:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/atcO8l5SLA0m6Xeh0k_3fq062hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/23968a-fa36-4654-bfbf-9404e177200e/1/BrgQXCLuJ84Be3x61GIA2EPz_cY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/23968a-fa36-4654-bfbf-9404e177200e/1/atcO8l5SLA0m6Xeh0k_3fq062hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.160.0-80.83.169.255
                  80.83.171.0-80.83.175.255

    Signature Algorithm: sha256WithRSAEncryption
         55:38:9d:e1:70:0e:4f:c3:01:8c:4f:dc:52:63:63:82:61:89:
         4b:1c:9a:f1:c2:96:b7:0a:e3:e0:cb:cd:ee:e8:e5:18:97:13:
         f8:78:b2:29:a3:6e:36:cc:ba:b1:9e:07:31:d8:83:8a:e8:42:
         0b:29:a2:ca:df:ea:8e:d9:ca:c4:fd:67:71:cd:33:2d:14:33:
         e1:f7:03:d7:0c:a2:5a:09:72:15:77:48:47:57:3a:f1:9a:8b:
         b9:5e:54:8b:64:01:f9:5c:7b:1f:dd:2b:95:74:38:33:23:e1:
         40:fc:c6:79:b2:5c:7d:f5:72:f3:8d:ac:0c:e7:d2:1a:05:34:
         41:44:14:71:98:d2:48:9b:88:d0:9f:9f:f2:d8:43:fd:11:32:
         1c:ee:5e:5a:54:97:e5:09:28:35:e7:25:04:72:4a:ff:37:a4:
         87:63:e9:5b:f3:36:65:cb:14:c4:f8:0d:30:9a:9f:04:81:c5:
         13:92:20:01:b7:ef:98:52:27:0d:94:22:67:eb:60:6e:49:f8:
         9c:85:40:d2:05:d7:c5:5b:cc:4f:ff:99:d5:f1:8f:cd:0c:04:
         fb:75:fc:99:f5:8c:9b:1e:56:43:aa:88:a9:79:75:b3:70:48:
         0e:86:ad:21:2f:32:1c:86:26:3e:50:9b:36:77:29:d5:a3:e2:
         f4:41:b5:f6
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZccW0wgXku1VsUE6zcb+uBEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZDcwZWYyNWU1MjJjMGQyNmU5NzdhMWQyNGZmNzdlYWQz
YWRhMTkwHhcNMjUwNTI5MTQwMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI4MTA1YzIyZWUyN2NlMDE3YjdjN2FkNDYyMDBkODQzZjNmZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3j1G9AQOtui+1GWc03u8S1NqDGi
1Go2aUCxSZQs9RUavZsWr4plbNoOQkHF8T2BzpwMy/Zn7/fpi0DKnfqEyuy8jpuF
JMPLiRU5vrb0jYTaLr7XnnqDLsJB8H+oFND/y8n6H8blJaTUnadOPNU35kqzhbOc
FaK321lvach9BXhOZGqg+OpZ0mcAXFvNkjP8X1H5Waeqwa7ZpTytJyk7JsF8iMWI
AHR9NgxRdD8SLgv6hahv+5wbqxYoEKYVyKqxIwbU4c6ZdDWJHgcVVUYEjJCapsTs
WHP4mSu6liwJgR/pfKRRsqj7a8V9+lBaj4S5JhVPUgds9Yt3zpzkPhh5wwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFAa4EFwi7ifOAXt8etRiANhD8/3GMB8GA1UdIwQY
MBaAFGrXDvJeUiwNJul3odJP936tOtoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXRjTzhsNVNMQTBtNlhlaDBrXzNmcTA2MmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8yMzk2OGEtZmEzNi00NjU0LWJmYmYt
OTQwNGUxNzcyMDBlLzEvQnJnUVhDTHVKODRCZTN4NjFHSUEyRVB6X2NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8yMzk2OGEtZmEzNi00NjU0LWJmYmYtOTQwNGUxNzcyMDBl
LzEvYXRjTzhsNVNMQTBtNlhlaDBrXzNmcTA2MmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAVQU6AD
BAFQU6gwDAMEAFBTqwMEBFBToDANBgkqhkiG9w0BAQsFAAOCAQEAVTid4XAOT8MB
jE/cUmNjgmGJSxya8cKWtwrj4MvN7ujlGJcT+HiyKaNuNsy6sZ4HMdiDiuhCCymi
yt/qjtnKxP1ncc0zLRQz4fcD1wyiWglyFXdIR1c68ZqLuV5Ui2QB+Vx7H90rlXQ4
MyPhQPzGebJcffVy842sDOfSGgU0QUQUcZjSSJuI0J+f8thD/REyHO5eWlSX5Qko
NeclBHJK/zekh2PpW/M2ZcsUxPgNMJqfBIHFE5IgAbfvmFInDZQiZ+tgbkn4nIVA
0gXXxVvMT/+Z1fGPzQwE+3X8mfWMmx5WQ6qIqXl1s3BIDoatIS8yHIYmPlCbNncp
1aPi9EG19g==
-----END CERTIFICATE-----
Generated at Thu Jun 12 03:19:01 2025 by rpki-client