Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/BMA05L6iCA3QlO_55Q-NOzWRruU.roa
File:                     BMA05L6iCA3QlO_55Q-NOzWRruU.roa (raw, json)
Hash identifier:          jRkDr68BpJuNUvahwzSh3nRl/z1gBZmKfcO35ZAQriw=
Subject key identifier:   04:C0:34:E4:BE:A2:08:0D:D0:94:EF:F9:E5:0F:8D:3B:35:91:AE:E5
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       0195D6A8514D5135AD8552F6F6D92C10293B
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/BMA05L6iCA3QlO_55Q-NOzWRruU.roa
Signing time:             Thu 27 Mar 2025 08:11:49 +0000
ROA not before:           Thu 27 Mar 2025 08:11:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212147
IP address blocks:        195.43.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d6:a8:51:4d:51:35:ad:85:52:f6:f6:d9:2c:10:29:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Mar 27 08:11:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04c034e4bea2080dd094eff9e50f8d3b3591aee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:84:39:d5:3c:32:54:87:83:46:2e:de:44:5d:
                    b7:dc:a7:03:36:cb:9d:8a:93:01:cd:94:13:7c:ce:
                    10:78:37:5a:8d:9e:f2:b6:23:86:eb:a1:ad:d9:c5:
                    74:e6:e6:f6:4e:60:c0:79:e3:86:9d:0f:67:5c:bb:
                    ba:e5:e5:7a:fd:e9:9a:0c:c4:0b:fb:f2:39:f6:12:
                    ee:92:b4:20:47:73:54:c1:a7:5e:b4:9c:ff:85:4c:
                    43:dd:b9:a6:0f:ea:ae:00:74:80:87:b9:49:c6:2a:
                    62:c3:1c:a0:34:07:cc:14:f9:09:35:d3:82:a0:98:
                    45:3f:e1:d6:2b:b0:4d:45:c2:f7:29:0e:3f:06:b0:
                    b0:88:57:f3:95:2f:44:77:3d:7a:d8:81:3e:e0:e5:
                    0f:ec:4b:08:31:b0:f2:18:31:61:2a:fd:33:56:56:
                    bd:b3:5a:f4:25:c2:18:ef:be:b2:c9:e6:90:d6:86:
                    39:8c:73:7d:28:aa:b1:18:1c:3f:39:9b:00:a1:04:
                    ce:50:f7:fc:38:9f:09:1e:22:07:9b:5b:d2:65:82:
                    74:e0:c9:a8:f3:d8:62:f4:d6:8e:bb:d5:b1:03:e4:
                    c9:7a:b5:09:65:49:15:87:11:17:df:d3:b4:8a:5d:
                    d4:00:be:01:49:2c:d6:33:69:b7:ca:12:73:57:12:
                    82:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:C0:34:E4:BE:A2:08:0D:D0:94:EF:F9:E5:0F:8D:3B:35:91:AE:E5
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/BMA05L6iCA3QlO_55Q-NOzWRruU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:74:9c:cb:e4:67:33:8c:50:9b:01:cd:d6:66:35:76:a8:d0:
         90:f4:07:ce:54:ff:8a:12:cc:07:f8:db:5d:c4:19:e0:34:82:
         32:e1:23:b1:f2:c7:3f:aa:c4:c9:13:86:69:4e:59:07:ab:6f:
         73:13:8e:a6:38:c8:68:25:8e:a3:e0:32:c6:2b:9a:ea:2d:b6:
         b2:47:d1:68:75:79:a6:a7:ce:f2:8d:40:3b:cc:ab:60:08:be:
         9f:4a:c1:46:70:a8:f2:27:d5:9f:c8:3e:3b:69:b5:e3:7a:3d:
         61:11:96:a5:13:31:39:a0:9e:21:79:73:ad:04:36:0c:74:fa:
         5d:c5:34:75:f6:f5:d9:a6:0a:a3:25:79:be:35:ea:41:1b:21:
         da:b6:55:80:48:69:c6:15:df:ab:e4:54:d6:95:1e:b9:e1:e9:
         4b:06:16:fe:78:58:b7:e4:2e:20:2a:1f:51:f7:67:5f:f9:79:
         61:bb:9b:80:89:2d:67:a0:f7:39:ba:69:c3:45:e2:e0:14:fe:
         03:62:36:09:86:37:90:b7:56:c9:92:67:55:08:98:4f:cf:3a:
         fc:11:dc:74:8d:62:eb:8d:52:08:5c:8d:7f:7a:b0:be:e0:cb:
         9e:07:fb:40:94:ae:73:44:78:f6:4d:82:b1:e5:68:f4:c2:1e:
         c7:c3:09:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXWqFFNUTWthVL29tksECk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjUwMzI3MDgxMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGMwMzRlNGJlYTIwODBkZDA5NGVmZjllNTBmOGQzYjM1OTFhZWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIQ51TwyVIeDRi7eRF233KcDNsud
ipMBzZQTfM4QeDdajZ7ytiOG66Gt2cV05ub2TmDAeeOGnQ9nXLu65eV6/emaDMQL
+/I59hLukrQgR3NUwadetJz/hUxD3bmmD+quAHSAh7lJxipiwxygNAfMFPkJNdOC
oJhFP+HWK7BNRcL3KQ4/BrCwiFfzlS9Edz162IE+4OUP7EsIMbDyGDFhKv0zVla9
s1r0JcIY776yyeaQ1oY5jHN9KKqxGBw/OZsAoQTOUPf8OJ8JHiIHm1vSZYJ04Mmo
89hi9NaOu9WxA+TJerUJZUkVhxEX39O0il3UAL4BSSzWM2m3yhJzVxKCOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATANOS+oggN0JTv+eUPjTs1ka7lMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvQk1BMDVMNmlDQTNRbE9fNTVRLU5PeldScnVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyuGMA0G
CSqGSIb3DQEBCwUAA4IBAQApdJzL5GczjFCbAc3WZjV2qNCQ9AfOVP+KEswH+Ntd
xBngNIIy4SOx8sc/qsTJE4ZpTlkHq29zE46mOMhoJY6j4DLGK5rqLbayR9FodXmm
p87yjUA7zKtgCL6fSsFGcKjyJ9WfyD47abXjej1hEZalEzE5oJ4heXOtBDYMdPpd
xTR19vXZpgqjJXm+NepBGyHatlWASGnGFd+r5FTWlR654elLBhb+eFi35C4gKh9R
92df+Xlhu5uAiS1noPc5umnDReLgFP4DYjYJhjeQt1bJkmdVCJhPzzr8Edx0jWLr
jVIIXI1/erC+4MueB/tAlK5zRHj2TYKx5Wj0wh7HwwkK
-----END CERTIFICATE-----