Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/BtaWKpewp0t-jzKE-k6lFnfI0_c.roa
File:                     BtaWKpewp0t-jzKE-k6lFnfI0_c.roa (raw, json)
Hash identifier:          DCOoNIe4oBMll7PycXcrB8Q8Pxkmj5k38ygxgzs+uLA=
Subject key identifier:   06:D6:96:2A:97:B0:A7:4B:7E:8F:32:84:FA:4E:A5:16:77:C8:D3:F7
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0199915E086BDE18AF2BA17AE549F1166509
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/BtaWKpewp0t-jzKE-k6lFnfI0_c.roa
Signing time:             Sun 28 Sep 2025 17:28:02 +0000
ROA not before:           Sun 28 Sep 2025 17:28:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9294
IP address blocks:        31.42.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:91:5e:08:6b:de:18:af:2b:a1:7a:e5:49:f1:16:65:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Sep 28 17:28:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06d6962a97b0a74b7e8f3284fa4ea51677c8d3f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:58:8d:64:f1:6a:55:48:c2:8d:ce:a1:30:3e:
                    5b:38:0b:8b:09:86:76:f1:c8:54:ba:cb:94:50:f5:
                    80:2b:ad:8f:6d:9f:74:6c:4b:19:ea:ed:b6:34:a3:
                    e5:72:97:ff:d1:86:16:fa:14:90:a1:a6:f5:08:46:
                    2c:4b:c7:61:12:3f:74:c6:5b:3b:d8:3a:1e:2a:4d:
                    30:e4:80:6b:60:d5:b7:6d:f5:e7:84:bd:a9:60:37:
                    8c:e0:b3:d4:87:4b:4a:14:b9:ef:49:94:91:a5:1f:
                    eb:54:73:95:51:f9:d7:60:ce:b6:b5:f4:aa:ec:ec:
                    85:b4:3d:cf:6d:b2:5c:a0:f3:1d:ef:79:94:29:61:
                    03:aa:8c:2e:90:06:de:9a:b3:7b:2d:9a:29:8b:84:
                    db:d8:19:bd:72:46:be:dc:2d:cd:ea:cd:be:1b:e2:
                    5f:c6:35:ed:82:9b:fd:97:c3:5a:96:4f:78:22:47:
                    02:81:af:2a:83:fd:c4:d6:7f:ee:d1:a5:7d:3d:84:
                    03:d2:a8:c9:53:e8:1f:97:bd:23:fe:fe:e7:93:0d:
                    e7:18:a9:a2:2c:27:5a:95:12:bb:ab:81:c5:96:50:
                    1b:3f:0e:4e:06:79:5c:1a:d8:a3:8a:4d:d6:cd:4f:
                    f4:c2:eb:f4:8f:57:58:06:2f:c6:6b:3e:de:fb:00:
                    59:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D6:96:2A:97:B0:A7:4B:7E:8F:32:84:FA:4E:A5:16:77:C8:D3:F7
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/BtaWKpewp0t-jzKE-k6lFnfI0_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:86:07:ce:81:ba:0a:b3:17:0b:7b:fa:51:82:4b:20:16:62:
         fc:c6:0d:22:b0:3d:4f:ea:e6:37:6b:0e:d0:82:2d:80:0d:b1:
         4e:5c:08:e9:f3:19:3b:71:68:29:88:5f:c2:55:d5:d6:35:04:
         ee:4b:f3:29:e7:82:39:f8:30:9c:b2:a4:a3:77:bf:c4:36:b5:
         e5:c4:c8:0f:05:cc:c1:8c:fd:c6:4e:84:f7:02:7a:cc:27:c3:
         93:ab:21:d0:82:ec:78:0d:6b:e4:84:92:c8:fd:64:9f:f8:f6:
         68:d0:71:86:a7:c8:f5:e1:f6:8b:44:11:3b:b3:71:14:a2:3f:
         ef:1e:8b:2b:b9:b7:5b:53:9e:62:ec:a9:ab:17:12:46:d0:9f:
         4f:f4:8d:ee:2c:f3:35:33:e3:7e:ac:65:87:7c:c7:78:e7:36:
         c7:49:18:93:80:cc:ac:98:13:9c:a6:a4:4a:11:68:e4:67:d2:
         7b:de:4c:6b:35:01:f1:62:4d:fd:74:cf:6e:f2:f3:e2:dd:db:
         e0:27:2a:41:d9:e0:f4:7d:da:74:d5:17:e5:c0:ec:44:ff:e4:
         72:14:3c:9c:47:c5:b7:99:78:f9:81:a7:24:1c:d7:d6:4f:a2:
         22:9d:35:27:32:d1:c0:fc:cd:09:73:b4:99:4f:5a:24:d1:ff:
         f4:35:c9:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmRXghr3hivK6F65UnxFmUJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwOTI4MTcyODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQ2OTYyYTk3YjBhNzRiN2U4ZjMyODRmYTRlYTUxNjc3YzhkM2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ViNZPFqVUjCjc6hMD5bOAuLCYZ2
8chUusuUUPWAK62PbZ90bEsZ6u22NKPlcpf/0YYW+hSQoab1CEYsS8dhEj90xls7
2DoeKk0w5IBrYNW3bfXnhL2pYDeM4LPUh0tKFLnvSZSRpR/rVHOVUfnXYM62tfSq
7OyFtD3PbbJcoPMd73mUKWEDqowukAbemrN7LZopi4Tb2Bm9cka+3C3N6s2+G+Jf
xjXtgpv9l8Nalk94IkcCga8qg/3E1n/u0aV9PYQD0qjJU+gfl70j/v7nkw3nGKmi
LCdalRK7q4HFllAbPw5OBnlcGtijik3WzU/0wuv0j1dYBi/Gaz7e+wBZbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbWliqXsKdLfo8yhPpOpRZ3yNP3MB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvQnRhV0twZXdwMHQtanpLRS1rNmxGbmZJMF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyp5MA0G
CSqGSIb3DQEBCwUAA4IBAQAAhgfOgboKsxcLe/pRgksgFmL8xg0isD1P6uY3aw7Q
gi2ADbFOXAjp8xk7cWgpiF/CVdXWNQTuS/Mp54I5+DCcsqSjd7/ENrXlxMgPBczB
jP3GToT3AnrMJ8OTqyHQgux4DWvkhJLI/WSf+PZo0HGGp8j14faLRBE7s3EUoj/v
HosrubdbU55i7KmrFxJG0J9P9I3uLPM1M+N+rGWHfMd45zbHSRiTgMysmBOcpqRK
EWjkZ9J73kxrNQHxYk39dM9u8vPi3dvgJypB2eD0fdp01RflwOxE/+RyFDycR8W3
mXj5gackHNfWT6IinTUnMtHA/M0Jc7SZT1ok0f/0NckY
-----END CERTIFICATE-----