Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/ce0077-c701-4ced-9d53-6c5c34586f6e/1/BBvcU1rTQglpBpaZ0QSgMGmSs3Y.roa
File:                     BBvcU1rTQglpBpaZ0QSgMGmSs3Y.roa (raw, json)
Hash identifier:          CTLLrnC8K2O/r8N1tX8rlBGB23cEp0OueaV8H2QNefc=
Subject key identifier:   04:1B:DC:53:5A:D3:42:09:69:06:96:99:D1:04:A0:30:69:92:B3:76
Certificate issuer:       /CN=bdf5b712f2e4932c1c030312d194a597883f3d5e
Certificate serial:       01942521A6A87F37DFD0B64C7CE6278418E7
Authority key identifier: BD:F5:B7:12:F2:E4:93:2C:1C:03:03:12:D1:94:A5:97:88:3F:3D:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfW3EvLkkywcAwMS0ZSll4g_PV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/ce0077-c701-4ced-9d53-6c5c34586f6e/1/BBvcU1rTQglpBpaZ0QSgMGmSs3Y.roa
Signing time:             Thu 02 Jan 2025 03:49:09 +0000
ROA not before:           Thu 02 Jan 2025 03:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29117
IP address blocks:        195.85.200.0/24 maxlen: 24
                          195.234.61.0/24 maxlen: 24
                          2001:67c:195c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/ce0077-c701-4ced-9d53-6c5c34586f6e/1/vfW3EvLkkywcAwMS0ZSll4g_PV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/ce0077-c701-4ced-9d53-6c5c34586f6e/1/vfW3EvLkkywcAwMS0ZSll4g_PV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfW3EvLkkywcAwMS0ZSll4g_PV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a6:a8:7f:37:df:d0:b6:4c:7c:e6:27:84:18:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdf5b712f2e4932c1c030312d194a597883f3d5e
        Validity
            Not Before: Jan  2 03:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=041bdc535ad3420969069699d104a0306992b376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6d:03:40:8b:5d:01:4d:0c:32:54:36:98:70:
                    4c:33:6e:b9:2e:5a:0d:d7:8c:8a:12:79:29:7a:e3:
                    84:56:a6:36:86:0d:d3:d2:88:2c:d3:f0:5b:be:20:
                    2d:a6:cf:4d:52:da:63:a7:7d:aa:64:ba:4f:13:da:
                    54:1a:2a:16:a0:fc:da:6d:e8:ea:8d:aa:8b:a5:91:
                    32:bb:c1:57:1e:c3:bb:74:9f:e1:4b:12:d3:ed:31:
                    19:70:e1:21:31:da:44:58:99:17:6c:da:fd:25:c5:
                    92:4c:94:a5:d4:41:49:d7:57:62:e6:42:b2:36:7a:
                    54:66:6b:74:21:00:a2:a7:84:c9:c8:ca:7f:dc:cc:
                    01:6f:81:5b:2a:50:7f:56:df:f4:09:05:74:58:a5:
                    5b:08:18:2a:0a:26:8a:e2:2b:ee:86:19:a4:b6:81:
                    03:b9:a7:6d:40:7e:40:53:ff:e5:04:82:3c:bd:10:
                    12:b3:8d:98:54:8b:53:47:b0:23:0b:6f:71:00:2a:
                    a9:b4:28:db:b0:ab:36:03:bc:af:aa:ec:c3:e7:c3:
                    8b:9e:b7:b6:41:97:bf:58:a6:aa:c3:94:79:35:fe:
                    d8:07:44:6c:58:cf:c0:fe:61:68:bd:fa:0b:de:5a:
                    39:e2:f0:89:4c:60:87:31:9d:d1:83:cb:76:d2:21:
                    f2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:1B:DC:53:5A:D3:42:09:69:06:96:99:D1:04:A0:30:69:92:B3:76
            X509v3 Authority Key Identifier:
                keyid:BD:F5:B7:12:F2:E4:93:2C:1C:03:03:12:D1:94:A5:97:88:3F:3D:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfW3EvLkkywcAwMS0ZSll4g_PV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/ce0077-c701-4ced-9d53-6c5c34586f6e/1/BBvcU1rTQglpBpaZ0QSgMGmSs3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/ce0077-c701-4ced-9d53-6c5c34586f6e/1/vfW3EvLkkywcAwMS0ZSll4g_PV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.200.0/24
                  195.234.61.0/24
                IPv6:
                  2001:67c:195c::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:2e:58:4c:5f:6f:68:ef:a7:17:51:0a:1a:8e:cc:7f:80:26:
         41:c8:73:57:44:04:66:be:70:3e:3d:d6:d3:d6:e0:38:66:61:
         3e:81:06:ad:0e:7c:56:fb:d0:23:9e:57:15:45:5b:a0:a4:2e:
         9a:92:de:f0:2b:79:cd:ca:48:b0:f6:7f:c7:d4:c1:bd:9e:be:
         92:0d:93:3e:ac:b5:8e:7c:74:6c:b6:d5:1f:5f:ac:4e:85:c8:
         a5:95:53:7e:c8:56:fd:4a:d5:4e:ae:c1:8f:b9:cd:1f:6d:2b:
         b0:e7:e0:c8:c8:7c:6e:aa:de:fb:7b:24:f0:6c:3c:b1:4c:73:
         b1:82:94:75:f3:cf:98:d5:f4:cb:d7:c8:f7:b9:57:65:09:ee:
         ae:b1:a5:cb:12:5e:92:58:3f:43:20:cf:4e:fa:ac:71:18:94:
         5c:31:b0:d7:f0:ce:fc:ed:5b:cc:5c:9b:cb:2b:ee:12:bd:22:
         08:0d:e3:1f:54:10:9f:c3:d4:90:33:07:4f:27:df:be:e4:d5:
         56:44:2b:14:2f:8e:79:e9:f7:87:06:21:9e:fa:97:6a:40:91:
         5d:f6:96:09:c8:68:bf:a9:37:f9:1d:5a:d9:b3:cc:ed:1a:a5:
         e2:3b:9c:8d:33:fc:62:f6:8a:9c:73:22:d4:37:ab:ff:11:e2:
         3a:45:27:d1
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQlIaaofzff0LZMfOYnhBjnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZjViNzEyZjJlNDkzMmMxYzAzMDMxMmQxOTRhNTk3ODgz
ZjNkNWUwHhcNMjUwMTAyMDM0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDFiZGM1MzVhZDM0MjA5NjkwNjk2OTlkMTA0YTAzMDY5OTJiMzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm20DQItdAU0MMlQ2mHBMM265LloN
14yKEnkpeuOEVqY2hg3T0ogs0/BbviAtps9NUtpjp32qZLpPE9pUGioWoPzabejq
jaqLpZEyu8FXHsO7dJ/hSxLT7TEZcOEhMdpEWJkXbNr9JcWSTJSl1EFJ11di5kKy
NnpUZmt0IQCip4TJyMp/3MwBb4FbKlB/Vt/0CQV0WKVbCBgqCiaK4ivuhhmktoED
uadtQH5AU//lBII8vRASs42YVItTR7AjC29xACqptCjbsKs2A7yvquzD58OLnre2
QZe/WKaqw5R5Nf7YB0RsWM/A/mFovfoL3lo54vCJTGCHMZ3Rg8t20iHyGQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFAQb3FNa00IJaQaWmdEEoDBpkrN2MB8GA1UdIwQY
MBaAFL31txLy5JMsHAMDEtGUpZeIPz1eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZXM0V2TGtreXdjQXdNUzBaU2xsNGdfUFY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9jZTAwNzctYzcwMS00Y2VkLTlkNTMt
NmM1YzM0NTg2ZjZlLzEvQkJ2Y1UxclRRZ2xwQnBhWjBRU2dNR21TczNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9jZTAwNzctYzcwMS00Y2VkLTlkNTMtNmM1YzM0NTg2ZjZl
LzEvdmZXM0V2TGtreXdjQXdNUzBaU2xsNGdfUFY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAw1XIAwQA
w+o9MA8EAgACMAkDBwAgAQZ8GVwwDQYJKoZIhvcNAQELBQADggEBADQuWExfb2jv
pxdRChqOzH+AJkHIc1dEBGa+cD491tPW4DhmYT6BBq0OfFb70COeVxVFW6CkLpqS
3vArec3KSLD2f8fUwb2evpINkz6stY58dGy21R9frE6FyKWVU37IVv1K1U6uwY+5
zR9tK7Dn4MjIfG6q3vt7JPBsPLFMc7GClHXzz5jV9MvXyPe5V2UJ7q6xpcsSXpJY
P0Mgz076rHEYlFwxsNfwzvztW8xcm8sr7hK9IggN4x9UEJ/D1JAzB08n377k1VZE
KxQvjnnp94cGIZ76l2pAkV32lgnIaL+pN/kdWtmzzO0apeI7nI0z/GL2ipxzItQ3
q/8R4jpFJ9E=
-----END CERTIFICATE-----