Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/BsVvYEeON_W4W9ZLNqa4GXckg6I.roa
File:                     BsVvYEeON_W4W9ZLNqa4GXckg6I.roa (raw, json)
Hash identifier:          iOxv5V+HpG39JzWV7shdmh0Q2oD1yPq3ovyP8RI1dPM=
Subject key identifier:   06:C5:6F:60:47:8E:37:F5:B8:5B:D6:4B:36:A6:B8:19:77:24:83:A2
Certificate issuer:       /CN=bf88849a2eb5e9dd571a8e743bed7b9513d7a121
Certificate serial:       0195F1D39377FBF5DA8B8D17D4723FD51026
Authority key identifier: BF:88:84:9A:2E:B5:E9:DD:57:1A:8E:74:3B:ED:7B:95:13:D7:A1:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/BsVvYEeON_W4W9ZLNqa4GXckg6I.roa
Signing time:             Tue 01 Apr 2025 14:48:49 +0000
ROA not before:           Tue 01 Apr 2025 14:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        93.174.64.0/21 maxlen: 24
                          158.58.136.0/21 maxlen: 24
                          185.84.176.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f1:d3:93:77:fb:f5:da:8b:8d:17:d4:72:3f:d5:10:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf88849a2eb5e9dd571a8e743bed7b9513d7a121
        Validity
            Not Before: Apr  1 14:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06c56f60478e37f5b85bd64b36a6b819772483a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:db:c8:1f:67:98:5a:02:9e:1b:7c:21:81:7b:
                    a1:78:fa:51:f4:6e:48:36:5a:b9:a9:ff:5c:ab:e0:
                    3b:8b:0f:48:f5:0d:e3:1a:a4:31:2a:b0:b4:0a:9e:
                    54:60:12:fa:9f:e7:61:35:7e:5e:63:b7:71:8b:50:
                    1d:9f:0b:49:b6:53:0d:24:e1:7e:9d:fc:55:b4:4a:
                    ca:7f:1e:16:a1:ba:00:63:54:10:41:1b:89:b0:3d:
                    b7:d0:60:f5:97:92:a5:0d:9a:6c:ed:1d:a7:43:ab:
                    fb:40:46:b2:5a:17:5e:79:55:f4:c9:bb:99:60:4f:
                    e0:51:30:38:0f:4e:4c:02:dc:c7:39:a9:2b:98:17:
                    ba:26:6f:38:2c:34:3f:ff:c1:a8:66:77:9b:25:ba:
                    f8:64:e3:34:31:39:d4:ed:c9:18:dc:59:01:67:b2:
                    fd:53:7c:a3:12:a3:66:2e:85:e0:27:10:78:b4:a3:
                    a9:11:a6:28:d7:ac:54:2d:df:73:33:8a:0e:21:39:
                    10:4d:0d:7e:cd:10:7e:c9:04:d2:4a:fe:53:f4:72:
                    61:39:c5:4f:1d:45:41:a3:43:42:6d:b5:2d:69:ba:
                    5e:ce:a9:4b:de:48:1a:9c:35:ca:12:9d:02:a5:b6:
                    f1:44:e4:bd:74:40:df:22:9d:b8:15:59:12:9e:53:
                    d0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C5:6F:60:47:8E:37:F5:B8:5B:D6:4B:36:A6:B8:19:77:24:83:A2
            X509v3 Authority Key Identifier:
                keyid:BF:88:84:9A:2E:B5:E9:DD:57:1A:8E:74:3B:ED:7B:95:13:D7:A1:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/BsVvYEeON_W4W9ZLNqa4GXckg6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.64.0/21
                  158.58.136.0/21
                  185.84.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:72:e9:3d:8b:30:73:d3:af:81:29:88:e4:10:a0:8d:66:ac:
         4f:38:98:b6:65:e0:46:f6:35:75:4a:c0:d5:61:36:1f:85:b9:
         01:8e:45:bf:df:3d:16:fe:e5:f0:73:ff:d5:fc:92:64:c3:20:
         0b:bb:f0:ad:82:72:b3:71:5d:82:e1:e9:c2:c7:2d:6f:67:1a:
         12:39:a8:49:1a:87:6b:ce:e7:8e:7a:c6:f3:f0:e9:31:e9:7b:
         32:3f:50:d4:9c:89:bb:c9:7e:ce:74:8c:f6:be:37:38:c5:9a:
         b2:11:02:f2:22:62:06:7f:04:93:54:3e:2b:96:02:00:66:52:
         73:9e:7c:fe:13:8c:8e:c9:e8:24:63:db:cd:37:63:40:54:ed:
         81:1f:7c:90:34:12:40:58:77:ef:15:e6:1e:ee:8a:2f:eb:c5:
         e7:22:33:d4:45:b9:de:37:b9:83:37:3f:3e:1e:da:0d:37:d0:
         d1:6b:d2:04:76:63:0b:79:48:dc:71:17:7f:1a:79:54:24:b1:
         f8:84:f4:b0:0f:49:0d:64:b6:19:42:f7:6a:9d:6f:ed:32:74:
         d8:32:ff:8b:8f:4a:f6:fa:29:67:a6:86:7a:df:cf:9b:e2:cd:
         bf:bd:b3:c8:f4:5b:88:60:fd:3c:3c:da:33:59:cc:ce:fa:ad:
         78:e8:41:8d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZXx05N3+/Xai40X1HI/1RAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODg4NDlhMmViNWU5ZGQ1NzFhOGU3NDNiZWQ3Yjk1MTNk
N2ExMjEwHhcNMjUwNDAxMTQ0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmM1NmY2MDQ3OGUzN2Y1Yjg1YmQ2NGIzNmE2YjgxOTc3MjQ4M2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitvIH2eYWgKeG3whgXuhePpR9G5I
Nlq5qf9cq+A7iw9I9Q3jGqQxKrC0Cp5UYBL6n+dhNX5eY7dxi1AdnwtJtlMNJOF+
nfxVtErKfx4WoboAY1QQQRuJsD230GD1l5KlDZps7R2nQ6v7QEayWhdeeVX0ybuZ
YE/gUTA4D05MAtzHOakrmBe6Jm84LDQ//8GoZnebJbr4ZOM0MTnU7ckY3FkBZ7L9
U3yjEqNmLoXgJxB4tKOpEaYo16xULd9zM4oOITkQTQ1+zRB+yQTSSv5T9HJhOcVP
HUVBo0NCbbUtabpezqlL3kganDXKEp0CpbbxROS9dEDfIp24FVkSnlPQCQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAbFb2BHjjf1uFvWSzamuBl3JIOiMB8GA1UdIwQY
MBaAFL+IhJoutendVxqOdDvte5UT16EhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRpRW1pNjE2ZDFYR281ME8tMTdsUlBYb1NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9kYmM1OGUtMDI3Yi00YWFjLTlkZTYt
MjM3MzliNWZkODRjLzEvQnNWdllFZU9OX1c0VzlaTE5xYTRHWGNrZzZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9kYmM1OGUtMDI3Yi00YWFjLTlkZTYtMjM3MzliNWZkODRj
LzEvdjRpRW1pNjE2ZDFYR281ME8tMTdsUlBYb1NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDXa5AAwQD
njqIAwQCuVSwMA0GCSqGSIb3DQEBCwUAA4IBAQCBcuk9izBz06+BKYjkEKCNZqxP
OJi2ZeBG9jV1SsDVYTYfhbkBjkW/3z0W/uXwc//V/JJkwyALu/CtgnKzcV2C4enC
xy1vZxoSOahJGodrzueOesbz8Okx6XsyP1DUnIm7yX7OdIz2vjc4xZqyEQLyImIG
fwSTVD4rlgIAZlJznnz+E4yOyegkY9vNN2NAVO2BH3yQNBJAWHfvFeYe7oov68Xn
IjPURbneN7mDNz8+HtoNN9DRa9IEdmMLeUjccRd/GnlUJLH4hPSwD0kNZLYZQvdq
nW/tMnTYMv+Lj0r2+ilnpoZ638+b4s2/vbPI9FuIYP08PNozWczO+q146EGN
-----END CERTIFICATE-----