Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/bBGQxULUfgQ-36zlMXfyfxhMgv0.roa
File:                     bBGQxULUfgQ-36zlMXfyfxhMgv0.roa (raw, json)
Hash identifier:          gb5ulfRe2yG9hXwqyCkBkrrYHVbdMbZmAMmYnD1gFm0=
Subject key identifier:   6C:11:90:C5:42:D4:7E:04:3E:DF:AC:E5:31:77:F2:7F:18:4C:82:FD
Certificate issuer:       /CN=af6da9d56b42c2b816b1ae6b185125abf21593ef
Certificate serial:       0196FCEED4BB116E8BF43C0C9CEC3D2184B4
Authority key identifier: AF:6D:A9:D5:6B:42:C2:B8:16:B1:AE:6B:18:51:25:AB:F2:15:93:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r22p1WtCwrgWsa5rGFElq_IVk-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/bBGQxULUfgQ-36zlMXfyfxhMgv0.roa
Signing time:             Fri 23 May 2025 11:37:12 +0000
ROA not before:           Fri 23 May 2025 11:37:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21190
IP address blocks:        194.56.100.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/r22p1WtCwrgWsa5rGFElq_IVk-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/r22p1WtCwrgWsa5rGFElq_IVk-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r22p1WtCwrgWsa5rGFElq_IVk-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fc:ee:d4:bb:11:6e:8b:f4:3c:0c:9c:ec:3d:21:84:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af6da9d56b42c2b816b1ae6b185125abf21593ef
        Validity
            Not Before: May 23 11:37:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c1190c542d47e043edface53177f27f184c82fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d4:d6:9c:e7:d1:c3:38:84:39:81:ef:b5:cf:
                    f2:06:b3:29:e4:55:a9:f9:99:e9:5b:27:00:ff:ec:
                    b2:b6:d8:09:ea:83:45:85:4e:96:00:f5:5c:51:ca:
                    35:1d:d8:36:26:7c:b0:a2:b3:1e:f9:a6:6a:5b:60:
                    fe:a1:ce:3b:23:be:25:9b:ae:92:c0:17:34:54:c3:
                    fb:9a:de:30:60:c8:15:8f:49:d7:bc:85:53:78:21:
                    4d:e0:db:33:c5:24:45:9c:e1:74:27:3f:c6:1f:ca:
                    81:e4:e9:a5:a8:7d:30:d5:97:89:e7:48:5d:8b:83:
                    a6:2e:df:f7:ce:bc:66:53:d6:da:bd:ad:9a:d6:15:
                    c9:f0:4c:3b:98:73:d2:82:17:e7:1e:46:2e:72:c1:
                    3b:fb:fe:2b:bc:71:80:ab:2e:ea:d7:9f:94:77:df:
                    9c:69:b2:f6:0b:4a:74:05:23:95:24:c2:5f:af:60:
                    9e:c0:e3:d5:65:0f:91:ed:ae:5c:23:53:cb:08:16:
                    af:29:b9:b2:26:69:6f:49:7a:4d:4e:e1:d4:4e:09:
                    10:29:9c:da:62:cc:3a:6e:12:f1:e9:00:e0:16:56:
                    46:c3:64:2a:08:b7:3b:90:fe:0f:42:4e:4a:aa:2a:
                    ed:1a:b5:35:e2:55:c5:0e:f4:8c:5f:46:62:2f:d9:
                    c3:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:11:90:C5:42:D4:7E:04:3E:DF:AC:E5:31:77:F2:7F:18:4C:82:FD
            X509v3 Authority Key Identifier:
                keyid:AF:6D:A9:D5:6B:42:C2:B8:16:B1:AE:6B:18:51:25:AB:F2:15:93:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r22p1WtCwrgWsa5rGFElq_IVk-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/bBGQxULUfgQ-36zlMXfyfxhMgv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/897378-c556-4352-9a04-b10a832bca43/1/r22p1WtCwrgWsa5rGFElq_IVk-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:b1:ae:d6:cc:53:04:a1:28:e1:02:33:60:4d:29:9f:ab:19:
         11:79:ca:f3:b3:e5:94:47:8e:5d:bd:10:d3:81:6a:a8:59:71:
         b0:83:e8:34:d6:08:d1:f2:7d:57:86:49:21:73:aa:12:4c:b2:
         2a:1a:79:bf:79:bf:05:ee:d2:32:2f:89:e4:d9:58:c6:67:6a:
         bb:fd:d5:59:cf:12:22:6d:26:3f:eb:c5:3d:4c:98:d0:18:91:
         59:0c:9e:11:2e:d1:18:d2:1c:35:93:b4:4d:1b:f7:b2:eb:2d:
         fc:5d:84:92:af:cf:7a:cd:a9:0d:75:1d:43:d2:dc:20:44:62:
         67:82:81:fe:5d:05:7a:34:a1:ca:ed:7d:f1:08:71:65:bb:4d:
         b4:e2:8e:ea:ed:b4:a8:18:b8:88:d6:c3:30:b3:48:c0:9d:20:
         a1:09:33:f2:fc:b3:43:4b:0c:18:fd:d6:1d:30:71:fd:e7:fb:
         b4:9a:1e:b9:07:86:34:0b:54:85:e7:92:02:6c:7a:21:38:e7:
         14:97:2c:fc:b6:ee:1c:1e:18:02:ef:dd:e3:a7:f3:41:22:9e:
         34:45:b8:31:59:3f:7a:d8:9b:2b:97:29:70:7b:98:82:46:4e:
         24:1d:5e:ce:9d:85:94:20:5d:dd:27:27:28:e6:ef:55:1e:91:
         42:ed:a5:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb87tS7EW6L9DwMnOw9IYS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNmRhOWQ1NmI0MmMyYjgxNmIxYWU2YjE4NTEyNWFiZjIx
NTkzZWYwHhcNMjUwNTIzMTEzNzEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzExOTBjNTQyZDQ3ZTA0M2VkZmFjZTUzMTc3ZjI3ZjE4NGM4MmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NTWnOfRwziEOYHvtc/yBrMp5FWp
+ZnpWycA/+yyttgJ6oNFhU6WAPVcUco1Hdg2JnyworMe+aZqW2D+oc47I74lm66S
wBc0VMP7mt4wYMgVj0nXvIVTeCFN4NszxSRFnOF0Jz/GH8qB5OmlqH0w1ZeJ50hd
i4OmLt/3zrxmU9bava2a1hXJ8Ew7mHPSghfnHkYucsE7+/4rvHGAqy7q15+Ud9+c
abL2C0p0BSOVJMJfr2CewOPVZQ+R7a5cI1PLCBavKbmyJmlvSXpNTuHUTgkQKZza
Ysw6bhLx6QDgFlZGw2QqCLc7kP4PQk5KqirtGrU14lXFDvSMX0ZiL9nDhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwRkMVC1H4EPt+s5TF38n8YTIL9MB8GA1UdIwQY
MBaAFK9tqdVrQsK4FrGuaxhRJavyFZPvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjIycDFXdEN3cmdXc2E1ckdGRWxxX0lWay04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84OTczNzgtYzU1Ni00MzUyLTlhMDQt
YjEwYTgzMmJjYTQzLzEvYkJHUXhVTFVmZ1EtMzZ6bE1YZnlmeGhNZ3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84OTczNzgtYzU1Ni00MzUyLTlhMDQtYjEwYTgzMmJjYTQz
LzEvcjIycDFXdEN3cmdXc2E1ckdGRWxxX0lWay04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjhkMA0G
CSqGSIb3DQEBCwUAA4IBAQBqsa7WzFMEoSjhAjNgTSmfqxkRecrzs+WUR45dvRDT
gWqoWXGwg+g01gjR8n1Xhkkhc6oSTLIqGnm/eb8F7tIyL4nk2VjGZ2q7/dVZzxIi
bSY/68U9TJjQGJFZDJ4RLtEY0hw1k7RNG/ey6y38XYSSr896zakNdR1D0twgRGJn
goH+XQV6NKHK7X3xCHFlu0204o7q7bSoGLiI1sMws0jAnSChCTPy/LNDSwwY/dYd
MHH95/u0mh65B4Y0C1SF55ICbHohOOcUlyz8tu4cHhgC793jp/NBIp40RbgxWT96
2Jsrlylwe5iCRk4kHV7OnYWUIF3dJyco5u9VHpFC7aX2
-----END CERTIFICATE-----