Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/bOCPMjkzIIwu9o10H6xAzbzLc_8.roa
File:                     bOCPMjkzIIwu9o10H6xAzbzLc_8.roa (raw, json)
Hash identifier:          vzYpLCHM/3xufjlydAQ6DbR3bMECUWkMtTER/abGULc=
Subject key identifier:   6C:E0:8F:32:39:33:20:8C:2E:F6:8D:74:1F:AC:40:CD:BC:CB:73:FF
Certificate issuer:       /CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
Certificate serial:       0198F497A88E6E1E9749D6F98E4E2A9ADC3F
Authority key identifier: 96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/bOCPMjkzIIwu9o10H6xAzbzLc_8.roa
Signing time:             Fri 29 Aug 2025 06:50:36 +0000
ROA not before:           Fri 29 Aug 2025 06:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        85.203.45.0/24 maxlen: 24
                          85.203.54.0/24 maxlen: 24
                          85.203.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 16:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f4:97:a8:8e:6e:1e:97:49:d6:f9:8e:4e:2a:9a:dc:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
        Validity
            Not Before: Aug 29 06:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ce08f323933208c2ef68d741fac40cdbccb73ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:70:03:e7:13:09:d3:46:b4:8e:03:aa:c5:4f:
                    6a:62:ed:36:ca:ca:1b:af:e3:c4:cf:94:c6:53:a6:
                    f0:4e:da:4e:15:c7:ba:86:4c:2a:87:56:cd:c2:2b:
                    2e:45:03:65:b6:e9:01:c5:5f:f0:1c:fe:9b:1e:a9:
                    d4:1e:96:93:e8:4e:30:07:c6:43:22:ec:ad:c2:27:
                    06:29:14:a2:c3:3b:e1:75:5f:37:df:91:6e:e3:34:
                    17:bb:9b:27:13:2c:82:31:6e:c3:ab:a1:bb:dc:3f:
                    97:45:44:e4:91:ad:4b:79:5d:fc:4c:24:4d:39:de:
                    e8:e0:d6:da:08:db:80:d9:de:55:35:ca:77:5b:9a:
                    8d:11:88:88:c0:67:95:e9:8e:38:a7:5d:02:a6:1a:
                    f4:e9:79:1c:fc:de:6e:b0:39:1d:36:45:63:18:37:
                    f4:d0:0f:29:10:d7:ed:15:62:6d:49:74:86:44:13:
                    ee:7f:2a:aa:97:ff:6d:b8:1c:50:90:3e:af:90:93:
                    c8:1a:d2:81:cb:e9:61:62:41:0f:2b:b4:75:6d:a3:
                    5d:36:d4:02:d6:fb:a2:32:31:60:c6:54:9c:ca:ed:
                    cb:ed:a4:60:f3:65:74:17:c9:b6:e6:88:94:d9:83:
                    35:83:57:a5:ae:f9:8d:5f:d2:4d:1b:c5:45:cf:f7:
                    2d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E0:8F:32:39:33:20:8C:2E:F6:8D:74:1F:AC:40:CD:BC:CB:73:FF
            X509v3 Authority Key Identifier:
                keyid:96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/bOCPMjkzIIwu9o10H6xAzbzLc_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.45.0/24
                  85.203.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:90:0f:fa:45:34:5d:aa:7c:05:1c:89:7f:4c:63:5f:9a:78:
         a9:f4:24:01:31:46:d3:3a:a5:da:f4:38:97:44:21:e8:8d:cd:
         4e:1b:2d:e5:ec:21:65:79:67:21:69:ac:f2:a5:ea:c6:eb:84:
         29:76:fa:70:ec:ad:6c:66:5b:f7:fc:e3:0d:d6:b2:4c:24:24:
         a8:a2:ba:84:ae:0b:74:b0:da:10:24:4e:2e:30:43:37:ea:05:
         de:3f:21:8b:4b:62:46:73:5d:ff:d9:0f:51:37:3d:34:12:bf:
         32:09:11:da:cc:ae:ed:09:42:0d:95:d3:bb:c4:89:12:22:e6:
         fb:14:27:b5:32:a1:27:f7:dc:57:72:86:e2:06:c2:34:2a:55:
         0c:85:96:ea:98:68:8c:cb:da:3a:9a:2c:b5:f7:13:7a:fd:1c:
         35:3a:11:03:32:37:f2:99:3d:9f:ad:17:d7:6d:c5:8d:f1:b6:
         d2:9b:2f:ce:38:7a:88:7e:78:dd:1e:c0:02:50:cb:03:8c:d1:
         34:75:cd:93:11:f9:33:70:ba:d8:77:55:9a:af:cd:e8:33:82:
         11:9c:3b:e3:d8:29:1b:a7:3f:63:f4:98:47:23:63:e1:a2:f5:
         28:fd:e6:d2:31:c7:76:f4:a7:f2:27:26:f7:fe:1b:28:c8:c9:
         06:08:5c:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZj0l6iObh6XSdb5jk4qmtw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmJkNzZhNWNhYzI4M2VjZTBhMGY4ZWFiMmM5NzAyMTQw
MWZiODkwHhcNMjUwODI5MDY1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2UwOGYzMjM5MzMyMDhjMmVmNjhkNzQxZmFjNDBjZGJjY2I3M2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3HAD5xMJ00a0jgOqxU9qYu02ysob
r+PEz5TGU6bwTtpOFce6hkwqh1bNwisuRQNltukBxV/wHP6bHqnUHpaT6E4wB8ZD
IuytwicGKRSiwzvhdV8335Fu4zQXu5snEyyCMW7Dq6G73D+XRUTkka1LeV38TCRN
Od7o4NbaCNuA2d5VNcp3W5qNEYiIwGeV6Y44p10Cphr06Xkc/N5usDkdNkVjGDf0
0A8pENftFWJtSXSGRBPufyqql/9tuBxQkD6vkJPIGtKBy+lhYkEPK7R1baNdNtQC
1vuiMjFgxlScyu3L7aRg82V0F8m25oiU2YM1g1elrvmNX9JNG8VFz/ct8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGzgjzI5MyCMLvaNdB+sQM28y3P/MB8GA1UdIwQY
MBaAFJYr12pcrCg+zgoPjqsslwIUAfuJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMt
NmFiMTExNTVmNmZiLzEvYk9DUE1qa3pJSXd1OW8xMEg2eEF6YnpMY184LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMtNmFiMTExNTVmNmZi
LzEvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcstAwQB
Vcs2MA0GCSqGSIb3DQEBCwUAA4IBAQBMkA/6RTRdqnwFHIl/TGNfmnip9CQBMUbT
OqXa9DiXRCHojc1OGy3l7CFleWchaazyperG64Qpdvpw7K1sZlv3/OMN1rJMJCSo
orqErgt0sNoQJE4uMEM36gXePyGLS2JGc13/2Q9RNz00Er8yCRHazK7tCUINldO7
xIkSIub7FCe1MqEn99xXcobiBsI0KlUMhZbqmGiMy9o6miy19xN6/Rw1OhEDMjfy
mT2frRfXbcWN8bbSmy/OOHqIfnjdHsACUMsDjNE0dc2TEfkzcLrYd1War83oM4IR
nDvj2Ckbpz9j9JhHI2PhovUo/ebSMcd29KfyJyb3/hsoyMkGCFxT
-----END CERTIFICATE-----