Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/a36ae7-3557-4377-8afd-ecb3f39fc04b/1/BBKJGvg1eMQWu4Dn8KcuHomKhy4.roa
File:                     BBKJGvg1eMQWu4Dn8KcuHomKhy4.roa (raw, json)
Hash identifier:          ZhbL/bOWkEXevzCvZ62AQyku+99vuUelC20ZFee2QwU=
Subject key identifier:   04:12:89:1A:F8:35:78:C4:16:BB:80:E7:F0:A7:2E:1E:89:8A:87:2E
Certificate issuer:       /CN=fdda551048410bb5c47ebdb83bf58188c4a306b2
Certificate serial:       0198E0913574317DB81B61C0F0046D0DF13E
Authority key identifier: FD:DA:55:10:48:41:0B:B5:C4:7E:BD:B8:3B:F5:81:88:C4:A3:06:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dpVEEhBC7XEfr24O_WBiMSjBrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/a36ae7-3557-4377-8afd-ecb3f39fc04b/1/BBKJGvg1eMQWu4Dn8KcuHomKhy4.roa
Signing time:             Mon 25 Aug 2025 09:31:09 +0000
ROA not before:           Mon 25 Aug 2025 09:31:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24809
IP address blocks:        193.34.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/a36ae7-3557-4377-8afd-ecb3f39fc04b/1/_dpVEEhBC7XEfr24O_WBiMSjBrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/a36ae7-3557-4377-8afd-ecb3f39fc04b/1/_dpVEEhBC7XEfr24O_WBiMSjBrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dpVEEhBC7XEfr24O_WBiMSjBrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e0:91:35:74:31:7d:b8:1b:61:c0:f0:04:6d:0d:f1:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdda551048410bb5c47ebdb83bf58188c4a306b2
        Validity
            Not Before: Aug 25 09:31:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0412891af83578c416bb80e7f0a72e1e898a872e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:54:82:09:35:fe:4a:d8:fc:1c:fe:59:46:80:
                    d0:88:b6:0c:e2:45:cb:c5:ed:9b:fd:c5:5e:91:0f:
                    1a:3b:85:2c:55:c9:a3:b5:3f:60:75:06:e8:66:7c:
                    fa:20:a7:b8:9a:4d:59:ab:28:7c:2e:f5:f0:0a:c2:
                    0e:43:11:b1:6e:49:28:e1:66:ed:ac:51:d2:12:ea:
                    10:ac:49:cf:e0:b5:c3:d0:f8:a4:d9:dc:fb:c7:71:
                    dd:60:4d:4d:2b:eb:b5:60:41:6f:7c:81:a5:8e:aa:
                    d1:ec:47:e3:9c:c8:b2:e0:80:93:17:c4:c1:87:62:
                    03:43:b9:e2:19:92:fb:7c:7c:d8:43:dd:a1:f9:c3:
                    0a:c0:4c:89:11:6b:c3:4d:8d:42:8d:88:3d:1e:2c:
                    b5:bb:c3:9f:03:ef:fb:f4:83:15:05:d2:a2:24:54:
                    8d:f6:37:1a:d0:25:44:b8:6d:01:01:17:a6:fa:bb:
                    0f:1d:76:b4:87:3c:5e:38:27:b9:51:e8:e7:97:2e:
                    d7:21:61:46:f7:89:1e:2f:a2:08:7e:7b:33:f0:76:
                    b7:c8:21:41:00:e3:1e:81:40:c8:e2:e8:91:52:ed:
                    40:1a:33:ea:6a:d7:85:b3:a2:2c:47:7d:c3:89:58:
                    6b:cb:17:39:55:3b:41:d4:a6:4e:fa:2a:01:29:7e:
                    fc:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:12:89:1A:F8:35:78:C4:16:BB:80:E7:F0:A7:2E:1E:89:8A:87:2E
            X509v3 Authority Key Identifier:
                keyid:FD:DA:55:10:48:41:0B:B5:C4:7E:BD:B8:3B:F5:81:88:C4:A3:06:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dpVEEhBC7XEfr24O_WBiMSjBrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/a36ae7-3557-4377-8afd-ecb3f39fc04b/1/BBKJGvg1eMQWu4Dn8KcuHomKhy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/a36ae7-3557-4377-8afd-ecb3f39fc04b/1/_dpVEEhBC7XEfr24O_WBiMSjBrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:f9:16:08:b0:fb:1d:6f:41:b9:31:da:a3:e1:12:12:1e:f0:
         ea:23:81:49:91:98:e3:cb:2e:e9:2c:da:59:18:47:9f:dc:4c:
         0d:89:8e:69:35:af:f7:cc:14:0c:66:98:54:68:20:e3:56:19:
         b0:dd:d7:39:64:e1:28:6d:9b:e6:15:b6:1f:f4:43:80:82:6f:
         af:fa:b7:9f:7e:72:67:7a:bf:dd:1e:e6:21:01:9a:d4:1e:5b:
         04:78:03:5d:d0:fb:86:47:d3:ba:95:29:0b:07:63:b3:d5:09:
         63:dd:7a:ad:8d:0d:3d:b4:f3:bc:1a:b0:e6:2c:a7:06:24:9d:
         44:1b:c2:b7:c2:62:7e:a9:24:e4:a2:25:1c:cc:21:e8:e2:f9:
         1b:9f:96:79:ec:7a:6e:ce:5c:70:2c:0e:9b:41:dc:6d:fc:1b:
         06:de:25:43:f4:b2:6f:33:33:79:f9:e2:19:12:cf:87:b6:9d:
         27:9b:04:4e:2d:50:91:c5:a0:96:5d:89:66:9e:68:a1:a4:97:
         79:e5:68:e9:51:5e:0e:fd:86:49:0d:a4:62:0b:7a:8e:6e:ab:
         ab:27:88:76:ad:cc:c2:4c:21:49:6b:79:25:4f:cc:ce:ca:f3:
         97:5f:a7:6a:f0:9e:aa:96:4e:75:29:d0:ce:e7:e5:b6:5c:14:
         99:4d:fa:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjgkTV0MX24G2HA8ARtDfE+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZGE1NTEwNDg0MTBiYjVjNDdlYmRiODNiZjU4MTg4YzRh
MzA2YjIwHhcNMjUwODI1MDkzMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDEyODkxYWY4MzU3OGM0MTZiYjgwZTdmMGE3MmUxZTg5OGE4NzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVSCCTX+Stj8HP5ZRoDQiLYM4kXL
xe2b/cVekQ8aO4UsVcmjtT9gdQboZnz6IKe4mk1Zqyh8LvXwCsIOQxGxbkko4Wbt
rFHSEuoQrEnP4LXD0Pik2dz7x3HdYE1NK+u1YEFvfIGljqrR7EfjnMiy4ICTF8TB
h2IDQ7niGZL7fHzYQ92h+cMKwEyJEWvDTY1CjYg9Hiy1u8OfA+/79IMVBdKiJFSN
9jca0CVEuG0BARem+rsPHXa0hzxeOCe5Uejnly7XIWFG94keL6IIfnsz8Ha3yCFB
AOMegUDI4uiRUu1AGjPqateFs6IsR33DiVhryxc5VTtB1KZO+ioBKX78JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQSiRr4NXjEFruA5/CnLh6JiocuMB8GA1UdIwQY
MBaAFP3aVRBIQQu1xH69uDv1gYjEowayMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RwVkVFaEJDN1hFZnIyNE9fV0JpTVNqQnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9hMzZhZTctMzU1Ny00Mzc3LThhZmQt
ZWNiM2YzOWZjMDRiLzEvQkJLSkd2ZzFlTVFXdTREbjhLY3VIb21LaHk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9hMzZhZTctMzU1Ny00Mzc3LThhZmQtZWNiM2YzOWZjMDRi
LzEvX2RwVkVFaEJDN1hFZnIyNE9fV0JpTVNqQnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSIoMA0G
CSqGSIb3DQEBCwUAA4IBAQBo+RYIsPsdb0G5Mdqj4RISHvDqI4FJkZjjyy7pLNpZ
GEef3EwNiY5pNa/3zBQMZphUaCDjVhmw3dc5ZOEobZvmFbYf9EOAgm+v+reffnJn
er/dHuYhAZrUHlsEeANd0PuGR9O6lSkLB2Oz1Qlj3XqtjQ09tPO8GrDmLKcGJJ1E
G8K3wmJ+qSTkoiUczCHo4vkbn5Z57HpuzlxwLA6bQdxt/BsG3iVD9LJvMzN5+eIZ
Es+Htp0nmwROLVCRxaCWXYlmnmihpJd55WjpUV4O/YZJDaRiC3qObqurJ4h2rczC
TCFJa3klT8zOyvOXX6dq8J6qlk51KdDO5+W2XBSZTfqu
-----END CERTIFICATE-----