Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/BVP4OCAjXeBuYLTryI3p58Cue9E.roa
File:                     BVP4OCAjXeBuYLTryI3p58Cue9E.roa (raw, json)
Hash identifier:          GynK6g284SA7T19UvRRdioOJG3DySiSaR/JNDB0lXJg=
Subject key identifier:   05:53:F8:38:20:23:5D:E0:6E:60:B4:EB:C8:8D:E9:E7:C0:AE:7B:D1
Certificate issuer:       /CN=1daf46a40c246d6540d992c321b1cc3623d65995
Certificate serial:       0198E57CE667D037DD4447970860731880AF
Authority key identifier: 1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/BVP4OCAjXeBuYLTryI3p58Cue9E.roa
Signing time:             Tue 26 Aug 2025 08:27:04 +0000
ROA not before:           Tue 26 Aug 2025 08:27:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209083
IP address blocks:        128.204.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 02:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e5:7c:e6:67:d0:37:dd:44:47:97:08:60:73:18:80:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1daf46a40c246d6540d992c321b1cc3623d65995
        Validity
            Not Before: Aug 26 08:27:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0553f83820235de06e60b4ebc88de9e7c0ae7bd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:af:cd:73:96:1c:81:42:a5:99:4d:ce:4f:cf:
                    84:8d:46:15:4e:59:b2:25:fe:b7:f3:c0:d9:70:46:
                    1b:61:4a:c3:ef:f6:04:22:5d:44:75:ac:23:ab:66:
                    a7:79:26:46:fd:d2:8d:45:9c:be:c5:d7:27:75:58:
                    0a:60:5f:4d:43:9e:3e:ed:86:07:4f:72:55:20:98:
                    da:42:0d:34:e4:73:db:f0:52:f8:7d:1f:85:e1:8d:
                    59:b1:c8:a5:0c:f1:ea:9f:64:18:8f:82:05:8d:76:
                    b0:7b:b7:31:3e:68:05:7b:ba:13:68:fe:cd:95:d6:
                    a5:23:6e:51:09:8a:ed:98:b8:4e:ed:5c:a0:93:23:
                    d9:40:90:57:6c:a0:a0:9e:6a:da:64:5e:3e:e6:fc:
                    cd:f5:46:2d:ab:61:5c:1e:56:07:6e:36:3e:6d:67:
                    6a:17:3d:b7:c5:2b:e3:46:ae:12:6f:ab:55:be:75:
                    d1:7e:b5:7d:f2:f3:28:77:68:34:c4:91:8e:a6:48:
                    78:f6:15:47:ab:67:be:42:fa:09:7f:4a:48:b0:4b:
                    0d:92:ed:d7:f4:e7:46:01:93:00:e9:d4:be:a6:3b:
                    b6:68:57:5c:9b:1e:35:b9:18:06:9b:0f:21:56:ef:
                    db:3f:d0:3b:ac:91:e1:02:dd:07:f4:24:75:38:81:
                    dd:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:53:F8:38:20:23:5D:E0:6E:60:B4:EB:C8:8D:E9:E7:C0:AE:7B:D1
            X509v3 Authority Key Identifier:
                keyid:1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/BVP4OCAjXeBuYLTryI3p58Cue9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.204.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:97:aa:80:e5:7c:36:e4:e0:bb:4d:27:b7:40:77:7b:5f:8a:
         9c:c3:e7:41:0c:67:ed:a3:e4:97:88:ac:ba:a9:0b:71:f0:46:
         38:4c:55:9a:88:92:2c:67:f8:d8:16:de:4c:59:1e:a1:6b:45:
         f6:86:51:33:0a:55:7e:1e:9d:8b:48:d4:8e:64:01:ce:76:6e:
         13:b4:9f:f4:e7:63:55:f4:72:68:7f:1e:b2:1c:4c:ba:13:85:
         76:d0:45:eb:bb:a6:75:aa:07:c8:f7:1d:f9:f5:51:e0:63:6b:
         14:65:bf:b5:27:32:ae:b9:9b:a3:b7:e0:f7:39:b7:4d:5f:20:
         cd:2e:8e:77:78:2d:f0:46:93:42:8a:ff:69:3c:48:6f:ef:89:
         d7:6e:80:ad:78:b0:9b:1e:be:65:88:79:56:36:11:80:38:00:
         82:8c:ef:8a:ff:fc:19:ef:c5:5a:b5:a6:a3:bb:4d:c7:83:db:
         13:8e:5f:73:ea:95:4f:ee:3e:fa:72:ff:84:3b:9e:9e:8c:be:
         5e:ef:93:22:82:f3:e8:fb:2b:3f:f1:19:6f:2d:10:38:5f:db:
         ed:a4:b4:78:e5:96:63:66:75:36:9d:d8:7b:b4:ea:ce:d4:c5:
         8a:b6:13:56:bd:b4:a5:ca:4c:5b:e5:72:75:22:09:8f:02:b4:
         2e:65:ec:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjlfOZn0DfdREeXCGBzGICvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYWY0NmE0MGMyNDZkNjU0MGQ5OTJjMzIxYjFjYzM2MjNk
NjU5OTUwHhcNMjUwODI2MDgyNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTUzZjgzODIwMjM1ZGUwNmU2MGI0ZWJjODhkZTllN2MwYWU3YmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5q/Nc5YcgUKlmU3OT8+EjUYVTlmy
Jf6388DZcEYbYUrD7/YEIl1Edawjq2aneSZG/dKNRZy+xdcndVgKYF9NQ54+7YYH
T3JVIJjaQg005HPb8FL4fR+F4Y1ZscilDPHqn2QYj4IFjXawe7cxPmgFe7oTaP7N
ldalI25RCYrtmLhO7VygkyPZQJBXbKCgnmraZF4+5vzN9UYtq2FcHlYHbjY+bWdq
Fz23xSvjRq4Sb6tVvnXRfrV98vMod2g0xJGOpkh49hVHq2e+QvoJf0pIsEsNku3X
9OdGAZMA6dS+pju2aFdcmx41uRgGmw8hVu/bP9A7rJHhAt0H9CR1OIHdBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVT+DggI13gbmC068iN6efArnvRMB8GA1UdIwQY
MBaAFB2vRqQMJG1lQNmSwyGxzDYj1lmVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYt
NzlmMDQ4YmQyYTdhLzEvQlZQNE9DQWpYZUJ1WUxUcnlJM3A1OEN1ZTlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYtNzlmMDQ4YmQyYTdh
LzEvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgMzBMA0G
CSqGSIb3DQEBCwUAA4IBAQA9l6qA5Xw25OC7TSe3QHd7X4qcw+dBDGfto+SXiKy6
qQtx8EY4TFWaiJIsZ/jYFt5MWR6ha0X2hlEzClV+Hp2LSNSOZAHOdm4TtJ/052NV
9HJofx6yHEy6E4V20EXru6Z1qgfI9x359VHgY2sUZb+1JzKuuZujt+D3ObdNXyDN
Lo53eC3wRpNCiv9pPEhv74nXboCteLCbHr5liHlWNhGAOACCjO+K//wZ78Vataaj
u03Hg9sTjl9z6pVP7j76cv+EO56ejL5e75MigvPo+ys/8RlvLRA4X9vtpLR45ZZj
ZnU2ndh7tOrO1MWKthNWvbSlykxb5XJ1IgmPArQuZewY
-----END CERTIFICATE-----