Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Bd-eq1uPjP_DN-qj1Iu1Q3FwdJE.roa
File:                     Bd-eq1uPjP_DN-qj1Iu1Q3FwdJE.roa (raw, json)
Hash identifier:          TE9NR2YiiJs8UNgZxNmQty7ytNeZBmSgzIhPn0OLnBo=
Subject key identifier:   05:DF:9E:AB:5B:8F:8C:FF:C3:37:EA:A3:D4:8B:B5:43:71:70:74:91
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01973B3B668B383637D29483DF0D683D725C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Bd-eq1uPjP_DN-qj1Iu1Q3FwdJE.roa
Signing time:             Wed 04 Jun 2025 13:57:17 +0000
ROA not before:           Wed 04 Jun 2025 13:57:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43641
IP address blocks:        194.5.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:3b:66:8b:38:36:37:d2:94:83:df:0d:68:3d:72:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun  4 13:57:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05df9eab5b8f8cffc337eaa3d48bb54371707491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d1:b3:fa:68:35:36:d5:2f:34:34:8a:df:4c:
                    31:cf:a5:ed:db:08:8f:59:6e:87:23:ad:46:fa:45:
                    46:b1:12:df:da:1c:e8:55:38:e1:aa:85:04:fb:79:
                    2e:c4:fa:c8:6f:3c:89:e9:c4:fa:0a:c1:f8:22:17:
                    eb:d0:3c:8b:09:d5:b3:33:19:69:70:67:60:b3:8f:
                    fb:a6:46:2e:c6:59:13:4e:14:70:7a:66:1e:2c:3e:
                    b6:69:cb:ca:0a:26:17:2e:87:66:9f:3c:11:6e:00:
                    9f:41:d3:92:fb:75:e0:33:aa:9a:77:4d:35:8e:02:
                    17:f7:33:c8:6a:99:91:ff:2c:5c:f3:0a:2c:68:b2:
                    30:9c:40:3b:93:75:34:2c:fb:27:99:a4:25:52:7d:
                    3a:77:40:79:54:23:25:b8:35:f2:23:08:d1:78:eb:
                    15:d4:b5:4d:bb:ed:6d:83:80:48:0f:91:7a:c6:e5:
                    2c:9d:b3:73:70:93:d9:d1:46:af:85:68:ae:f0:7f:
                    f4:01:4b:f4:c1:b5:ce:a2:20:af:48:4f:07:a1:69:
                    37:5f:96:a6:15:61:91:03:74:78:7a:5d:0e:1a:81:
                    da:a4:dd:3b:07:03:2a:ed:17:8d:9b:d1:d6:32:81:
                    96:86:9c:6f:4d:58:06:35:a2:c6:ed:c1:30:73:c6:
                    17:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:DF:9E:AB:5B:8F:8C:FF:C3:37:EA:A3:D4:8B:B5:43:71:70:74:91
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Bd-eq1uPjP_DN-qj1Iu1Q3FwdJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:86:7d:31:c9:22:08:0d:49:28:76:6c:0d:46:79:ae:28:51:
         0b:69:df:66:a4:b4:71:c3:77:98:f2:26:fd:04:f9:58:c8:f5:
         17:4c:8d:1f:d4:67:5f:1c:f5:27:b5:8a:ce:ae:c2:b8:7f:15:
         3c:5f:f5:36:e4:e8:5c:52:fe:0d:99:a9:04:84:3f:28:43:db:
         16:82:91:f3:93:b1:05:15:8f:5c:32:68:bb:24:56:1c:76:74:
         31:f1:f5:b9:e7:89:22:81:17:7b:df:99:d2:46:cb:eb:67:1f:
         44:81:7c:07:45:64:cf:72:86:16:97:cb:36:2c:68:ef:16:d7:
         fc:0e:34:8a:c7:6d:f2:a6:52:1d:34:2a:c0:e2:04:d2:2a:59:
         68:b3:76:30:83:d8:07:25:33:de:53:da:65:9f:ce:46:28:2c:
         c3:7e:37:85:da:77:62:bc:d7:76:73:82:66:14:28:9a:77:8d:
         bf:5c:ce:21:1a:20:2a:45:39:56:77:5f:20:ad:18:fe:fe:6f:
         be:49:60:1f:8b:7c:11:d7:b4:d7:79:fb:ba:f7:a9:4c:c2:c0:
         75:42:12:99:ab:0e:79:93:fe:00:3f:b1:f8:4f:a0:9d:b2:67:
         cd:9f:10:24:3f:ea:f9:46:f3:43:c1:20:ed:de:f2:3d:3a:e8:
         2c:86:bd:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc7O2aLODY30pSD3w1oPXJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNjA0MTM1NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWRmOWVhYjViOGY4Y2ZmYzMzN2VhYTNkNDhiYjU0MzcxNzA3NDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NGz+mg1NtUvNDSK30wxz6Xt2wiP
WW6HI61G+kVGsRLf2hzoVTjhqoUE+3kuxPrIbzyJ6cT6CsH4Ihfr0DyLCdWzMxlp
cGdgs4/7pkYuxlkTThRwemYeLD62acvKCiYXLodmnzwRbgCfQdOS+3XgM6qad001
jgIX9zPIapmR/yxc8wosaLIwnEA7k3U0LPsnmaQlUn06d0B5VCMluDXyIwjReOsV
1LVNu+1tg4BID5F6xuUsnbNzcJPZ0UavhWiu8H/0AUv0wbXOoiCvSE8HoWk3X5am
FWGRA3R4el0OGoHapN07BwMq7ReNm9HWMoGWhpxvTVgGNaLG7cEwc8YXOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXfnqtbj4z/wzfqo9SLtUNxcHSRMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQmQtZXExdVBqUF9ETi1xajFJdTFRM0Z3ZEpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgVDMA0G
CSqGSIb3DQEBCwUAA4IBAQB/hn0xySIIDUkodmwNRnmuKFELad9mpLRxw3eY8ib9
BPlYyPUXTI0f1GdfHPUntYrOrsK4fxU8X/U25OhcUv4NmakEhD8oQ9sWgpHzk7EF
FY9cMmi7JFYcdnQx8fW554kigRd735nSRsvrZx9EgXwHRWTPcoYWl8s2LGjvFtf8
DjSKx23yplIdNCrA4gTSKllos3Ywg9gHJTPeU9pln85GKCzDfjeF2ndivNd2c4Jm
FCiad42/XM4hGiAqRTlWd18grRj+/m++SWAfi3wR17TXefu696lMwsB1QhKZqw55
k/4AP7H4T6CdsmfNnxAkP+r5RvNDwSDt3vI9Ougshr14
-----END CERTIFICATE-----