Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/9USzYLBawhQVkHZbF2gEbzhvC5s.roa
File:                     9USzYLBawhQVkHZbF2gEbzhvC5s.roa (raw, json)
Hash identifier:          gAEvHU7vjJHAyOa+y6y8BFG0zaydLqnsUXwSsV0Q83s=
Subject key identifier:   F5:44:B3:60:B0:5A:C2:14:15:90:76:5B:17:68:04:6F:38:6F:0B:9B
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       0198F02180F2856CE452B92FCF49CB456D6A
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/9USzYLBawhQVkHZbF2gEbzhvC5s.roa
Signing time:             Thu 28 Aug 2025 10:03:04 +0000
ROA not before:           Thu 28 Aug 2025 10:03:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199152
IP address blocks:        213.21.222.0/24 maxlen: 24
                          2a06:e8c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 10:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f0:21:80:f2:85:6c:e4:52:b9:2f:cf:49:cb:45:6d:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Aug 28 10:03:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f544b360b05ac2141590765b1768046f386f0b9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2e:0e:a2:1d:fa:3d:28:fb:fb:5f:7a:3c:1f:
                    53:b8:65:ff:2b:22:63:21:a4:e8:46:9e:ee:ba:8c:
                    1d:12:9f:64:8e:7b:b4:64:73:8a:dd:85:c7:2d:59:
                    2c:34:db:0e:38:07:d3:64:e6:01:6c:3c:ef:3c:04:
                    8c:f5:5e:0d:24:01:b3:0c:aa:46:07:bc:a8:56:5e:
                    d1:46:96:92:26:9b:ab:4e:9f:40:93:0a:3b:1f:d4:
                    e6:06:f1:f5:cb:64:c6:9d:d5:ae:be:26:96:ff:62:
                    52:ff:42:3a:ff:bd:73:2f:f1:ca:cb:de:2c:a0:d4:
                    64:1c:21:70:37:56:6b:a1:4a:7a:a4:49:32:bc:00:
                    02:46:f3:87:f1:79:45:d2:54:be:6a:49:28:7d:72:
                    8b:42:e1:6e:44:cb:40:d4:f0:2f:67:7f:20:42:6f:
                    fc:7d:6a:70:51:fe:c9:80:55:87:9a:4e:09:ae:b8:
                    64:14:8e:a0:71:50:5b:f0:37:ce:7b:cf:14:85:f6:
                    73:bf:a5:3e:88:8b:ef:a7:64:11:1d:23:ff:24:3e:
                    d2:02:15:bd:db:bd:86:2e:12:86:63:ed:a7:62:48:
                    5a:29:df:5c:e6:5a:df:4b:4e:76:18:d7:98:65:a7:
                    f2:b1:d3:5b:13:fe:d8:ac:35:37:c9:83:a1:b1:47:
                    16:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:44:B3:60:B0:5A:C2:14:15:90:76:5B:17:68:04:6F:38:6F:0B:9B
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/9USzYLBawhQVkHZbF2gEbzhvC5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.222.0/24
                IPv6:
                  2a06:e8c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:44:ab:d6:1c:26:4e:b1:56:fa:9a:81:45:03:1a:6c:85:55:
         3c:65:fe:40:ee:4a:c7:23:8f:48:33:68:cb:dc:56:85:04:6b:
         26:19:c9:c3:35:68:18:8d:38:d1:10:78:fb:ae:69:5d:82:c0:
         36:f7:cb:9b:d0:7c:5f:df:ce:5c:4a:42:66:06:e5:ec:d0:9a:
         e2:f0:24:0e:eb:ff:68:c3:b8:d9:20:c1:1e:6f:c6:f5:30:13:
         36:84:c8:b0:d2:0d:4b:91:e9:86:a8:d2:57:c1:bf:fa:88:88:
         58:5c:bd:cc:6c:21:97:53:ee:91:03:1e:7e:c2:db:93:33:03:
         30:61:08:03:61:cf:ad:fb:c1:b5:6d:5c:a7:2a:31:59:7c:49:
         7a:d4:52:8a:d9:ae:56:fc:27:ca:99:e2:21:f4:a8:cb:fe:29:
         d5:c2:5d:76:08:16:45:72:f6:1a:99:0b:ee:6d:01:54:94:dc:
         61:41:ba:2a:ef:0a:cb:86:2f:87:b6:41:e1:71:a0:c9:38:ff:
         00:80:34:d5:2b:6f:f2:fd:e3:fd:19:64:3e:00:26:49:00:72:
         1d:28:62:25:ee:24:59:50:6e:97:53:80:d2:2d:8c:1a:71:18:
         34:72:cf:3e:f9:64:a5:36:1e:9d:7e:7f:2d:ab:43:ea:90:aa:
         f5:ee:78:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZjwIYDyhWzkUrkvz0nLRW1qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjUwODI4MTAwMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTQ0YjM2MGIwNWFjMjE0MTU5MDc2NWIxNzY4MDQ2ZjM4NmYwYjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoC4Ooh36PSj7+196PB9TuGX/KyJj
IaToRp7uuowdEp9kjnu0ZHOK3YXHLVksNNsOOAfTZOYBbDzvPASM9V4NJAGzDKpG
B7yoVl7RRpaSJpurTp9Akwo7H9TmBvH1y2TGndWuviaW/2JS/0I6/71zL/HKy94s
oNRkHCFwN1ZroUp6pEkyvAACRvOH8XlF0lS+akkofXKLQuFuRMtA1PAvZ38gQm/8
fWpwUf7JgFWHmk4JrrhkFI6gcVBb8DfOe88UhfZzv6U+iIvvp2QRHSP/JD7SAhW9
272GLhKGY+2nYkhaKd9c5lrfS052GNeYZafysdNbE/7YrDU3yYOhsUcWrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPVEs2CwWsIUFZB2WxdoBG84bwubMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvOVVTellMQmF3aFFWa0haYkYyZ0Viemh2QzVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1RXeMA0E
AgACMAcDBQAqBujBMA0GCSqGSIb3DQEBCwUAA4IBAQBARKvWHCZOsVb6moFFAxps
hVU8Zf5A7krHI49IM2jL3FaFBGsmGcnDNWgYjTjREHj7rmldgsA298ub0Hxf385c
SkJmBuXs0Jri8CQO6/9ow7jZIMEeb8b1MBM2hMiw0g1LkemGqNJXwb/6iIhYXL3M
bCGXU+6RAx5+wtuTMwMwYQgDYc+t+8G1bVynKjFZfEl61FKK2a5W/CfKmeIh9KjL
/inVwl12CBZFcvYamQvubQFUlNxhQboq7wrLhi+HtkHhcaDJOP8AgDTVK2/y/eP9
GWQ+ACZJAHIdKGIl7iRZUG6XU4DSLYwacRg0cs8++WSlNh6dfn8tq0PqkKr17nhc
-----END CERTIFICATE-----