Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/bsJ2xZlOkw1plvuA7l4e3XmHypY.roa
File:                     bsJ2xZlOkw1plvuA7l4e3XmHypY.roa (raw, json)
Hash identifier:          1vESi505hq9zZ4EhI/OkoYePF4oay9Y9KHYuJ7nDjEk=
Subject key identifier:   6E:C2:76:C5:99:4E:93:0D:69:96:FB:80:EE:5E:1E:DD:79:87:CA:96
Certificate issuer:       /CN=464952bc165441ec6e2e2010c933dc830f361731
Certificate serial:       0199193390609D8ED8513DBD4D10D3A7D89E
Authority key identifier: 46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/bsJ2xZlOkw1plvuA7l4e3XmHypY.roa
Signing time:             Fri 05 Sep 2025 09:27:13 +0000
ROA not before:           Fri 05 Sep 2025 09:27:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50991
IP address blocks:        188.213.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 00:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:19:33:90:60:9d:8e:d8:51:3d:bd:4d:10:d3:a7:d8:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464952bc165441ec6e2e2010c933dc830f361731
        Validity
            Not Before: Sep  5 09:27:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ec276c5994e930d6996fb80ee5e1edd7987ca96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c2:a9:e4:ed:10:f4:c7:b6:68:89:f7:e7:e2:
                    85:54:a4:9e:e8:75:fc:3d:d8:54:20:69:6b:e6:73:
                    60:55:ab:38:9b:15:80:c1:93:1c:a7:16:c9:6e:80:
                    44:a0:3e:e7:67:99:b7:12:44:7e:34:7d:51:91:a6:
                    c4:78:eb:fc:fc:23:88:90:e0:65:e8:04:90:04:cd:
                    bc:aa:ff:77:04:ba:db:1c:4b:8b:62:80:19:ec:9d:
                    c5:df:dc:41:8d:24:b4:e4:d8:2a:48:1d:2d:76:4e:
                    4f:c4:ea:e6:6a:a8:94:fb:83:69:b5:b7:0d:cf:a4:
                    64:02:6b:34:87:4c:eb:f7:03:fc:0d:77:45:c9:db:
                    eb:dc:ca:61:45:bb:c6:06:8e:01:09:8e:3c:e2:8a:
                    0d:63:6e:72:d1:32:f2:6d:65:c0:9d:0f:da:1b:84:
                    97:f9:20:f7:0c:78:91:9e:24:d9:a0:a2:44:47:43:
                    c0:7a:0f:08:0a:15:cf:85:1f:63:a8:35:1f:21:31:
                    74:c0:36:9f:ee:85:d6:63:76:64:ff:b9:91:54:5c:
                    3e:7a:55:9e:56:76:26:e6:6c:22:d0:bb:e1:be:64:
                    ba:41:92:f7:2f:44:b8:ce:4f:a2:c1:57:9a:fb:3b:
                    80:79:a1:c6:6f:c4:f2:53:8d:ef:c5:34:7d:e9:5a:
                    47:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C2:76:C5:99:4E:93:0D:69:96:FB:80:EE:5E:1E:DD:79:87:CA:96
            X509v3 Authority Key Identifier:
                keyid:46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/bsJ2xZlOkw1plvuA7l4e3XmHypY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.213.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:08:6c:4b:9c:a1:75:f1:e6:1c:7f:b0:e2:d2:21:78:66:8e:
         37:07:82:5e:a4:d1:ac:b5:24:b3:e4:98:6d:ce:0f:60:ce:76:
         c7:55:cb:fa:09:06:33:0f:fe:87:2f:02:c2:c9:10:44:18:9c:
         4f:6a:ed:ac:c0:ec:15:8f:26:f1:ea:32:cd:8e:ac:31:3b:1e:
         0c:9b:89:73:1c:0e:20:f2:46:40:e8:12:92:28:19:b0:f2:77:
         9d:76:9f:30:d1:67:ec:82:d3:07:f3:40:96:ca:a0:90:41:80:
         87:25:2e:59:1d:5a:54:45:d4:62:fe:a8:b7:31:28:d7:67:d1:
         fa:04:22:39:2f:81:f7:f7:34:1b:ab:58:9d:1f:a8:23:7f:3f:
         28:bb:e2:d3:b2:69:74:55:63:de:3e:cc:49:4d:af:0c:f7:cd:
         bc:b2:07:6b:49:6f:da:2c:e2:ef:a2:7e:55:03:3a:09:81:09:
         40:b1:ac:98:61:19:ae:cb:0e:3f:92:db:59:e1:32:15:c8:c0:
         35:5b:56:df:02:1b:c6:3b:45:87:44:f4:1f:2d:f5:18:89:79:
         cc:2f:fe:e8:80:4e:83:53:44:0c:55:5f:30:5c:44:97:7e:18:
         a5:44:7a:ed:6d:9c:a5:f5:44:a4:14:da:1a:33:5a:40:2e:a9:
         05:72:d4:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkZM5BgnY7YUT29TRDTp9ieMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDk1MmJjMTY1NDQxZWM2ZTJlMjAxMGM5MzNkYzgzMGYz
NjE3MzEwHhcNMjUwOTA1MDkyNzEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWMyNzZjNTk5NGU5MzBkNjk5NmZiODBlZTVlMWVkZDc5ODdjYTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8Kp5O0Q9Me2aIn35+KFVKSe6HX8
PdhUIGlr5nNgVas4mxWAwZMcpxbJboBEoD7nZ5m3EkR+NH1RkabEeOv8/COIkOBl
6ASQBM28qv93BLrbHEuLYoAZ7J3F39xBjSS05NgqSB0tdk5PxOrmaqiU+4NptbcN
z6RkAms0h0zr9wP8DXdFydvr3MphRbvGBo4BCY484ooNY25y0TLybWXAnQ/aG4SX
+SD3DHiRniTZoKJER0PAeg8IChXPhR9jqDUfITF0wDaf7oXWY3Zk/7mRVFw+elWe
VnYm5mwi0LvhvmS6QZL3L0S4zk+iwVea+zuAeaHGb8TyU43vxTR96VpHBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7CdsWZTpMNaZb7gO5eHt15h8qWMB8GA1UdIwQY
MBaAFEZJUrwWVEHsbi4gEMkz3IMPNhcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQt
ODQyODU4MTIyYmJjLzEvYnNKMnhabE9rdzFwbHZ1QTdsNGUzWG1IeXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQtODQyODU4MTIyYmJj
LzEvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNUyMA0G
CSqGSIb3DQEBCwUAA4IBAQClCGxLnKF18eYcf7Di0iF4Zo43B4JepNGstSSz5Jht
zg9gznbHVcv6CQYzD/6HLwLCyRBEGJxPau2swOwVjybx6jLNjqwxOx4Mm4lzHA4g
8kZA6BKSKBmw8neddp8w0WfsgtMH80CWyqCQQYCHJS5ZHVpURdRi/qi3MSjXZ9H6
BCI5L4H39zQbq1idH6gjfz8ou+LTsml0VWPePsxJTa8M9828sgdrSW/aLOLvon5V
AzoJgQlAsayYYRmuyw4/kttZ4TIVyMA1W1bfAhvGO0WHRPQfLfUYiXnML/7ogE6D
U0QMVV8wXESXfhilRHrtbZyl9USkFNoaM1pALqkFctSP
-----END CERTIFICATE-----