Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/BrzMotRwWum6-plh7okwXahkOEw.roa
File:                     BrzMotRwWum6-plh7okwXahkOEw.roa (raw, json)
Hash identifier:          KNrByvrRESfQLIHd88NCHYJK86NO5i3vBaQCBV7EA7E=
Subject key identifier:   06:BC:CC:A2:D4:70:5A:E9:BA:FA:99:61:EE:89:30:5D:A8:64:38:4C
Certificate issuer:       /CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
Certificate serial:       01977F0363167F8AC97C75FCCAD8BBCA6933
Authority key identifier: BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/BrzMotRwWum6-plh7okwXahkOEw.roa
Signing time:             Tue 17 Jun 2025 17:50:17 +0000
ROA not before:           Tue 17 Jun 2025 17:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11749
IP address blocks:        157.23.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Jul 2025 14:08:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7f:03:63:16:7f:8a:c9:7c:75:fc:ca:d8:bb:ca:69:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
        Validity
            Not Before: Jun 17 17:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06bccca2d4705ae9bafa9961ee89305da864384c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:42:93:2d:90:d3:ed:46:d8:be:5d:7c:4f:1b:
                    c4:e1:60:ee:a7:3c:6f:e1:17:40:7c:b3:9a:04:cf:
                    82:85:ab:33:5f:76:64:e4:12:52:0b:84:c6:d9:81:
                    98:59:e4:2b:dd:76:62:e0:d3:19:76:0b:29:48:d5:
                    5d:eb:50:35:57:04:58:b5:b4:89:9a:b8:4e:f4:58:
                    5e:15:79:3f:99:a2:66:6c:ff:d2:69:25:99:2e:f6:
                    e8:a9:e1:0c:cc:14:e9:43:80:c2:8e:eb:50:eb:da:
                    f7:74:99:8d:7d:07:f1:66:d6:82:ee:24:fa:d6:de:
                    a4:81:67:1e:ef:f0:b8:4b:9f:a3:c2:25:26:82:86:
                    2c:2b:4f:48:57:02:84:74:d6:a0:c1:17:34:08:1b:
                    88:bb:59:46:c3:e2:f7:da:38:93:b2:7e:b1:4d:1d:
                    cd:b6:9e:e9:9e:d8:50:6e:36:33:a7:6f:a3:4f:fc:
                    d4:d3:95:a1:e8:cd:4d:49:d7:5e:ca:fa:b6:2c:5b:
                    0f:5f:48:50:5a:e2:7c:1f:ec:4a:3d:fa:c6:67:f4:
                    79:34:48:7d:69:70:2c:9f:ef:ca:4f:64:17:05:f8:
                    21:fd:de:4d:91:d8:ea:30:14:c4:2d:e9:bd:0c:18:
                    be:13:69:ec:17:c4:09:d0:a2:89:73:d0:1c:90:92:
                    b7:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:BC:CC:A2:D4:70:5A:E9:BA:FA:99:61:EE:89:30:5D:A8:64:38:4C
            X509v3 Authority Key Identifier:
                keyid:BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/BrzMotRwWum6-plh7okwXahkOEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.23.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:00:49:97:c3:0c:10:89:8b:8c:70:9f:c4:ec:fc:b2:66:94:
         81:c5:d5:34:2a:d7:1d:db:ed:9b:f6:01:77:d6:23:90:71:21:
         bf:97:d1:be:2e:c4:3f:77:04:5b:15:76:b3:3a:ee:0a:99:33:
         4b:27:29:66:d8:52:9c:e4:37:1b:52:0e:1b:92:bf:38:fb:34:
         18:c3:52:56:a5:bd:c4:b9:c6:71:68:ba:db:47:ea:a6:65:16:
         2a:8c:a6:87:20:08:15:fa:6d:86:cd:5c:17:bf:b0:d8:6a:69:
         f8:a9:0d:dc:96:5b:22:0e:15:84:32:bd:f3:87:5d:6e:bf:d1:
         a9:a5:b5:21:ae:3a:42:38:06:e0:e9:ea:a6:8c:23:3b:54:0f:
         e4:3d:d9:be:a4:87:7a:e0:a2:61:11:b2:ba:2f:bd:aa:98:22:
         1b:26:3b:25:33:1e:49:78:92:9f:72:03:2d:5f:06:ee:a0:9d:
         28:f3:eb:d4:e7:03:93:fc:f0:2a:bd:80:8c:ea:51:8a:8c:0d:
         e6:aa:8e:7b:25:0f:6e:4b:75:47:a1:53:c6:db:13:74:b8:e1:
         f0:dd:00:31:17:b8:e9:7c:57:22:7b:60:b1:3d:56:76:0e:dd:
         48:a8:a4:a0:cc:fa:5a:60:9e:e3:7f:ea:86:20:08:53:02:60:
         7d:c6:ad:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd/A2MWf4rJfHX8yti7ymkzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYTM1Y2Y4YWI2ZjNlYWEyYWViYWRkOWUyMzczZGVjMDg5
MzYyNWUwHhcNMjUwNjE3MTc1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmJjY2NhMmQ0NzA1YWU5YmFmYTk5NjFlZTg5MzA1ZGE4NjQzODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEKTLZDT7UbYvl18TxvE4WDupzxv
4RdAfLOaBM+ChaszX3Zk5BJSC4TG2YGYWeQr3XZi4NMZdgspSNVd61A1VwRYtbSJ
mrhO9FheFXk/maJmbP/SaSWZLvboqeEMzBTpQ4DCjutQ69r3dJmNfQfxZtaC7iT6
1t6kgWce7/C4S5+jwiUmgoYsK09IVwKEdNagwRc0CBuIu1lGw+L32jiTsn6xTR3N
tp7pnthQbjYzp2+jT/zU05Wh6M1NSddeyvq2LFsPX0hQWuJ8H+xKPfrGZ/R5NEh9
aXAsn+/KT2QXBfgh/d5NkdjqMBTELem9DBi+E2nsF8QJ0KKJc9AckJK3bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAa8zKLUcFrpuvqZYe6JMF2oZDhMMB8GA1UdIwQY
MBaAFLujXPirbz6qKuut2eI3PewIk2JeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMt
NTk3YjZlMjQ5MmFiLzEvQnJ6TW90UndXdW02LXBsaDdva3dYYWhrT0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMtNTk3YjZlMjQ5MmFi
LzEvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnRf5MA0G
CSqGSIb3DQEBCwUAA4IBAQB9AEmXwwwQiYuMcJ/E7PyyZpSBxdU0Ktcd2+2b9gF3
1iOQcSG/l9G+LsQ/dwRbFXazOu4KmTNLJylm2FKc5DcbUg4bkr84+zQYw1JWpb3E
ucZxaLrbR+qmZRYqjKaHIAgV+m2GzVwXv7DYamn4qQ3cllsiDhWEMr3zh11uv9Gp
pbUhrjpCOAbg6eqmjCM7VA/kPdm+pId64KJhEbK6L72qmCIbJjslMx5JeJKfcgMt
XwbuoJ0o8+vU5wOT/PAqvYCM6lGKjA3mqo57JQ9uS3VHoVPG2xN0uOHw3QAxF7jp
fFcie2CxPVZ2Dt1IqKSgzPpaYJ7jf+qGIAhTAmB9xq1B
-----END CERTIFICATE-----