Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/BH4JiNSau-Drbx1LaCjE1x1v30A.roa
File:                     BH4JiNSau-Drbx1LaCjE1x1v30A.roa (raw, json)
Hash identifier:          TbmERc+CgiPXJOmSpqLjpiM3C2RIrXoRaOqYGrV/7rc=
Subject key identifier:   04:7E:09:88:D4:9A:BB:E0:EB:6F:1D:4B:68:28:C4:D7:1D:6F:DF:40
Certificate issuer:       /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial:       0199C849696E034CA7E0437469E66DDEC302
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/BH4JiNSau-Drbx1LaCjE1x1v30A.roa
Signing time:             Thu 09 Oct 2025 09:24:38 +0000
ROA not before:           Thu 09 Oct 2025 09:24:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202914
IP address blocks:        103.204.121.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 09:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c8:49:69:6e:03:4c:a7:e0:43:74:69:e6:6d:de:c3:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
        Validity
            Not Before: Oct  9 09:24:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=047e0988d49abbe0eb6f1d4b6828c4d71d6fdf40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ee:4a:ae:eb:c1:c8:b5:d8:e8:b0:19:35:53:
                    49:65:b6:ca:5c:ad:32:50:9b:ca:06:ad:49:ce:48:
                    0d:10:51:7c:2e:a0:58:59:e3:92:4c:fd:6b:d6:43:
                    56:d9:4d:70:a9:45:e0:c7:33:8b:10:d9:8f:a0:db:
                    3e:7a:76:cb:ec:0c:f4:a6:5b:c1:65:23:64:07:eb:
                    60:7d:9b:96:83:be:42:9f:10:64:78:be:c4:80:51:
                    be:b6:da:14:c3:44:50:ee:3b:f3:d7:4f:6b:54:e0:
                    00:1d:1c:7d:5f:9a:6d:4c:5a:e9:16:72:97:bc:17:
                    2e:0d:50:e1:ee:c2:9e:d7:1f:51:ae:91:a6:45:e0:
                    5b:d1:64:61:75:f7:74:f5:0f:43:93:d8:a9:63:3f:
                    e6:c0:cf:f5:35:c5:63:69:74:70:ee:5a:70:f8:33:
                    e1:a6:3e:84:31:ce:6f:17:6e:22:a8:6b:50:d6:dc:
                    64:40:f1:97:f3:7c:6a:14:cd:f2:63:4c:74:87:ce:
                    42:dc:57:1d:9a:b8:ae:6a:c8:09:e1:88:48:6d:14:
                    53:6c:3a:8d:d5:04:0f:57:55:a7:ef:4b:c5:06:53:
                    84:92:7c:66:89:02:7c:82:1a:cb:ae:9a:aa:f1:38:
                    e4:13:6f:ae:1a:e3:83:25:b9:22:22:34:e0:77:49:
                    14:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:7E:09:88:D4:9A:BB:E0:EB:6F:1D:4B:68:28:C4:D7:1D:6F:DF:40
            X509v3 Authority Key Identifier:
                keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/BH4JiNSau-Drbx1LaCjE1x1v30A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.204.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:5d:58:64:58:ef:4b:94:3e:5a:af:e3:f2:a8:e0:d5:90:88:
         15:19:26:14:4c:04:fd:b0:5f:f2:32:7a:b9:63:22:19:78:32:
         4b:1a:31:3f:2f:ad:8d:dc:da:47:01:45:66:99:bf:b9:1a:3c:
         9d:b5:7e:a7:41:2a:f6:e1:8d:be:99:97:db:8d:ca:e8:b3:bb:
         7f:11:3a:06:09:2a:55:8c:0e:69:40:9b:2c:76:c3:89:48:b7:
         72:a5:82:eb:80:a6:07:7e:f9:77:a6:75:2d:5c:63:30:54:29:
         95:57:d4:1b:7b:54:1a:88:f7:b7:fc:24:ac:ce:6e:02:d0:c8:
         b1:49:bb:e5:49:21:4a:ee:30:94:f8:10:fe:5c:20:74:a5:87:
         e8:47:16:40:56:0d:7a:59:8d:b1:11:c4:ce:c0:83:10:98:d2:
         99:03:53:55:5d:5a:ad:b1:04:c3:7a:03:d3:d7:09:3f:0d:ef:
         07:de:4f:16:77:11:74:84:00:e3:e9:08:ba:df:f0:99:7d:b3:
         40:b8:ad:ce:af:54:dd:fe:2d:58:1e:a0:c5:23:91:a3:c0:a2:
         9c:4f:f5:3d:48:b6:ca:4f:d6:0b:5f:50:43:42:e6:47:d8:ae:
         83:de:10:eb:e3:35:de:d4:af:26:80:e9:fd:73:ed:f0:ab:83:
         68:d4:b7:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnISWluA0yn4EN0aeZt3sMCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjUxMDA5MDkyNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDdlMDk4OGQ0OWFiYmUwZWI2ZjFkNGI2ODI4YzRkNzFkNmZkZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO5KruvByLXY6LAZNVNJZbbKXK0y
UJvKBq1JzkgNEFF8LqBYWeOSTP1r1kNW2U1wqUXgxzOLENmPoNs+enbL7Az0plvB
ZSNkB+tgfZuWg75CnxBkeL7EgFG+ttoUw0RQ7jvz109rVOAAHRx9X5ptTFrpFnKX
vBcuDVDh7sKe1x9RrpGmReBb0WRhdfd09Q9Dk9ipYz/mwM/1NcVjaXRw7lpw+DPh
pj6EMc5vF24iqGtQ1txkQPGX83xqFM3yY0x0h85C3FcdmriuasgJ4YhIbRRTbDqN
1QQPV1Wn70vFBlOEknxmiQJ8ghrLrpqq8TjkE2+uGuODJbkiIjTgd0kUNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAR+CYjUmrvg628dS2goxNcdb99AMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvQkg0SmlOU2F1LURyYngxTGFDakUxeDF2MzBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ8x5MA0G
CSqGSIb3DQEBCwUAA4IBAQBkXVhkWO9LlD5ar+PyqODVkIgVGSYUTAT9sF/yMnq5
YyIZeDJLGjE/L62N3NpHAUVmmb+5GjydtX6nQSr24Y2+mZfbjcros7t/EToGCSpV
jA5pQJssdsOJSLdypYLrgKYHfvl3pnUtXGMwVCmVV9Qbe1QaiPe3/CSszm4C0Mix
SbvlSSFK7jCU+BD+XCB0pYfoRxZAVg16WY2xEcTOwIMQmNKZA1NVXVqtsQTDegPT
1wk/De8H3k8WdxF0hADj6Qi63/CZfbNAuK3Or1Td/i1YHqDFI5GjwKKcT/U9SLbK
T9YLX1BDQuZH2K6D3hDr4zXe1K8mgOn9c+3wq4No1Ldy
-----END CERTIFICATE-----