Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BdRmuuVBisfDM2SlJTfPLNc2NU8.roa
File:                     BdRmuuVBisfDM2SlJTfPLNc2NU8.roa (raw, json)
Hash identifier:          VeKFVeGA4p7lFovuA/YdEbi1L8/YnYryxXeR+mrbXTo=
Subject key identifier:   05:D4:66:BA:E5:41:8A:C7:C3:33:64:A5:25:37:CF:2C:D7:36:35:4F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019994750D4133F3E79D3742D21ABB2A01DA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BdRmuuVBisfDM2SlJTfPLNc2NU8.roa
Signing time:             Mon 29 Sep 2025 07:52:02 +0000
ROA not before:           Mon 29 Sep 2025 07:52:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214291
IP address blocks:        87.120.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:75:0d:41:33:f3:e7:9d:37:42:d2:1a:bb:2a:01:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 29 07:52:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05d466bae5418ac7c33364a52537cf2cd736354f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cb:51:29:c5:fc:00:a9:6a:c2:65:7d:c6:50:
                    0a:65:60:1b:69:68:8c:b2:50:fb:22:1f:3f:46:14:
                    10:07:39:8b:13:bb:69:03:83:fe:f8:a9:47:f4:53:
                    e5:3d:22:57:95:f8:47:f6:3b:60:18:68:f1:9f:b5:
                    5e:3d:fc:16:5e:9a:d1:13:0a:7e:2c:f4:08:b0:29:
                    3e:62:a0:d5:dc:1f:7d:8d:69:c8:14:c9:12:1c:d6:
                    1b:6f:a5:d4:7d:87:15:a9:1b:bc:35:6c:52:73:9c:
                    ce:c7:a2:16:25:c4:89:59:39:4d:82:3d:43:e9:bf:
                    7e:6e:e1:87:a4:97:a3:49:27:bf:02:81:01:1a:ab:
                    e6:29:79:7b:c0:15:47:fc:45:47:10:08:0c:e2:64:
                    62:10:30:dc:9c:f4:f8:fb:6f:36:18:03:b0:09:6a:
                    bb:f4:21:77:a2:02:d5:53:fc:91:d1:1e:ee:e9:a0:
                    af:7f:7e:6e:ff:46:8a:1f:95:4f:74:54:09:3d:3b:
                    fb:d0:92:6a:7a:31:87:76:98:a7:22:e1:b7:d2:69:
                    81:61:d4:28:08:dc:ec:ac:35:f7:20:b0:08:0e:77:
                    cd:ea:92:ed:67:f9:71:e2:6f:06:10:6d:aa:ea:57:
                    8b:05:49:f8:9a:1d:85:5d:a4:26:97:eb:f7:56:06:
                    e5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:D4:66:BA:E5:41:8A:C7:C3:33:64:A5:25:37:CF:2C:D7:36:35:4F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BdRmuuVBisfDM2SlJTfPLNc2NU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:74:7b:95:cb:9a:52:d5:cc:4e:54:20:17:59:3b:ef:66:dc:
         e0:a9:c4:5f:46:7b:e7:d7:05:e9:7e:86:25:0c:c0:27:c6:e1:
         bf:5c:71:68:57:2d:b3:41:a6:77:f2:d2:a2:8c:30:c0:a7:8d:
         36:32:99:d9:94:d9:2f:fd:89:42:be:11:b7:0a:24:45:84:ea:
         0f:74:5c:d3:6c:69:94:1c:27:ac:85:94:6c:e6:6a:ea:82:28:
         6a:d8:dc:11:f4:75:7c:4d:49:30:ff:b3:df:8e:b7:0b:69:c5:
         c7:9d:0b:95:aa:22:69:ab:9a:d4:95:0b:c3:61:fb:ea:a9:f8:
         7f:76:6d:f8:2c:21:31:39:a1:89:b5:9b:56:f9:5f:5d:fa:f7:
         00:59:fd:8c:38:ee:0c:8a:d0:50:87:44:43:8a:71:e3:40:79:
         b1:10:d6:8b:c3:c0:fa:d3:a8:7f:47:54:8b:a4:2f:f5:f5:9d:
         24:ca:26:82:8e:c0:14:28:64:af:03:b2:78:11:b5:69:e0:42:
         5a:fb:7e:49:7c:cc:6c:89:88:de:2e:88:9e:54:5f:74:57:d4:
         2b:e3:ba:67:f4:3e:eb:90:df:23:a6:d3:3d:ec:ba:2a:87:eb:
         a6:09:bf:18:4a:89:29:cd:9f:c0:c5:53:e9:35:ac:08:25:eb:
         a6:89:05:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmUdQ1BM/PnnTdC0hq7KgHaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwOTI5MDc1MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWQ0NjZiYWU1NDE4YWM3YzMzMzY0YTUyNTM3Y2YyY2Q3MzYzNTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8tRKcX8AKlqwmV9xlAKZWAbaWiM
slD7Ih8/RhQQBzmLE7tpA4P++KlH9FPlPSJXlfhH9jtgGGjxn7VePfwWXprREwp+
LPQIsCk+YqDV3B99jWnIFMkSHNYbb6XUfYcVqRu8NWxSc5zOx6IWJcSJWTlNgj1D
6b9+buGHpJejSSe/AoEBGqvmKXl7wBVH/EVHEAgM4mRiEDDcnPT4+282GAOwCWq7
9CF3ogLVU/yR0R7u6aCvf35u/0aKH5VPdFQJPTv70JJqejGHdpinIuG30mmBYdQo
CNzsrDX3ILAIDnfN6pLtZ/lx4m8GEG2q6leLBUn4mh2FXaQml+v3VgblLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXUZrrlQYrHwzNkpSU3zyzXNjVPMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQmRSbXV1VkJpc2ZETTJTbEpUZlBMTmMyTlU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3hZMA0G
CSqGSIb3DQEBCwUAA4IBAQAtdHuVy5pS1cxOVCAXWTvvZtzgqcRfRnvn1wXpfoYl
DMAnxuG/XHFoVy2zQaZ38tKijDDAp402MpnZlNkv/YlCvhG3CiRFhOoPdFzTbGmU
HCeshZRs5mrqgihq2NwR9HV8TUkw/7PfjrcLacXHnQuVqiJpq5rUlQvDYfvqqfh/
dm34LCExOaGJtZtW+V9d+vcAWf2MOO4MitBQh0RDinHjQHmxENaLw8D606h/R1SL
pC/19Z0kyiaCjsAUKGSvA7J4EbVp4EJa+35JfMxsiYjeLoieVF90V9Qr47pn9D7r
kN8jptM97Loqh+umCb8YSokpzZ/AxVPpNawIJeumiQVf
-----END CERTIFICATE-----