Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/bfi17XKfoQv_Pklhy_iWS-yvXWo.roa
File:                     bfi17XKfoQv_Pklhy_iWS-yvXWo.roa (raw, json)
Hash identifier:          05HfZ+6uBWn/eosoqV+13/r9i72s/MRFf2Ny+SGpO7c=
Subject key identifier:   6D:F8:B5:ED:72:9F:A1:0B:FF:3E:49:61:CB:F8:96:4B:EC:AF:5D:6A
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       01979E782601B6C1BDBE84810FA259A9180F
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/bfi17XKfoQv_Pklhy_iWS-yvXWo.roa
Signing time:             Mon 23 Jun 2025 20:26:03 +0000
ROA not before:           Mon 23 Jun 2025 20:26:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        45.11.188.0/24 maxlen: 24
                          188.209.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9e:78:26:01:b6:c1:bd:be:84:81:0f:a2:59:a9:18:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jun 23 20:26:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6df8b5ed729fa10bff3e4961cbf8964becaf5d6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e0:a7:80:37:4e:37:5a:b3:11:13:62:55:9a:
                    36:30:99:ad:36:90:52:52:da:3d:e6:9d:d3:1c:06:
                    fd:89:dc:bb:ca:fb:ff:e4:a7:68:03:b0:14:38:d3:
                    fe:d8:a9:e1:31:31:c6:41:89:bc:02:39:c6:32:55:
                    75:df:94:b7:92:53:74:39:c2:2a:d6:b5:6e:cd:c8:
                    91:5f:eb:ea:7d:f0:66:ef:50:a7:12:c9:dd:75:c4:
                    33:4e:dd:5d:43:2e:66:8d:c5:df:a5:63:59:f3:82:
                    96:d5:86:00:4a:46:a1:22:45:12:54:6b:a3:23:96:
                    3c:63:03:7e:1f:55:36:49:2b:54:60:db:82:a9:92:
                    2d:b2:ee:cf:70:5a:e4:68:b9:9c:36:f1:9f:d4:cf:
                    a4:d3:a3:a8:31:d4:e1:58:f6:59:94:e9:59:78:88:
                    68:f0:89:6a:35:72:2d:2d:38:4f:be:3d:52:91:a4:
                    bd:1c:2d:04:69:7b:63:f7:f9:a3:5c:1b:82:62:25:
                    d6:09:00:96:49:25:89:b3:bf:bd:d9:e0:cc:81:c0:
                    87:44:39:ef:e0:63:9f:f9:a1:3c:ed:7a:d6:e7:7f:
                    3f:c4:4f:af:d3:91:30:5e:60:9c:18:b9:d2:9a:cd:
                    6e:03:ac:bb:c6:53:0a:56:a0:c7:01:f7:9e:21:e0:
                    b8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F8:B5:ED:72:9F:A1:0B:FF:3E:49:61:CB:F8:96:4B:EC:AF:5D:6A
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/bfi17XKfoQv_Pklhy_iWS-yvXWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.188.0/24
                  188.209.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:ff:b9:c1:82:a9:15:31:a3:65:9c:4a:80:c4:8a:21:48:40:
         74:0a:75:68:b1:3e:34:90:d3:0e:5b:0e:dc:4e:c0:2d:c8:2b:
         dc:07:1f:ba:5e:77:dd:2d:e5:a0:7d:05:9e:30:77:07:72:b6:
         6f:2f:cc:35:68:b9:07:76:a9:07:01:fd:f6:02:43:4e:6f:42:
         66:49:eb:5e:08:ef:b6:19:c3:b0:bb:ca:44:95:c6:7b:ca:c6:
         ad:5f:9e:73:ac:d6:b9:5a:28:de:57:53:25:07:f4:f6:ed:67:
         ea:c8:0c:7a:24:df:67:eb:bf:54:50:10:5f:29:c6:82:72:b4:
         ab:00:bf:a8:9f:39:37:af:e8:01:34:13:2e:ab:ae:d4:0f:5e:
         bf:20:d9:16:c8:cb:72:a2:b3:bb:30:46:a6:08:9b:78:b6:96:
         cf:84:2c:28:04:ac:b4:4b:3f:17:13:06:1d:7e:01:d8:4c:07:
         05:74:d5:71:09:90:d9:d1:88:9a:4d:ac:74:26:c0:ec:04:8f:
         06:b7:96:b0:d5:ce:c9:a0:b1:ea:e8:9a:22:82:97:e8:8a:b3:
         e8:73:66:e7:89:5f:7a:6a:36:d1:0d:9d:5b:63:02:13:a9:2f:
         21:b2:47:0e:76:38:7b:c4:cf:89:d6:36:4d:24:85:6b:64:7e:
         f9:58:09:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeeeCYBtsG9voSBD6JZqRgPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNjIzMjAyNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGY4YjVlZDcyOWZhMTBiZmYzZTQ5NjFjYmY4OTY0YmVjYWY1ZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouCngDdON1qzERNiVZo2MJmtNpBS
Uto95p3THAb9idy7yvv/5KdoA7AUONP+2KnhMTHGQYm8AjnGMlV135S3klN0OcIq
1rVuzciRX+vqffBm71CnEsnddcQzTt1dQy5mjcXfpWNZ84KW1YYASkahIkUSVGuj
I5Y8YwN+H1U2SStUYNuCqZItsu7PcFrkaLmcNvGf1M+k06OoMdThWPZZlOlZeIho
8IlqNXItLThPvj1SkaS9HC0EaXtj9/mjXBuCYiXWCQCWSSWJs7+92eDMgcCHRDnv
4GOf+aE87XrW538/xE+v05EwXmCcGLnSms1uA6y7xlMKVqDHAfeeIeC4bQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG34te1yn6EL/z5JYcv4lkvsr11qMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvYmZpMTdYS2ZvUXZfUGtsaHlfaVdTLXl2WFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQu8AwQA
vNGEMA0GCSqGSIb3DQEBCwUAA4IBAQAw/7nBgqkVMaNlnEqAxIohSEB0CnVosT40
kNMOWw7cTsAtyCvcBx+6XnfdLeWgfQWeMHcHcrZvL8w1aLkHdqkHAf32AkNOb0Jm
SeteCO+2GcOwu8pElcZ7ysatX55zrNa5WijeV1MlB/T27WfqyAx6JN9n679UUBBf
KcaCcrSrAL+onzk3r+gBNBMuq67UD16/INkWyMtyorO7MEamCJt4tpbPhCwoBKy0
Sz8XEwYdfgHYTAcFdNVxCZDZ0YiaTax0JsDsBI8Gt5aw1c7JoLHq6JoigpfoirPo
c2bniV96ajbRDZ1bYwITqS8hskcOdjh7xM+J1jZNJIVrZH75WAkb
-----END CERTIFICATE-----