Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/bkj_9Heh0C9FpUqLrf65_9tMX1o.roa
File:                     bkj_9Heh0C9FpUqLrf65_9tMX1o.roa (raw, json)
Hash identifier:          bkX0VT2UTOwEY8RRSJ6fL2Rs1tekiUyjrTzbnadeNds=
Subject key identifier:   6E:48:FF:F4:77:A1:D0:2F:45:A5:4A:8B:AD:FE:B9:FF:DB:4C:5F:5A
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       01989EFF3EBE49DC3AB2C65D91D9ED00C0FD
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/bkj_9Heh0C9FpUqLrf65_9tMX1o.roa
Signing time:             Tue 12 Aug 2025 15:56:24 +0000
ROA not before:           Tue 12 Aug 2025 15:56:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205634
IP address blocks:        188.209.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 03:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9e:ff:3e:be:49:dc:3a:b2:c6:5d:91:d9:ed:00:c0:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Aug 12 15:56:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e48fff477a1d02f45a54a8badfeb9ffdb4c5f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f0:45:39:03:33:12:f0:c2:02:21:92:f2:ab:
                    d0:ef:0a:7c:d8:f8:cb:e0:63:37:78:f9:17:cb:43:
                    08:97:59:16:ba:a8:13:38:c0:26:bc:15:8f:ae:d2:
                    d7:1b:8a:fd:b7:6d:bc:59:7d:1e:f8:ec:ae:38:2d:
                    66:cc:4a:a5:e5:06:62:1c:f4:94:86:7d:8f:20:c7:
                    6f:7c:70:e9:70:50:50:18:dd:51:5e:ab:93:a0:4f:
                    48:e1:5b:3b:8d:5b:d3:3f:a5:8c:8d:c1:be:9c:de:
                    37:d6:d7:94:ae:e8:97:1c:1f:bc:3f:66:7f:66:c9:
                    ec:0e:af:68:1d:2f:bf:ed:7f:35:7b:04:c8:e9:ab:
                    53:cf:76:c5:0e:af:34:62:d7:cd:26:4c:56:a2:14:
                    9b:71:30:91:5b:3c:35:c5:0d:c8:65:e0:92:06:f3:
                    bd:4e:0a:ea:24:b6:ac:bd:d6:75:87:a1:1c:3c:89:
                    1c:fd:96:9c:32:a6:e0:15:f9:86:60:81:c6:ea:f9:
                    8a:cb:92:09:77:74:41:b5:5f:a8:b0:31:f0:13:a2:
                    f2:c0:68:dd:4e:1b:d3:83:82:b7:c5:27:ba:0c:ab:
                    c0:c2:51:fa:5d:cb:ca:5d:eb:14:da:7a:57:f2:06:
                    d2:1a:0d:08:1c:7a:84:6d:ec:df:25:a0:ee:19:ca:
                    31:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:48:FF:F4:77:A1:D0:2F:45:A5:4A:8B:AD:FE:B9:FF:DB:4C:5F:5A
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/bkj_9Heh0C9FpUqLrf65_9tMX1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:ac:1a:48:3e:85:91:67:07:72:5d:74:45:f1:71:41:9b:88:
         11:a3:33:b7:c6:11:89:1f:69:a8:a3:ff:e3:15:48:82:dc:4a:
         8a:27:8e:08:ba:a3:de:f8:3e:ff:4b:03:0e:ac:45:f7:64:34:
         c8:02:53:a6:0f:56:e6:b7:5f:35:36:53:ef:e2:15:ad:b1:3e:
         4b:b8:d6:10:3c:d3:ae:ba:fb:15:2b:c2:59:b8:52:35:35:ef:
         05:e4:1d:9c:40:d6:02:09:7e:2e:68:ab:fa:e8:f1:f3:f4:d2:
         f6:2e:64:18:4a:b7:1f:da:56:95:72:fc:f6:8a:e6:46:55:f7:
         8a:b1:14:c1:b8:25:59:0a:21:51:04:9e:9b:0c:96:e5:e0:81:
         0b:41:87:66:c6:5a:d3:12:43:3c:8e:8b:59:f8:75:4a:b9:c6:
         9b:af:63:82:00:76:f8:fa:1f:db:83:0e:28:df:c2:4b:0f:a0:
         f5:0b:72:6a:cb:57:37:4b:bc:19:5a:10:92:83:9c:ee:de:7e:
         ac:56:0a:f2:47:9c:c7:8a:d4:95:a3:ee:57:1d:12:dd:37:b6:
         6c:ab:08:3f:32:fa:13:dc:9e:d3:08:a0:a2:6b:d2:19:81:3d:
         cd:4c:bc:45:59:1b:ce:86:bc:9f:bb:38:fe:99:38:60:81:a3:
         3b:45:cb:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZie/z6+Sdw6ssZdkdntAMD9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwODEyMTU1NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTQ4ZmZmNDc3YTFkMDJmNDVhNTRhOGJhZGZlYjlmZmRiNGM1ZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPBFOQMzEvDCAiGS8qvQ7wp82PjL
4GM3ePkXy0MIl1kWuqgTOMAmvBWPrtLXG4r9t228WX0e+OyuOC1mzEql5QZiHPSU
hn2PIMdvfHDpcFBQGN1RXquToE9I4Vs7jVvTP6WMjcG+nN431teUruiXHB+8P2Z/
ZsnsDq9oHS+/7X81ewTI6atTz3bFDq80YtfNJkxWohSbcTCRWzw1xQ3IZeCSBvO9
TgrqJLasvdZ1h6EcPIkc/ZacMqbgFfmGYIHG6vmKy5IJd3RBtV+osDHwE6LywGjd
ThvTg4K3xSe6DKvAwlH6XcvKXesU2npX8gbSGg0IHHqEbezfJaDuGcoxHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5I//R3odAvRaVKi63+uf/bTF9aMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvYmtqXzlIZWgwQzlGcFVxTHJmNjVfOXRNWDFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGDMA0G
CSqGSIb3DQEBCwUAA4IBAQCwrBpIPoWRZwdyXXRF8XFBm4gRozO3xhGJH2moo//j
FUiC3EqKJ44IuqPe+D7/SwMOrEX3ZDTIAlOmD1bmt181NlPv4hWtsT5LuNYQPNOu
uvsVK8JZuFI1Ne8F5B2cQNYCCX4uaKv66PHz9NL2LmQYSrcf2laVcvz2iuZGVfeK
sRTBuCVZCiFRBJ6bDJbl4IELQYdmxlrTEkM8jotZ+HVKucabr2OCAHb4+h/bgw4o
38JLD6D1C3Jqy1c3S7wZWhCSg5zu3n6sVgryR5zHitSVo+5XHRLdN7Zsqwg/MvoT
3J7TCKCia9IZgT3NTLxFWRvOhryfuzj+mThggaM7Rcvt
-----END CERTIFICATE-----