Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/BBRnV36CcsHOLAvlulrmvUPfvK4.roa
File:                     BBRnV36CcsHOLAvlulrmvUPfvK4.roa (raw, json)
Hash identifier:          LxdrvWjawJ1HMhiCScpKPkXLg4mcRUXpkR7Z2rL7A4o=
Subject key identifier:   04:14:67:57:7E:82:72:C1:CE:2C:0B:E5:BA:5A:E6:BD:43:DF:BC:AE
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0197878C88E87331F379C39406990D0F6E5D
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/BBRnV36CcsHOLAvlulrmvUPfvK4.roa
Signing time:             Thu 19 Jun 2025 09:37:03 +0000
ROA not before:           Thu 19 Jun 2025 09:37:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47690
IP address blocks:        194.153.252.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:87:8c:88:e8:73:31:f3:79:c3:94:06:99:0d:0f:6e:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jun 19 09:37:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=041467577e8272c1ce2c0be5ba5ae6bd43dfbcae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:da:2f:a1:68:66:9a:4e:60:d7:e3:c9:e4:bb:
                    64:b8:53:c2:71:4c:28:6b:aa:58:35:5d:a3:1c:33:
                    d0:a7:c8:89:77:86:73:a8:67:9e:1f:1b:b1:1f:87:
                    b2:07:d8:87:c9:8b:49:44:55:88:b9:71:19:4a:2f:
                    e1:30:a3:9e:2a:72:64:f5:14:46:09:4e:03:9c:b4:
                    38:5d:6d:a5:a0:7e:44:18:b7:f6:00:10:42:53:dc:
                    e1:08:ff:67:a2:ee:81:cf:55:67:be:ee:39:d6:85:
                    32:f5:ee:16:64:6f:fe:13:36:46:ba:71:18:29:0b:
                    a8:a8:6a:3d:0c:5a:13:cb:46:26:cf:f1:b6:7f:92:
                    07:e2:04:14:57:22:bc:78:d1:8a:08:cb:30:f4:d6:
                    9d:62:b0:88:2a:af:1a:a8:af:80:76:21:e3:86:21:
                    7f:79:dc:81:cc:69:6c:57:90:8d:60:09:85:97:c6:
                    37:78:f9:83:da:8e:c8:c4:ec:8e:d6:ad:74:6c:b6:
                    0f:ca:f8:d7:43:86:e8:b1:61:7b:92:b6:dd:55:bc:
                    e4:e2:4f:7b:42:e8:a9:f8:a2:af:33:b2:77:27:0d:
                    86:d4:7c:da:42:d7:ec:9c:ff:08:a4:2f:79:7a:69:
                    30:c0:5d:30:a5:27:0b:5e:a3:15:6d:8f:af:32:89:
                    b3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:14:67:57:7E:82:72:C1:CE:2C:0B:E5:BA:5A:E6:BD:43:DF:BC:AE
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/BBRnV36CcsHOLAvlulrmvUPfvK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:48:df:1d:0b:33:16:8b:1e:4e:23:b9:28:3e:de:74:5d:f6:
         51:1e:4c:7b:20:fc:08:0f:05:84:a6:d6:2d:a4:eb:90:df:96:
         14:7f:7c:ee:40:e1:91:46:d0:ae:3d:9e:07:d6:2f:dc:72:e9:
         75:03:58:43:1a:f9:f1:15:02:6a:f3:f6:a2:ba:cb:8b:b8:91:
         b1:83:7f:91:ae:a2:dd:8f:aa:c4:7d:b0:cb:6c:c4:ea:cd:e4:
         2c:f8:95:bb:a7:f4:e1:75:a7:40:ad:93:31:af:15:f5:a5:25:
         31:a3:b6:e8:65:3f:ac:3c:a0:8e:39:a8:10:6a:fa:d9:22:d7:
         c5:71:60:99:d7:e2:1f:d2:b7:f4:44:72:9e:d8:aa:a7:d9:12:
         6d:bd:bd:e9:3c:e4:cb:01:e2:2a:61:62:5e:83:49:2a:e6:68:
         4f:60:6c:f5:36:32:18:4a:55:2a:b1:f8:da:c3:51:d3:25:d1:
         bc:e7:04:c8:9f:eb:6c:ca:c6:ca:ab:7d:45:ca:68:92:64:58:
         13:73:14:e1:61:7a:87:f9:ed:44:f8:a4:21:46:01:0c:2c:15:
         28:00:a1:f8:ff:0f:cf:a3:a7:34:8c:34:b1:35:eb:6d:6d:59:
         53:3b:7e:0a:d4:88:cd:90:45:da:f5:21:55:ef:90:47:43:dd:
         db:dd:cb:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeHjIjoczHzecOUBpkND25dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwNjE5MDkzNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDE0Njc1NzdlODI3MmMxY2UyYzBiZTViYTVhZTZiZDQzZGZiY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tovoWhmmk5g1+PJ5LtkuFPCcUwo
a6pYNV2jHDPQp8iJd4ZzqGeeHxuxH4eyB9iHyYtJRFWIuXEZSi/hMKOeKnJk9RRG
CU4DnLQ4XW2loH5EGLf2ABBCU9zhCP9nou6Bz1Vnvu451oUy9e4WZG/+EzZGunEY
KQuoqGo9DFoTy0Ymz/G2f5IH4gQUVyK8eNGKCMsw9NadYrCIKq8aqK+AdiHjhiF/
edyBzGlsV5CNYAmFl8Y3ePmD2o7IxOyO1q10bLYPyvjXQ4bosWF7krbdVbzk4k97
Quip+KKvM7J3Jw2G1HzaQtfsnP8IpC95emkwwF0wpScLXqMVbY+vMomzvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQUZ1d+gnLBziwL5bpa5r1D37yuMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvQkJSblYzNkNjc0hPTEF2bHVscm12VVBmdks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpn8MA0G
CSqGSIb3DQEBCwUAA4IBAQBNSN8dCzMWix5OI7koPt50XfZRHkx7IPwIDwWEptYt
pOuQ35YUf3zuQOGRRtCuPZ4H1i/ccul1A1hDGvnxFQJq8/aiusuLuJGxg3+RrqLd
j6rEfbDLbMTqzeQs+JW7p/ThdadArZMxrxX1pSUxo7boZT+sPKCOOagQavrZItfF
cWCZ1+If0rf0RHKe2Kqn2RJtvb3pPOTLAeIqYWJeg0kq5mhPYGz1NjIYSlUqsfja
w1HTJdG85wTIn+tsysbKq31FymiSZFgTcxThYXqH+e1E+KQhRgEMLBUoAKH4/w/P
o6c0jDSxNettbVlTO34K1IjNkEXa9SFV75BHQ93b3csJ
-----END CERTIFICATE-----