Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/bzGs0AfDNETTzCPGuhNEtlqP4Lk.roa
File:                     bzGs0AfDNETTzCPGuhNEtlqP4Lk.roa (raw, json)
Hash identifier:          W1PVimH7iIBpOpHAPclX+yhqZLE6KhqWf6pI/1uvpY0=
Subject key identifier:   6F:31:AC:D0:07:C3:34:44:D3:CC:23:C6:BA:13:44:B6:5A:8F:E0:B9
Certificate issuer:       /CN=145ceb292089e0df75719db3e96c509754f94837
Certificate serial:       0198E09C1DC34D524BDEC11E3C63808090D3
Authority key identifier: 14:5C:EB:29:20:89:E0:DF:75:71:9D:B3:E9:6C:50:97:54:F9:48:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/bzGs0AfDNETTzCPGuhNEtlqP4Lk.roa
Signing time:             Mon 25 Aug 2025 09:43:04 +0000
ROA not before:           Mon 25 Aug 2025 09:43:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48934
IP address blocks:        185.178.248.0/24 maxlen: 24
                          185.178.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e0:9c:1d:c3:4d:52:4b:de:c1:1e:3c:63:80:80:90:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=145ceb292089e0df75719db3e96c509754f94837
        Validity
            Not Before: Aug 25 09:43:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f31acd007c33444d3cc23c6ba1344b65a8fe0b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fc:88:28:aa:2e:85:4a:41:79:03:a4:7c:38:
                    10:c7:44:5c:21:cd:c0:bf:24:53:92:9d:bb:e3:15:
                    52:ad:f5:9b:80:fb:10:f4:46:85:8f:ff:38:a0:f8:
                    ab:d0:e5:1e:f2:6d:23:92:ec:33:ca:c7:ad:27:17:
                    b8:2a:b7:7b:7a:0b:ef:8d:9c:90:33:ae:35:b2:4d:
                    c0:45:a3:40:28:dc:a6:a2:f9:ff:d0:7f:0c:25:2d:
                    4f:0a:24:6d:1f:90:56:38:11:11:a2:7d:69:5d:12:
                    b0:59:1f:70:8d:63:36:48:23:0a:c2:e0:d9:18:74:
                    3e:86:9a:06:f9:f3:a7:cc:08:d4:aa:90:54:c6:39:
                    49:2b:77:29:1e:7f:e6:33:3e:31:ae:86:ff:a3:62:
                    b0:2f:e8:b3:98:95:93:4d:97:09:91:25:12:85:0a:
                    f2:76:eb:f8:9c:7c:19:94:c6:99:7d:91:ca:e6:04:
                    07:e2:cc:f2:89:e1:94:24:13:00:18:a8:55:d9:f8:
                    27:23:e7:54:db:7d:38:a1:fc:47:c2:b4:66:06:44:
                    40:a7:84:6d:b3:eb:c1:c1:bc:1b:a6:59:21:0d:3d:
                    51:1c:71:f5:75:0c:5c:a2:78:52:88:a0:4b:cf:69:
                    c5:5e:64:37:5c:dc:79:fb:f1:5f:c8:78:39:a7:66:
                    2a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:31:AC:D0:07:C3:34:44:D3:CC:23:C6:BA:13:44:B6:5A:8F:E0:B9
            X509v3 Authority Key Identifier:
                keyid:14:5C:EB:29:20:89:E0:DF:75:71:9D:B3:E9:6C:50:97:54:F9:48:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/bzGs0AfDNETTzCPGuhNEtlqP4Lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/c71fde-3ef2-4bf7-8641-12719c261cc0/1/FFzrKSCJ4N91cZ2z6WxQl1T5SDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:0c:22:76:1e:a7:bb:f9:ac:ed:bd:10:0b:97:c3:4b:04:45:
         d1:01:f5:b4:04:3c:b7:d3:52:27:a5:d5:d5:60:a3:13:56:06:
         0e:a3:79:c4:16:af:1f:d1:9b:4f:24:8e:9b:5a:92:30:fd:59:
         79:af:05:8b:e0:12:e0:b2:56:1d:26:f0:55:c3:45:4f:a8:6d:
         4c:32:db:26:8c:76:59:bc:a0:7c:6f:61:c5:8a:88:02:0f:d2:
         9d:d6:b8:5c:bf:32:01:d7:c1:b5:30:8d:4a:b6:ac:09:2e:16:
         4b:cc:25:9b:0c:1a:ec:9b:a8:c6:bc:2b:e5:b1:9a:0c:75:43:
         20:3b:9f:0c:41:56:c7:0e:2b:90:fc:4b:35:10:24:7d:0a:05:
         cc:0e:c0:31:88:fa:06:7e:7d:c3:11:f6:9b:81:6e:d5:f7:48:
         ed:40:f8:e0:77:86:ef:64:48:ce:4e:e3:a0:f5:04:6e:b7:86:
         ee:0d:0a:b0:a0:7e:c1:29:6d:fb:84:b8:42:72:a1:c5:ab:b8:
         b0:7b:9e:5d:d9:d3:0a:c7:eb:ac:ff:b8:3b:e4:ed:d2:18:72:
         83:6d:aa:6c:5c:80:d5:b7:f3:a2:89:aa:07:6c:6b:7d:74:95:
         0d:c4:ca:e0:a5:d2:1e:02:2a:87:a9:40:98:d9:94:89:c4:66:
         8a:7f:6b:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjgnB3DTVJL3sEePGOAgJDTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NWNlYjI5MjA4OWUwZGY3NTcxOWRiM2U5NmM1MDk3NTRm
OTQ4MzcwHhcNMjUwODI1MDk0MzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjMxYWNkMDA3YzMzNDQ0ZDNjYzIzYzZiYTEzNDRiNjVhOGZlMGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvyIKKouhUpBeQOkfDgQx0RcIc3A
vyRTkp274xVSrfWbgPsQ9EaFj/84oPir0OUe8m0jkuwzysetJxe4Krd7egvvjZyQ
M641sk3ARaNAKNymovn/0H8MJS1PCiRtH5BWOBERon1pXRKwWR9wjWM2SCMKwuDZ
GHQ+hpoG+fOnzAjUqpBUxjlJK3cpHn/mMz4xrob/o2KwL+izmJWTTZcJkSUShQry
duv4nHwZlMaZfZHK5gQH4szyieGUJBMAGKhV2fgnI+dU2304ofxHwrRmBkRAp4Rt
s+vBwbwbplkhDT1RHHH1dQxconhSiKBLz2nFXmQ3XNx5+/FfyHg5p2YqVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8xrNAHwzRE08wjxroTRLZaj+C5MB8GA1UdIwQY
MBaAFBRc6ykgieDfdXGds+lsUJdU+Ug3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkZ6cktTQ0o0TjkxY1oyejZXeFFsMVQ1U0RjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9jNzFmZGUtM2VmMi00YmY3LTg2NDEt
MTI3MTljMjYxY2MwLzEvYnpHczBBZkRORVRUekNQR3VoTkV0bHFQNExrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9jNzFmZGUtM2VmMi00YmY3LTg2NDEtMTI3MTljMjYxY2Mw
LzEvRkZ6cktTQ0o0TjkxY1oyejZXeFFsMVQ1U0RjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubL4MA0G
CSqGSIb3DQEBCwUAA4IBAQCcDCJ2Hqe7+aztvRALl8NLBEXRAfW0BDy301InpdXV
YKMTVgYOo3nEFq8f0ZtPJI6bWpIw/Vl5rwWL4BLgslYdJvBVw0VPqG1MMtsmjHZZ
vKB8b2HFiogCD9Kd1rhcvzIB18G1MI1KtqwJLhZLzCWbDBrsm6jGvCvlsZoMdUMg
O58MQVbHDiuQ/Es1ECR9CgXMDsAxiPoGfn3DEfabgW7V90jtQPjgd4bvZEjOTuOg
9QRut4buDQqwoH7BKW37hLhCcqHFq7iwe55d2dMKx+us/7g75O3SGHKDbapsXIDV
t/OiiaoHbGt9dJUNxMrgpdIeAiqHqUCY2ZSJxGaKf2vM
-----END CERTIFICATE-----