Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/BJCX_WggKmBE3-H5I34ldv6fLZ0.roa
File:                     BJCX_WggKmBE3-H5I34ldv6fLZ0.roa (raw, json)
Hash identifier:          ZCzS0PTX3qe/6sYXUo5G6g055d8TtdLeIKIWCmgswxk=
Subject key identifier:   04:90:97:FD:68:20:2A:60:44:DF:E1:F9:23:7E:25:76:FE:9F:2D:9D
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01977DB8E55D0EECA47378B6DB51E0F46AC9
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/BJCX_WggKmBE3-H5I34ldv6fLZ0.roa
Signing time:             Tue 17 Jun 2025 11:49:18 +0000
ROA not before:           Tue 17 Jun 2025 11:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206847
IP address blocks:        2a10:b40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:b8:e5:5d:0e:ec:a4:73:78:b6:db:51:e0:f4:6a:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 17 11:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=049097fd68202a6044dfe1f9237e2576fe9f2d9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e3:e5:98:0e:9c:ae:9f:5a:18:01:54:d2:f6:
                    9e:58:77:26:e1:2b:fb:fa:5c:b1:e3:36:25:24:88:
                    7a:33:15:72:1a:e0:8f:e5:13:71:28:6a:13:6f:5a:
                    1b:71:72:23:62:bc:97:61:5d:2d:65:eb:79:b3:6f:
                    e2:ec:3e:1f:29:0c:0a:b8:b6:09:2c:dc:a0:f2:d3:
                    68:37:3e:07:b0:f9:fb:8c:7b:26:90:fc:ad:d1:05:
                    f7:a9:be:2e:6b:3e:ca:0d:30:bb:26:8f:b7:eb:2b:
                    46:ee:36:95:ca:7b:4d:bb:5e:e4:fa:eb:ba:fc:5e:
                    e4:73:29:99:2b:18:9d:56:16:7c:02:90:0e:8c:ff:
                    43:32:3d:18:47:e6:38:78:98:f2:6f:b8:b0:29:77:
                    aa:3b:8a:47:c8:0c:66:f6:ee:32:6d:94:50:ab:9c:
                    a4:0f:79:92:62:1a:f0:2d:2d:38:12:15:1c:a7:80:
                    01:9c:30:50:00:fa:4b:ab:7c:b8:ed:bb:f1:77:b1:
                    26:68:d3:be:b4:70:db:7a:de:a3:3b:03:69:af:9f:
                    e5:fe:29:c6:cc:32:29:21:82:4a:a5:0d:c2:4d:8c:
                    d2:15:1f:6f:4f:7c:a3:c6:fd:ab:eb:2a:90:61:db:
                    17:dd:ec:b9:57:02:18:22:23:3d:f3:df:c6:24:cc:
                    41:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:90:97:FD:68:20:2A:60:44:DF:E1:F9:23:7E:25:76:FE:9F:2D:9D
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/BJCX_WggKmBE3-H5I34ldv6fLZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         ca:51:9c:e0:f6:35:ba:78:e9:1e:85:eb:e3:5c:4f:9a:a8:87:
         14:21:9d:86:cf:26:e3:25:64:a7:29:76:d5:e4:7f:f9:7a:7e:
         6e:9f:98:b9:17:3f:3d:2b:30:ce:ac:23:cb:39:b8:e2:a5:a3:
         82:76:b2:f4:7f:19:45:1c:8e:49:30:74:a3:15:51:d1:36:f2:
         6a:6e:3d:21:50:01:c1:35:05:9c:cc:b2:f2:60:60:f2:ee:c1:
         15:0d:d5:7b:0f:8d:1f:18:24:c7:ee:c3:e3:e4:5e:00:0e:99:
         3b:12:5a:4e:aa:6c:68:92:47:f4:f2:de:8f:9d:e7:f4:6a:c8:
         64:25:b9:2f:49:82:56:8a:dc:12:18:44:91:dc:27:b8:19:1e:
         ea:98:cf:c4:de:ac:b5:49:b7:83:0c:2e:84:22:81:74:b0:5f:
         3a:32:c1:61:9e:1c:03:07:ab:c3:ba:0d:32:ac:46:b2:1a:68:
         bf:44:d3:cd:78:d6:a5:f6:57:a8:ad:db:a1:4d:15:49:b0:39:
         5b:f3:f0:80:61:41:94:0e:e3:8c:2e:c0:de:00:ea:8e:40:19:
         e8:5f:45:7d:f7:6c:3c:95:f9:22:e4:3f:1e:d7:2e:9e:3d:c9:
         75:f0:a0:71:ec:d6:af:cb:cd:a8:7d:77:dc:25:b4:48:01:3c:
         0c:21:1c:0a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd9uOVdDuykc3i221Hg9GrJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjE3MTE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDkwOTdmZDY4MjAyYTYwNDRkZmUxZjkyMzdlMjU3NmZlOWYyZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmePlmA6crp9aGAFU0vaeWHcm4Sv7
+lyx4zYlJIh6MxVyGuCP5RNxKGoTb1obcXIjYryXYV0tZet5s2/i7D4fKQwKuLYJ
LNyg8tNoNz4HsPn7jHsmkPyt0QX3qb4uaz7KDTC7Jo+36ytG7jaVyntNu17k+uu6
/F7kcymZKxidVhZ8ApAOjP9DMj0YR+Y4eJjyb7iwKXeqO4pHyAxm9u4ybZRQq5yk
D3mSYhrwLS04EhUcp4ABnDBQAPpLq3y47bvxd7EmaNO+tHDbet6jOwNpr5/l/inG
zDIpIYJKpQ3CTYzSFR9vT3yjxv2r6yqQYdsX3ey5VwIYIiM989/GJMxBcQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFASQl/1oICpgRN/h+SN+JXb+ny2dMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvQkpDWF9XZ2dLbUJFMy1INUkzNGxkdjZmTFowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhALQDAN
BgkqhkiG9w0BAQsFAAOCAQEAylGc4PY1unjpHoXr41xPmqiHFCGdhs8m4yVkpyl2
1eR/+Xp+bp+YuRc/PSswzqwjyzm44qWjgnay9H8ZRRyOSTB0oxVR0Tbyam49IVAB
wTUFnMyy8mBg8u7BFQ3Vew+NHxgkx+7D4+ReAA6ZOxJaTqpsaJJH9PLej53n9GrI
ZCW5L0mCVorcEhhEkdwnuBke6pjPxN6stUm3gwwuhCKBdLBfOjLBYZ4cAwerw7oN
MqxGshpov0TTzXjWpfZXqK3boU0VSbA5W/PwgGFBlA7jjC7A3gDqjkAZ6F9Fffds
PJX5IuQ/Htcunj3JdfCgcezWr8vNqH133CW0SAE8DCEcCg==
-----END CERTIFICATE-----