Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/bZqocWZwcU5ZaTTgVW1c4s9fiMo.roa
File:                     bZqocWZwcU5ZaTTgVW1c4s9fiMo.roa (raw, json)
Hash identifier:          V7YCD7e4GhCq4YTEJi9oA8hOwYBama0jJDytOGcYv1s=
Subject key identifier:   6D:9A:A8:71:66:70:71:4E:59:69:34:E0:55:6D:5C:E2:CF:5F:88:CA
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       0198CF2104AECAAB4E714CB704EB63F97B81
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/bZqocWZwcU5ZaTTgVW1c4s9fiMo.roa
Signing time:             Fri 22 Aug 2025 00:15:04 +0000
ROA not before:           Fri 22 Aug 2025 00:15:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        86.110.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cf:21:04:ae:ca:ab:4e:71:4c:b7:04:eb:63:f9:7b:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Aug 22 00:15:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d9aa8716670714e596934e0556d5ce2cf5f88ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d0:e4:56:54:0b:1e:77:79:5f:6a:cf:d9:b1:
                    48:29:85:19:bd:05:14:c0:dc:2f:09:3c:6e:1c:cd:
                    8b:04:3c:62:19:f8:5d:d3:64:21:bc:2a:4e:93:9f:
                    25:88:69:9a:fe:17:ef:f5:27:8f:72:cf:54:dc:6c:
                    3d:03:ba:6d:50:cf:e2:4e:60:a7:f7:94:30:67:72:
                    38:c8:cc:e1:af:7c:20:02:da:b3:ad:5d:14:ea:c5:
                    dd:1f:40:9a:42:7c:20:c1:15:46:f4:ec:88:a7:de:
                    6d:e4:0f:2a:8a:5d:c3:24:20:30:b2:56:cb:3d:30:
                    a3:86:33:f6:0b:02:5d:01:3f:ee:7b:a7:08:e1:aa:
                    76:98:e2:88:8f:c6:a6:77:f9:48:ed:e0:75:e3:0c:
                    73:e2:b6:f5:59:92:17:10:0d:a6:42:4a:29:da:a1:
                    12:a1:6b:85:0e:89:ac:9a:cf:8e:23:fe:80:d6:71:
                    db:e1:6d:3c:e1:59:75:00:7f:b5:74:cc:bb:61:d6:
                    ca:e8:fd:ed:45:91:69:a8:97:42:c9:ae:86:54:d8:
                    27:49:b8:50:a2:05:96:32:84:03:1f:26:dd:91:97:
                    10:c5:b7:29:3d:d4:c1:57:3b:b3:3c:a6:e7:e7:49:
                    01:a7:1a:c7:c6:f2:b8:43:0f:4e:8c:d5:cc:7f:75:
                    1b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:9A:A8:71:66:70:71:4E:59:69:34:E0:55:6D:5C:E2:CF:5F:88:CA
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/bZqocWZwcU5ZaTTgVW1c4s9fiMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:ef:75:9e:f7:2f:31:a4:40:48:f1:a1:e8:cc:43:ef:99:72:
         56:98:3b:f4:1f:62:f4:5f:06:79:70:b3:91:8d:9e:22:66:45:
         61:14:dd:61:e0:b1:d1:ab:ce:0e:99:79:c9:95:7e:9e:24:45:
         15:c8:b9:8b:7f:58:85:eb:ca:44:8c:ad:e2:b5:a2:f0:bf:da:
         b3:4e:bc:05:1e:a6:c4:55:72:ad:9c:c1:6f:d1:58:54:bd:67:
         d3:7a:a1:3a:b1:05:e6:80:fb:37:11:61:56:8f:35:38:d7:8b:
         26:65:0d:65:a2:4c:fa:05:06:b0:12:c6:ed:af:cd:e6:8e:dd:
         04:7a:5c:1d:99:8d:e1:14:8f:a0:53:e4:34:7c:d8:d4:5d:ba:
         e0:e4:60:07:01:37:6a:df:b8:30:13:c8:c2:a0:ed:38:09:36:
         1f:6e:41:24:0c:83:71:3a:81:96:98:18:bd:01:e5:c2:7c:3c:
         aa:8c:02:fe:24:81:1c:ea:aa:e9:1a:7f:5b:b2:68:c0:38:a1:
         d1:95:df:12:92:24:b2:a6:43:65:92:e2:2f:c5:46:6b:e2:63:
         36:95:8a:c6:07:1e:45:06:d3:2a:45:cb:a5:be:39:8c:0a:15:
         89:8e:3a:ee:c3:31:0b:5f:3d:cb:e5:5d:a5:4e:47:e5:d4:55:
         2a:46:a3:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjPIQSuyqtOcUy3BOtj+XuBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwODIyMDAxNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDlhYTg3MTY2NzA3MTRlNTk2OTM0ZTA1NTZkNWNlMmNmNWY4OGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtDkVlQLHnd5X2rP2bFIKYUZvQUU
wNwvCTxuHM2LBDxiGfhd02QhvCpOk58liGma/hfv9SePcs9U3Gw9A7ptUM/iTmCn
95QwZ3I4yMzhr3wgAtqzrV0U6sXdH0CaQnwgwRVG9OyIp95t5A8qil3DJCAwslbL
PTCjhjP2CwJdAT/ue6cI4ap2mOKIj8amd/lI7eB14wxz4rb1WZIXEA2mQkop2qES
oWuFDomsms+OI/6A1nHb4W084Vl1AH+1dMy7YdbK6P3tRZFpqJdCya6GVNgnSbhQ
ogWWMoQDHybdkZcQxbcpPdTBVzuzPKbn50kBpxrHxvK4Qw9OjNXMf3UbIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2aqHFmcHFOWWk04FVtXOLPX4jKMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvYlpxb2NXWndjVTVaYVRUZ1ZXMWM0czlmaU1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm45MA0G
CSqGSIb3DQEBCwUAA4IBAQAY73We9y8xpEBI8aHozEPvmXJWmDv0H2L0XwZ5cLOR
jZ4iZkVhFN1h4LHRq84OmXnJlX6eJEUVyLmLf1iF68pEjK3itaLwv9qzTrwFHqbE
VXKtnMFv0VhUvWfTeqE6sQXmgPs3EWFWjzU414smZQ1lokz6BQawEsbtr83mjt0E
elwdmY3hFI+gU+Q0fNjUXbrg5GAHATdq37gwE8jCoO04CTYfbkEkDINxOoGWmBi9
AeXCfDyqjAL+JIEc6qrpGn9bsmjAOKHRld8SkiSypkNlkuIvxUZr4mM2lYrGBx5F
BtMqRculvjmMChWJjjruwzELXz3L5V2lTkfl1FUqRqMn
-----END CERTIFICATE-----