Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/BAZWjGnwweih0pXce4sAkugOXH0.roa
File:                     BAZWjGnwweih0pXce4sAkugOXH0.roa (raw, json)
Hash identifier:          wLtap3DM6MAd1u0yMxiHYYw08bpxdRi/RILeeo67uB4=
Subject key identifier:   04:06:56:8C:69:F0:C1:E8:A1:D2:95:DC:7B:8B:00:92:E8:0E:5C:7D
Certificate issuer:       /CN=3188fae3ebbb3d74feeddcf507f83e67db8850a2
Certificate serial:       0199E32704DE8DEEEC60A8B6DCB19DDE844A
Authority key identifier: 31:88:FA:E3:EB:BB:3D:74:FE:ED:DC:F5:07:F8:3E:67:DB:88:50:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYj64-u7PXT-7dz1B_g-Z9uIUKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/BAZWjGnwweih0pXce4sAkugOXH0.roa
Signing time:             Tue 14 Oct 2025 14:36:49 +0000
ROA not before:           Tue 14 Oct 2025 14:36:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62313
IP address blocks:        185.141.200.0/22 maxlen: 24
                          185.168.0.0/22 maxlen: 22
                          185.188.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/MYj64-u7PXT-7dz1B_g-Z9uIUKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/MYj64-u7PXT-7dz1B_g-Z9uIUKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYj64-u7PXT-7dz1B_g-Z9uIUKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e3:27:04:de:8d:ee:ec:60:a8:b6:dc:b1:9d:de:84:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3188fae3ebbb3d74feeddcf507f83e67db8850a2
        Validity
            Not Before: Oct 14 14:36:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0406568c69f0c1e8a1d295dc7b8b0092e80e5c7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1c:88:cb:24:f9:9f:2f:ba:12:2f:75:38:e6:
                    76:3f:c8:99:fc:28:0c:08:b9:c5:b8:22:80:eb:44:
                    8c:12:99:91:fe:93:37:4e:11:ea:e6:72:1e:5d:25:
                    d5:fa:10:91:63:01:34:aa:70:e3:48:bb:47:2d:54:
                    78:06:18:54:9b:15:62:ec:0b:47:90:45:d8:5f:4d:
                    2f:3d:4c:5d:ac:5f:37:6c:f5:d2:af:2b:7e:84:21:
                    fa:36:45:ec:3f:07:e2:8d:af:d6:a0:ac:da:ca:23:
                    4a:17:47:a9:8e:d9:ee:32:9f:73:65:3f:13:6a:9a:
                    c2:36:b9:64:8b:57:7d:9d:c7:d8:35:82:9d:b4:d0:
                    f8:80:01:7e:1e:a0:b0:54:05:69:27:97:8c:d7:07:
                    1d:44:ee:dd:78:67:2b:5f:2b:47:e9:3a:f6:c4:8f:
                    97:1b:07:5a:b0:e2:9b:6f:e6:c2:b4:3e:59:18:f3:
                    40:6f:de:18:8d:40:b5:de:36:3f:7d:66:fc:ef:ac:
                    bb:6d:d7:f9:49:81:94:87:de:b4:6c:b8:78:d7:49:
                    11:ef:3a:2a:b6:32:56:50:f9:15:91:5a:32:b5:7c:
                    91:32:d3:68:a2:44:75:be:6f:3a:c6:8d:b7:24:05:
                    b4:76:a8:11:43:67:7d:f4:7c:03:bd:c5:e0:94:c9:
                    ec:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:06:56:8C:69:F0:C1:E8:A1:D2:95:DC:7B:8B:00:92:E8:0E:5C:7D
            X509v3 Authority Key Identifier:
                keyid:31:88:FA:E3:EB:BB:3D:74:FE:ED:DC:F5:07:F8:3E:67:DB:88:50:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYj64-u7PXT-7dz1B_g-Z9uIUKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/BAZWjGnwweih0pXce4sAkugOXH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/MYj64-u7PXT-7dz1B_g-Z9uIUKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.200.0/22
                  185.168.0.0/22
                  185.188.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:74:6f:fb:f6:70:8e:da:11:d4:d8:6f:9d:f1:ff:0c:22:d0:
         a2:93:23:f4:87:5b:c5:0c:ab:a5:48:58:e2:9e:7b:47:66:ea:
         57:9f:62:61:d2:d7:f5:8b:10:30:36:83:bc:d0:e7:98:a9:49:
         cc:76:cd:b6:63:7f:fe:eb:a9:f3:fc:a8:bd:50:a1:13:a1:39:
         76:8b:e6:d4:69:af:03:99:4d:37:13:8f:e5:12:d9:c7:d6:76:
         64:9e:29:58:ab:c5:bf:f8:96:99:b4:a7:2e:32:3c:b4:1e:be:
         1f:43:dd:25:c6:a7:e0:1f:13:4e:a6:64:48:6a:fe:04:f6:68:
         06:f4:59:bd:9b:a9:e7:4d:4b:d3:ad:36:66:1e:4e:ec:13:6d:
         a5:a6:38:29:7d:3d:43:62:43:31:dc:8e:b7:9f:f2:d6:13:d1:
         2d:81:a1:1b:2e:33:67:4d:88:7d:f1:7d:0a:bd:fa:fd:02:0a:
         8e:29:36:f8:19:e3:08:06:3f:94:d9:81:2a:f6:3e:53:69:f3:
         01:7b:cc:cb:a7:d2:84:53:98:02:fe:c3:54:e1:0c:ee:f8:78:
         f8:7a:92:6e:9c:da:c8:85:bc:45:82:5b:f3:1a:b2:c6:de:3a:
         d0:f1:fc:4f:c8:53:4c:8a:d0:8e:43:34:37:48:0a:e1:1f:5d:
         33:61:26:89
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnjJwTeje7sYKi23LGd3oRKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODhmYWUzZWJiYjNkNzRmZWVkZGNmNTA3ZjgzZTY3ZGI4
ODUwYTIwHhcNMjUxMDE0MTQzNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDA2NTY4YzY5ZjBjMWU4YTFkMjk1ZGM3YjhiMDA5MmU4MGU1YzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRyIyyT5ny+6Ei91OOZ2P8iZ/CgM
CLnFuCKA60SMEpmR/pM3ThHq5nIeXSXV+hCRYwE0qnDjSLtHLVR4BhhUmxVi7AtH
kEXYX00vPUxdrF83bPXSryt+hCH6NkXsPwfija/WoKzayiNKF0epjtnuMp9zZT8T
aprCNrlki1d9ncfYNYKdtND4gAF+HqCwVAVpJ5eM1wcdRO7deGcrXytH6Tr2xI+X
GwdasOKbb+bCtD5ZGPNAb94YjUC13jY/fWb876y7bdf5SYGUh960bLh410kR7zoq
tjJWUPkVkVoytXyRMtNookR1vm86xo23JAW0dqgRQ2d99HwDvcXglMnsywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAQGVoxp8MHoodKV3HuLAJLoDlx9MB8GA1UdIwQY
MBaAFDGI+uPruz10/u3c9Qf4PmfbiFCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlqNjQtdTdQWFQtN2R6MUJfZy1aOXVJVUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9lYTI5ZjItYzM0MC00ZDYxLWI1YmIt
Yjg1M2RmZjg3NjVjLzEvQkFaV2pHbnd3ZWloMHBYY2U0c0FrdWdPWEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9lYTI5ZjItYzM0MC00ZDYxLWI1YmItYjg1M2RmZjg3NjVj
LzEvTVlqNjQtdTdQWFQtN2R6MUJfZy1aOXVJVUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuY3IAwQC
uagAAwQCubzMMA0GCSqGSIb3DQEBCwUAA4IBAQBEdG/79nCO2hHU2G+d8f8MItCi
kyP0h1vFDKulSFjinntHZupXn2Jh0tf1ixAwNoO80OeYqUnMds22Y3/+66nz/Ki9
UKEToTl2i+bUaa8DmU03E4/lEtnH1nZknilYq8W/+JaZtKcuMjy0Hr4fQ90lxqfg
HxNOpmRIav4E9mgG9Fm9m6nnTUvTrTZmHk7sE22lpjgpfT1DYkMx3I63n/LWE9Et
gaEbLjNnTYh98X0Kvfr9AgqOKTb4GeMIBj+U2YEq9j5TafMBe8zLp9KEU5gC/sNU
4Qzu+Hj4epJunNrIhbxFglvzGrLG3jrQ8fxPyFNMitCOQzQ3SArhH10zYSaJ
-----END CERTIFICATE-----