Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/127f29-c1d6-4ce1-9a74-62c7694b57ee/1/BbKEBgKAZuG3-4_d3jMXZeggsD0.roa
File:                     BbKEBgKAZuG3-4_d3jMXZeggsD0.roa (raw, json)
Hash identifier:          IICjx5LS8I3lp2HvjFP9QP+Q2FZJdJqUoqfGvrxQA9o=
Subject key identifier:   05:B2:84:06:02:80:66:E1:B7:FB:8F:DD:DE:33:17:65:E8:20:B0:3D
Certificate issuer:       /CN=cb55410395aab499140c3a65ce1f740ef070d3e6
Certificate serial:       01993D2A48F9781920516FC254DF7E7BC47E
Authority key identifier: CB:55:41:03:95:AA:B4:99:14:0C:3A:65:CE:1F:74:0E:F0:70:D3:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y1VBA5WqtJkUDDplzh90DvBw0-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/127f29-c1d6-4ce1-9a74-62c7694b57ee/1/BbKEBgKAZuG3-4_d3jMXZeggsD0.roa
Signing time:             Fri 12 Sep 2025 09:03:25 +0000
ROA not before:           Fri 12 Sep 2025 09:03:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213127
IP address blocks:        158.94.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/127f29-c1d6-4ce1-9a74-62c7694b57ee/1/y1VBA5WqtJkUDDplzh90DvBw0-Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/127f29-c1d6-4ce1-9a74-62c7694b57ee/1/y1VBA5WqtJkUDDplzh90DvBw0-Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y1VBA5WqtJkUDDplzh90DvBw0-Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:2a:48:f9:78:19:20:51:6f:c2:54:df:7e:7b:c4:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb55410395aab499140c3a65ce1f740ef070d3e6
        Validity
            Not Before: Sep 12 09:03:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05b28406028066e1b7fb8fddde331765e820b03d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e7:d1:c6:af:42:97:34:38:bc:23:07:56:b0:
                    79:83:b7:6a:18:ac:4a:19:ce:6e:b7:5a:ed:33:49:
                    03:2e:b2:19:30:4c:28:78:0b:51:6c:7d:15:13:11:
                    e7:53:4a:a7:2a:3c:e5:48:5d:0c:fe:c5:a7:c5:0c:
                    76:4c:b0:d9:eb:a2:3f:91:e4:67:82:59:27:a4:61:
                    2b:fd:03:07:7e:ec:e2:45:65:71:ea:ff:c2:79:ac:
                    78:44:7f:11:aa:20:1f:8b:b7:ea:6a:aa:41:8d:6a:
                    49:1a:51:0b:f5:fd:17:40:71:59:84:d4:7b:f9:34:
                    06:22:54:1d:44:ef:4b:42:c7:55:94:fa:9d:11:87:
                    78:37:3f:31:a5:14:30:0c:5b:32:dd:3c:82:4e:35:
                    9d:25:96:b1:72:8c:ed:a6:9d:ef:90:c5:17:a3:9a:
                    b1:e3:f6:b3:31:0d:8b:82:ee:14:e5:b7:16:e2:21:
                    e2:78:28:85:0f:24:9c:66:b0:30:88:f4:2d:04:a4:
                    4a:91:e6:fd:8c:f5:d6:3d:ae:bb:f4:4c:38:6a:ca:
                    1a:c2:71:0b:6e:ef:22:bf:6d:c4:15:91:47:9e:36:
                    97:f5:8c:2d:82:96:5b:22:59:66:33:c3:39:ee:c4:
                    4d:b2:be:78:cd:2b:08:36:fa:9b:0c:f7:d7:66:35:
                    5e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:B2:84:06:02:80:66:E1:B7:FB:8F:DD:DE:33:17:65:E8:20:B0:3D
            X509v3 Authority Key Identifier:
                keyid:CB:55:41:03:95:AA:B4:99:14:0C:3A:65:CE:1F:74:0E:F0:70:D3:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y1VBA5WqtJkUDDplzh90DvBw0-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/127f29-c1d6-4ce1-9a74-62c7694b57ee/1/BbKEBgKAZuG3-4_d3jMXZeggsD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/127f29-c1d6-4ce1-9a74-62c7694b57ee/1/y1VBA5WqtJkUDDplzh90DvBw0-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:f4:79:b6:75:3b:84:45:af:ed:db:9c:83:58:68:23:cb:a2:
         79:13:95:9c:1c:e6:65:d7:68:66:32:05:1e:4b:d5:00:95:a5:
         6e:28:40:9b:a7:c4:64:35:9f:18:03:6f:fd:f9:7c:a5:84:3f:
         99:38:f1:4a:9b:93:34:e7:8f:44:d0:0a:71:9c:17:47:f1:da:
         d8:f6:e5:b4:36:6d:78:4c:84:f8:62:1b:c8:cd:ba:90:a8:2e:
         6d:85:51:d9:90:4c:6e:d6:1d:45:fe:b0:0d:74:4a:1c:95:f2:
         82:03:55:9a:6f:b7:c3:1b:4c:e7:03:fc:5d:4c:61:e1:8a:4d:
         04:04:61:7d:11:77:81:5b:89:e7:86:59:55:74:2c:26:2d:f8:
         1c:81:30:a0:2b:cf:6f:74:ba:f2:da:3c:69:d4:60:ee:bf:da:
         c1:b9:0e:df:22:d9:0b:ed:e1:19:8e:a1:c6:ba:1f:83:31:67:
         74:93:8e:18:83:9c:0a:f5:4b:eb:1f:c8:f7:8a:66:b4:cf:8c:
         a5:7e:7d:0d:25:55:9c:85:93:94:a3:39:fe:37:7c:69:a9:f0:
         a3:15:cd:01:f1:95:db:49:09:af:16:6d:dc:70:98:8f:37:02:
         7f:4c:22:07:e1:ab:26:37:29:20:d9:8a:d2:1b:08:62:a4:7c:
         08:a9:d3:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk9Kkj5eBkgUW/CVN9+e8R+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNTU0MTAzOTVhYWI0OTkxNDBjM2E2NWNlMWY3NDBlZjA3
MGQzZTYwHhcNMjUwOTEyMDkwMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWIyODQwNjAyODA2NmUxYjdmYjhmZGRkZTMzMTc2NWU4MjBiMDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+fRxq9ClzQ4vCMHVrB5g7dqGKxK
Gc5ut1rtM0kDLrIZMEwoeAtRbH0VExHnU0qnKjzlSF0M/sWnxQx2TLDZ66I/keRn
glknpGEr/QMHfuziRWVx6v/Ceax4RH8RqiAfi7fqaqpBjWpJGlEL9f0XQHFZhNR7
+TQGIlQdRO9LQsdVlPqdEYd4Nz8xpRQwDFsy3TyCTjWdJZaxcoztpp3vkMUXo5qx
4/azMQ2Lgu4U5bcW4iHieCiFDyScZrAwiPQtBKRKkeb9jPXWPa679Ew4asoawnEL
bu8iv23EFZFHnjaX9YwtgpZbIllmM8M57sRNsr54zSsINvqbDPfXZjVeZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWyhAYCgGbht/uP3d4zF2XoILA9MB8GA1UdIwQY
MBaAFMtVQQOVqrSZFAw6Zc4fdA7wcNPmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTFWQkE1V3F0SmtVRERwbHpoOTBEdkJ3MC1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8xMjdmMjktYzFkNi00Y2UxLTlhNzQt
NjJjNzY5NGI1N2VlLzEvQmJLRUJnS0FadUczLTRfZDNqTVhaZWdnc0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8xMjdmMjktYzFkNi00Y2UxLTlhNzQtNjJjNzY5NGI1N2Vl
LzEveTFWQkE1V3F0SmtVRERwbHpoOTBEdkJ3MC1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnl7fMA0G
CSqGSIb3DQEBCwUAA4IBAQBA9Hm2dTuERa/t25yDWGgjy6J5E5WcHOZl12hmMgUe
S9UAlaVuKECbp8RkNZ8YA2/9+XylhD+ZOPFKm5M0549E0ApxnBdH8drY9uW0Nm14
TIT4YhvIzbqQqC5thVHZkExu1h1F/rANdEoclfKCA1Wab7fDG0znA/xdTGHhik0E
BGF9EXeBW4nnhllVdCwmLfgcgTCgK89vdLry2jxp1GDuv9rBuQ7fItkL7eEZjqHG
uh+DMWd0k44Yg5wK9UvrH8j3ima0z4ylfn0NJVWchZOUozn+N3xpqfCjFc0B8ZXb
SQmvFm3ccJiPNwJ/TCIH4asmNykg2YrSGwhipHwIqdM3
-----END CERTIFICATE-----