Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Bfi6-xQT04yN66u_rQS1r7flXkU.roa
File:                     Bfi6-xQT04yN66u_rQS1r7flXkU.roa (raw, json)
Hash identifier:          PJBuPraxMMA88Mc0/9rfamS2pUKaPReKLKV0byRzJ3U=
Subject key identifier:   05:F8:BA:FB:14:13:D3:8C:8D:EB:AB:BF:AD:04:B5:AF:B7:E5:5E:45
Certificate issuer:       /CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Certificate serial:       01987FDFA4D283965AC3A727AA21534F1081
Authority key identifier: 1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Bfi6-xQT04yN66u_rQS1r7flXkU.roa
Signing time:             Wed 06 Aug 2025 14:53:39 +0000
ROA not before:           Wed 06 Aug 2025 14:53:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        37.1.208.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:df:a4:d2:83:96:5a:c3:a7:27:aa:21:53:4f:10:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
        Validity
            Not Before: Aug  6 14:53:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05f8bafb1413d38c8debabbfad04b5afb7e55e45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d1:a5:d0:9b:09:59:71:04:bf:10:00:22:c2:
                    16:c0:3d:a5:9f:5b:c9:6f:52:f7:88:cb:ce:54:6a:
                    d8:6c:05:0d:5c:cc:1d:2d:36:af:8f:e6:3f:8e:46:
                    02:af:c8:05:4b:71:d7:3c:40:50:65:ba:3f:48:19:
                    8c:6a:c1:9e:1a:08:91:cc:04:c3:ce:97:8e:f2:70:
                    51:f7:e6:c1:50:60:ab:2d:32:bc:ca:fe:d0:00:22:
                    39:a0:9a:36:1c:b6:b9:1f:54:81:b6:0f:85:f1:ea:
                    22:3d:e8:f9:6f:ca:d5:b3:6b:65:3f:3e:ae:b9:d9:
                    3f:db:3b:61:e7:da:cb:7e:bf:dc:0e:7d:8f:bf:3c:
                    94:17:b3:b3:70:0a:d0:97:fe:50:cc:9d:5b:3e:6d:
                    4c:0d:5f:c4:d9:5f:30:e2:6a:d6:59:df:64:27:ad:
                    6d:86:0a:23:30:1a:6d:d2:ee:27:11:2a:5f:b5:ac:
                    ad:98:60:db:dd:7a:ea:fa:61:1a:23:40:e8:f8:7c:
                    9a:81:08:41:ca:87:32:54:a8:0e:b1:4f:46:32:ad:
                    48:f6:64:e6:e7:aa:29:08:87:3f:b4:a1:c7:67:27:
                    ac:05:3c:23:e0:62:65:a9:74:df:a6:b2:ba:c3:5b:
                    b9:6c:43:ee:ea:5b:92:4b:38:4d:49:64:65:b2:8b:
                    3d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:F8:BA:FB:14:13:D3:8C:8D:EB:AB:BF:AD:04:B5:AF:B7:E5:5E:45
            X509v3 Authority Key Identifier:
                keyid:1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Bfi6-xQT04yN66u_rQS1r7flXkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.1.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7d:b8:60:67:26:dd:94:54:41:3c:01:7c:94:c2:25:80:02:6b:
         51:48:43:25:10:76:54:8b:43:fa:f4:96:50:1a:78:f5:ee:c9:
         52:b9:50:8d:8b:50:7b:aa:10:93:c4:e3:f8:d4:bf:59:60:8f:
         7d:a8:12:18:e7:2a:d6:45:91:50:0b:2f:d4:ef:ba:ad:8e:d2:
         90:96:2f:4f:c7:57:8e:42:3e:10:ff:aa:72:e2:9e:74:46:27:
         8d:b3:60:38:4c:a6:7f:28:50:43:e4:ab:61:6d:aa:92:4f:dc:
         bb:33:ae:8d:bf:c6:96:1d:df:7a:ab:a1:8f:51:92:64:e3:3c:
         96:44:2c:32:e2:7f:f5:86:7a:08:c9:34:d0:45:a6:45:11:da:
         a8:4e:77:7d:b6:83:79:01:e1:b6:f5:24:dd:09:5e:c7:38:17:
         49:cc:2a:2f:b5:6b:16:b6:1d:6d:e4:c9:b7:a5:a1:4e:31:04:
         c6:d9:d4:ea:e9:85:60:cb:71:84:95:d8:05:92:45:3a:d9:d4:
         f4:b8:2d:18:90:b3:24:32:5d:3f:ab:cd:7b:4f:6e:60:54:16:
         06:7b:d6:dc:7e:b1:f4:81:09:df:84:57:f9:22:a1:75:b8:7b:
         c2:96:78:00:d2:d7:f7:1b:53:1a:09:f2:63:e3:a8:49:c7:cd:
         78:68:4b:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh/36TSg5Zaw6cnqiFTTxCBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRjMjI1OTVmYzFmNTg4ZmJjNGRkZTA3YzFjMzk0OTk4
ZjMzYTcwHhcNMjUwODA2MTQ1MzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWY4YmFmYjE0MTNkMzhjOGRlYmFiYmZhZDA0YjVhZmI3ZTU1ZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidGl0JsJWXEEvxAAIsIWwD2ln1vJ
b1L3iMvOVGrYbAUNXMwdLTavj+Y/jkYCr8gFS3HXPEBQZbo/SBmMasGeGgiRzATD
zpeO8nBR9+bBUGCrLTK8yv7QACI5oJo2HLa5H1SBtg+F8eoiPej5b8rVs2tlPz6u
udk/2zth59rLfr/cDn2PvzyUF7OzcArQl/5QzJ1bPm1MDV/E2V8w4mrWWd9kJ61t
hgojMBpt0u4nESpftaytmGDb3Xrq+mEaI0Do+HyagQhByocyVKgOsU9GMq1I9mTm
56opCIc/tKHHZyesBTwj4GJlqXTfprK6w1u5bEPu6luSSzhNSWRlsos9dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAX4uvsUE9OMjeurv60Eta+35V5FMB8GA1UdIwQY
MBaAFBpNwiWV/B9Yj7xN3gfBw5SZjzOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYt
MmI3OGIxOWI1YTg3LzEvQmZpNi14UVQwNHlONjZ1X3JRUzFyN2ZsWGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYtMmI3OGIxOWI1YTg3
LzEvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJQHQMA0G
CSqGSIb3DQEBCwUAA4IBAQB9uGBnJt2UVEE8AXyUwiWAAmtRSEMlEHZUi0P69JZQ
Gnj17slSuVCNi1B7qhCTxOP41L9ZYI99qBIY5yrWRZFQCy/U77qtjtKQli9Px1eO
Qj4Q/6py4p50RieNs2A4TKZ/KFBD5KthbaqST9y7M66Nv8aWHd96q6GPUZJk4zyW
RCwy4n/1hnoIyTTQRaZFEdqoTnd9toN5AeG29STdCV7HOBdJzCovtWsWth1t5Mm3
paFOMQTG2dTq6YVgy3GEldgFkkU62dT0uC0YkLMkMl0/q817T25gVBYGe9bcfrH0
gQnfhFf5IqF1uHvClngA0tf3G1MaCfJj46hJx814aEu8
-----END CERTIFICATE-----