Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/BRc1wLBXX2wQNzWXVlrbs7NYzz4.roa
File:                     BRc1wLBXX2wQNzWXVlrbs7NYzz4.roa (raw, json)
Hash identifier:          boDsQDSUU/u5nFgGrYRYmA2sSdeyKeVOtKcDLDgtg6w=
Subject key identifier:   05:17:35:C0:B0:57:5F:6C:10:37:35:97:56:5A:DB:B3:B3:58:CF:3E
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019971C4C121E5C94F8B7B00D27D4930C78C
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/BRc1wLBXX2wQNzWXVlrbs7NYzz4.roa
Signing time:             Mon 22 Sep 2025 14:12:23 +0000
ROA not before:           Mon 22 Sep 2025 14:12:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211687
IP address blocks:        185.254.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 01:22:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:71:c4:c1:21:e5:c9:4f:8b:7b:00:d2:7d:49:30:c7:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Sep 22 14:12:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=051735c0b0575f6c10373597565adbb3b358cf3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5a:9e:98:c9:da:d9:e8:a1:65:21:39:22:25:
                    99:9f:ec:8e:bd:b7:0e:69:f4:58:82:cd:02:16:52:
                    c5:68:0d:f7:26:0a:56:46:d7:2a:0e:09:84:34:bb:
                    b1:41:13:11:94:97:b2:8b:83:a4:b1:e6:6d:a0:bc:
                    73:15:ab:51:7f:ad:89:6f:42:9c:5d:ca:63:93:22:
                    b5:cc:ca:47:9a:10:f6:9f:84:c6:cf:44:b9:2a:b8:
                    88:be:36:0b:c1:3b:61:a1:e7:7e:a6:86:39:4b:5d:
                    12:5c:d9:38:b2:ff:53:e5:30:17:2f:2d:e0:4c:82:
                    e3:84:74:26:1a:08:13:3d:6c:cc:65:4f:42:36:63:
                    aa:1b:d1:7e:08:d6:43:27:90:74:03:e4:63:10:11:
                    2a:ce:3e:ba:03:ca:6a:80:d9:34:e6:81:99:7c:53:
                    f8:40:2b:e8:8e:9f:52:c3:5c:bc:a1:19:0a:4e:d6:
                    24:b8:b4:71:b7:a9:72:4f:51:74:f0:51:da:7b:c4:
                    e2:02:84:db:87:97:6d:b3:5f:e5:49:db:38:38:0e:
                    b2:7f:79:11:b3:4f:b8:b7:58:74:27:0f:b8:fd:40:
                    08:8e:c8:d9:53:54:04:63:8e:54:96:4a:06:a8:e3:
                    1e:fe:06:40:88:e3:d1:8b:fa:06:b9:b7:59:5b:76:
                    5f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:17:35:C0:B0:57:5F:6C:10:37:35:97:56:5A:DB:B3:B3:58:CF:3E
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/BRc1wLBXX2wQNzWXVlrbs7NYzz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:91:c7:d8:58:83:e8:ac:84:4c:62:40:81:56:fe:c3:c6:55:
         d9:77:d9:d8:95:70:a0:ea:00:11:93:59:e3:44:14:b5:4b:83:
         78:07:42:5d:e5:cd:2f:7b:6e:8c:54:c0:63:e5:41:92:d5:cc:
         05:9c:93:33:92:e3:93:e5:54:5d:a5:88:b6:2f:c2:7a:d7:d8:
         29:f4:44:29:90:30:b0:c7:83:44:1b:b3:bd:9d:a3:98:db:9d:
         21:e6:d1:49:c9:42:1c:40:41:7a:18:aa:1a:46:1b:89:8a:e3:
         22:ac:bb:71:ea:aa:52:93:73:17:2f:ca:92:ee:d3:d6:06:98:
         25:b3:50:56:4f:cd:b0:7b:21:c9:d9:3e:16:43:27:0d:18:60:
         d9:47:95:fa:78:05:ea:ca:82:88:66:c7:3d:3c:47:4a:a7:b4:
         df:d5:b5:a1:74:c9:7b:48:20:ad:cc:29:16:69:97:68:40:cc:
         e8:4a:00:3c:b1:48:7b:45:39:09:97:18:30:93:f8:8b:4a:9d:
         fd:e4:6e:22:20:9b:88:54:d9:8a:ac:2c:5f:d2:9b:4b:2b:28:
         9a:72:ff:c7:00:1c:34:ef:a8:a1:1b:b9:0d:06:de:f8:f7:9e:
         3a:8b:35:72:ad:1d:65:7e:c6:d1:38:d8:08:7c:a2:66:20:a4:
         9f:f4:35:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlxxMEh5clPi3sA0n1JMMeMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwOTIyMTQxMjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTE3MzVjMGIwNTc1ZjZjMTAzNzM1OTc1NjVhZGJiM2IzNThjZjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFqemMna2eihZSE5IiWZn+yOvbcO
afRYgs0CFlLFaA33JgpWRtcqDgmENLuxQRMRlJeyi4OkseZtoLxzFatRf62Jb0Kc
XcpjkyK1zMpHmhD2n4TGz0S5KriIvjYLwTthoed+poY5S10SXNk4sv9T5TAXLy3g
TILjhHQmGggTPWzMZU9CNmOqG9F+CNZDJ5B0A+RjEBEqzj66A8pqgNk05oGZfFP4
QCvojp9Sw1y8oRkKTtYkuLRxt6lyT1F08FHae8TiAoTbh5dts1/lSds4OA6yf3kR
s0+4t1h0Jw+4/UAIjsjZU1QEY45UlkoGqOMe/gZAiOPRi/oGubdZW3ZfswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUXNcCwV19sEDc1l1Za27OzWM8+MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvQlJjMXdMQlhYMndRTnpXWFZscmJzN05Zeno0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf4fMA0G
CSqGSIb3DQEBCwUAA4IBAQA/kcfYWIPorIRMYkCBVv7DxlXZd9nYlXCg6gARk1nj
RBS1S4N4B0Jd5c0ve26MVMBj5UGS1cwFnJMzkuOT5VRdpYi2L8J619gp9EQpkDCw
x4NEG7O9naOY250h5tFJyUIcQEF6GKoaRhuJiuMirLtx6qpSk3MXL8qS7tPWBpgl
s1BWT82weyHJ2T4WQycNGGDZR5X6eAXqyoKIZsc9PEdKp7Tf1bWhdMl7SCCtzCkW
aZdoQMzoSgA8sUh7RTkJlxgwk/iLSp395G4iIJuIVNmKrCxf0ptLKyiacv/HABw0
76ihG7kNBt749546izVyrR1lfsbRONgIfKJmIKSf9DWi
-----END CERTIFICATE-----