Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/bdd256-2f59-431b-b653-cae678b2f21e/1/vBOQCuTyEfYV4gQKe7qCxZbiu9I.roa
File:                     vBOQCuTyEfYV4gQKe7qCxZbiu9I.roa (raw, json)
Hash identifier:          YzgNFzACvcQVNgde31Xeo9Tat9fZP3Es1rC5dljFCQE=
Subject key identifier:   BC:13:90:0A:E4:F2:11:F6:15:E2:04:0A:7B:BA:82:C5:96:E2:BB:D2
Certificate issuer:       /CN=fa6b28441b5ead01846535eaf20bfd0752e07645
Certificate serial:       0199B3BB4D675CD8B9654676F52E5D144249
Authority key identifier: FA:6B:28:44:1B:5E:AD:01:84:65:35:EA:F2:0B:FD:07:52:E0:76:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-msoRBterQGEZTXq8gv9B1LgdkU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/bdd256-2f59-431b-b653-cae678b2f21e/1/vBOQCuTyEfYV4gQKe7qCxZbiu9I.roa
Signing time:             Sun 05 Oct 2025 09:37:00 +0000
ROA not before:           Sun 05 Oct 2025 09:37:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211703
IP address blocks:        130.193.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/bdd256-2f59-431b-b653-cae678b2f21e/1/1-msoRBterQGEZTXq8gv9B1LgdkU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/bdd256-2f59-431b-b653-cae678b2f21e/1/1-msoRBterQGEZTXq8gv9B1LgdkU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-msoRBterQGEZTXq8gv9B1LgdkU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b3:bb:4d:67:5c:d8:b9:65:46:76:f5:2e:5d:14:42:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa6b28441b5ead01846535eaf20bfd0752e07645
        Validity
            Not Before: Oct  5 09:37:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc13900ae4f211f615e2040a7bba82c596e2bbd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f3:bb:6b:70:e8:62:39:57:5e:7c:57:93:1d:
                    f3:3f:30:43:c3:99:ad:ff:7a:1d:74:95:bd:1e:0b:
                    24:7f:39:a3:5a:71:45:45:68:f2:12:62:d0:0c:c4:
                    b3:5a:07:82:81:a5:c5:e0:bd:4d:57:5e:6f:ae:b5:
                    ce:99:30:b4:a3:f7:55:d4:6c:00:9c:9f:82:92:98:
                    01:68:15:74:9d:9b:ba:33:1b:94:a3:97:b9:7f:ab:
                    f8:12:a9:ef:88:df:c7:7a:2b:cd:49:17:af:b0:b5:
                    7e:45:72:c5:b8:2b:d6:ad:ec:01:fd:f2:a0:9c:95:
                    2b:73:4d:d8:77:77:04:25:2f:58:d7:30:b1:b6:07:
                    a5:0f:47:23:65:69:c9:25:bc:4d:44:9a:61:d5:83:
                    8e:bc:26:61:c3:83:f0:93:7d:f3:52:13:5f:ea:97:
                    19:b3:05:4e:e0:9e:c5:70:6d:13:ae:40:80:13:de:
                    6e:82:4f:fc:ef:b2:28:6d:44:86:a2:ea:59:ff:83:
                    31:63:b2:68:d5:70:e3:d4:68:fc:64:17:e4:d6:7f:
                    05:87:90:82:f7:4e:ce:87:15:80:d9:e5:67:e7:1e:
                    97:fd:80:ff:14:74:cb:d0:4b:05:04:56:ca:5e:41:
                    58:76:34:e1:d1:74:4c:d2:be:8a:a6:c7:fa:8c:f3:
                    21:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:13:90:0A:E4:F2:11:F6:15:E2:04:0A:7B:BA:82:C5:96:E2:BB:D2
            X509v3 Authority Key Identifier:
                keyid:FA:6B:28:44:1B:5E:AD:01:84:65:35:EA:F2:0B:FD:07:52:E0:76:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-msoRBterQGEZTXq8gv9B1LgdkU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bdd256-2f59-431b-b653-cae678b2f21e/1/vBOQCuTyEfYV4gQKe7qCxZbiu9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bdd256-2f59-431b-b653-cae678b2f21e/1/1-msoRBterQGEZTXq8gv9B1LgdkU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:10:8f:25:be:55:a3:a6:b9:41:c0:ac:a1:cf:97:0d:fa:fd:
         0b:3e:05:c0:da:55:1a:cf:d0:4f:70:f3:c3:37:3f:8c:9d:dd:
         51:98:70:b3:d5:15:1c:69:97:4d:70:54:c7:f3:db:29:2e:03:
         6c:e2:b2:87:58:08:88:d1:a5:6b:99:b7:45:2b:0c:e5:14:65:
         ca:4b:1a:2f:bf:61:bf:c8:02:ac:65:19:39:a4:fd:e1:54:ca:
         ba:69:a9:35:1c:19:3b:93:6e:b7:01:be:b7:44:95:cd:63:ec:
         ba:d1:25:fd:9f:a0:ba:ab:18:f0:d2:76:20:1c:71:5a:c4:82:
         a2:9f:bc:c4:18:66:67:b2:bd:2a:a8:9b:fc:0f:fe:50:1b:19:
         bf:22:e5:9b:45:11:c9:14:7d:aa:cf:19:84:40:b3:e9:a5:81:
         d0:44:97:74:34:3e:4b:f1:92:80:66:a6:4e:43:a5:34:58:ba:
         9f:fb:50:d1:ae:0e:2f:25:f2:b0:b1:4e:f2:31:58:77:63:82:
         f9:e4:03:86:20:f0:16:b7:07:5d:87:1d:2c:e8:c9:50:6c:69:
         06:81:bc:01:4f:82:67:78:2d:e7:50:1f:3d:d0:f9:05:d9:1f:
         ef:3f:03:a8:83:4a:c2:28:96:61:b8:41:fb:33:10:ec:eb:40:
         09:e2:1d:ba
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmzu01nXNi5ZUZ29S5dFEJJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhNmIyODQ0MWI1ZWFkMDE4NDY1MzVlYWYyMGJmZDA3NTJl
MDc2NDUwHhcNMjUxMDA1MDkzNzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzEzOTAwYWU0ZjIxMWY2MTVlMjA0MGE3YmJhODJjNTk2ZTJiYmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPO7a3DoYjlXXnxXkx3zPzBDw5mt
/3oddJW9HgskfzmjWnFFRWjyEmLQDMSzWgeCgaXF4L1NV15vrrXOmTC0o/dV1GwA
nJ+CkpgBaBV0nZu6MxuUo5e5f6v4EqnviN/HeivNSRevsLV+RXLFuCvWrewB/fKg
nJUrc03Yd3cEJS9Y1zCxtgelD0cjZWnJJbxNRJph1YOOvCZhw4Pwk33zUhNf6pcZ
swVO4J7FcG0TrkCAE95ugk/877IobUSGoupZ/4MxY7Jo1XDj1Gj8ZBfk1n8Fh5CC
907OhxWA2eVn5x6X/YD/FHTL0EsFBFbKXkFYdjTh0XRM0r6Kpsf6jPMhJQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLwTkArk8hH2FeIECnu6gsWW4rvSMB8GA1UdIwQY
MBaAFPprKEQbXq0BhGU16vIL/QdS4HZFMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1tc29SQnRlclFHRVpUWHE4Z3Y5QjFMZ2RrVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDgvYmRkMjU2LTJmNTktNDMxYi1iNjUz
LWNhZTY3OGIyZjIxZS8xL3ZCT1FDdVR5RWZZVjRnUUtlN3FDeFpiaXU5SS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDgvYmRkMjU2LTJmNTktNDMxYi1iNjUzLWNhZTY3OGIyZjIx
ZS8xLzEtbXNvUkJ0ZXJRR0VaVFhxOGd2OUIxTGdka1UuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACCwRgw
DQYJKoZIhvcNAQELBQADggEBAJQQjyW+VaOmuUHArKHPlw36/Qs+BcDaVRrP0E9w
88M3P4yd3VGYcLPVFRxpl01wVMfz2ykuA2zisodYCIjRpWuZt0UrDOUUZcpLGi+/
Yb/IAqxlGTmk/eFUyrppqTUcGTuTbrcBvrdElc1j7LrRJf2foLqrGPDSdiAccVrE
gqKfvMQYZmeyvSqom/wP/lAbGb8i5ZtFEckUfarPGYRAs+mlgdBEl3Q0PkvxkoBm
pk5DpTRYup/7UNGuDi8l8rCxTvIxWHdjgvnkA4Yg8Ba3B12HHSzoyVBsaQaBvAFP
gmd4LedQHz3Q+QXZH+8/A6iDSsIolmG4QfszEOzrQAniHbo=
-----END CERTIFICATE-----