Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/bG0R8O-R3Gzh0U19uKXnEyungVE.roa
File:                     bG0R8O-R3Gzh0U19uKXnEyungVE.roa (raw, json)
Hash identifier:          dC3LmhKrxouomOcuKMc4Z6ErO4Vx6yc4Z+n6WdgjiyA=
Subject key identifier:   6C:6D:11:F0:EF:91:DC:6C:E1:D1:4D:7D:B8:A5:E7:13:2B:A7:81:51
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019980974ABAA95799680DBA3EB9D64F78D2
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/bG0R8O-R3Gzh0U19uKXnEyungVE.roa
Signing time:             Thu 25 Sep 2025 11:17:02 +0000
ROA not before:           Thu 25 Sep 2025 11:17:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197648
IP address blocks:        194.55.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:80:97:4a:ba:a9:57:99:68:0d:ba:3e:b9:d6:4f:78:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Sep 25 11:17:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c6d11f0ef91dc6ce1d14d7db8a5e7132ba78151
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:24:3d:bc:6a:35:5b:f3:76:0e:32:eb:b8:f4:
                    09:96:10:91:55:cd:05:d0:72:ba:c6:7d:64:a8:2b:
                    26:9b:4d:c8:75:ee:8b:34:db:5d:93:48:03:e2:91:
                    17:39:36:d6:ae:05:a4:eb:bd:0b:75:eb:50:72:1a:
                    ae:3a:6d:2a:e8:25:26:78:b2:a5:10:29:d0:98:bb:
                    3d:56:33:86:5b:05:1e:a6:39:0f:c5:fc:65:1b:d6:
                    30:3f:78:82:8d:1d:41:72:6a:44:a8:3e:4b:43:bb:
                    eb:41:cd:7c:7c:23:9d:79:00:db:3e:34:bc:1b:61:
                    83:2f:6f:ac:48:3e:80:b7:be:1f:28:0c:38:6d:f2:
                    dd:f1:10:65:93:6c:e0:ac:ab:b8:0b:c4:f0:87:77:
                    f2:9b:ed:07:ff:e2:25:16:fd:48:ce:d6:bc:a3:27:
                    38:23:86:26:e3:2f:91:ee:4b:4a:6d:6f:73:0e:09:
                    e8:5b:93:12:6b:43:5e:7d:32:75:b2:ce:1c:2a:f4:
                    4f:62:56:22:4f:c0:b8:c0:ce:cf:96:57:7b:71:6a:
                    d8:76:44:bd:be:6a:2f:18:e8:83:be:a8:97:94:d7:
                    a4:ab:30:cc:1d:f4:b9:d5:b5:65:14:ea:3c:e7:07:
                    45:cf:d4:06:76:07:db:f3:ff:0a:c8:a0:91:9f:13:
                    2b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:6D:11:F0:EF:91:DC:6C:E1:D1:4D:7D:B8:A5:E7:13:2B:A7:81:51
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/bG0R8O-R3Gzh0U19uKXnEyungVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:00:45:e1:3c:dc:c6:dd:6d:9d:63:25:39:29:1a:91:9e:aa:
         4e:8e:42:62:75:e7:da:98:79:7c:34:37:56:ad:f7:6b:d0:68:
         c4:5a:8b:58:fb:c3:4a:09:30:90:5c:12:a4:db:87:07:01:2c:
         f5:b8:6a:37:16:72:04:1c:fe:19:d3:de:af:67:72:3e:f0:b0:
         93:ab:d3:7b:97:32:0b:c9:3e:fd:64:15:d9:15:59:3c:3c:22:
         54:92:9a:6c:9c:3d:08:a3:9a:65:20:33:f1:a0:77:8d:6c:a6:
         4e:5c:7d:9d:0a:bf:ee:8a:b4:08:3e:c1:9e:ca:e3:35:c0:e2:
         5d:ae:36:a7:00:22:f6:2d:e3:ba:b6:1c:f5:21:2d:70:3c:5a:
         38:d3:6e:0c:0e:9b:b9:3c:2d:a0:ca:2a:d7:f9:ad:34:2a:7b:
         04:3f:62:0a:69:68:b2:4c:cd:41:91:42:86:af:ce:85:64:51:
         83:b6:84:e4:71:5d:50:b3:99:e8:ce:c6:65:68:9a:e1:8e:52:
         96:4d:aa:0d:af:74:8e:b3:27:6b:23:d4:22:20:4c:9c:52:ff:
         82:2e:21:5e:33:bf:99:20:3b:89:5f:ad:c3:c5:49:d3:15:43:
         97:ee:44:02:d4:06:4d:0d:bb:9e:85:6d:79:8b:a1:02:72:36:
         b7:a9:cb:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmAl0q6qVeZaA26PrnWT3jSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwOTI1MTExNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzZkMTFmMGVmOTFkYzZjZTFkMTRkN2RiOGE1ZTcxMzJiYTc4MTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8iQ9vGo1W/N2DjLruPQJlhCRVc0F
0HK6xn1kqCsmm03Ide6LNNtdk0gD4pEXOTbWrgWk670LdetQchquOm0q6CUmeLKl
ECnQmLs9VjOGWwUepjkPxfxlG9YwP3iCjR1BcmpEqD5LQ7vrQc18fCOdeQDbPjS8
G2GDL2+sSD6At74fKAw4bfLd8RBlk2zgrKu4C8Twh3fym+0H/+IlFv1Izta8oyc4
I4Ym4y+R7ktKbW9zDgnoW5MSa0NefTJ1ss4cKvRPYlYiT8C4wM7Plld7cWrYdkS9
vmovGOiDvqiXlNekqzDMHfS51bVlFOo85wdFz9QGdgfb8/8KyKCRnxMr3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxtEfDvkdxs4dFNfbil5xMrp4FRMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvYkcwUjhPLVIzR3poMFUxOXVLWG5FeXVuZ1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjekMA0G
CSqGSIb3DQEBCwUAA4IBAQBMAEXhPNzG3W2dYyU5KRqRnqpOjkJidefamHl8NDdW
rfdr0GjEWotY+8NKCTCQXBKk24cHASz1uGo3FnIEHP4Z096vZ3I+8LCTq9N7lzIL
yT79ZBXZFVk8PCJUkppsnD0Io5plIDPxoHeNbKZOXH2dCr/uirQIPsGeyuM1wOJd
rjanACL2LeO6thz1IS1wPFo4024MDpu5PC2gyirX+a00KnsEP2IKaWiyTM1BkUKG
r86FZFGDtoTkcV1Qs5nozsZlaJrhjlKWTaoNr3SOsydrI9QiIEycUv+CLiFeM7+Z
IDuJX63DxUnTFUOX7kQC1AZNDbuehW15i6ECcja3qcuI
-----END CERTIFICATE-----