Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/BwoakCWAb-eSErzQWMsQx4Pet1E.roa
File:                     BwoakCWAb-eSErzQWMsQx4Pet1E.roa (raw, json)
Hash identifier:          TL0uGVtiqnrxVB3nr0QUt2pk4pP950lLnLqq2Skso9M=
Subject key identifier:   07:0A:1A:90:25:80:6F:E7:92:12:BC:D0:58:CB:10:C7:83:DE:B7:51
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       0197A1B8ECC0C273119F588BD25D60DAA4F4
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/BwoakCWAb-eSErzQWMsQx4Pet1E.roa
Signing time:             Tue 24 Jun 2025 11:35:40 +0000
ROA not before:           Tue 24 Jun 2025 11:35:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42151
IP address blocks:        2a09:d002::/48 maxlen: 48
                          2a09:d003::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a1:b8:ec:c0:c2:73:11:9f:58:8b:d2:5d:60:da:a4:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jun 24 11:35:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=070a1a9025806fe79212bcd058cb10c783deb751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e9:cb:b5:07:3a:6d:fe:13:80:37:fd:d3:4a:
                    4a:d5:21:1e:65:e8:e9:d6:50:21:d5:d3:76:b5:df:
                    16:96:b0:35:b1:54:da:38:54:1b:fb:9d:32:bb:a5:
                    07:19:f8:d5:2b:6b:97:b5:45:5a:1a:e9:79:8b:1a:
                    b4:79:59:cd:f0:45:9c:91:f5:5f:77:cb:31:ff:db:
                    4c:9f:02:3f:4d:1a:f8:5d:9f:a7:df:23:7d:61:b5:
                    25:3b:02:8d:a3:eb:61:7b:8d:60:f6:55:40:d6:05:
                    8b:df:66:fa:00:f9:07:1a:50:92:c9:6d:28:36:ca:
                    23:97:58:b2:0e:db:d3:82:11:6e:ca:9f:c2:5b:2e:
                    5b:9f:1b:05:17:db:19:b2:68:ff:a3:44:b4:89:41:
                    d6:7e:92:36:01:fd:0c:86:7b:76:eb:cc:91:e4:1a:
                    5d:d4:71:dc:43:8d:92:2b:d4:94:d7:99:16:78:fd:
                    7d:73:53:e9:da:74:77:4b:ff:79:21:b7:c1:3a:d2:
                    d1:85:f7:98:29:20:9b:a1:9c:fb:b1:99:9a:15:cf:
                    96:d9:9c:f8:f4:c2:5b:c0:a6:33:b7:7f:2f:96:ae:
                    14:f5:fd:f4:61:f8:1e:b2:72:e1:42:ec:83:d8:0e:
                    57:59:70:8b:ee:5e:05:a9:ae:a2:d8:29:5c:f3:50:
                    fd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:0A:1A:90:25:80:6F:E7:92:12:BC:D0:58:CB:10:C7:83:DE:B7:51
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/BwoakCWAb-eSErzQWMsQx4Pet1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:d002::/48
                  2a09:d003::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:12:5d:89:30:73:6e:a3:ee:37:49:6d:1f:04:4f:48:40:a5:
         9a:84:a5:8d:c8:58:cb:5b:8d:9d:27:f1:9c:27:0e:72:25:3c:
         f3:89:47:0f:74:23:94:7b:97:67:d3:e2:ff:4e:2b:c6:ca:81:
         f4:8e:f6:96:be:68:c5:ae:14:ab:2f:7c:e8:e9:4d:92:bd:e7:
         18:55:f0:08:56:dd:00:9b:31:9e:17:d8:96:77:63:ec:ae:4e:
         67:c1:cc:d5:c4:bc:cf:98:2d:ec:ab:16:a0:e9:df:ec:a6:4e:
         3f:31:50:6a:92:c2:81:b2:63:18:99:a9:93:95:e7:88:85:79:
         1a:34:dc:ef:3a:52:bb:39:21:ce:3b:cc:c9:0c:de:37:c1:44:
         99:75:86:10:38:db:42:06:4a:41:80:e6:52:6a:6a:c4:e3:13:
         08:db:7e:62:bf:6a:e2:de:b1:3b:28:58:3f:64:90:66:7a:9b:
         bc:63:d2:9a:32:b5:f9:c4:77:a1:58:80:b9:8c:e9:b6:69:24:
         7a:c2:41:4c:6b:64:ee:c4:ee:74:40:53:52:a5:80:57:dc:8a:
         79:f4:05:37:08:78:bf:72:29:47:47:e4:0b:5f:ce:ce:74:57:
         f7:ae:61:ed:05:ce:ee:0f:c0:cd:7a:63:02:c9:80:75:44:ae:
         c3:67:6d:21
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZehuOzAwnMRn1iL0l1g2qT0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUwNjI0MTEzNTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzBhMWE5MDI1ODA2ZmU3OTIxMmJjZDA1OGNiMTBjNzgzZGViNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwenLtQc6bf4TgDf900pK1SEeZejp
1lAh1dN2td8WlrA1sVTaOFQb+50yu6UHGfjVK2uXtUVaGul5ixq0eVnN8EWckfVf
d8sx/9tMnwI/TRr4XZ+n3yN9YbUlOwKNo+the41g9lVA1gWL32b6APkHGlCSyW0o
Nsojl1iyDtvTghFuyp/CWy5bnxsFF9sZsmj/o0S0iUHWfpI2Af0Mhnt268yR5Bpd
1HHcQ42SK9SU15kWeP19c1Pp2nR3S/95IbfBOtLRhfeYKSCboZz7sZmaFc+W2Zz4
9MJbwKYzt38vlq4U9f30YfgesnLhQuyD2A5XWXCL7l4Fqa6i2Clc81D9KQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAcKGpAlgG/nkhK80FjLEMeD3rdRMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvQndvYWtDV0FiLWVTRXJ6UVdNc1F4NFBldDFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgnQAgAA
AwcAKgnQAwAAMA0GCSqGSIb3DQEBCwUAA4IBAQC3El2JMHNuo+43SW0fBE9IQKWa
hKWNyFjLW42dJ/GcJw5yJTzziUcPdCOUe5dn0+L/TivGyoH0jvaWvmjFrhSrL3zo
6U2SvecYVfAIVt0AmzGeF9iWd2Psrk5nwczVxLzPmC3sqxag6d/spk4/MVBqksKB
smMYmamTleeIhXkaNNzvOlK7OSHOO8zJDN43wUSZdYYQONtCBkpBgOZSamrE4xMI
235iv2ri3rE7KFg/ZJBmepu8Y9KaMrX5xHehWIC5jOm2aSR6wkFMa2TuxO50QFNS
pYBX3Ip59AU3CHi/cilHR+QLX87OdFf3rmHtBc7uD8DNemMCyYB1RK7DZ20h
-----END CERTIFICATE-----