Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/t2lK80Ovc4cUKro9z3LuGitzfPs.roa
File:                     t2lK80Ovc4cUKro9z3LuGitzfPs.roa (raw, json)
Hash identifier:          TffTYN5YIYdBEFYI6Iw2h3no/jNeYny+5NiYBLuTLjk=
Subject key identifier:   B7:69:4A:F3:43:AF:73:87:14:2A:BA:3D:CF:72:EE:1A:2B:73:7C:FB
Certificate issuer:       /CN=bbd84bc44dbda5babfc4940bccc1635e153b24b6
Certificate serial:       0198B34E39B628B80B156F69C98EF061B553
Authority key identifier: BB:D8:4B:C4:4D:BD:A5:BA:BF:C4:94:0B:CC:C1:63:5E:15:3B:24:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u9hLxE29pbq_xJQLzMFjXhU7JLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/t2lK80Ovc4cUKro9z3LuGitzfPs.roa
Signing time:             Sat 16 Aug 2025 14:35:04 +0000
ROA not before:           Sat 16 Aug 2025 14:35:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273373
IP address blocks:        185.255.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/u9hLxE29pbq_xJQLzMFjXhU7JLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/u9hLxE29pbq_xJQLzMFjXhU7JLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u9hLxE29pbq_xJQLzMFjXhU7JLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b3:4e:39:b6:28:b8:0b:15:6f:69:c9:8e:f0:61:b5:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbd84bc44dbda5babfc4940bccc1635e153b24b6
        Validity
            Not Before: Aug 16 14:35:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7694af343af7387142aba3dcf72ee1a2b737cfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b3:5f:a2:55:b3:1e:a3:e6:07:f4:4b:55:50:
                    e2:18:8a:f1:55:50:e4:cd:77:bb:9d:59:dc:b4:47:
                    7a:ca:e2:99:da:b6:01:0f:95:0e:40:05:d5:0d:b1:
                    2c:33:22:6c:b8:a7:f4:e9:af:8e:77:36:5b:13:a3:
                    48:47:08:63:96:03:90:4e:36:04:23:7a:88:e6:53:
                    26:4a:c1:89:d7:73:86:22:85:79:b6:cb:7a:3a:12:
                    6d:fb:4f:02:35:cf:45:da:de:1a:b6:a3:56:cb:cb:
                    71:65:b2:e3:60:e3:f2:a2:d4:72:7a:ee:9a:ab:02:
                    38:da:8d:bb:f5:da:e9:ec:64:c8:5a:21:23:65:16:
                    16:c3:5f:a3:d5:b0:f5:c3:17:e8:83:fc:42:84:1e:
                    55:55:1e:38:34:8a:07:32:35:8c:5c:39:2f:3f:56:
                    1d:7b:e3:bf:3e:60:97:b1:1f:2b:05:3c:b5:e4:9c:
                    42:9f:1f:cb:e5:db:dc:c8:f2:34:36:66:a0:60:7c:
                    c9:ba:ac:2a:bd:3d:4c:d6:d7:6d:9a:70:48:25:9b:
                    f3:89:56:41:26:53:be:27:c6:60:48:37:90:68:89:
                    57:24:ed:9b:25:6c:54:1f:a4:4e:c3:40:99:8e:04:
                    be:62:02:0c:bb:90:13:bc:56:22:93:e9:73:04:be:
                    06:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:69:4A:F3:43:AF:73:87:14:2A:BA:3D:CF:72:EE:1A:2B:73:7C:FB
            X509v3 Authority Key Identifier:
                keyid:BB:D8:4B:C4:4D:BD:A5:BA:BF:C4:94:0B:CC:C1:63:5E:15:3B:24:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u9hLxE29pbq_xJQLzMFjXhU7JLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/t2lK80Ovc4cUKro9z3LuGitzfPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/u9hLxE29pbq_xJQLzMFjXhU7JLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:dc:6e:5c:69:90:7e:fd:a7:db:5c:07:6b:aa:a6:a7:07:e4:
         5f:0b:aa:3f:a7:67:56:28:b8:a4:75:9e:46:72:01:68:11:56:
         ca:50:1c:7b:93:78:08:6f:f4:29:d3:e7:e7:da:1e:18:cf:43:
         1e:87:e7:f3:63:c0:06:2a:0b:83:73:2d:db:75:86:97:e4:67:
         20:66:bf:25:e7:9d:6e:c2:02:b0:91:55:f3:c9:0f:a9:c1:66:
         8a:1e:17:9d:75:56:3e:4c:ed:80:b9:e6:14:fb:53:4f:18:04:
         43:2c:d7:f5:b8:db:82:08:34:91:f7:b9:36:b9:b5:92:04:61:
         bf:dc:60:b6:ea:ce:8f:9e:4f:0d:3d:cc:a6:ff:03:0b:e4:7d:
         f2:0c:84:fa:4e:41:37:8c:09:9c:5d:99:14:7b:68:9f:05:0f:
         33:80:3e:48:98:e2:69:c4:4e:67:86:d9:70:08:90:fb:85:6f:
         55:e1:ed:91:a2:43:66:cd:1c:1d:68:28:ea:c1:3e:9b:65:0a:
         1c:5a:45:73:32:66:d0:88:aa:a6:64:09:60:6a:ed:93:94:62:
         9d:06:8d:41:6b:b0:75:58:fa:3f:87:4a:f4:35:e2:fc:9d:da:
         1a:1b:5e:d2:88:bd:c4:92:56:c8:35:3a:88:5a:bb:6a:83:96:
         21:8b:3c:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZizTjm2KLgLFW9pyY7wYbVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZDg0YmM0NGRiZGE1YmFiZmM0OTQwYmNjYzE2MzVlMTUz
YjI0YjYwHhcNMjUwODE2MTQzNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzY5NGFmMzQzYWY3Mzg3MTQyYWJhM2RjZjcyZWUxYTJiNzM3Y2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbNfolWzHqPmB/RLVVDiGIrxVVDk
zXe7nVnctEd6yuKZ2rYBD5UOQAXVDbEsMyJsuKf06a+OdzZbE6NIRwhjlgOQTjYE
I3qI5lMmSsGJ13OGIoV5tst6OhJt+08CNc9F2t4atqNWy8txZbLjYOPyotRyeu6a
qwI42o279drp7GTIWiEjZRYWw1+j1bD1wxfog/xChB5VVR44NIoHMjWMXDkvP1Yd
e+O/PmCXsR8rBTy15JxCnx/L5dvcyPI0NmagYHzJuqwqvT1M1tdtmnBIJZvziVZB
JlO+J8ZgSDeQaIlXJO2bJWxUH6ROw0CZjgS+YgIMu5ATvFYik+lzBL4G1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdpSvNDr3OHFCq6Pc9y7horc3z7MB8GA1UdIwQY
MBaAFLvYS8RNvaW6v8SUC8zBY14VOyS2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTloTHhFMjlwYnFfeEpRTHpNRmpYaFU3SkxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS82MzliZTQtOTNlNi00MTgzLWFiNmYt
ZGZkZGIxMzY0MzYzLzEvdDJsSzgwT3ZjNGNVS3JvOXozTHVHaXR6ZlBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS82MzliZTQtOTNlNi00MTgzLWFiNmYtZGZkZGIxMzY0MzYz
LzEvdTloTHhFMjlwYnFfeEpRTHpNRmpYaFU3SkxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuf84MA0G
CSqGSIb3DQEBCwUAA4IBAQAN3G5caZB+/afbXAdrqqanB+RfC6o/p2dWKLikdZ5G
cgFoEVbKUBx7k3gIb/Qp0+fn2h4Yz0Meh+fzY8AGKguDcy3bdYaX5GcgZr8l551u
wgKwkVXzyQ+pwWaKHheddVY+TO2AueYU+1NPGARDLNf1uNuCCDSR97k2ubWSBGG/
3GC26s6Pnk8NPcym/wML5H3yDIT6TkE3jAmcXZkUe2ifBQ8zgD5ImOJpxE5nhtlw
CJD7hW9V4e2RokNmzRwdaCjqwT6bZQocWkVzMmbQiKqmZAlgau2TlGKdBo1Ba7B1
WPo/h0r0NeL8ndoaG17SiL3EklbINTqIWrtqg5Yhizyj
-----END CERTIFICATE-----