Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/bGQ-U-z2BmYuJXwq2CdnbdjZtNQ.roa
File:                     bGQ-U-z2BmYuJXwq2CdnbdjZtNQ.roa (raw, json)
Hash identifier:          +/jFFfPLUnxq8MEEhT4pZvQpkAMuX2iu802KqhyeYWc=
Subject key identifier:   6C:64:3E:53:EC:F6:06:66:2E:25:7C:2A:D8:27:67:6D:D8:D9:B4:D4
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019898FE1444463B1AFAFFD561757595E31F
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/bGQ-U-z2BmYuJXwq2CdnbdjZtNQ.roa
Signing time:             Mon 11 Aug 2025 11:57:24 +0000
ROA not before:           Mon 11 Aug 2025 11:57:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205899
IP address blocks:        185.231.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:fe:14:44:46:3b:1a:fa:ff:d5:61:75:75:95:e3:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Aug 11 11:57:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c643e53ecf606662e257c2ad827676dd8d9b4d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:63:90:df:ef:50:5c:bc:9f:51:53:03:5f:77:
                    a1:ec:91:df:0f:aa:56:26:bf:e4:27:d1:c4:88:92:
                    6b:15:75:49:91:9c:79:2f:4e:2c:03:a6:a8:aa:41:
                    eb:7f:35:e5:c6:b8:c6:a4:7b:ea:c1:4a:47:9f:96:
                    7b:32:55:ec:69:9d:17:fc:f8:af:78:f6:b1:26:60:
                    6d:ea:28:c2:26:92:ad:08:d5:6e:9a:b5:00:b4:12:
                    7f:7d:c6:f6:d1:f0:d8:cd:03:67:b6:ef:f2:1f:36:
                    87:09:82:f0:db:4a:75:1e:8b:8c:91:9d:df:ea:8a:
                    88:25:1e:11:c7:cd:14:a1:de:b9:c8:01:32:58:5a:
                    38:1e:1d:07:16:b0:79:72:d7:32:de:d7:4a:63:a2:
                    65:67:a4:e7:2c:a9:43:ab:df:1a:12:95:80:64:b6:
                    91:cf:38:f1:40:f0:87:93:a6:0d:60:94:b8:5a:8b:
                    dd:ce:5f:b2:7c:04:65:da:f9:b1:46:11:cd:b0:6e:
                    2e:22:c1:38:da:57:a8:1e:88:57:90:a8:03:8a:14:
                    f6:60:22:d2:46:78:06:6b:22:fb:da:69:be:c1:51:
                    bb:66:a9:13:78:7f:58:68:1e:bc:32:df:d3:38:29:
                    6b:ff:8c:d6:5a:76:f6:63:d4:e4:a4:c2:49:5a:83:
                    fe:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:64:3E:53:EC:F6:06:66:2E:25:7C:2A:D8:27:67:6D:D8:D9:B4:D4
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/bGQ-U-z2BmYuJXwq2CdnbdjZtNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:3d:5e:b8:d2:61:b0:5e:65:1c:ea:3e:13:60:fe:00:b9:b9:
         aa:d2:05:97:13:df:f2:97:82:f5:17:bb:68:0e:81:9e:19:36:
         44:8d:37:f6:89:34:e5:ed:0c:50:36:9f:1c:0f:05:68:95:11:
         5f:14:24:95:4f:8a:9f:b6:20:34:db:b9:22:5f:ac:64:3f:66:
         ca:9b:0e:85:e3:7a:ba:c0:81:61:55:97:84:44:5c:62:a8:cf:
         83:2b:fb:1e:9b:16:c8:5a:ac:0c:5f:77:0a:58:b0:8f:15:dc:
         c3:5c:6d:b4:87:18:cd:84:4a:71:cd:d8:77:d6:e0:c3:21:2b:
         10:07:0a:45:c6:8e:f4:77:2c:21:16:47:ba:67:09:81:10:0b:
         f0:ee:e2:0e:49:22:20:6f:a0:04:00:0d:87:8d:fa:ef:a6:f1:
         15:53:a5:68:7f:3a:41:42:6f:6f:e1:06:35:2b:c7:83:82:29:
         a4:14:69:cb:b2:53:b9:83:5f:c4:ac:a6:6b:29:f1:49:87:58:
         8d:36:0c:49:5b:f2:e6:ab:74:52:22:df:b9:0a:28:9b:6e:73:
         69:2b:f8:39:1f:a3:80:20:b9:06:92:b2:ad:64:ec:c1:7a:60:
         9c:4b:8c:93:df:61:fa:d0:c7:29:cf:42:47:dd:59:b3:d5:d1:
         e7:3d:11:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiY/hRERjsa+v/VYXV1leMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwODExMTE1NzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzY0M2U1M2VjZjYwNjY2MmUyNTdjMmFkODI3Njc2ZGQ4ZDliNGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGOQ3+9QXLyfUVMDX3eh7JHfD6pW
Jr/kJ9HEiJJrFXVJkZx5L04sA6aoqkHrfzXlxrjGpHvqwUpHn5Z7MlXsaZ0X/Piv
ePaxJmBt6ijCJpKtCNVumrUAtBJ/fcb20fDYzQNntu/yHzaHCYLw20p1HouMkZ3f
6oqIJR4Rx80Uod65yAEyWFo4Hh0HFrB5ctcy3tdKY6JlZ6TnLKlDq98aEpWAZLaR
zzjxQPCHk6YNYJS4Wovdzl+yfARl2vmxRhHNsG4uIsE42leoHohXkKgDihT2YCLS
RngGayL72mm+wVG7ZqkTeH9YaB68Mt/TOClr/4zWWnb2Y9TkpMJJWoP+XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxkPlPs9gZmLiV8KtgnZ23Y2bTUMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvYkdRLVUtejJCbVl1Slh3cTJDZG5iZGpadE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueesMA0G
CSqGSIb3DQEBCwUAA4IBAQBaPV640mGwXmUc6j4TYP4Aubmq0gWXE9/yl4L1F7to
DoGeGTZEjTf2iTTl7QxQNp8cDwVolRFfFCSVT4qftiA027kiX6xkP2bKmw6F43q6
wIFhVZeERFxiqM+DK/semxbIWqwMX3cKWLCPFdzDXG20hxjNhEpxzdh31uDDISsQ
BwpFxo70dywhFke6ZwmBEAvw7uIOSSIgb6AEAA2HjfrvpvEVU6VofzpBQm9v4QY1
K8eDgimkFGnLslO5g1/ErKZrKfFJh1iNNgxJW/Lmq3RSIt+5CiibbnNpK/g5H6OA
ILkGkrKtZOzBemCcS4yT32H60Mcpz0JH3Vmz1dHnPRG9
-----END CERTIFICATE-----