Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/Bk_-tAtBQBDMWsFeWLzWEKqm6r8.roa
File:                     Bk_-tAtBQBDMWsFeWLzWEKqm6r8.roa (raw, json)
Hash identifier:          WNJKvTpD/DoB8twbES4bI7LJ/l4C3v8zVuuorOHSnjs=
Subject key identifier:   06:4F:FE:B4:0B:41:40:10:CC:5A:C1:5E:58:BC:D6:10:AA:A6:EA:BF
Certificate issuer:       /CN=095654498e1cc7bf8ce09eae17acdf7c883d5b49
Certificate serial:       0197AB36C3CDEBCCDA8451367B06CF909B5E
Authority key identifier: 09:56:54:49:8E:1C:C7:BF:8C:E0:9E:AE:17:AC:DF:7C:88:3D:5B:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/Bk_-tAtBQBDMWsFeWLzWEKqm6r8.roa
Signing time:             Thu 26 Jun 2025 07:49:42 +0000
ROA not before:           Thu 26 Jun 2025 07:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21134
IP address blocks:        193.109.104.0/23 maxlen: 23
                          193.109.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 15:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ab:36:c3:cd:eb:cc:da:84:51:36:7b:06:cf:90:9b:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=095654498e1cc7bf8ce09eae17acdf7c883d5b49
        Validity
            Not Before: Jun 26 07:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=064ffeb40b414010cc5ac15e58bcd610aaa6eabf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:28:26:b7:73:78:d2:2b:6b:a9:c1:c0:e6:d5:
                    6e:82:dd:4b:1a:67:51:f0:28:85:32:30:fa:c7:6f:
                    51:40:7e:5d:69:68:d5:3b:76:b2:e2:e6:21:50:d9:
                    81:50:7e:07:cf:83:b7:2d:f9:dc:23:19:55:c3:42:
                    22:ed:4a:61:77:e4:09:82:0b:6b:3c:a3:35:4d:5d:
                    b3:f5:b2:e1:b2:ec:57:5b:86:e5:7b:1d:0b:16:12:
                    82:1e:6f:01:10:76:be:ff:54:9c:29:02:56:97:b0:
                    ef:63:ea:c5:7d:f5:2d:35:e0:ae:de:67:12:59:72:
                    91:48:cc:0d:3e:1b:64:7c:11:30:fd:6f:ba:21:0c:
                    60:50:1f:3c:15:23:af:71:f4:c9:fa:cc:47:c3:87:
                    78:64:a9:cd:08:70:c3:b8:3a:4f:a4:a6:94:7b:5f:
                    e0:90:7b:1f:1d:04:01:9e:63:dc:f8:29:a1:a2:22:
                    c4:21:8d:c1:d0:ce:7f:17:10:e3:43:d2:17:f9:a6:
                    bc:91:98:6e:2a:95:59:8d:17:0b:77:84:7e:af:84:
                    ed:41:df:e3:0b:a7:28:4c:bf:ab:3c:8a:f7:48:ff:
                    a6:6d:ac:b9:a9:c1:9e:45:75:b7:a3:04:b5:31:06:
                    ad:55:1c:c2:96:76:e2:24:7d:a0:ae:ef:14:68:ea:
                    ee:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:4F:FE:B4:0B:41:40:10:CC:5A:C1:5E:58:BC:D6:10:AA:A6:EA:BF
            X509v3 Authority Key Identifier:
                keyid:09:56:54:49:8E:1C:C7:BF:8C:E0:9E:AE:17:AC:DF:7C:88:3D:5B:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/Bk_-tAtBQBDMWsFeWLzWEKqm6r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.104.0-193.109.106.255

    Signature Algorithm: sha256WithRSAEncryption
         76:7c:c8:0e:e4:0a:6f:84:d4:54:f9:38:e3:e8:2c:fe:73:09:
         2c:9b:5f:9c:e8:7a:ea:7e:99:61:21:19:dd:dd:42:ee:f2:9b:
         11:11:85:0d:a7:71:75:ea:60:55:c5:2a:0b:e6:67:0e:0b:ff:
         2a:08:5f:a1:be:58:f6:ff:73:27:03:c8:b1:31:42:0e:1a:bc:
         8d:43:b3:0d:a0:63:0f:2f:85:f7:e9:04:76:64:9d:d6:fa:68:
         9b:9f:23:de:06:09:9f:d4:b0:07:15:6c:01:eb:65:a4:0a:b1:
         7e:97:e6:2c:9b:7c:02:da:8f:c0:ce:d4:a2:84:eb:cb:33:6d:
         29:79:9d:11:ef:fe:3c:ae:ed:01:e8:01:02:86:34:53:c3:a1:
         31:71:af:65:4d:3c:d2:dd:ac:09:3b:f0:6b:d4:c8:01:5f:b5:
         84:a0:2f:5c:cf:3f:d7:8b:88:6f:60:b7:c5:fb:33:1c:22:fb:
         65:b1:e4:73:5d:61:84:ee:c4:81:b6:e8:02:3a:3a:30:74:64:
         08:b8:c7:20:67:95:3c:04:05:b8:13:51:86:a1:e6:85:1c:5f:
         7b:7b:77:a0:6b:be:a6:4d:2c:db:10:a1:04:ab:da:08:73:81:
         64:49:5e:f1:b7:37:d8:36:3b:ec:1d:03:0f:a8:f9:15:e7:86:
         62:7a:0c:57
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZerNsPN68zahFE2ewbPkJteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NTY1NDQ5OGUxY2M3YmY4Y2UwOWVhZTE3YWNkZjdjODgz
ZDViNDkwHhcNMjUwNjI2MDc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjRmZmViNDBiNDE0MDEwY2M1YWMxNWU1OGJjZDYxMGFhYTZlYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkygmt3N40itrqcHA5tVugt1LGmdR
8CiFMjD6x29RQH5daWjVO3ay4uYhUNmBUH4Hz4O3LfncIxlVw0Ii7Uphd+QJggtr
PKM1TV2z9bLhsuxXW4blex0LFhKCHm8BEHa+/1ScKQJWl7DvY+rFffUtNeCu3mcS
WXKRSMwNPhtkfBEw/W+6IQxgUB88FSOvcfTJ+sxHw4d4ZKnNCHDDuDpPpKaUe1/g
kHsfHQQBnmPc+CmhoiLEIY3B0M5/FxDjQ9IX+aa8kZhuKpVZjRcLd4R+r4TtQd/j
C6coTL+rPIr3SP+mbay5qcGeRXW3owS1MQatVRzClnbiJH2gru8UaOrusQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAZP/rQLQUAQzFrBXli81hCqpuq/MB8GA1UdIwQY
MBaAFAlWVEmOHMe/jOCerhes33yIPVtJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ZaVVNZNGN4Ny1NNEo2dUY2emZmSWc5VzBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMmRhYTQtMDg3NC00ZjNkLWJmMjIt
ZDFhZDU0ZDBjMDUzLzEvQmtfLXRBdEJRQkRNV3NGZVdMeldFS3FtNnI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMmRhYTQtMDg3NC00ZjNkLWJmMjItZDFhZDU0ZDBjMDUz
LzEvQ1ZaVVNZNGN4Ny1NNEo2dUY2emZmSWc5VzBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPBbWgD
BADBbWowDQYJKoZIhvcNAQELBQADggEBAHZ8yA7kCm+E1FT5OOPoLP5zCSybX5zo
eup+mWEhGd3dQu7ymxERhQ2ncXXqYFXFKgvmZw4L/yoIX6G+WPb/cycDyLExQg4a
vI1Dsw2gYw8vhffpBHZkndb6aJufI94GCZ/UsAcVbAHrZaQKsX6X5iybfALaj8DO
1KKE68szbSl5nRHv/jyu7QHoAQKGNFPDoTFxr2VNPNLdrAk78GvUyAFftYSgL1zP
P9eLiG9gt8X7Mxwi+2Wx5HNdYYTuxIG26AI6OjB0ZAi4xyBnlTwEBbgTUYah5oUc
X3t7d6BrvqZNLNsQoQSr2ghzgWRJXvG3N9g2O+wdAw+o+RXnhmJ6DFc=
-----END CERTIFICATE-----