Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/5205b8-98cf-4042-a0ce-e4c6741c802c/1/bwcXy3FYmHBMxUWqGbTAjvoGjVE.roa
File:                     bwcXy3FYmHBMxUWqGbTAjvoGjVE.roa (raw, json)
Hash identifier:          i13BZ7NJZZP7VgcQkDsp+e+5aBIM+z4sday3aP/ehUI=
Subject key identifier:   6F:07:17:CB:71:58:98:70:4C:C5:45:AA:19:B4:C0:8E:FA:06:8D:51
Certificate issuer:       /CN=99fc8dc2a7c1b9f32ba1957ff492dc0ba4f260ff
Certificate serial:       019781E54D6D2283999C531AEA807B32907A
Authority key identifier: 99:FC:8D:C2:A7:C1:B9:F3:2B:A1:95:7F:F4:92:DC:0B:A4:F2:60:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mfyNwqfBufMroZV_9JLcC6TyYP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/5205b8-98cf-4042-a0ce-e4c6741c802c/1/bwcXy3FYmHBMxUWqGbTAjvoGjVE.roa
Signing time:             Wed 18 Jun 2025 07:16:17 +0000
ROA not before:           Wed 18 Jun 2025 07:16:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42926
IP address blocks:        152.114.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/5205b8-98cf-4042-a0ce-e4c6741c802c/1/mfyNwqfBufMroZV_9JLcC6TyYP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/5205b8-98cf-4042-a0ce-e4c6741c802c/1/mfyNwqfBufMroZV_9JLcC6TyYP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mfyNwqfBufMroZV_9JLcC6TyYP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:81:e5:4d:6d:22:83:99:9c:53:1a:ea:80:7b:32:90:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99fc8dc2a7c1b9f32ba1957ff492dc0ba4f260ff
        Validity
            Not Before: Jun 18 07:16:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f0717cb715898704cc545aa19b4c08efa068d51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:61:75:5e:81:ea:c1:5d:91:df:be:41:71:23:
                    3a:a5:b1:d2:f7:b9:a8:5a:40:dc:8b:77:da:6b:1a:
                    fc:5b:b6:d2:99:78:8e:fb:8e:db:48:08:ab:ce:df:
                    52:cb:aa:ed:b9:b9:2f:7b:e8:75:2c:83:58:42:99:
                    14:13:fd:d1:5c:20:18:6d:14:b6:db:7b:9d:19:6a:
                    7f:de:4b:eb:2e:d0:6c:e7:ce:12:31:01:c8:c1:21:
                    b9:c2:18:1a:20:e7:1e:6f:4f:4d:84:ea:2b:7d:6e:
                    d6:6d:3c:c2:72:4a:fb:96:f8:f8:92:dc:15:a6:3a:
                    e1:f5:85:5f:65:67:f8:9c:60:c6:05:a4:7a:da:8f:
                    b0:29:9f:82:75:80:0f:82:08:10:4a:2c:30:bb:ee:
                    4c:e4:33:58:30:cb:64:1a:ce:27:0d:58:23:d5:6a:
                    ab:4e:cd:ed:43:a7:38:4b:fa:21:79:77:f6:9e:8b:
                    6a:10:79:cb:8d:09:39:7c:06:5e:6f:8f:09:ae:ad:
                    e0:94:3a:b9:8c:cb:1a:33:42:56:a1:7b:7a:88:f6:
                    bf:2e:46:f2:b6:7f:76:4d:ca:46:44:22:1b:85:f6:
                    b5:32:4e:d8:fb:c0:81:ca:0c:78:c2:c1:6c:75:fe:
                    dc:d1:85:8c:ee:02:d7:54:6a:9f:1a:76:51:33:05:
                    2d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:07:17:CB:71:58:98:70:4C:C5:45:AA:19:B4:C0:8E:FA:06:8D:51
            X509v3 Authority Key Identifier:
                keyid:99:FC:8D:C2:A7:C1:B9:F3:2B:A1:95:7F:F4:92:DC:0B:A4:F2:60:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mfyNwqfBufMroZV_9JLcC6TyYP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/5205b8-98cf-4042-a0ce-e4c6741c802c/1/bwcXy3FYmHBMxUWqGbTAjvoGjVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/5205b8-98cf-4042-a0ce-e4c6741c802c/1/mfyNwqfBufMroZV_9JLcC6TyYP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.114.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:b4:42:6f:76:24:1f:09:73:0f:65:24:30:76:cb:6d:f2:25:
         44:e0:b2:5d:50:12:11:10:b6:e3:70:f8:a1:03:ba:87:1d:8d:
         d9:ed:0c:2b:9e:00:b5:23:6b:a4:43:6d:30:82:97:98:f4:f7:
         00:de:9d:e2:e5:4a:67:d9:d6:76:cb:0c:0f:cf:ca:a4:40:a7:
         3a:5d:a1:35:81:d6:26:1b:5c:73:52:11:9d:1b:09:06:3d:91:
         74:f9:51:7a:08:0c:25:77:d0:76:fc:ea:42:f8:1f:8e:84:2b:
         fc:54:02:e2:88:d5:b6:17:6d:61:2e:3f:53:f3:eb:7b:d5:fa:
         39:bd:4e:43:86:96:45:66:78:d3:65:a9:f2:e5:d6:73:96:c3:
         b4:ec:6f:6f:43:c5:97:6a:6b:ce:54:19:b6:b9:19:8b:ec:97:
         ce:bb:49:87:83:51:74:f3:af:8f:01:ca:64:57:17:e0:49:c7:
         c5:95:60:57:21:a9:32:11:e0:a6:8f:70:01:87:75:52:39:c1:
         bb:8e:9a:0f:ce:db:95:22:23:bb:36:87:f3:4a:7c:88:e5:53:
         97:ed:ce:08:4b:14:57:be:d9:68:33:75:8f:9d:31:6b:db:4f:
         84:b9:4c:8f:a2:58:5a:bd:aa:23:cd:c8:a0:04:55:b8:94:1e:
         7d:14:3d:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeB5U1tIoOZnFMa6oB7MpB6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZmM4ZGMyYTdjMWI5ZjMyYmExOTU3ZmY0OTJkYzBiYTRm
MjYwZmYwHhcNMjUwNjE4MDcxNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjA3MTdjYjcxNTg5ODcwNGNjNTQ1YWExOWI0YzA4ZWZhMDY4ZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmF1XoHqwV2R375BcSM6pbHS97mo
WkDci3faaxr8W7bSmXiO+47bSAirzt9Sy6rtubkve+h1LINYQpkUE/3RXCAYbRS2
23udGWp/3kvrLtBs584SMQHIwSG5whgaIOceb09NhOorfW7WbTzCckr7lvj4ktwV
pjrh9YVfZWf4nGDGBaR62o+wKZ+CdYAPgggQSiwwu+5M5DNYMMtkGs4nDVgj1Wqr
Ts3tQ6c4S/oheXf2notqEHnLjQk5fAZeb48Jrq3glDq5jMsaM0JWoXt6iPa/Lkby
tn92TcpGRCIbhfa1Mk7Y+8CBygx4wsFsdf7c0YWM7gLXVGqfGnZRMwUtBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8HF8txWJhwTMVFqhm0wI76Bo1RMB8GA1UdIwQY
MBaAFJn8jcKnwbnzK6GVf/SS3Auk8mD/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWZ5TndxZkJ1Zk1yb1pWXzlKTGNDNlR5WVA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS81MjA1YjgtOThjZi00MDQyLWEwY2Ut
ZTRjNjc0MWM4MDJjLzEvYndjWHkzRlltSEJNeFVXcUdiVEFqdm9HalZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS81MjA1YjgtOThjZi00MDQyLWEwY2UtZTRjNjc0MWM4MDJj
LzEvbWZ5TndxZkJ1Zk1yb1pWXzlKTGNDNlR5WVA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmHLPMA0G
CSqGSIb3DQEBCwUAA4IBAQBdtEJvdiQfCXMPZSQwdstt8iVE4LJdUBIRELbjcPih
A7qHHY3Z7QwrngC1I2ukQ20wgpeY9PcA3p3i5Upn2dZ2ywwPz8qkQKc6XaE1gdYm
G1xzUhGdGwkGPZF0+VF6CAwld9B2/OpC+B+OhCv8VALiiNW2F21hLj9T8+t71fo5
vU5DhpZFZnjTZany5dZzlsO07G9vQ8WXamvOVBm2uRmL7JfOu0mHg1F086+PAcpk
VxfgScfFlWBXIakyEeCmj3ABh3VSOcG7jpoPztuVIiO7NofzSnyI5VOX7c4ISxRX
vtloM3WPnTFr20+EuUyPolhavaojzcigBFW4lB59FD1a
-----END CERTIFICATE-----