Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/vk__BsLC-w4t61AP3NKxv-xx7s0.roa
File:                     vk__BsLC-w4t61AP3NKxv-xx7s0.roa (raw, json)
Hash identifier:          QhL3r8ItXZYbQiLA1rOJkbp/2P0nL9STn83GwQP930o=
Subject key identifier:   BE:4F:FF:06:C2:C2:FB:0E:2D:EB:50:0F:DC:D2:B1:BF:EC:71:EE:CD
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       0199BE7848B76F61ADE14947F7603ED73E90
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/vk__BsLC-w4t61AP3NKxv-xx7s0.roa
Signing time:             Tue 07 Oct 2025 11:39:37 +0000
ROA not before:           Tue 07 Oct 2025 11:39:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42139
IP address blocks:        193.232.230.0/24 maxlen: 24
                          2001:67c:1211::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:be:78:48:b7:6f:61:ad:e1:49:47:f7:60:3e:d7:3e:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Oct  7 11:39:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be4fff06c2c2fb0e2deb500fdcd2b1bfec71eecd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:99:66:82:88:59:2c:07:ae:ad:15:92:7d:47:
                    6e:07:5a:19:6d:c6:4a:ea:c6:49:ce:2c:ac:98:d5:
                    2c:e0:35:23:05:90:0a:01:e8:e2:4b:52:3c:9e:2a:
                    9a:23:66:d0:9c:01:f3:11:a3:52:c9:2f:7e:44:09:
                    76:e6:4b:fe:4a:c6:03:60:84:6b:79:76:ed:02:b5:
                    22:8f:79:ba:e5:fc:93:ac:47:17:6e:61:b6:ac:51:
                    f7:5a:ca:e0:7f:c4:8a:a0:a8:a5:9b:de:01:c2:fb:
                    d9:42:bc:cf:b5:b6:22:50:5b:df:cc:fe:97:9b:69:
                    90:ca:97:b8:7b:39:16:47:2e:fe:02:62:16:85:94:
                    ab:b1:df:e3:8f:94:86:64:b3:f5:33:65:b9:bc:b4:
                    5b:ef:25:6c:bb:36:ae:71:70:c1:c8:92:be:7b:ab:
                    51:c0:aa:19:f1:26:3e:95:5a:c2:d8:9f:22:96:a4:
                    78:7a:4f:9c:1b:f5:c8:45:83:b3:67:60:ae:f8:e8:
                    43:1f:3e:36:d7:ec:92:83:54:01:a1:6f:00:61:e0:
                    3f:24:a4:8d:23:dd:e6:0c:92:82:ff:ee:21:e7:08:
                    04:de:65:20:a6:04:99:df:42:33:25:72:5e:5a:e2:
                    46:3e:f1:68:85:11:12:cc:8c:3a:16:1b:ae:8e:47:
                    42:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:4F:FF:06:C2:C2:FB:0E:2D:EB:50:0F:DC:D2:B1:BF:EC:71:EE:CD
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/vk__BsLC-w4t61AP3NKxv-xx7s0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.230.0/24
                IPv6:
                  2001:67c:1211::/48

    Signature Algorithm: sha256WithRSAEncryption
         c8:32:80:36:cd:74:08:f3:a7:91:cf:5a:5a:47:3b:ea:64:74:
         a7:59:ea:9f:bd:79:13:af:6f:bc:34:b0:2d:b4:71:3f:4d:8c:
         71:1f:91:ad:12:66:3c:a1:06:08:95:1c:9f:c1:41:c1:d2:62:
         c6:44:98:d9:a7:c0:8b:59:2e:4a:78:ac:3e:5b:64:5a:20:d3:
         78:d2:8b:e3:f2:0c:6c:4d:e5:89:df:30:40:43:49:ef:97:b7:
         4a:c8:08:aa:31:44:81:03:62:1a:17:7f:84:15:17:36:42:88:
         4a:10:a8:21:13:6c:70:73:2e:28:53:20:43:e1:85:08:75:7c:
         c7:cd:f7:f0:d0:09:80:c0:06:5e:0a:56:cc:d8:06:57:86:c9:
         70:8a:00:54:26:94:b7:24:37:b0:60:30:dc:58:62:97:14:3e:
         13:a2:0a:f9:7a:0b:17:56:91:25:08:1f:8f:09:3b:c0:d2:4d:
         8c:36:85:50:ec:f5:0d:3b:04:53:ea:79:07:59:c0:e0:ab:d2:
         d4:65:9a:d6:3a:d6:a1:93:10:db:55:50:36:a8:51:15:74:fa:
         fb:a5:60:20:b3:d2:b1:dd:b8:46:0f:e4:0b:9d:3a:43:7a:09:
         4e:bf:2e:45:03:c3:3f:a7:05:51:7b:4d:c6:d3:e6:c7:c0:53:
         72:48:b2:8a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZm+eEi3b2Gt4UlH92A+1z6QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjUxMDA3MTEzOTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTRmZmYwNmMyYzJmYjBlMmRlYjUwMGZkY2QyYjFiZmVjNzFlZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5lmgohZLAeurRWSfUduB1oZbcZK
6sZJziysmNUs4DUjBZAKAejiS1I8niqaI2bQnAHzEaNSyS9+RAl25kv+SsYDYIRr
eXbtArUij3m65fyTrEcXbmG2rFH3Wsrgf8SKoKilm94BwvvZQrzPtbYiUFvfzP6X
m2mQype4ezkWRy7+AmIWhZSrsd/jj5SGZLP1M2W5vLRb7yVsuzaucXDByJK+e6tR
wKoZ8SY+lVrC2J8ilqR4ek+cG/XIRYOzZ2Cu+OhDHz421+ySg1QBoW8AYeA/JKSN
I93mDJKC/+4h5wgE3mUgpgSZ30IzJXJeWuJGPvFohRESzIw6FhuujkdC3wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL5P/wbCwvsOLetQD9zSsb/sce7NMB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvdmtfX0JzTEMtdzR0NjFBUDNOS3h2LXh4N3MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwejmMA8E
AgACMAkDBwAgAQZ8EhEwDQYJKoZIhvcNAQELBQADggEBAMgygDbNdAjzp5HPWlpH
O+pkdKdZ6p+9eROvb7w0sC20cT9NjHEfka0SZjyhBgiVHJ/BQcHSYsZEmNmnwItZ
Lkp4rD5bZFog03jSi+PyDGxN5YnfMEBDSe+Xt0rICKoxRIEDYhoXf4QVFzZCiEoQ
qCETbHBzLihTIEPhhQh1fMfN9/DQCYDABl4KVszYBleGyXCKAFQmlLckN7BgMNxY
YpcUPhOiCvl6CxdWkSUIH48JO8DSTYw2hVDs9Q07BFPqeQdZwOCr0tRlmtY61qGT
ENtVUDaoURV0+vulYCCz0rHduEYP5AudOkN6CU6/LkUDwz+nBVF7TcbT5sfAU3JI
soo=
-----END CERTIFICATE-----