Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/6c9902-cd45-4404-8513-71c3d6aa2899/1/bcgwm0IXZl2cgnOU43vtGxwCk5s.roa
File:                     bcgwm0IXZl2cgnOU43vtGxwCk5s.roa (raw, json)
Hash identifier:          pOqSUBN1yoYOlROah8VVMTjUQwi9pDp8K4UguM3751U=
Subject key identifier:   6D:C8:30:9B:42:17:66:5D:9C:82:73:94:E3:7B:ED:1B:1C:02:93:9B
Certificate issuer:       /CN=617f6f6e150a6043cb2093b08ddd3a2a4ab97a37
Certificate serial:       0199A50C2D7D23B99360278E373788CC929C
Authority key identifier: 61:7F:6F:6E:15:0A:60:43:CB:20:93:B0:8D:DD:3A:2A:4A:B9:7A:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YX9vbhUKYEPLIJOwjd06Kkq5ejc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/6c9902-cd45-4404-8513-71c3d6aa2899/1/bcgwm0IXZl2cgnOU43vtGxwCk5s.roa
Signing time:             Thu 02 Oct 2025 13:11:02 +0000
ROA not before:           Thu 02 Oct 2025 13:11:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196874
IP address blocks:        109.233.80.0/21 maxlen: 21
                          192.145.48.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/6c9902-cd45-4404-8513-71c3d6aa2899/1/YX9vbhUKYEPLIJOwjd06Kkq5ejc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/6c9902-cd45-4404-8513-71c3d6aa2899/1/YX9vbhUKYEPLIJOwjd06Kkq5ejc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YX9vbhUKYEPLIJOwjd06Kkq5ejc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a5:0c:2d:7d:23:b9:93:60:27:8e:37:37:88:cc:92:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=617f6f6e150a6043cb2093b08ddd3a2a4ab97a37
        Validity
            Not Before: Oct  2 13:11:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6dc8309b4217665d9c827394e37bed1b1c02939b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3b:fc:a3:b8:f8:2c:c5:6a:5a:9b:83:17:80:
                    0d:74:30:b8:01:c2:c0:ae:8c:c8:3d:60:7e:d6:53:
                    4b:6c:a4:63:64:1c:4b:31:d9:d6:2e:1e:b6:fd:48:
                    5f:f4:63:84:45:28:bc:28:99:28:da:bc:61:df:56:
                    53:75:1d:dc:ec:45:0d:f3:f0:83:51:58:37:22:24:
                    e1:c7:f8:52:81:f1:69:2b:d8:a4:fd:87:70:f5:11:
                    fc:51:0d:63:b2:f9:b4:f8:12:4f:ea:51:1c:a0:af:
                    0a:71:cd:f0:70:d4:13:c8:29:f7:52:e5:f8:16:14:
                    cb:e1:03:4b:46:64:f4:04:8d:fa:c2:54:2e:b0:b3:
                    67:14:93:6d:d2:08:52:fc:5a:bd:5b:43:d3:d9:a4:
                    74:e5:7b:50:41:88:a6:65:c9:65:84:5f:92:ff:a8:
                    ff:cf:ca:e8:49:6a:3c:a5:bb:e9:e2:c6:be:08:5d:
                    db:d0:dc:86:2b:9a:50:32:db:9a:bb:8b:44:ce:10:
                    55:f2:51:27:39:2b:29:5a:7a:be:bc:44:6d:2e:e2:
                    cb:1a:9e:72:8a:ee:e3:3f:ff:c3:f9:bb:31:66:67:
                    0f:25:0d:0b:9c:d7:49:63:fb:34:06:66:e5:1f:60:
                    a4:c1:10:c5:00:65:76:a6:67:4c:ff:87:78:5f:1f:
                    b0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:C8:30:9B:42:17:66:5D:9C:82:73:94:E3:7B:ED:1B:1C:02:93:9B
            X509v3 Authority Key Identifier:
                keyid:61:7F:6F:6E:15:0A:60:43:CB:20:93:B0:8D:DD:3A:2A:4A:B9:7A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YX9vbhUKYEPLIJOwjd06Kkq5ejc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6c9902-cd45-4404-8513-71c3d6aa2899/1/bcgwm0IXZl2cgnOU43vtGxwCk5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6c9902-cd45-4404-8513-71c3d6aa2899/1/YX9vbhUKYEPLIJOwjd06Kkq5ejc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.80.0/21
                  192.145.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:59:b3:94:af:10:7b:8c:f4:00:fb:48:14:8a:24:14:c7:42:
         c6:44:ce:52:de:a9:d4:a8:c5:d0:0d:88:9b:1d:0b:8c:8f:8d:
         fb:6d:b9:e4:2b:01:6c:af:ee:97:d6:37:2f:bf:9a:df:71:3e:
         9c:82:3f:e5:11:c4:d7:85:de:8a:a9:3c:60:a0:43:92:3a:21:
         32:97:16:2b:e3:e9:96:22:3d:9e:ab:ab:b1:5e:5c:2a:e6:ec:
         d7:80:60:c5:3a:af:7c:23:ac:92:bc:94:2d:41:4f:73:81:65:
         8f:99:94:04:2b:05:e1:20:b2:20:23:43:80:05:2c:81:bb:65:
         00:2d:b3:9c:9e:4e:18:77:50:bb:88:43:0a:03:91:d6:87:99:
         c1:c9:92:4d:bf:dd:23:74:02:ea:03:c7:69:aa:94:88:4a:74:
         a1:e0:51:a7:2b:e8:14:8c:68:7c:d9:c2:a5:52:3e:c6:da:b3:
         d7:d9:4b:e5:98:fd:36:87:60:d1:e5:79:8f:b5:6a:5e:ad:d2:
         ba:a4:6b:d6:10:bd:d0:4a:a9:7a:f4:76:f9:d8:80:8a:09:22:
         ae:18:b3:a5:f0:c8:4a:26:f5:36:d1:d1:da:f5:f0:3f:26:b7:
         4e:af:b0:08:ce:7e:50:41:e7:07:86:15:fc:15:26:7f:17:07:
         d5:d7:8c:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmlDC19I7mTYCeONzeIzJKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxN2Y2ZjZlMTUwYTYwNDNjYjIwOTNiMDhkZGQzYTJhNGFi
OTdhMzcwHhcNMjUxMDAyMTMxMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGM4MzA5YjQyMTc2NjVkOWM4MjczOTRlMzdiZWQxYjFjMDI5MzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjv8o7j4LMVqWpuDF4ANdDC4AcLA
rozIPWB+1lNLbKRjZBxLMdnWLh62/Uhf9GOERSi8KJko2rxh31ZTdR3c7EUN8/CD
UVg3IiThx/hSgfFpK9ik/Ydw9RH8UQ1jsvm0+BJP6lEcoK8Kcc3wcNQTyCn3UuX4
FhTL4QNLRmT0BI36wlQusLNnFJNt0ghS/Fq9W0PT2aR05XtQQYimZcllhF+S/6j/
z8roSWo8pbvp4sa+CF3b0NyGK5pQMtuau4tEzhBV8lEnOSspWnq+vERtLuLLGp5y
iu7jP//D+bsxZmcPJQ0LnNdJY/s0BmblH2CkwRDFAGV2pmdM/4d4Xx+weQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG3IMJtCF2ZdnIJzlON77RscApObMB8GA1UdIwQY
MBaAFGF/b24VCmBDyyCTsI3dOipKuXo3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVg5dmJoVUtZRVBMSUpPd2pkMDZLa3E1ZWpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82Yzk5MDItY2Q0NS00NDA0LTg1MTMt
NzFjM2Q2YWEyODk5LzEvYmNnd20wSVhabDJjZ25PVTQzdnRHeHdDazVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi82Yzk5MDItY2Q0NS00NDA0LTg1MTMtNzFjM2Q2YWEyODk5
LzEvWVg5dmJoVUtZRVBMSUpPd2pkMDZLa3E1ZWpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbelQAwQC
wJEwMA0GCSqGSIb3DQEBCwUAA4IBAQCVWbOUrxB7jPQA+0gUiiQUx0LGRM5S3qnU
qMXQDYibHQuMj437bbnkKwFsr+6X1jcvv5rfcT6cgj/lEcTXhd6KqTxgoEOSOiEy
lxYr4+mWIj2eq6uxXlwq5uzXgGDFOq98I6ySvJQtQU9zgWWPmZQEKwXhILIgI0OA
BSyBu2UALbOcnk4Yd1C7iEMKA5HWh5nByZJNv90jdALqA8dpqpSISnSh4FGnK+gU
jGh82cKlUj7G2rPX2UvlmP02h2DR5XmPtWperdK6pGvWEL3QSql69Hb52ICKCSKu
GLOl8MhKJvU20dHa9fA/JrdOr7AIzn5QQecHhhX8FSZ/FwfV14xq
-----END CERTIFICATE-----