Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/BI16eSxubERsxjczNTuD1FKYiqI.roa
File:                     BI16eSxubERsxjczNTuD1FKYiqI.roa (raw, json)
Hash identifier:          5RSrabZNzAP6tOwmOjiW5WIGJ28xp22z5+HfxDxqq2o=
Subject key identifier:   04:8D:7A:79:2C:6E:6C:44:6C:C6:37:33:35:3B:83:D4:52:98:8A:A2
Certificate issuer:       /CN=94962e2afa7748f45265d89fd15624b584e72466
Certificate serial:       0199A42BDFCAB6C720DB7AF9053243E7F568
Authority key identifier: 94:96:2E:2A:FA:77:48:F4:52:65:D8:9F:D1:56:24:B5:84:E7:24:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/BI16eSxubERsxjczNTuD1FKYiqI.roa
Signing time:             Thu 02 Oct 2025 09:06:02 +0000
ROA not before:           Thu 02 Oct 2025 09:06:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207611
IP address blocks:        131.220.0.0/16 maxlen: 17
                          193.30.3.0/24 maxlen: 24
                          2a00:5ba0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a4:2b:df:ca:b6:c7:20:db:7a:f9:05:32:43:e7:f5:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94962e2afa7748f45265d89fd15624b584e72466
        Validity
            Not Before: Oct  2 09:06:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=048d7a792c6e6c446cc63733353b83d452988aa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:9a:5a:72:48:8c:a5:7e:a2:d9:31:96:a3:09:
                    74:1f:38:31:12:88:66:1c:9d:0a:af:bc:c0:02:25:
                    2e:71:28:9a:3f:e6:e5:e8:cd:9e:34:a8:6e:e8:30:
                    3d:11:4b:d1:e5:24:df:0b:4e:de:6d:49:9e:29:4b:
                    22:79:ca:0b:22:24:33:e4:40:8c:b8:67:7e:a6:86:
                    94:ed:71:9f:ce:ad:89:08:7b:fd:47:d1:45:13:a4:
                    06:87:d9:4d:54:f3:fb:b9:70:b3:f2:62:10:31:09:
                    35:3f:ff:9a:82:14:37:71:4e:a4:98:e2:ae:c6:72:
                    fe:7a:13:2d:e8:75:45:67:5e:3a:78:5c:95:60:0f:
                    16:94:f1:7a:23:b6:5e:bc:43:a7:7d:aa:ce:bc:9e:
                    97:4f:3a:ca:d8:53:50:48:80:96:ac:9b:22:f8:d6:
                    1b:ee:18:d4:a8:35:f8:e6:97:dd:da:29:73:3b:50:
                    4b:c2:98:b7:94:fc:c5:73:4c:8f:e3:6e:e0:e2:1e:
                    92:85:86:f9:54:b5:d0:35:b6:4e:dc:f5:d9:25:70:
                    25:d0:77:b4:01:8e:00:b0:3f:70:48:3c:f0:e2:4b:
                    54:23:0d:3c:e5:2d:f2:62:e2:2e:b9:69:5e:fb:bd:
                    4f:0b:24:84:d5:d6:af:6f:07:f7:3a:f3:69:74:e6:
                    90:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:8D:7A:79:2C:6E:6C:44:6C:C6:37:33:35:3B:83:D4:52:98:8A:A2
            X509v3 Authority Key Identifier:
                keyid:94:96:2E:2A:FA:77:48:F4:52:65:D8:9F:D1:56:24:B5:84:E7:24:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lJYuKvp3SPRSZdif0VYktYTnJGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/BI16eSxubERsxjczNTuD1FKYiqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/2db683-c9e9-4647-823b-cd403bdee4df/1/lJYuKvp3SPRSZdif0VYktYTnJGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.220.0.0/16
                  193.30.3.0/24
                IPv6:
                  2a00:5ba0::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:65:cf:88:7b:73:92:da:b6:64:d6:79:01:20:f0:5d:08:9c:
         9e:73:5d:5a:06:f6:7f:89:b0:29:5c:09:09:91:54:a6:95:2a:
         02:dd:b0:68:23:db:2f:c6:d3:a8:0b:d4:cf:4d:92:88:8c:0c:
         6e:0d:6f:03:24:a4:e8:73:d6:5a:1d:7b:a5:75:4f:de:65:06:
         0e:2c:e9:7b:b1:93:38:81:24:13:a3:92:d1:6a:62:f4:7e:74:
         03:95:8a:35:c4:97:d8:c3:44:89:96:60:c1:3b:d5:7f:c7:90:
         fb:8e:ac:c0:4f:ca:57:bb:88:23:f9:c3:b1:06:84:14:d3:ad:
         4d:6e:85:cc:e8:07:e0:e4:1d:3c:d9:9e:58:53:de:1e:fa:8e:
         cb:ea:c3:0e:c5:37:d8:7d:71:e8:45:31:be:08:8c:14:70:5d:
         40:71:37:17:bb:d8:cc:ad:29:4a:e5:f5:9c:26:d3:90:9e:7b:
         21:88:f6:fc:3f:33:a8:71:b1:12:fe:ba:7a:8b:10:b3:0c:c8:
         7c:eb:ed:34:a5:c9:5c:4f:8d:a9:e8:19:52:d8:1e:43:de:aa:
         07:2c:b5:53:89:3b:5c:48:17:28:fa:4a:59:0c:b4:d7:b3:10:
         ad:6c:46:58:39:88:be:76:ad:ae:af:ad:e1:8f:c4:d8:e7:11:
         e5:66:da:d7
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZmkK9/Ktscg23r5BTJD5/VoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OTYyZTJhZmE3NzQ4ZjQ1MjY1ZDg5ZmQxNTYyNGI1ODRl
NzI0NjYwHhcNMjUxMDAyMDkwNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDhkN2E3OTJjNmU2YzQ0NmNjNjM3MzMzNTNiODNkNDUyOTg4YWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+5packiMpX6i2TGWowl0HzgxEohm
HJ0Kr7zAAiUucSiaP+bl6M2eNKhu6DA9EUvR5STfC07ebUmeKUsiecoLIiQz5ECM
uGd+poaU7XGfzq2JCHv9R9FFE6QGh9lNVPP7uXCz8mIQMQk1P/+aghQ3cU6kmOKu
xnL+ehMt6HVFZ146eFyVYA8WlPF6I7ZevEOnfarOvJ6XTzrK2FNQSICWrJsi+NYb
7hjUqDX45pfd2ilzO1BLwpi3lPzFc0yP427g4h6ShYb5VLXQNbZO3PXZJXAl0He0
AY4AsD9wSDzw4ktUIw085S3yYuIuuWle+71PCySE1davbwf3OvNpdOaQCwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFASNenksbmxEbMY3MzU7g9RSmIqiMB8GA1UdIwQY
MBaAFJSWLir6d0j0UmXYn9FWJLWE5yRmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEpZdUt2cDNTUFJTWmRpZjBWWWt0WVRuSkdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8yZGI2ODMtYzllOS00NjQ3LTgyM2It
Y2Q0MDNiZGVlNGRmLzEvQkkxNmVTeHViRVJzeGpjek5UdUQxRktZaXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8yZGI2ODMtYzllOS00NjQ3LTgyM2ItY2Q0MDNiZGVlNGRm
LzEvbEpZdUt2cDNTUFJTWmRpZjBWWWt0WVRuSkdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAg9wDBADB
HgMwDQQCAAIwBwMFAyoAW6AwDQYJKoZIhvcNAQELBQADggEBAJFlz4h7c5LatmTW
eQEg8F0InJ5zXVoG9n+JsClcCQmRVKaVKgLdsGgj2y/G06gL1M9NkoiMDG4NbwMk
pOhz1lode6V1T95lBg4s6XuxkziBJBOjktFqYvR+dAOVijXEl9jDRImWYME71X/H
kPuOrMBPyle7iCP5w7EGhBTTrU1uhczoB+DkHTzZnlhT3h76jsvqww7FN9h9cehF
Mb4IjBRwXUBxNxe72MytKUrl9Zwm05CeeyGI9vw/M6hxsRL+unqLELMMyHzr7TSl
yVxPjanoGVLYHkPeqgcstVOJO1xIFyj6SlkMtNezEK1sRlg5iL52ra6vreGPxNjn
EeVm2tc=
-----END CERTIFICATE-----