Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/BRryBhcZ86QRcNyyWRQXIrGL940.roa
File:                     BRryBhcZ86QRcNyyWRQXIrGL940.roa (raw, json)
Hash identifier:          TpVPlst5x/81i653yEbzbStWflfy2GReIp1Tn60B8L0=
Subject key identifier:   05:1A:F2:06:17:19:F3:A4:11:70:DC:B2:59:14:17:22:B1:8B:F7:8D
Certificate issuer:       /CN=2719412918a6627f99cce55c7aca139057b8574e
Certificate serial:       019749D75497D0435875410E707B7BC00351
Authority key identifier: 27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/BRryBhcZ86QRcNyyWRQXIrGL940.roa
Signing time:             Sat 07 Jun 2025 10:02:17 +0000
ROA not before:           Sat 07 Jun 2025 10:02:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        45.149.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 14:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:49:d7:54:97:d0:43:58:75:41:0e:70:7b:7b:c0:03:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2719412918a6627f99cce55c7aca139057b8574e
        Validity
            Not Before: Jun  7 10:02:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=051af2061719f3a41170dcb259141722b18bf78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8c:ce:52:b5:b9:88:78:19:89:24:25:0d:f4:
                    cb:6e:a3:42:5b:da:d0:f5:2c:12:d6:55:96:d8:44:
                    03:ff:1a:0c:9f:49:27:a1:83:36:e0:57:22:94:9d:
                    70:bb:58:92:ba:b8:28:34:ee:2d:45:14:ed:b5:71:
                    db:4d:35:44:30:02:d7:95:e5:54:1c:be:02:02:5c:
                    32:48:c9:9b:86:7d:d4:38:ee:b9:94:1f:bb:5a:b7:
                    35:9f:3c:65:23:4b:16:a2:8b:20:53:88:53:c0:b4:
                    f7:38:23:52:9b:b6:2f:80:48:e2:af:43:c0:90:23:
                    62:3a:5b:ce:a7:25:1f:19:7c:4f:31:5a:fe:9f:6a:
                    f6:8d:56:55:fc:18:58:6f:10:ba:a2:cc:af:5c:4f:
                    a6:6c:0d:e8:89:b5:31:35:8c:ba:a5:d7:c3:01:ef:
                    86:84:c3:dc:1d:fd:87:8f:9c:a2:a2:4a:23:02:86:
                    87:cc:e2:df:d5:1c:01:93:cf:67:e9:11:27:78:ef:
                    31:45:8b:9a:c8:bf:92:36:a2:d9:87:f0:11:49:58:
                    25:65:af:17:73:e3:7e:d1:00:81:31:21:cf:06:4a:
                    4c:a4:81:a8:e1:44:ff:ba:59:83:be:11:de:d9:30:
                    e0:2f:e9:29:af:f3:ff:c8:8a:00:53:e7:a7:9e:bb:
                    dd:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:1A:F2:06:17:19:F3:A4:11:70:DC:B2:59:14:17:22:B1:8B:F7:8D
            X509v3 Authority Key Identifier:
                keyid:27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/BRryBhcZ86QRcNyyWRQXIrGL940.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:10:e8:12:af:33:5a:09:19:62:e4:42:35:38:79:ac:4f:2e:
         d1:61:9f:1c:9b:96:2a:9f:df:57:86:c9:fb:48:6b:87:5c:8d:
         02:0d:93:0e:19:ab:db:44:fc:78:a5:b3:bf:88:a5:e8:db:71:
         c4:71:35:97:e5:41:44:27:ec:dc:10:c9:4b:da:7c:76:f0:f2:
         8a:64:1e:be:3e:2d:67:aa:8d:25:8f:78:7d:f7:ee:57:ca:5b:
         42:78:f1:7b:35:a9:75:22:af:1a:13:42:97:54:22:c1:eb:b9:
         b0:ff:d4:f9:63:37:84:ef:d1:d8:de:8e:75:49:80:37:20:0f:
         a2:12:d2:d8:e8:52:b8:97:03:8b:0e:b4:1d:91:38:02:2e:1d:
         a4:fd:de:fd:16:8e:f5:b2:82:b9:92:cd:98:fc:53:1c:d2:75:
         55:e8:bd:be:9d:3e:9a:f1:28:65:9c:9d:29:0f:00:8d:fd:8a:
         08:12:6e:bf:92:d0:a7:e5:c0:5e:31:82:b8:e2:25:21:87:2c:
         55:f3:7f:f9:57:b2:63:ca:73:a0:eb:46:44:44:22:d3:6f:22:
         64:5a:44:bf:87:27:ba:de:1d:08:3d:f6:92:f5:24:57:19:e3:
         65:ff:a4:e4:0c:21:63:fc:0c:a8:69:11:82:ca:3c:c2:c4:53:
         c7:8a:a4:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdJ11SX0ENYdUEOcHt7wANRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MTk0MTI5MThhNjYyN2Y5OWNjZTU1YzdhY2ExMzkwNTdi
ODU3NGUwHhcNMjUwNjA3MTAwMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTFhZjIwNjE3MTlmM2E0MTE3MGRjYjI1OTE0MTcyMmIxOGJmNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkozOUrW5iHgZiSQlDfTLbqNCW9rQ
9SwS1lWW2EQD/xoMn0knoYM24FcilJ1wu1iSurgoNO4tRRTttXHbTTVEMALXleVU
HL4CAlwySMmbhn3UOO65lB+7Wrc1nzxlI0sWoosgU4hTwLT3OCNSm7YvgEjir0PA
kCNiOlvOpyUfGXxPMVr+n2r2jVZV/BhYbxC6osyvXE+mbA3oibUxNYy6pdfDAe+G
hMPcHf2Hj5yiokojAoaHzOLf1RwBk89n6REneO8xRYuayL+SNqLZh/ARSVglZa8X
c+N+0QCBMSHPBkpMpIGo4UT/ulmDvhHe2TDgL+kpr/P/yIoAU+ennrvd+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUa8gYXGfOkEXDcslkUFyKxi/eNMB8GA1UdIwQY
MBaAFCcZQSkYpmJ/mczlXHrKE5BXuFdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYt
NGUyMjM5MTdiODYwLzEvQlJyeUJoY1o4NlFSY055eVdSUVhJckdMOTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYtNGUyMjM5MTdiODYw
LzEvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZU+MA0G
CSqGSIb3DQEBCwUAA4IBAQAMEOgSrzNaCRli5EI1OHmsTy7RYZ8cm5Yqn99Xhsn7
SGuHXI0CDZMOGavbRPx4pbO/iKXo23HEcTWX5UFEJ+zcEMlL2nx28PKKZB6+Pi1n
qo0lj3h99+5XyltCePF7Nal1Iq8aE0KXVCLB67mw/9T5YzeE79HY3o51SYA3IA+i
EtLY6FK4lwOLDrQdkTgCLh2k/d79Fo71soK5ks2Y/FMc0nVV6L2+nT6a8ShlnJ0p
DwCN/YoIEm6/ktCn5cBeMYK44iUhhyxV83/5V7JjynOg60ZERCLTbyJkWkS/hye6
3h0IPfaS9SRXGeNl/6TkDCFj/AyoaRGCyjzCxFPHiqQB
-----END CERTIFICATE-----