Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/e6c44c-3125-4fe6-a00d-628ccf00dfbd/1/BAM3nXGrGMN-vPq2R9npnfCa7M8.roa
File:                     BAM3nXGrGMN-vPq2R9npnfCa7M8.roa (raw, json)
Hash identifier:          u9Ttm9d9a7OCOprvdQDw/C2eraaJpITqpYw8QAs1tzg=
Subject key identifier:   04:03:37:9D:71:AB:18:C3:7E:BC:FA:B6:47:D9:E9:9D:F0:9A:EC:CF
Certificate issuer:       /CN=eacdc1e247faa95318082a4ac5edbd80511f8df7
Certificate serial:       0199E8253EFBA2147264A5DD7DAFCED2750F
Authority key identifier: EA:CD:C1:E2:47:FA:A9:53:18:08:2A:4A:C5:ED:BD:80:51:1F:8D:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6s3B4kf6qVMYCCpKxe29gFEfjfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/e6c44c-3125-4fe6-a00d-628ccf00dfbd/1/BAM3nXGrGMN-vPq2R9npnfCa7M8.roa
Signing time:             Wed 15 Oct 2025 13:52:58 +0000
ROA not before:           Wed 15 Oct 2025 13:52:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6205
IP address blocks:        185.73.84.0/24 maxlen: 24
                          2a0a:6b80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/e6c44c-3125-4fe6-a00d-628ccf00dfbd/1/6s3B4kf6qVMYCCpKxe29gFEfjfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/e6c44c-3125-4fe6-a00d-628ccf00dfbd/1/6s3B4kf6qVMYCCpKxe29gFEfjfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6s3B4kf6qVMYCCpKxe29gFEfjfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e8:25:3e:fb:a2:14:72:64:a5:dd:7d:af:ce:d2:75:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eacdc1e247faa95318082a4ac5edbd80511f8df7
        Validity
            Not Before: Oct 15 13:52:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0403379d71ab18c37ebcfab647d9e99df09aeccf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a0:7f:63:cd:1c:7c:9a:67:03:c9:e0:3d:77:
                    ff:3b:7e:61:ae:8d:33:b7:3a:8b:fb:d5:99:d4:3f:
                    3d:d6:33:05:39:d6:66:93:26:65:b5:f8:38:38:50:
                    a1:e6:c8:44:d0:86:d8:2f:72:c1:ee:4c:d1:4d:f2:
                    8e:b7:50:8d:91:9f:c0:0c:ff:1b:12:5f:c0:2d:ec:
                    d6:1e:88:cc:9f:22:c7:0a:b6:bb:8b:69:bf:2a:6d:
                    f6:29:28:e0:bb:af:69:fe:14:ac:71:c7:2e:29:77:
                    3d:48:61:0a:6d:3b:3d:b5:3b:a5:6f:ad:14:d1:bb:
                    f0:6d:d2:76:83:bb:9f:0a:6f:8c:cb:93:6d:12:6f:
                    dd:5b:73:83:3a:35:e0:b9:08:ed:1e:9e:c8:70:82:
                    d4:e8:cd:f3:47:77:50:32:f6:44:4e:39:54:82:3b:
                    8d:d6:66:12:a9:ea:11:37:1b:a3:39:40:40:a9:42:
                    bf:07:64:8c:38:3b:e5:54:85:ea:f2:ca:72:56:96:
                    e4:ca:84:70:18:4b:a9:fb:cb:88:a3:64:90:40:6f:
                    f0:41:43:db:5e:3d:c6:41:af:26:61:16:be:2f:6c:
                    66:79:27:e5:8a:10:73:74:46:60:48:5d:56:01:ee:
                    bd:90:ba:0a:95:74:67:b8:b4:13:c5:07:78:fc:30:
                    66:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:03:37:9D:71:AB:18:C3:7E:BC:FA:B6:47:D9:E9:9D:F0:9A:EC:CF
            X509v3 Authority Key Identifier:
                keyid:EA:CD:C1:E2:47:FA:A9:53:18:08:2A:4A:C5:ED:BD:80:51:1F:8D:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6s3B4kf6qVMYCCpKxe29gFEfjfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/e6c44c-3125-4fe6-a00d-628ccf00dfbd/1/BAM3nXGrGMN-vPq2R9npnfCa7M8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/e6c44c-3125-4fe6-a00d-628ccf00dfbd/1/6s3B4kf6qVMYCCpKxe29gFEfjfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.84.0/24
                IPv6:
                  2a0a:6b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:3b:36:96:b6:e7:74:8c:12:04:ed:f2:f1:d6:0b:87:f9:3a:
         97:5e:43:5a:78:74:d3:69:b4:ad:86:fb:b3:4d:04:90:0d:62:
         85:6e:4b:69:16:46:b0:a1:07:ea:96:13:27:f3:8d:a7:06:60:
         fd:23:93:38:61:f4:dc:35:56:64:c5:ed:9d:d1:e3:54:b5:94:
         aa:d8:e4:37:a7:fb:86:64:6c:ea:80:86:92:74:d2:cd:ba:31:
         be:09:f3:51:4b:f5:95:28:49:08:33:bb:d8:0c:cf:15:62:30:
         bb:d0:44:79:02:90:3a:1d:73:9b:a9:3c:ee:6a:1d:4c:c7:39:
         84:d9:73:4f:59:0a:c4:ce:04:31:2c:6f:dc:3f:73:5f:4a:2a:
         68:ba:42:b1:fa:cd:d1:1c:69:57:3f:44:b5:18:cf:49:66:00:
         b6:12:5b:cb:df:95:05:27:45:ef:32:7a:cb:0e:2f:af:84:96:
         9e:47:c5:e2:c0:01:28:d4:74:1b:58:9c:78:99:a5:c4:84:46:
         fb:4a:c3:1b:bf:e5:5a:30:a8:cf:81:09:da:f8:e5:6b:3d:2c:
         5e:79:f2:7e:c4:a0:75:f9:90:5d:1e:f5:b1:fb:cd:6a:18:f2:
         0e:bf:30:4a:77:ca:ed:49:5a:2b:d4:84:7e:44:71:6e:c3:95:
         d0:e0:1f:aa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZnoJT77ohRyZKXdfa/O0nUPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhY2RjMWUyNDdmYWE5NTMxODA4MmE0YWM1ZWRiZDgwNTEx
ZjhkZjcwHhcNMjUxMDE1MTM1MjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDAzMzc5ZDcxYWIxOGMzN2ViY2ZhYjY0N2Q5ZTk5ZGYwOWFlY2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaB/Y80cfJpnA8ngPXf/O35hro0z
tzqL+9WZ1D891jMFOdZmkyZltfg4OFCh5shE0IbYL3LB7kzRTfKOt1CNkZ/ADP8b
El/ALezWHojMnyLHCra7i2m/Km32KSjgu69p/hSscccuKXc9SGEKbTs9tTulb60U
0bvwbdJ2g7ufCm+My5NtEm/dW3ODOjXguQjtHp7IcILU6M3zR3dQMvZETjlUgjuN
1mYSqeoRNxujOUBAqUK/B2SMODvlVIXq8spyVpbkyoRwGEup+8uIo2SQQG/wQUPb
Xj3GQa8mYRa+L2xmeSflihBzdEZgSF1WAe69kLoKlXRnuLQTxQd4/DBmIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAQDN51xqxjDfrz6tkfZ6Z3wmuzPMB8GA1UdIwQY
MBaAFOrNweJH+qlTGAgqSsXtvYBRH433MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnMzQjRrZjZxVk1ZQ0NwS3hlMjlnRkVmamZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9lNmM0NGMtMzEyNS00ZmU2LWEwMGQt
NjI4Y2NmMDBkZmJkLzEvQkFNM25YR3JHTU4tdlBxMlI5bnBuZkNhN004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9lNmM0NGMtMzEyNS00ZmU2LWEwMGQtNjI4Y2NmMDBkZmJk
LzEvNnMzQjRrZjZxVk1ZQ0NwS3hlMjlnRkVmamZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuUlUMA0E
AgACMAcDBQMqCmuAMA0GCSqGSIb3DQEBCwUAA4IBAQA7OzaWtud0jBIE7fLx1guH
+TqXXkNaeHTTabSthvuzTQSQDWKFbktpFkawoQfqlhMn842nBmD9I5M4YfTcNVZk
xe2d0eNUtZSq2OQ3p/uGZGzqgIaSdNLNujG+CfNRS/WVKEkIM7vYDM8VYjC70ER5
ApA6HXObqTzuah1MxzmE2XNPWQrEzgQxLG/cP3NfSipoukKx+s3RHGlXP0S1GM9J
ZgC2ElvL35UFJ0XvMnrLDi+vhJaeR8XiwAEo1HQbWJx4maXEhEb7SsMbv+VaMKjP
gQna+OVrPSxeefJ+xKB1+ZBdHvWx+81qGPIOvzBKd8rtSVor1IR+RHFuw5XQ4B+q
-----END CERTIFICATE-----