Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/_B--CuBhqTjZFsr-jhEXlNZoRk0.roa
File:                     _B--CuBhqTjZFsr-jhEXlNZoRk0.roa (raw, json)
Hash identifier:          jcQpONRIAvkERwo6Ybngiz+/HwyvO0eTzP8ZF+C5RuI=
Subject key identifier:   FC:1F:BE:0A:E0:61:A9:38:D9:16:CA:FE:8E:11:17:94:D6:68:46:4D
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       019960A61F340A6711B283E95837C9FDE012
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/_B--CuBhqTjZFsr-jhEXlNZoRk0.roa
Signing time:             Fri 19 Sep 2025 06:25:23 +0000
ROA not before:           Fri 19 Sep 2025 06:25:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198584
IP address blocks:        213.21.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:60:a6:1f:34:0a:67:11:b2:83:e9:58:37:c9:fd:e0:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Sep 19 06:25:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc1fbe0ae061a938d916cafe8e111794d668464d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f8:ea:60:b3:54:eb:72:31:35:d9:76:89:73:
                    37:ef:ac:9d:23:68:42:28:75:99:49:5f:db:90:7f:
                    a1:a3:68:8b:43:b8:1c:39:83:05:7e:2d:10:e4:63:
                    fd:10:0a:de:c8:64:10:d9:00:bd:9a:c5:1a:61:f4:
                    a8:1c:08:64:35:0b:f9:ba:f3:69:ae:dd:0a:ac:1c:
                    c5:02:08:ed:b4:53:61:db:88:03:3d:2e:e5:a8:1d:
                    47:04:53:c0:96:fe:1f:5b:83:9e:34:f9:7c:a0:14:
                    ef:9e:d9:e0:eb:25:1d:75:aa:b6:ce:54:40:82:0c:
                    b8:fe:5e:3a:a5:5c:02:a6:ac:7a:d3:68:2b:88:e8:
                    19:f2:e3:8b:78:9a:12:71:ea:9b:41:be:f7:ce:b6:
                    ca:d7:44:63:ba:90:96:9b:e4:28:2f:19:07:0e:5f:
                    01:dc:f7:17:4b:8b:66:24:5c:9d:f1:d9:8d:46:67:
                    fb:1d:18:b2:ea:d6:2a:9e:18:f6:84:9a:2d:38:94:
                    61:8e:73:46:78:e1:4c:df:c6:22:fc:43:c9:0c:52:
                    fa:02:74:ea:4f:ea:eb:44:77:72:29:64:da:3a:b8:
                    05:14:bb:a4:71:5a:08:05:56:4f:cc:82:8a:00:06:
                    c1:fa:82:8d:58:65:68:77:1b:64:35:38:db:c7:11:
                    26:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:1F:BE:0A:E0:61:A9:38:D9:16:CA:FE:8E:11:17:94:D6:68:46:4D
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/_B--CuBhqTjZFsr-jhEXlNZoRk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:be:b5:0e:02:49:de:ce:6d:5b:d7:ea:78:a0:a5:68:5d:dc:
         fb:60:56:4b:e0:30:f5:f8:7c:9e:10:0c:a4:1e:fe:75:c2:2b:
         88:59:4d:4d:8b:10:da:f0:24:f5:7b:b8:59:c2:a3:3d:3c:c8:
         93:26:ad:2c:79:8f:88:b5:12:88:4a:a8:24:77:7d:3d:a8:7e:
         ee:0e:69:2e:64:99:33:2c:2f:3d:de:8f:fe:dd:43:65:af:e3:
         66:1b:81:b6:6a:c1:b0:ac:26:c9:f5:8f:e0:2e:fe:4c:ad:35:
         15:7d:27:db:12:ba:db:0d:8e:f1:d8:34:23:ae:7c:95:ac:bf:
         65:29:06:d7:5b:ac:a2:c4:aa:0b:49:60:9b:fd:72:07:46:d8:
         bc:08:db:4e:8e:e6:62:dc:1d:3f:59:0d:85:67:41:2f:09:aa:
         99:33:51:81:96:5d:d6:29:67:8d:e5:32:2f:e2:58:db:c2:b2:
         bf:ea:9e:fb:96:9f:eb:c6:38:5c:58:17:68:6a:97:5d:bb:b6:
         73:50:e6:1c:2e:2a:f7:b8:e0:08:4f:f5:75:21:a2:3e:5f:a7:
         bb:95:58:95:af:20:41:1d:f4:35:4b:c3:1e:60:37:f3:b0:ba:
         a4:bb:d8:5b:f4:41:65:51:d9:db:bf:35:71:d3:18:23:51:dc:
         25:d4:02:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlgph80CmcRsoPpWDfJ/eASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjUwOTE5MDYyNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzFmYmUwYWUwNjFhOTM4ZDkxNmNhZmU4ZTExMTc5NGQ2Njg0NjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/jqYLNU63IxNdl2iXM376ydI2hC
KHWZSV/bkH+ho2iLQ7gcOYMFfi0Q5GP9EAreyGQQ2QC9msUaYfSoHAhkNQv5uvNp
rt0KrBzFAgjttFNh24gDPS7lqB1HBFPAlv4fW4OeNPl8oBTvntng6yUddaq2zlRA
ggy4/l46pVwCpqx602griOgZ8uOLeJoSceqbQb73zrbK10RjupCWm+QoLxkHDl8B
3PcXS4tmJFyd8dmNRmf7HRiy6tYqnhj2hJotOJRhjnNGeOFM38Yi/EPJDFL6AnTq
T+rrRHdyKWTaOrgFFLukcVoIBVZPzIKKAAbB+oKNWGVodxtkNTjbxxEmHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwfvgrgYak42RbK/o4RF5TWaEZNMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvX0ItLUN1QmhxVGpaRnNyLWpoRVhsTlpvUmswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RXvMA0G
CSqGSIb3DQEBCwUAA4IBAQCXvrUOAknezm1b1+p4oKVoXdz7YFZL4DD1+HyeEAyk
Hv51wiuIWU1NixDa8CT1e7hZwqM9PMiTJq0seY+ItRKISqgkd309qH7uDmkuZJkz
LC893o/+3UNlr+NmG4G2asGwrCbJ9Y/gLv5MrTUVfSfbErrbDY7x2DQjrnyVrL9l
KQbXW6yixKoLSWCb/XIHRti8CNtOjuZi3B0/WQ2FZ0EvCaqZM1GBll3WKWeN5TIv
4ljbwrK/6p77lp/rxjhcWBdoapddu7ZzUOYcLir3uOAIT/V1IaI+X6e7lViVryBB
HfQ1S8MeYDfzsLqku9hb9EFlUdnbvzVx0xgjUdwl1AKP
-----END CERTIFICATE-----