Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/fw-BT1lvrjBkddYCCHDg1oZutT4.roa
File:                     fw-BT1lvrjBkddYCCHDg1oZutT4.roa (raw, json)
Hash identifier:          iAaplhiCg6/Cmk5M9afSn42FhZ9hgGQtswmLjCZlPus=
Subject key identifier:   7F:0F:81:4F:59:6F:AE:30:64:75:D6:02:08:70:E0:D6:86:6E:B5:3E
Certificate issuer:       /CN=12694f6945a21d08d30192cfc1a6b780de728e3b
Certificate serial:       0199157355600C2DF509CCBCDC0E7CD6A8AB
Authority key identifier: 12:69:4F:69:45:A2:1D:08:D3:01:92:CF:C1:A6:B7:80:DE:72:8E:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/fw-BT1lvrjBkddYCCHDg1oZutT4.roa
Signing time:             Thu 04 Sep 2025 15:58:23 +0000
ROA not before:           Thu 04 Sep 2025 15:58:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206431
IP address blocks:        5.83.39.0/24 maxlen: 24
                          5.83.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:73:55:60:0c:2d:f5:09:cc:bc:dc:0e:7c:d6:a8:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12694f6945a21d08d30192cfc1a6b780de728e3b
        Validity
            Not Before: Sep  4 15:58:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f0f814f596fae306475d6020870e0d6866eb53e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:db:bf:e0:08:9b:7c:8a:1e:4c:82:3b:bb:e1:
                    0b:0d:03:d7:8a:2c:18:33:1d:ab:82:ac:1c:2f:55:
                    33:6c:66:32:be:da:1b:0a:0c:21:2b:fb:1e:ff:a3:
                    3b:49:12:24:b5:73:3a:28:5e:07:bf:33:47:40:ee:
                    13:c6:09:12:31:9f:34:34:f1:4e:04:28:b7:0c:b1:
                    9a:ac:a0:31:51:f0:4c:94:a6:7e:ac:b6:af:93:9d:
                    0f:78:19:b4:c9:07:b8:d8:14:19:07:37:5d:ea:c1:
                    42:57:c5:b9:2b:00:a4:24:37:da:a4:4a:24:0f:92:
                    9a:9d:fb:b1:fd:1c:54:40:47:0b:8f:fd:11:66:bc:
                    fc:20:98:68:61:ce:a1:61:d2:04:66:c5:8a:a0:d7:
                    55:46:b8:ea:f9:7c:fc:1a:90:7b:43:0b:af:86:6d:
                    97:4d:7d:4b:44:ce:7b:6f:53:b5:db:ab:01:47:6d:
                    94:d0:75:b0:c3:49:ce:d2:a8:7d:ad:8b:90:4b:67:
                    27:70:24:ca:76:f6:96:1e:5e:7e:5f:7f:09:0e:d7:
                    1b:1c:a5:e2:01:4b:a8:cd:85:f3:45:cd:0a:b9:6d:
                    f9:8c:cd:5e:14:3a:2d:db:e3:12:78:65:16:1f:8a:
                    94:de:a6:45:98:91:63:8e:ea:75:be:f0:84:66:c9:
                    3e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:0F:81:4F:59:6F:AE:30:64:75:D6:02:08:70:E0:D6:86:6E:B5:3E
            X509v3 Authority Key Identifier:
                keyid:12:69:4F:69:45:A2:1D:08:D3:01:92:CF:C1:A6:B7:80:DE:72:8E:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/fw-BT1lvrjBkddYCCHDg1oZutT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.39.0/24
                  5.83.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:e3:45:cd:45:80:9a:9e:62:57:84:db:b5:ba:ac:d4:e5:61:
         cb:a1:fa:99:46:d6:c2:10:32:37:3c:b4:ba:a0:47:cc:df:fb:
         c7:26:35:14:16:26:82:40:64:37:69:84:90:04:de:25:0f:2e:
         2b:9c:4f:b3:bc:94:74:00:26:45:bd:3e:ae:49:51:e0:54:0f:
         27:94:c0:f7:b9:ba:f4:00:99:b6:6e:af:24:b0:b7:71:6e:2f:
         eb:c3:da:03:23:5f:f3:8a:98:92:32:e0:68:df:e5:9b:91:30:
         83:70:31:e6:51:ee:b1:37:f1:9d:5f:0d:9d:c9:32:0c:95:9c:
         ff:fe:3e:eb:a8:e7:d6:04:85:96:b6:47:e6:11:db:fe:15:0b:
         0d:d4:94:d7:db:94:ba:b2:e7:5a:2a:1e:90:e2:30:8b:9b:8e:
         cf:a6:fe:cd:57:da:5e:f2:f2:fc:4d:12:2b:70:64:a1:83:ec:
         78:22:0b:8c:c3:c8:1d:57:d6:00:24:59:18:13:16:2c:09:92:
         1f:ef:10:ce:c2:8e:88:95:e1:29:af:e8:9b:30:11:cd:67:96:
         59:63:7e:b3:7f:29:d2:0c:07:d8:85:9d:cb:72:0f:64:74:20:
         7c:c9:42:89:d7:c0:0d:3a:1c:d3:d6:3c:a2:e0:15:18:d0:51:
         df:58:2a:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkVc1VgDC31Ccy83A581qirMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNjk0ZjY5NDVhMjFkMDhkMzAxOTJjZmMxYTZiNzgwZGU3
MjhlM2IwHhcNMjUwOTA0MTU1ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjBmODE0ZjU5NmZhZTMwNjQ3NWQ2MDIwODcwZTBkNjg2NmViNTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtu/4AibfIoeTII7u+ELDQPXiiwY
Mx2rgqwcL1UzbGYyvtobCgwhK/se/6M7SRIktXM6KF4HvzNHQO4TxgkSMZ80NPFO
BCi3DLGarKAxUfBMlKZ+rLavk50PeBm0yQe42BQZBzdd6sFCV8W5KwCkJDfapEok
D5Kanfux/RxUQEcLj/0RZrz8IJhoYc6hYdIEZsWKoNdVRrjq+Xz8GpB7Qwuvhm2X
TX1LRM57b1O126sBR22U0HWww0nO0qh9rYuQS2cncCTKdvaWHl5+X38JDtcbHKXi
AUuozYXzRc0KuW35jM1eFDot2+MSeGUWH4qU3qZFmJFjjup1vvCEZsk+rwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH8PgU9Zb64wZHXWAghw4NaGbrU+MB8GA1UdIwQY
MBaAFBJpT2lFoh0I0wGSz8Gmt4Deco47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW1sUGFVV2lIUWpUQVpMUHdhYTNnTjV5ampzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNzMwMGYtZGUwNi00ZjdiLWE5MDkt
NjU5OGI0Y2ViMDY5LzEvZnctQlQxbHZyakJrZGRZQ0NIRGcxb1p1dFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNzMwMGYtZGUwNi00ZjdiLWE5MDktNjU5OGI0Y2ViMDY5
LzEvRW1sUGFVV2lIUWpUQVpMUHdhYTNnTjV5ampzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABVMnAwQA
BVMpMA0GCSqGSIb3DQEBCwUAA4IBAQAi40XNRYCanmJXhNu1uqzU5WHLofqZRtbC
EDI3PLS6oEfM3/vHJjUUFiaCQGQ3aYSQBN4lDy4rnE+zvJR0ACZFvT6uSVHgVA8n
lMD3ubr0AJm2bq8ksLdxbi/rw9oDI1/zipiSMuBo3+WbkTCDcDHmUe6xN/GdXw2d
yTIMlZz//j7rqOfWBIWWtkfmEdv+FQsN1JTX25S6sudaKh6Q4jCLm47Ppv7NV9pe
8vL8TRIrcGShg+x4IguMw8gdV9YAJFkYExYsCZIf7xDOwo6IleEpr+ibMBHNZ5ZZ
Y36zfynSDAfYhZ3Lcg9kdCB8yUKJ18ANOhzT1jyi4BUY0FHfWCq4
-----END CERTIFICATE-----