Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/BpkzhkHivYxQFrMqUVIcDVNOSXw.roa
File:                     BpkzhkHivYxQFrMqUVIcDVNOSXw.roa (raw, json)
Hash identifier:          xQ6QVFjFvBzkk1wEmHHBlxpv2VqHJf0x9YCmrxgHzvI=
Subject key identifier:   06:99:33:86:41:E2:BD:8C:50:16:B3:2A:51:52:1C:0D:53:4E:49:7C
Certificate issuer:       /CN=83b5b4913cc78e40803c00bec6b1a9dc48ff3684
Certificate serial:       0199EE68554AC4B1B88B682AA742421F4293
Authority key identifier: 83:B5:B4:91:3C:C7:8E:40:80:3C:00:BE:C6:B1:A9:DC:48:FF:36:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/BpkzhkHivYxQFrMqUVIcDVNOSXw.roa
Signing time:             Thu 16 Oct 2025 19:03:58 +0000
ROA not before:           Thu 16 Oct 2025 19:03:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.115.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ee:68:55:4a:c4:b1:b8:8b:68:2a:a7:42:42:1f:42:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83b5b4913cc78e40803c00bec6b1a9dc48ff3684
        Validity
            Not Before: Oct 16 19:03:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0699338641e2bd8c5016b32a51521c0d534e497c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e2:4c:7b:3f:2b:7c:c8:17:2d:da:4f:58:97:
                    a7:30:eb:fc:24:34:31:5b:47:29:da:f7:53:a3:c7:
                    cf:3e:86:1d:11:2e:76:8b:19:3c:5d:e0:0e:c3:c7:
                    fc:72:bc:78:5f:f6:3e:70:df:8f:a5:86:11:c9:63:
                    9e:94:a6:2e:23:dd:4b:1f:0a:18:84:68:4a:9e:ae:
                    68:70:41:73:2f:61:24:90:af:c8:bf:6b:7e:eb:b4:
                    be:ea:4f:76:74:64:bf:de:64:a0:b1:b7:f7:0a:d8:
                    c1:bc:23:48:e5:33:17:3f:50:43:38:ba:84:fe:ce:
                    7b:56:73:3c:f7:07:ed:e5:2e:f1:28:97:c7:82:88:
                    39:fa:d8:f8:e3:91:55:d7:ac:50:14:16:74:4f:cb:
                    93:50:a1:4f:e0:5e:5e:02:f4:f1:f0:78:c9:20:df:
                    05:41:e1:3f:ca:92:79:d8:bb:d6:c6:53:36:cf:25:
                    c4:72:b9:43:fe:f5:ce:e8:52:bc:22:2c:b9:e1:1d:
                    88:84:c6:b7:22:31:12:8e:15:90:50:d8:1b:fa:2a:
                    e8:c0:e9:32:81:17:14:16:52:45:3b:2f:81:f6:98:
                    3d:77:d2:eb:d5:4f:fd:ed:04:fe:2e:44:ea:46:bf:
                    ac:89:a1:ec:c8:3e:52:3a:cf:ec:d2:d9:36:7e:b9:
                    96:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:99:33:86:41:E2:BD:8C:50:16:B3:2A:51:52:1C:0D:53:4E:49:7C
            X509v3 Authority Key Identifier:
                keyid:83:B5:B4:91:3C:C7:8E:40:80:3C:00:BE:C6:B1:A9:DC:48:FF:36:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/BpkzhkHivYxQFrMqUVIcDVNOSXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:11:42:e9:1d:15:1b:bf:be:df:29:11:50:ea:8f:1e:66:1e:
         a8:9f:89:20:f4:65:c7:fa:66:65:b1:88:96:64:2e:ac:da:b3:
         75:53:58:15:2e:fb:0d:b1:86:c6:ea:fa:a3:25:1c:a5:b8:58:
         72:19:d0:c8:dd:bf:90:1e:8f:c2:db:cc:29:ba:0a:7a:2b:db:
         ea:49:c6:b8:f0:e9:93:a8:ae:da:1d:08:f9:5f:b3:e2:62:5a:
         be:d7:6c:8e:53:09:18:71:64:c7:95:3c:4e:4d:c7:f5:eb:18:
         37:94:ad:6a:89:0b:5c:b5:ba:c6:68:90:b1:25:ac:74:58:d2:
         b5:ec:76:87:e5:b9:b8:39:be:0a:07:94:70:bd:f1:45:c8:20:
         64:14:bb:2e:0b:84:48:36:95:cd:08:90:0d:2c:5a:1f:7e:6e:
         c4:33:92:7a:3a:4c:f1:6d:95:fb:e1:83:47:4b:68:e8:4b:d6:
         f5:0d:3c:4b:68:d9:d3:41:75:2e:60:9b:8b:9d:94:98:87:c5:
         a9:16:9f:cd:9e:fb:24:46:c9:75:18:82:d5:1c:fd:81:e2:23:
         03:60:49:3f:cf:d2:3e:12:61:d9:47:d5:04:b2:a5:82:15:d0:
         cc:a7:95:e5:5f:33:d8:57:25:e0:a4:91:39:fc:81:cd:02:7e:
         4d:53:79:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnuaFVKxLG4i2gqp0JCH0KTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYjViNDkxM2NjNzhlNDA4MDNjMDBiZWM2YjFhOWRjNDhm
ZjM2ODQwHhcNMjUxMDE2MTkwMzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjk5MzM4NjQxZTJiZDhjNTAxNmIzMmE1MTUyMWMwZDUzNGU0OTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+JMez8rfMgXLdpPWJenMOv8JDQx
W0cp2vdTo8fPPoYdES52ixk8XeAOw8f8crx4X/Y+cN+PpYYRyWOelKYuI91LHwoY
hGhKnq5ocEFzL2EkkK/Iv2t+67S+6k92dGS/3mSgsbf3CtjBvCNI5TMXP1BDOLqE
/s57VnM89wft5S7xKJfHgog5+tj445FV16xQFBZ0T8uTUKFP4F5eAvTx8HjJIN8F
QeE/ypJ52LvWxlM2zyXEcrlD/vXO6FK8Iiy54R2IhMa3IjESjhWQUNgb+irowOky
gRcUFlJFOy+B9pg9d9Lr1U/97QT+LkTqRr+siaHsyD5SOs/s0tk2frmWdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaZM4ZB4r2MUBazKlFSHA1TTkl8MB8GA1UdIwQY
MBaAFIO1tJE8x45AgDwAvsaxqdxI/zaEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzdXMGtUekhqa0NBUEFDLXhyR3AzRWpfTm9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9kYzU3M2QtYTNkYi00MWY5LThjM2Yt
ODY3OTY1ZWI1MGNhLzEvQnBremhrSGl2WXhRRnJNcVVWSWNEVk5PU1h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9kYzU3M2QtYTNkYi00MWY5LThjM2YtODY3OTY1ZWI1MGNh
LzEvZzdXMGtUekhqa0NBUEFDLXhyR3AzRWpfTm9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXOhMA0G
CSqGSIb3DQEBCwUAA4IBAQCUEULpHRUbv77fKRFQ6o8eZh6on4kg9GXH+mZlsYiW
ZC6s2rN1U1gVLvsNsYbG6vqjJRyluFhyGdDI3b+QHo/C28wpugp6K9vqSca48OmT
qK7aHQj5X7PiYlq+12yOUwkYcWTHlTxOTcf16xg3lK1qiQtctbrGaJCxJax0WNK1
7HaH5bm4Ob4KB5RwvfFFyCBkFLsuC4RINpXNCJANLFoffm7EM5J6OkzxbZX74YNH
S2joS9b1DTxLaNnTQXUuYJuLnZSYh8WpFp/NnvskRsl1GILVHP2B4iMDYEk/z9I+
EmHZR9UEsqWCFdDMp5XlXzPYVyXgpJE5/IHNAn5NU3kh
-----END CERTIFICATE-----