Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/BDcEAKntpIejrVcoW-jQtFYDt4A.roa
File:                     BDcEAKntpIejrVcoW-jQtFYDt4A.roa (raw, json)
Hash identifier:          9rJ6V8MVwpwUlBMeKLrrT4d005j4mZf3dlxw+gQ0CuE=
Subject key identifier:   04:37:04:00:A9:ED:A4:87:A3:AD:57:28:5B:E8:D0:B4:56:03:B7:80
Certificate issuer:       /CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
Certificate serial:       0198A7AB65D7AE3BC8B2A6035C9E590DEF3A
Authority key identifier: B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/BDcEAKntpIejrVcoW-jQtFYDt4A.roa
Signing time:             Thu 14 Aug 2025 08:21:24 +0000
ROA not before:           Thu 14 Aug 2025 08:21:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25181
IP address blocks:        37.139.152.0/21 maxlen: 21
                          2a00:96c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a7:ab:65:d7:ae:3b:c8:b2:a6:03:5c:9e:59:0d:ef:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
        Validity
            Not Before: Aug 14 08:21:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04370400a9eda487a3ad57285be8d0b45603b780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a9:2b:fc:a9:9d:09:d7:50:ac:e6:03:ad:64:
                    5a:ff:60:60:73:c4:21:a1:02:73:3c:e4:58:d1:8c:
                    46:c6:45:50:c5:83:34:49:f7:1e:12:78:ea:a1:0e:
                    d8:4b:fa:99:b9:66:26:13:2c:4c:20:5f:d5:72:6a:
                    10:c8:e5:94:e9:55:52:4e:d9:1d:57:32:d1:29:00:
                    79:1c:a5:92:a2:21:71:d0:d4:89:cb:4f:7c:da:67:
                    3b:30:84:53:2d:f2:37:6c:c4:96:a2:91:0e:a4:b2:
                    5b:f7:1f:4c:1f:b4:db:c4:9e:04:51:19:53:15:64:
                    c1:6c:71:99:42:b7:31:d2:d1:d2:81:5e:9f:57:5f:
                    ed:75:30:a2:e6:dc:62:df:4e:83:59:be:f4:0c:d5:
                    98:78:a5:9e:8a:79:29:f1:71:03:8d:07:7f:10:34:
                    a6:45:08:17:47:a1:0b:60:28:12:62:91:a9:05:61:
                    64:3a:ba:38:b1:87:a3:ac:e9:a8:88:8c:b3:d4:21:
                    fd:5d:b6:3a:a8:d3:c9:a1:06:ac:22:52:f0:ca:c3:
                    76:71:b3:e2:4c:b1:f1:c7:ad:7f:42:81:9f:a8:c8:
                    26:91:c9:f3:f2:dd:c9:1f:6d:2c:3a:e8:b5:68:ca:
                    55:4a:b6:a2:e7:41:32:27:a1:5d:3e:a2:ef:33:53:
                    7b:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:37:04:00:A9:ED:A4:87:A3:AD:57:28:5B:E8:D0:B4:56:03:B7:80
            X509v3 Authority Key Identifier:
                keyid:B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/BDcEAKntpIejrVcoW-jQtFYDt4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.152.0/21
                IPv6:
                  2a00:96c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:44:7d:9d:00:f4:bf:5d:4f:8d:65:01:ae:b1:87:47:3a:6c:
         3f:ba:a8:e5:ae:e7:01:b3:50:72:61:1d:15:93:5f:ce:95:07:
         37:d5:20:06:b3:5c:41:f0:0d:1f:71:16:95:57:1e:3f:a9:f7:
         79:d1:b4:2c:51:c9:ff:1c:e4:de:f7:79:9d:7d:a9:4c:e7:8a:
         48:3b:c8:8d:70:af:3d:7d:fd:98:5e:27:63:f6:96:56:3e:bc:
         c2:82:7f:34:41:5c:12:39:46:63:67:00:94:03:23:19:64:3d:
         03:fe:f6:5a:5c:bd:f0:46:d7:4e:a3:32:69:cb:68:20:0a:50:
         ff:88:12:bd:12:c2:0d:da:90:dd:18:ae:73:da:12:30:39:94:
         a0:26:b6:64:1b:64:16:4b:38:aa:1e:93:56:ab:00:60:49:c3:
         c4:56:9a:70:43:ba:d4:3f:36:b2:ca:c5:d5:29:46:3d:d6:69:
         03:d2:ad:f9:7d:96:ee:ef:f7:e3:f4:da:c3:e6:35:73:fd:ba:
         57:47:21:df:49:8e:2f:df:b1:29:29:9f:d8:6c:09:2d:de:8b:
         cc:af:c1:ac:8c:ec:67:05:f1:3f:29:64:de:e8:c8:7e:3c:4d:
         5e:3b:10:55:36:b6:80:1a:de:06:b1:0c:39:17:26:20:23:87:
         65:d9:59:89
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZinq2XXrjvIsqYDXJ5ZDe86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YTE2NTRkYWU5NmM1MzI1NzhjZTFkZjFlYmI4MjIxZGJi
NjgxNDUwHhcNMjUwODE0MDgyMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDM3MDQwMGE5ZWRhNDg3YTNhZDU3Mjg1YmU4ZDBiNDU2MDNiNzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6kr/KmdCddQrOYDrWRa/2Bgc8Qh
oQJzPORY0YxGxkVQxYM0SfceEnjqoQ7YS/qZuWYmEyxMIF/VcmoQyOWU6VVSTtkd
VzLRKQB5HKWSoiFx0NSJy0982mc7MIRTLfI3bMSWopEOpLJb9x9MH7TbxJ4EURlT
FWTBbHGZQrcx0tHSgV6fV1/tdTCi5txi306DWb70DNWYeKWeinkp8XEDjQd/EDSm
RQgXR6ELYCgSYpGpBWFkOro4sYejrOmoiIyz1CH9XbY6qNPJoQasIlLwysN2cbPi
TLHxx61/QoGfqMgmkcnz8t3JH20sOui1aMpVSrai50EyJ6FdPqLvM1N77wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAQ3BACp7aSHo61XKFvo0LRWA7eAMB8GA1UdIwQY
MBaAFLahZU2ulsUyV4zh3x67giHbtoFFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMt
ZTBiZTg5YzRmMTY5LzEvQkRjRUFLbnRwSWVqclZjb1ctalF0RllEdDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMtZTBiZTg5YzRmMTY5
LzEvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDJYuYMA0E
AgACMAcDBQAqAJbAMA0GCSqGSIb3DQEBCwUAA4IBAQB9RH2dAPS/XU+NZQGusYdH
Omw/uqjlrucBs1ByYR0Vk1/OlQc31SAGs1xB8A0fcRaVVx4/qfd50bQsUcn/HOTe
93mdfalM54pIO8iNcK89ff2YXidj9pZWPrzCgn80QVwSOUZjZwCUAyMZZD0D/vZa
XL3wRtdOozJpy2ggClD/iBK9EsIN2pDdGK5z2hIwOZSgJrZkG2QWSziqHpNWqwBg
ScPEVppwQ7rUPzayysXVKUY91mkD0q35fZbu7/fj9NrD5jVz/bpXRyHfSY4v37Ep
KZ/YbAkt3ovMr8GsjOxnBfE/KWTe6Mh+PE1eOxBVNraAGt4GsQw5FyYgI4dl2VmJ
-----END CERTIFICATE-----