Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/8195b3-c475-4ca4-b42d-6627a4eb5963/1/0_BivZleQqQTDIIA1zuJgrTZcsU.roa
File:                     0_BivZleQqQTDIIA1zuJgrTZcsU.roa (raw, json)
Hash identifier:          1e4TcEyXBttiFq9j+bwnnfrMc5xlrfiEhLRAJpiXu2M=
Subject key identifier:   D3:F0:62:BD:99:5E:42:A4:13:0C:82:00:D7:3B:89:82:B4:D9:72:C5
Certificate issuer:       /CN=525d1c4955b2efbf009e9e41b1e72ea6dff824b3
Certificate serial:       0199EBF18AD6E39B37BF22E41AE1E045AA60
Authority key identifier: 52:5D:1C:49:55:B2:EF:BF:00:9E:9E:41:B1:E7:2E:A6:DF:F8:24:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ul0cSVWy778Anp5Bsecupt_4JLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/8195b3-c475-4ca4-b42d-6627a4eb5963/1/0_BivZleQqQTDIIA1zuJgrTZcsU.roa
Signing time:             Thu 16 Oct 2025 07:34:59 +0000
ROA not before:           Thu 16 Oct 2025 07:34:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197891
IP address blocks:        2a13:8ac0:100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/8195b3-c475-4ca4-b42d-6627a4eb5963/1/Ul0cSVWy778Anp5Bsecupt_4JLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/8195b3-c475-4ca4-b42d-6627a4eb5963/1/Ul0cSVWy778Anp5Bsecupt_4JLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ul0cSVWy778Anp5Bsecupt_4JLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:eb:f1:8a:d6:e3:9b:37:bf:22:e4:1a:e1:e0:45:aa:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=525d1c4955b2efbf009e9e41b1e72ea6dff824b3
        Validity
            Not Before: Oct 16 07:34:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3f062bd995e42a4130c8200d73b8982b4d972c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:25:92:eb:8b:1f:60:31:0c:cb:5d:3d:a3:5d:
                    33:71:d9:e2:5d:1c:02:7b:8e:97:26:dd:4e:fe:db:
                    8c:87:60:38:5b:c8:fb:e6:b5:b5:83:d9:33:0f:d6:
                    de:ff:0a:0e:39:25:fa:7a:fa:27:08:90:2d:1b:b1:
                    f0:f4:44:40:6c:43:ea:28:c7:06:a0:96:00:b5:88:
                    98:4f:ed:6f:93:10:f6:05:87:37:3c:45:f3:57:cf:
                    d6:f7:58:c4:3b:9e:d5:95:5f:5e:5c:d8:b0:a4:12:
                    71:3d:19:4e:3c:05:78:0e:99:a6:70:83:ac:5b:06:
                    b5:d0:7c:74:07:d4:fc:a4:97:0d:f3:65:59:2b:7e:
                    26:8c:01:7e:f7:90:02:20:22:f4:d4:50:14:12:88:
                    21:2e:3d:79:90:5c:00:d1:0a:25:d3:52:5c:f2:d2:
                    95:f5:f5:48:30:bb:00:c8:86:c3:86:1c:67:0e:fa:
                    63:b0:73:de:68:62:97:81:42:61:91:8f:ea:69:55:
                    3d:9f:b2:03:c4:3d:0c:b3:61:45:fa:e2:45:50:62:
                    33:36:ca:12:9e:99:39:3b:db:78:a0:f0:32:d1:ff:
                    88:3f:56:6b:47:d1:4f:f1:8e:f2:a8:48:c7:f3:84:
                    a2:67:90:5e:14:73:26:c6:00:1f:5d:e6:5e:03:1f:
                    33:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:F0:62:BD:99:5E:42:A4:13:0C:82:00:D7:3B:89:82:B4:D9:72:C5
            X509v3 Authority Key Identifier:
                keyid:52:5D:1C:49:55:B2:EF:BF:00:9E:9E:41:B1:E7:2E:A6:DF:F8:24:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ul0cSVWy778Anp5Bsecupt_4JLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/8195b3-c475-4ca4-b42d-6627a4eb5963/1/0_BivZleQqQTDIIA1zuJgrTZcsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/8195b3-c475-4ca4-b42d-6627a4eb5963/1/Ul0cSVWy778Anp5Bsecupt_4JLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:8ac0:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         0a:64:b0:51:df:52:d7:dd:6d:e9:87:26:e9:93:4d:86:f9:da:
         82:03:56:2e:6a:4c:84:46:37:3c:11:52:34:a6:9e:ed:95:e9:
         b1:f3:1d:c4:12:5b:f0:20:a6:b9:7c:4b:92:92:e1:56:d6:6d:
         92:54:26:78:b6:58:a2:67:6a:4f:ba:9d:d0:a5:6d:f4:3e:0f:
         68:97:ac:24:6e:71:e7:48:a0:08:26:1d:31:4c:4f:05:12:34:
         b4:df:f6:d7:ca:ad:78:4f:41:e7:c2:f0:61:00:50:cc:75:39:
         b0:51:31:71:ea:e9:38:d7:5e:2c:ef:bc:fe:2e:30:96:9e:4b:
         ad:cb:67:c3:5f:57:4f:5f:d1:97:86:dc:d0:43:88:a8:9a:84:
         9d:03:d0:35:a0:0b:0e:60:2c:c6:23:2b:16:65:45:9c:80:8a:
         bd:06:37:17:dc:35:75:c9:27:c9:76:da:06:1b:89:cc:9b:99:
         10:64:d1:e1:b8:91:3d:1c:01:ec:7d:9e:2f:f1:8b:aa:37:e0:
         fe:ee:64:f1:fb:20:61:6a:27:6a:84:05:5c:a3:e5:00:36:da:
         68:a5:d4:2c:34:77:14:ca:cc:e4:53:60:85:d9:08:d1:17:f9:
         03:53:f8:42:34:70:17:2c:ee:0b:8e:d6:9b:02:b5:7b:f5:01:
         8a:80:31:57
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZnr8YrW45s3vyLkGuHgRapgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNWQxYzQ5NTViMmVmYmYwMDllOWU0MWIxZTcyZWE2ZGZm
ODI0YjMwHhcNMjUxMDE2MDczNDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2YwNjJiZDk5NWU0MmE0MTMwYzgyMDBkNzNiODk4MmI0ZDk3MmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCWS64sfYDEMy109o10zcdniXRwC
e46XJt1O/tuMh2A4W8j75rW1g9kzD9be/woOOSX6evonCJAtG7Hw9ERAbEPqKMcG
oJYAtYiYT+1vkxD2BYc3PEXzV8/W91jEO57VlV9eXNiwpBJxPRlOPAV4DpmmcIOs
Wwa10Hx0B9T8pJcN82VZK34mjAF+95ACICL01FAUEoghLj15kFwA0Qol01Jc8tKV
9fVIMLsAyIbDhhxnDvpjsHPeaGKXgUJhkY/qaVU9n7IDxD0Ms2FF+uJFUGIzNsoS
npk5O9t4oPAy0f+IP1ZrR9FP8Y7yqEjH84SiZ5BeFHMmxgAfXeZeAx8z5QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNPwYr2ZXkKkEwyCANc7iYK02XLFMB8GA1UdIwQY
MBaAFFJdHElVsu+/AJ6eQbHnLqbf+CSzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWwwY1NWV3k3NzhBbnA1QnNlY3VwdF80SkxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi84MTk1YjMtYzQ3NS00Y2E0LWI0MmQt
NjYyN2E0ZWI1OTYzLzEvMF9CaXZabGVRcVFURElJQTF6dUpnclRaY3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi84MTk1YjMtYzQ3NS00Y2E0LWI0MmQtNjYyN2E0ZWI1OTYz
LzEvVWwwY1NWV3k3NzhBbnA1QnNlY3VwdF80SkxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOKwAEw
DQYJKoZIhvcNAQELBQADggEBAApksFHfUtfdbemHJumTTYb52oIDVi5qTIRGNzwR
UjSmnu2V6bHzHcQSW/Agprl8S5KS4VbWbZJUJni2WKJnak+6ndClbfQ+D2iXrCRu
cedIoAgmHTFMTwUSNLTf9tfKrXhPQefC8GEAUMx1ObBRMXHq6TjXXizvvP4uMJae
S63LZ8NfV09f0ZeG3NBDiKiahJ0D0DWgCw5gLMYjKxZlRZyAir0GNxfcNXXJJ8l2
2gYbicybmRBk0eG4kT0cAex9ni/xi6o34P7uZPH7IGFqJ2qEBVyj5QA22mil1Cw0
dxTKzORTYIXZCNEX+QNT+EI0cBcs7guO1psCtXv1AYqAMVc=
-----END CERTIFICATE-----