Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/BhKXE6iuo9SfBVLFhVn_mkUc-7o.roa
File:                     BhKXE6iuo9SfBVLFhVn_mkUc-7o.roa (raw, json)
Hash identifier:          6UQPEWEZQ8R2LqnkEpCKEGwsYAPkUMrvkndL11WKeoQ=
Subject key identifier:   06:12:97:13:A8:AE:A3:D4:9F:05:52:C5:85:59:FF:9A:45:1C:FB:BA
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       0199E25B9A409D711484C16AEA59D8120111
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/BhKXE6iuo9SfBVLFhVn_mkUc-7o.roa
Signing time:             Tue 14 Oct 2025 10:54:38 +0000
ROA not before:           Tue 14 Oct 2025 10:54:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213520
IP address blocks:        91.132.160.0/22 maxlen: 23
                          91.132.160.0/23 maxlen: 23
                          91.132.162.0/23 maxlen: 23
                          193.135.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e2:5b:9a:40:9d:71:14:84:c1:6a:ea:59:d8:12:01:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: Oct 14 10:54:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06129713a8aea3d49f0552c58559ff9a451cfbba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:18:fc:40:e1:e0:10:d2:72:94:cd:0c:cb:cd:
                    88:3a:1e:fd:3c:20:b7:49:93:d7:6a:63:40:77:51:
                    4e:7e:5c:75:d8:26:a6:a2:4b:ac:16:df:0b:14:71:
                    51:26:82:d4:17:26:62:02:30:c2:09:0d:7a:cb:22:
                    50:17:e4:40:8f:ec:dd:c3:92:c9:3b:7e:b3:4c:e0:
                    eb:70:86:1a:d9:99:07:8d:2b:ce:9b:4e:da:c8:ff:
                    23:c4:02:04:88:8b:50:9a:da:f1:4a:a9:a4:71:f3:
                    af:cc:ba:c5:2c:de:a2:9b:72:fa:89:30:3a:06:00:
                    b2:5e:4e:d6:f4:19:a7:3c:2e:dc:6d:7a:86:12:f4:
                    4d:f6:96:d9:3a:a3:19:f0:98:0f:4f:d8:8b:75:11:
                    b7:f8:e9:66:0a:5a:f2:41:04:7b:1e:fd:9c:55:2e:
                    68:3c:e4:55:0f:00:ca:7b:43:eb:b9:b4:a4:55:ae:
                    13:97:12:10:88:38:cc:4a:88:0e:77:6b:d1:cf:42:
                    cb:0d:39:ad:ef:69:28:34:b9:f1:71:10:33:91:6a:
                    3b:91:fe:3b:41:25:3d:0e:87:3e:8c:c3:ce:26:32:
                    78:88:fe:70:86:c9:16:c1:ab:f6:87:fb:04:f8:2d:
                    78:d5:4d:ae:aa:d0:eb:81:13:42:54:b2:72:06:83:
                    0d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:12:97:13:A8:AE:A3:D4:9F:05:52:C5:85:59:FF:9A:45:1C:FB:BA
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/BhKXE6iuo9SfBVLFhVn_mkUc-7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.160.0/22
                  193.135.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:d2:b3:c1:fa:cb:30:d3:06:90:da:6b:f0:a6:af:32:4e:43:
         bd:a0:70:b5:e0:77:3d:7b:51:b0:dd:9c:c4:78:e8:eb:cc:03:
         fe:4b:f2:74:2b:dc:a7:68:7f:b6:1c:00:47:95:f8:63:a3:ac:
         d1:97:92:6e:50:e8:15:62:9c:d5:5a:5f:ae:d4:cb:d7:3a:81:
         7c:3a:a4:c6:fd:ee:bd:72:38:18:36:8e:38:6d:0f:ce:d0:42:
         7d:9e:15:75:ce:ca:01:77:1c:2a:96:98:ab:0f:84:03:e9:d8:
         3d:2c:00:81:e7:a7:c8:a1:9d:11:b2:28:95:c7:bd:c3:f9:c4:
         63:53:63:c9:2c:3d:84:7c:90:33:68:4b:3f:4e:3f:85:15:2f:
         f3:06:df:08:18:e5:58:03:c5:cc:67:0d:23:2b:e6:64:bb:6f:
         c1:90:91:18:9a:d4:5d:89:79:d6:64:96:4f:54:fc:90:c8:b3:
         e5:db:f7:2a:dc:3a:0b:89:59:86:62:c3:d8:fd:ab:64:c4:13:
         55:2f:bd:10:3f:b5:fb:c4:fb:90:51:8f:1d:48:a7:b5:f5:6c:
         2f:09:82:e9:34:a4:16:38:4a:44:f8:3e:bd:0c:56:76:6c:7c:
         55:13:74:01:21:88:61:35:12:18:8f:13:28:c0:60:bc:5a:68:
         de:17:08:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZniW5pAnXEUhMFq6lnYEgERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjUxMDE0MTA1NDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjEyOTcxM2E4YWVhM2Q0OWYwNTUyYzU4NTU5ZmY5YTQ1MWNmYmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhj8QOHgENJylM0My82IOh79PCC3
SZPXamNAd1FOflx12CamokusFt8LFHFRJoLUFyZiAjDCCQ16yyJQF+RAj+zdw5LJ
O36zTODrcIYa2ZkHjSvOm07ayP8jxAIEiItQmtrxSqmkcfOvzLrFLN6im3L6iTA6
BgCyXk7W9BmnPC7cbXqGEvRN9pbZOqMZ8JgPT9iLdRG3+OlmClryQQR7Hv2cVS5o
PORVDwDKe0PrubSkVa4TlxIQiDjMSogOd2vRz0LLDTmt72koNLnxcRAzkWo7kf47
QSU9Doc+jMPOJjJ4iP5whskWwav2h/sE+C141U2uqtDrgRNCVLJyBoMNIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAYSlxOorqPUnwVSxYVZ/5pFHPu6MB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvQmhLWEU2aXVvOVNmQlZMRmhWbl9ta1VjLTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW4SgAwQA
wYeJMA0GCSqGSIb3DQEBCwUAA4IBAQCs0rPB+ssw0waQ2mvwpq8yTkO9oHC14Hc9
e1Gw3ZzEeOjrzAP+S/J0K9ynaH+2HABHlfhjo6zRl5JuUOgVYpzVWl+u1MvXOoF8
OqTG/e69cjgYNo44bQ/O0EJ9nhV1zsoBdxwqlpirD4QD6dg9LACB56fIoZ0RsiiV
x73D+cRjU2PJLD2EfJAzaEs/Tj+FFS/zBt8IGOVYA8XMZw0jK+Zku2/BkJEYmtRd
iXnWZJZPVPyQyLPl2/cq3DoLiVmGYsPY/atkxBNVL70QP7X7xPuQUY8dSKe19Wwv
CYLpNKQWOEpE+D69DFZ2bHxVE3QBIYhhNRIYjxMowGC8WmjeFwg2
-----END CERTIFICATE-----