Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/BxGf4lSFYKHeuXnAyFK6i1JNIxE.roa
File:                     BxGf4lSFYKHeuXnAyFK6i1JNIxE.roa (raw, json)
Hash identifier:          CPX9KaqdGijt5ka4UvJo37MrT8M4No8zXRKHLnaECVM=
Subject key identifier:   07:11:9F:E2:54:85:60:A1:DE:B9:79:C0:C8:52:BA:8B:52:4D:23:11
Certificate issuer:       /CN=e79dc5435a2dc97e365ff49570c04d513f6fced2
Certificate serial:       01977E2BF3115AD4F81D3965D75614C3F3B0
Authority key identifier: E7:9D:C5:43:5A:2D:C9:7E:36:5F:F4:95:70:C0:4D:51:3F:6F:CE:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/553FQ1otyX42X_SVcMBNUT9vztI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/BxGf4lSFYKHeuXnAyFK6i1JNIxE.roa
Signing time:             Tue 17 Jun 2025 13:54:58 +0000
ROA not before:           Tue 17 Jun 2025 13:54:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208355
IP address blocks:        2a06:8200::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/553FQ1otyX42X_SVcMBNUT9vztI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/553FQ1otyX42X_SVcMBNUT9vztI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/553FQ1otyX42X_SVcMBNUT9vztI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7e:2b:f3:11:5a:d4:f8:1d:39:65:d7:56:14:c3:f3:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e79dc5435a2dc97e365ff49570c04d513f6fced2
        Validity
            Not Before: Jun 17 13:54:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07119fe2548560a1deb979c0c852ba8b524d2311
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:dc:54:f5:ee:7c:fa:cb:ce:9f:b7:24:dd:51:
                    95:a7:a0:c8:01:8d:41:20:30:9d:9a:1a:02:6b:39:
                    ca:7e:8f:0e:48:bb:d0:33:c7:6f:58:dd:76:fa:b8:
                    da:45:4f:3f:92:ec:0f:c6:6c:29:32:f3:99:7c:b6:
                    ca:2c:ae:5b:a3:f0:fa:2b:5f:b4:b0:78:a6:6c:e9:
                    b7:c2:f0:9f:80:1d:98:14:eb:c4:c8:38:da:c8:1f:
                    99:83:f9:fd:32:78:13:26:f9:a0:f0:63:4c:7d:3d:
                    5f:9e:85:70:87:ef:be:fb:92:d3:a7:aa:c5:c3:55:
                    3a:0d:f8:a8:ba:de:3e:2b:93:e2:d0:ff:33:f2:ef:
                    ed:c5:03:31:6e:01:1d:18:48:59:95:73:92:9a:d0:
                    92:98:df:27:9f:0a:a3:1c:3c:5a:71:76:d9:14:40:
                    26:30:94:66:29:08:9b:28:6a:24:98:9e:e0:13:0e:
                    7c:1b:9b:76:9e:32:81:a4:51:49:d4:f6:12:18:e4:
                    1d:b9:cf:ac:b3:b2:65:09:24:c1:fe:78:22:92:e6:
                    83:f5:d3:23:bb:5a:90:b4:4d:b5:44:c9:ac:17:71:
                    33:2e:80:38:67:1e:6f:b0:25:54:6b:5b:2f:73:88:
                    5b:a5:95:ff:e2:ef:bd:f2:70:e6:60:69:a6:fd:29:
                    de:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:11:9F:E2:54:85:60:A1:DE:B9:79:C0:C8:52:BA:8B:52:4D:23:11
            X509v3 Authority Key Identifier:
                keyid:E7:9D:C5:43:5A:2D:C9:7E:36:5F:F4:95:70:C0:4D:51:3F:6F:CE:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/553FQ1otyX42X_SVcMBNUT9vztI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/BxGf4lSFYKHeuXnAyFK6i1JNIxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/ce95be-a37a-4c23-b9cb-706554f88046/1/553FQ1otyX42X_SVcMBNUT9vztI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:8200::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:ac:c5:84:bf:18:d2:c0:4d:fd:ae:b0:f2:3c:8f:78:c8:96:
         e1:5b:2f:e5:46:28:c1:81:b5:01:2e:27:d8:58:6f:85:7c:95:
         8b:75:b6:84:1e:49:1a:ab:65:21:2f:e1:1d:f6:a5:50:5f:78:
         86:bb:d2:2c:d8:4f:76:e9:71:89:84:dd:48:83:9b:6f:05:22:
         29:b5:6e:ab:17:cd:ba:84:bd:1f:aa:48:5c:b3:12:9b:60:25:
         83:1a:b1:e9:f1:f1:25:4a:1c:0e:a5:76:10:75:3c:af:44:e7:
         dc:51:9e:fe:c8:66:85:97:1a:c3:6a:70:02:76:16:76:03:48:
         9d:e3:d8:ad:27:ce:4c:ec:6d:f5:30:05:52:0d:12:f2:59:85:
         10:a0:40:d1:60:6c:98:72:9a:a0:07:84:59:28:32:af:6f:4a:
         62:ae:66:ee:1f:e4:0f:92:4f:97:0d:5d:dc:47:cf:7f:93:8c:
         d0:63:e1:cc:d4:3b:0d:39:a7:55:1a:a7:6a:7f:8e:d8:ab:46:
         c9:dd:4a:32:6e:64:3e:4c:0e:e5:8d:dd:11:2b:61:55:15:26:
         c9:68:4b:28:f9:28:c3:43:2a:57:c1:33:f0:58:c4:e1:40:53:
         ad:52:a5:b3:d5:cc:3d:3a:21:c5:e5:bb:6a:df:4f:6c:88:cb:
         76:b8:96:2b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd+K/MRWtT4HTll11YUw/OwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OWRjNTQzNWEyZGM5N2UzNjVmZjQ5NTcwYzA0ZDUxM2Y2
ZmNlZDIwHhcNMjUwNjE3MTM1NDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzExOWZlMjU0ODU2MGExZGViOTc5YzBjODUyYmE4YjUyNGQyMzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdxU9e58+svOn7ck3VGVp6DIAY1B
IDCdmhoCaznKfo8OSLvQM8dvWN12+rjaRU8/kuwPxmwpMvOZfLbKLK5bo/D6K1+0
sHimbOm3wvCfgB2YFOvEyDjayB+Zg/n9MngTJvmg8GNMfT1fnoVwh++++5LTp6rF
w1U6Dfiout4+K5Pi0P8z8u/txQMxbgEdGEhZlXOSmtCSmN8nnwqjHDxacXbZFEAm
MJRmKQibKGokmJ7gEw58G5t2njKBpFFJ1PYSGOQduc+ss7JlCSTB/ngikuaD9dMj
u1qQtE21RMmsF3EzLoA4Zx5vsCVUa1svc4hbpZX/4u+98nDmYGmm/SneDwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAcRn+JUhWCh3rl5wMhSuotSTSMRMB8GA1UdIwQY
MBaAFOedxUNaLcl+Nl/0lXDATVE/b87SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTUzRlExb3R5WDQyWF9TVmNNQk5VVDl2enRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9jZTk1YmUtYTM3YS00YzIzLWI5Y2It
NzA2NTU0Zjg4MDQ2LzEvQnhHZjRsU0ZZS0hldVhuQXlGSzZpMUpOSXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9jZTk1YmUtYTM3YS00YzIzLWI5Y2ItNzA2NTU0Zjg4MDQ2
LzEvNTUzRlExb3R5WDQyWF9TVmNNQk5VVDl2enRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgaCADAN
BgkqhkiG9w0BAQsFAAOCAQEApqzFhL8Y0sBN/a6w8jyPeMiW4Vsv5UYowYG1AS4n
2FhvhXyVi3W2hB5JGqtlIS/hHfalUF94hrvSLNhPdulxiYTdSIObbwUiKbVuqxfN
uoS9H6pIXLMSm2Algxqx6fHxJUocDqV2EHU8r0Tn3FGe/shmhZcaw2pwAnYWdgNI
nePYrSfOTOxt9TAFUg0S8lmFEKBA0WBsmHKaoAeEWSgyr29KYq5m7h/kD5JPlw1d
3EfPf5OM0GPhzNQ7DTmnVRqnan+O2KtGyd1KMm5kPkwO5Y3dESthVRUmyWhLKPko
w0MqV8Ez8FjE4UBTrVKls9XMPTohxeW7at9PbIjLdriWKw==
-----END CERTIFICATE-----