Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/Bm5srVh_81xtwsDQZjL_phr1EiE.roa
File:                     Bm5srVh_81xtwsDQZjL_phr1EiE.roa (raw, json)
Hash identifier:          7fmqR7TnR8pgOLrtjSSrB/cFA86aEz/WfgUxvDNNZKU=
Subject key identifier:   06:6E:6C:AD:58:7F:F3:5C:6D:C2:C0:D0:66:32:FF:A6:1A:F5:12:21
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       019952F1B294E97BDAC8868C475562B241AF
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/Bm5srVh_81xtwsDQZjL_phr1EiE.roa
Signing time:             Tue 16 Sep 2025 14:33:15 +0000
ROA not before:           Tue 16 Sep 2025 14:33:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214668
IP address blocks:        95.155.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:52:f1:b2:94:e9:7b:da:c8:86:8c:47:55:62:b2:41:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: Sep 16 14:33:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=066e6cad587ff35c6dc2c0d06632ffa61af51221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:85:47:85:6d:87:95:73:c5:5f:ce:73:12:78:
                    cc:6c:8c:45:92:4e:8b:1c:5e:78:0c:61:da:3a:f8:
                    13:cf:64:c5:2a:eb:aa:67:27:cd:bd:6d:cd:e9:57:
                    cf:69:12:0d:58:dd:b9:55:af:57:c8:57:81:b5:1b:
                    ac:40:77:35:be:3c:89:42:db:98:cb:47:5a:90:e1:
                    9c:3b:b1:23:0c:04:9e:6c:77:8a:be:e4:c5:2e:b1:
                    cd:32:33:01:44:c3:88:3c:b5:4c:eb:aa:04:fd:52:
                    e6:24:0e:3a:1d:43:39:0c:44:6a:d8:76:f7:54:81:
                    29:6f:fb:91:3f:f2:62:ec:ee:b3:f2:0e:e1:45:f3:
                    fd:d9:17:97:bc:3d:10:39:86:a1:f2:13:a6:9b:b0:
                    6a:59:0d:05:5f:88:1a:a8:23:da:a3:d5:66:1e:40:
                    fa:6a:24:50:c2:08:44:29:4d:b9:29:f5:00:a4:37:
                    d0:d9:27:26:f7:37:85:8b:7b:93:d0:09:30:5f:85:
                    15:a5:11:79:7d:a8:6d:09:dc:bd:9e:69:62:53:2b:
                    a0:d5:68:70:66:3a:a7:6c:5b:b4:48:c6:6b:ad:58:
                    d9:1d:a8:83:48:22:b5:3e:1a:86:5e:f2:c7:91:99:
                    58:4b:fd:55:3b:08:b1:95:36:fb:c6:7c:34:3b:9c:
                    54:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:6E:6C:AD:58:7F:F3:5C:6D:C2:C0:D0:66:32:FF:A6:1A:F5:12:21
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/Bm5srVh_81xtwsDQZjL_phr1EiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.155.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:66:81:8e:1e:a8:a8:35:c8:d2:9a:8e:e9:0d:90:37:eb:fc:
         df:d6:05:15:44:ce:cd:99:db:7f:7b:ae:7c:b9:b0:44:bd:54:
         bb:03:99:eb:51:6f:dc:7c:7f:c8:b8:5a:71:a9:91:d1:e2:82:
         0f:eb:6e:8d:26:38:cd:a7:19:6d:40:d3:8e:b3:f1:93:66:69:
         5c:eb:36:d3:6f:b3:94:91:5e:09:ce:5e:96:66:9e:57:1d:49:
         4f:55:8d:33:0c:f0:40:b7:b3:c8:bc:a6:61:48:82:38:dc:11:
         c6:59:7b:b0:13:47:30:ef:7a:6b:30:40:d1:61:42:6f:09:ca:
         fc:d8:5a:0d:ac:60:99:6e:5a:30:c9:53:ef:51:12:ee:b0:ca:
         f5:a4:23:2e:8f:a8:09:45:52:55:fc:5d:6b:b0:c3:7a:87:77:
         09:19:c2:35:8a:ff:b6:f0:4d:46:20:c4:ea:75:c7:e7:74:c5:
         a0:a8:53:6c:2c:9e:fa:c8:b2:60:96:5f:3c:6a:c1:7e:b8:da:
         6f:5c:34:8e:91:fa:66:52:0e:88:fe:dd:47:3d:21:c2:b2:e5:
         1a:27:70:c1:63:ca:07:31:3a:e8:fd:28:11:7b:4b:e3:fa:02:
         e0:58:bc:67:95:a6:2b:eb:61:33:da:ff:54:88:0d:e1:4f:e0:
         a8:75:e3:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlS8bKU6XvayIaMR1ViskGvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjUwOTE2MTQzMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjZlNmNhZDU4N2ZmMzVjNmRjMmMwZDA2NjMyZmZhNjFhZjUxMjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA74VHhW2HlXPFX85zEnjMbIxFkk6L
HF54DGHaOvgTz2TFKuuqZyfNvW3N6VfPaRINWN25Va9XyFeBtRusQHc1vjyJQtuY
y0dakOGcO7EjDASebHeKvuTFLrHNMjMBRMOIPLVM66oE/VLmJA46HUM5DERq2Hb3
VIEpb/uRP/Ji7O6z8g7hRfP92ReXvD0QOYah8hOmm7BqWQ0FX4gaqCPao9VmHkD6
aiRQwghEKU25KfUApDfQ2Scm9zeFi3uT0AkwX4UVpRF5fahtCdy9nmliUyug1Whw
ZjqnbFu0SMZrrVjZHaiDSCK1PhqGXvLHkZlYS/1VOwixlTb7xnw0O5xUTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZubK1Yf/NcbcLA0GYy/6Ya9RIhMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvQm01c3JWaF84MXh0d3NEUVpqTF9waHIxRWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX5ucMA0G
CSqGSIb3DQEBCwUAA4IBAQAbZoGOHqioNcjSmo7pDZA36/zf1gUVRM7Nmdt/e658
ubBEvVS7A5nrUW/cfH/IuFpxqZHR4oIP626NJjjNpxltQNOOs/GTZmlc6zbTb7OU
kV4Jzl6WZp5XHUlPVY0zDPBAt7PIvKZhSII43BHGWXuwE0cw73prMEDRYUJvCcr8
2FoNrGCZblowyVPvURLusMr1pCMuj6gJRVJV/F1rsMN6h3cJGcI1iv+28E1GIMTq
dcfndMWgqFNsLJ76yLJgll88asF+uNpvXDSOkfpmUg6I/t1HPSHCsuUaJ3DBY8oH
MTro/SgRe0vj+gLgWLxnlaYr62Ez2v9UiA3hT+CodeP4
-----END CERTIFICATE-----