Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BawaJAc9dep6w62S6XOVCTT46GE.roa
File:                     BawaJAc9dep6w62S6XOVCTT46GE.roa (raw, json)
Hash identifier:          LIUGVgCBf0nC6TIRISGURgwXFH1iSzmodcreS5pKjRk=
Subject key identifier:   05:AC:1A:24:07:3D:75:EA:7A:C3:AD:92:E9:73:95:09:34:F8:E8:61
Certificate issuer:       /CN=070483d3d62f19c0835746dcb721c8832c3b7926
Certificate serial:       01986EBD2FC9297944E5B9A1E028A0B9CBC0
Authority key identifier: 07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BawaJAc9dep6w62S6XOVCTT46GE.roa
Signing time:             Sun 03 Aug 2025 07:02:29 +0000
ROA not before:           Sun 03 Aug 2025 07:02:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        45.85.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6e:bd:2f:c9:29:79:44:e5:b9:a1:e0:28:a0:b9:cb:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=070483d3d62f19c0835746dcb721c8832c3b7926
        Validity
            Not Before: Aug  3 07:02:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05ac1a24073d75ea7ac3ad92e973950934f8e861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c5:8c:5d:73:31:5f:47:5c:97:08:d8:15:b8:
                    2e:80:f1:51:d3:bb:99:37:1a:4d:b5:74:7a:f2:d8:
                    fb:df:c1:8f:7e:1f:6a:80:a5:b2:9f:64:52:dc:a3:
                    9c:aa:af:58:db:16:a4:56:12:4a:15:b4:66:ec:bd:
                    ca:2d:7c:06:3b:0d:7c:18:bf:97:c2:01:a5:9a:5f:
                    57:48:c0:b7:e6:5c:ed:d1:f0:d0:ce:0b:82:d9:16:
                    07:0b:6e:6f:0e:9b:87:04:5f:32:10:de:ac:60:45:
                    6e:7c:6c:f6:7f:b0:f8:31:fc:47:e9:ca:77:50:16:
                    46:02:fb:da:ab:de:28:93:d0:be:fa:53:68:e2:f2:
                    af:07:2e:1a:a8:ca:0a:fe:72:a9:40:8d:cd:bb:a3:
                    78:b3:13:18:f5:27:5f:4e:bc:1f:cb:38:01:43:85:
                    fa:49:6d:6e:fa:e5:23:ff:09:2c:3c:08:e8:05:40:
                    ae:02:c6:ff:e8:28:c7:fd:4e:48:1c:2c:d2:dd:bf:
                    a7:f7:4f:27:74:09:20:f5:b7:5a:9d:fd:08:da:48:
                    a3:aa:d4:08:dd:e1:7c:06:d2:38:91:76:2d:ee:b9:
                    40:db:62:e8:ce:89:a1:66:73:da:4b:9f:9e:30:c8:
                    63:c1:ec:26:35:71:da:ff:ab:2a:af:37:69:48:29:
                    a2:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:AC:1A:24:07:3D:75:EA:7A:C3:AD:92:E9:73:95:09:34:F8:E8:61
            X509v3 Authority Key Identifier:
                keyid:07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BawaJAc9dep6w62S6XOVCTT46GE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:d9:a6:09:e9:71:92:45:81:9c:67:5c:c3:42:0c:b6:bd:41:
         24:2f:2c:f1:d4:04:93:86:a5:a3:25:0e:4f:70:47:68:92:b3:
         2d:14:2a:aa:94:f8:65:9f:03:31:a3:16:57:0d:95:d3:b0:08:
         1f:79:ae:47:7d:b1:fd:77:59:1e:58:5c:7b:b8:e6:ab:ac:8c:
         20:e7:b9:a4:2b:23:9a:e6:2e:de:45:6a:13:7a:21:96:ff:f6:
         7c:c3:1f:3a:d3:d3:7e:81:35:65:11:1b:6a:ae:df:dd:e0:91:
         5a:a0:b2:99:86:ef:01:aa:c5:fd:6d:e1:fd:ff:5d:a3:e7:07:
         5b:93:8d:de:65:73:ec:1c:03:32:04:61:69:73:18:03:09:f3:
         14:42:77:be:92:95:5c:4c:13:fc:9b:67:43:b9:83:09:99:21:
         1a:27:8c:4b:aa:d5:04:cd:df:99:4d:9d:a2:1c:4e:f1:b4:36:
         5b:fb:d6:cf:a4:fd:b7:7b:67:be:fd:37:6e:f7:c4:56:c1:79:
         96:b2:58:77:98:50:29:23:a9:19:39:5d:89:3f:83:11:9e:2e:
         92:ec:f4:50:e9:84:22:b0:b4:88:47:90:10:b7:f8:f8:a1:0f:
         22:9a:4a:7f:00:b4:e3:00:66:18:da:23:f1:f2:bb:30:54:1c:
         cb:74:2b:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhuvS/JKXlE5bmh4CigucvAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDQ4M2QzZDYyZjE5YzA4MzU3NDZkY2I3MjFjODgzMmMz
Yjc5MjYwHhcNMjUwODAzMDcwMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWFjMWEyNDA3M2Q3NWVhN2FjM2FkOTJlOTczOTUwOTM0ZjhlODYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsWMXXMxX0dclwjYFbgugPFR07uZ
NxpNtXR68tj738GPfh9qgKWyn2RS3KOcqq9Y2xakVhJKFbRm7L3KLXwGOw18GL+X
wgGlml9XSMC35lzt0fDQzguC2RYHC25vDpuHBF8yEN6sYEVufGz2f7D4MfxH6cp3
UBZGAvvaq94ok9C++lNo4vKvBy4aqMoK/nKpQI3Nu6N4sxMY9SdfTrwfyzgBQ4X6
SW1u+uUj/wksPAjoBUCuAsb/6CjH/U5IHCzS3b+n908ndAkg9bdanf0I2kijqtQI
3eF8BtI4kXYt7rlA22LozomhZnPaS5+eMMhjwewmNXHa/6sqrzdpSCmiaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWsGiQHPXXqesOtkulzlQk0+OhhMB8GA1UdIwQY
MBaAFAcEg9PWLxnAg1dG3LchyIMsO3kmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAt
ZDQ0MmM0ZjllOWJkLzEvQmF3YUpBYzlkZXA2dzYyUzZYT1ZDVFQ0NkdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAtZDQ0MmM0ZjllOWJk
LzEvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVXMMA0G
CSqGSIb3DQEBCwUAA4IBAQA32aYJ6XGSRYGcZ1zDQgy2vUEkLyzx1ASThqWjJQ5P
cEdokrMtFCqqlPhlnwMxoxZXDZXTsAgfea5HfbH9d1keWFx7uOarrIwg57mkKyOa
5i7eRWoTeiGW//Z8wx8609N+gTVlERtqrt/d4JFaoLKZhu8BqsX9beH9/12j5wdb
k43eZXPsHAMyBGFpcxgDCfMUQne+kpVcTBP8m2dDuYMJmSEaJ4xLqtUEzd+ZTZ2i
HE7xtDZb+9bPpP23e2e+/Tdu98RWwXmWslh3mFApI6kZOV2JP4MRni6S7PRQ6YQi
sLSIR5AQt/j4oQ8imkp/ALTjAGYY2iPx8rswVBzLdCtg
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:41:17 2025 by rpki-client