Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/bhQC1zmugCUygVdsESALM-lPxWs.roa
File:                     bhQC1zmugCUygVdsESALM-lPxWs.roa (raw, json)
Hash identifier:          je9TYnAZ6tB4EzwBybgxJXYtbsShxgoopSrP7paJTb0=
Subject key identifier:   6E:14:02:D7:39:AE:80:25:32:81:57:6C:11:20:0B:33:E9:4F:C5:6B
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0197609F3BF10DEDE2E0474BF2CC141AEDD8
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/bhQC1zmugCUygVdsESALM-lPxWs.roa
Signing time:             Wed 11 Jun 2025 20:12:17 +0000
ROA not before:           Wed 11 Jun 2025 20:12:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210734
IP address blocks:        93.186.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:60:9f:3b:f1:0d:ed:e2:e0:47:4b:f2:cc:14:1a:ed:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jun 11 20:12:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e1402d739ae80253281576c11200b33e94fc56b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:19:3d:5a:51:20:a7:7b:de:f6:74:27:a5:16:
                    62:db:3e:08:83:88:db:7f:d1:7c:b9:da:29:a3:da:
                    9a:bc:f6:77:7c:bf:02:51:a6:1a:97:86:ef:f9:57:
                    40:e3:2b:08:61:f8:c5:cf:0d:b7:59:37:56:c4:05:
                    13:70:94:04:13:fd:f4:af:11:3d:e2:d5:e7:fa:f1:
                    b6:23:88:10:0d:4b:96:e0:67:da:7d:9d:df:7f:cf:
                    4b:b7:26:fc:c0:a0:11:75:d4:b6:51:20:22:71:2e:
                    18:db:59:1a:fe:a2:cb:6c:16:61:6f:f0:fb:f7:61:
                    29:04:17:5f:b5:0f:87:90:26:43:27:06:ed:11:79:
                    93:98:19:9f:85:ba:42:d3:fc:fd:9c:cf:a1:be:37:
                    61:28:42:72:8d:05:c3:07:4f:3e:30:d9:74:9b:46:
                    5d:1d:3d:2d:bf:cc:da:84:56:2e:ef:1c:6d:7e:18:
                    16:8f:3c:4e:d3:b0:43:25:a7:b2:ba:75:02:c2:3c:
                    59:40:d3:a0:cc:3f:5a:66:35:f7:c4:0c:15:cf:d1:
                    90:d6:3b:78:16:13:d2:39:1d:f9:23:d7:51:8a:0d:
                    51:5c:17:5d:52:be:33:c8:bf:17:63:44:f0:a7:88:
                    78:34:34:c6:83:bd:13:6b:0a:87:05:b8:d1:67:aa:
                    74:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:14:02:D7:39:AE:80:25:32:81:57:6C:11:20:0B:33:E9:4F:C5:6B
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/bhQC1zmugCUygVdsESALM-lPxWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.186.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:58:da:e2:b4:6d:31:e0:8b:2e:dd:1f:3d:15:3c:22:d1:7c:
         ea:05:b3:56:44:6b:aa:69:de:e5:a6:88:35:49:ff:81:5b:c7:
         20:c8:c7:bc:45:45:95:58:bd:ea:aa:52:91:d8:28:22:b8:3b:
         d8:86:56:b1:49:2f:db:cc:ad:f7:cf:27:f9:1f:2e:9d:00:22:
         79:9b:24:05:9d:1a:9b:b9:04:55:fc:b2:3b:96:92:e1:bc:e3:
         e9:cb:59:b2:2f:9a:38:cd:e1:59:5f:b8:fb:f4:e2:9c:ba:e1:
         d0:20:fd:01:f4:29:fb:d8:50:4c:00:43:03:d6:aa:21:24:b7:
         14:db:66:ca:b5:31:cf:4f:54:46:61:a4:75:b5:b4:ca:f7:c8:
         50:c0:21:a3:67:3e:90:16:3b:14:ba:d8:f4:07:a0:bb:46:2d:
         05:f9:94:c2:57:ec:95:3d:32:d1:4c:0a:e0:b6:60:2f:2f:11:
         37:6d:00:a0:87:cb:f9:4a:ff:e9:b0:0a:4d:f1:f7:0e:24:9f:
         ff:bf:5e:49:ee:59:77:d2:dc:b3:b0:53:cb:04:5d:19:1b:f3:
         fd:dc:6d:de:2b:ec:ff:f5:34:91:8b:12:46:9a:fb:4b:97:90:
         f6:ca:51:9d:69:72:ab:05:c5:05:72:f3:85:c0:1e:14:c2:e3:
         ce:13:dc:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdgnzvxDe3i4EdL8swUGu3YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwNjExMjAxMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTE0MDJkNzM5YWU4MDI1MzI4MTU3NmMxMTIwMGIzM2U5NGZjNTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshk9WlEgp3ve9nQnpRZi2z4Ig4jb
f9F8udopo9qavPZ3fL8CUaYal4bv+VdA4ysIYfjFzw23WTdWxAUTcJQEE/30rxE9
4tXn+vG2I4gQDUuW4GfafZ3ff89Ltyb8wKARddS2USAicS4Y21ka/qLLbBZhb/D7
92EpBBdftQ+HkCZDJwbtEXmTmBmfhbpC0/z9nM+hvjdhKEJyjQXDB08+MNl0m0Zd
HT0tv8zahFYu7xxtfhgWjzxO07BDJaeyunUCwjxZQNOgzD9aZjX3xAwVz9GQ1jt4
FhPSOR35I9dRig1RXBddUr4zyL8XY0Twp4h4NDTGg70TawqHBbjRZ6p0QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG4UAtc5roAlMoFXbBEgCzPpT8VrMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvYmhRQzF6bXVnQ1V5Z1Zkc0VTQUxNLWxQeFdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbpAMA0G
CSqGSIb3DQEBCwUAA4IBAQCeWNritG0x4Isu3R89FTwi0XzqBbNWRGuqad7lpog1
Sf+BW8cgyMe8RUWVWL3qqlKR2CgiuDvYhlaxSS/bzK33zyf5Hy6dACJ5myQFnRqb
uQRV/LI7lpLhvOPpy1myL5o4zeFZX7j79OKcuuHQIP0B9Cn72FBMAEMD1qohJLcU
22bKtTHPT1RGYaR1tbTK98hQwCGjZz6QFjsUutj0B6C7Ri0F+ZTCV+yVPTLRTArg
tmAvLxE3bQCgh8v5Sv/psApN8fcOJJ//v15J7ll30tyzsFPLBF0ZG/P93G3eK+z/
9TSRixJGmvtLl5D2ylGdaXKrBcUFcvOFwB4UwuPOE9zj
-----END CERTIFICATE-----