Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/552e68-611d-4ad8-a7e1-48bfac2cdc72/1/BlSeR_pJblcGKDZVOhalmR7CEhI.roa
File:                     BlSeR_pJblcGKDZVOhalmR7CEhI.roa (raw, json)
Hash identifier:          +LA/s25lXTsAJyNjZ89LILttPP1hwWlh26yK9Q72LZE=
Subject key identifier:   06:54:9E:47:FA:49:6E:57:06:28:36:55:3A:16:A5:99:1E:C2:12:12
Certificate issuer:       /CN=2ed7fbc1df0070acf5b3a67ce4e212dbd03afad7
Certificate serial:       019A33E0839ADB5DBE190FC7A2A1412ACE8E
Authority key identifier: 2E:D7:FB:C1:DF:00:70:AC:F5:B3:A6:7C:E4:E2:12:DB:D0:3A:FA:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ltf7wd8AcKz1s6Z85OIS29A6-tc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/552e68-611d-4ad8-a7e1-48bfac2cdc72/1/BlSeR_pJblcGKDZVOhalmR7CEhI.roa
Signing time:             Thu 30 Oct 2025 06:49:03 +0000
ROA not before:           Thu 30 Oct 2025 06:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199933
IP address blocks:        185.41.120.0/22 maxlen: 22
                          2a01:4de0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/552e68-611d-4ad8-a7e1-48bfac2cdc72/1/Ltf7wd8AcKz1s6Z85OIS29A6-tc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/552e68-611d-4ad8-a7e1-48bfac2cdc72/1/Ltf7wd8AcKz1s6Z85OIS29A6-tc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ltf7wd8AcKz1s6Z85OIS29A6-tc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:33:e0:83:9a:db:5d:be:19:0f:c7:a2:a1:41:2a:ce:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ed7fbc1df0070acf5b3a67ce4e212dbd03afad7
        Validity
            Not Before: Oct 30 06:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06549e47fa496e57062836553a16a5991ec21212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:1a:f0:1f:8c:82:68:7f:82:39:c9:55:b7:50:
                    52:15:4e:44:69:af:b6:9e:42:58:b7:52:05:65:5a:
                    b6:d8:37:c0:fd:30:31:0f:5d:5f:44:c0:df:be:ba:
                    83:d8:61:05:c1:d7:c4:6f:c0:ab:3f:85:4a:ba:4d:
                    4a:d8:7c:59:47:84:d4:cd:58:9e:75:70:9d:f9:34:
                    2d:48:72:f5:1f:39:1a:cb:68:21:ca:f3:dc:78:fa:
                    81:7a:32:0d:71:40:87:c0:46:12:f5:83:cf:b9:f7:
                    a8:8d:69:ae:78:a9:e1:fe:4a:6d:94:35:f5:83:54:
                    1a:38:d1:c5:c2:7d:8e:d2:8f:08:3d:c1:49:9a:1f:
                    33:72:c0:b7:ee:10:60:45:5a:2d:ea:02:07:e8:e7:
                    74:54:df:f1:a4:22:77:07:fa:3d:f5:0d:48:1e:32:
                    6b:69:88:2e:50:cb:7f:da:6e:f0:d7:f6:8a:2d:db:
                    27:7f:88:8b:fc:33:e6:f8:98:5b:6e:e1:11:33:1b:
                    98:9f:7d:e8:93:6d:60:00:84:cb:a1:b9:62:3d:f0:
                    7f:ab:51:61:cc:a0:1c:e0:a7:22:7b:a4:58:44:aa:
                    05:d6:a7:29:cf:cf:c9:9b:61:6a:5f:ae:26:9a:bb:
                    5c:1d:a1:ce:a4:2b:51:04:af:0d:8b:6b:0a:41:9a:
                    ba:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:54:9E:47:FA:49:6E:57:06:28:36:55:3A:16:A5:99:1E:C2:12:12
            X509v3 Authority Key Identifier:
                keyid:2E:D7:FB:C1:DF:00:70:AC:F5:B3:A6:7C:E4:E2:12:DB:D0:3A:FA:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ltf7wd8AcKz1s6Z85OIS29A6-tc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/552e68-611d-4ad8-a7e1-48bfac2cdc72/1/BlSeR_pJblcGKDZVOhalmR7CEhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/552e68-611d-4ad8-a7e1-48bfac2cdc72/1/Ltf7wd8AcKz1s6Z85OIS29A6-tc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.120.0/22
                IPv6:
                  2a01:4de0::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:64:52:0c:20:28:25:b7:a1:dc:97:e0:02:b2:86:f1:5a:8f:
         5b:98:ca:fb:b7:67:4a:49:13:67:49:cd:38:0d:03:df:b9:dc:
         3e:22:4e:df:4d:73:98:0c:a9:b0:fd:27:27:28:c2:2c:41:1d:
         81:31:7a:a4:13:49:3a:ba:e4:05:25:52:86:2b:a7:28:97:76:
         c9:7f:de:69:36:8e:1c:86:5b:e7:26:c1:09:97:2a:53:47:27:
         fb:7e:c7:b0:0e:9d:6d:4f:52:54:67:6b:35:3a:f1:c3:94:5f:
         26:12:68:8c:e9:0d:7a:93:51:fd:2b:81:22:70:cd:fe:57:d7:
         ee:f2:2a:3c:b5:02:43:c1:cb:10:fe:00:28:54:5d:60:59:8f:
         50:2b:08:ba:10:c9:0f:5d:38:1f:a1:44:a7:3e:08:0b:26:92:
         23:46:01:5c:c8:22:15:f7:49:4b:ef:d3:71:42:56:cc:fd:84:
         ea:45:a6:70:a3:33:2f:49:61:e4:97:b4:e2:53:db:70:0f:5e:
         3f:7c:68:3a:de:be:79:25:e3:93:ff:c4:2c:77:e3:0e:84:8c:
         73:ee:94:ab:e1:ec:e1:62:1f:0d:66:11:9f:91:87:f3:de:37:
         66:cc:fb:79:f5:0b:dd:7b:fc:de:b8:ed:94:53:8f:ef:a8:cb:
         6d:b0:9b:af
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZoz4IOa212+GQ/HoqFBKs6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZDdmYmMxZGYwMDcwYWNmNWIzYTY3Y2U0ZTIxMmRiZDAz
YWZhZDcwHhcNMjUxMDMwMDY0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjU0OWU0N2ZhNDk2ZTU3MDYyODM2NTUzYTE2YTU5OTFlYzIxMjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hrwH4yCaH+COclVt1BSFU5Eaa+2
nkJYt1IFZVq22DfA/TAxD11fRMDfvrqD2GEFwdfEb8CrP4VKuk1K2HxZR4TUzVie
dXCd+TQtSHL1Hzkay2ghyvPcePqBejINcUCHwEYS9YPPufeojWmueKnh/kptlDX1
g1QaONHFwn2O0o8IPcFJmh8zcsC37hBgRVot6gIH6Od0VN/xpCJ3B/o99Q1IHjJr
aYguUMt/2m7w1/aKLdsnf4iL/DPm+JhbbuERMxuYn33ok21gAITLobliPfB/q1Fh
zKAc4Kcie6RYRKoF1qcpz8/Jm2FqX64mmrtcHaHOpCtRBK8Ni2sKQZq6dwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAZUnkf6SW5XBig2VToWpZkewhISMB8GA1UdIwQY
MBaAFC7X+8HfAHCs9bOmfOTiEtvQOvrXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHRmN3dkOEFjS3oxczZaODVPSVMyOUE2LXRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi81NTJlNjgtNjExZC00YWQ4LWE3ZTEt
NDhiZmFjMmNkYzcyLzEvQmxTZVJfcEpibGNHS0RaVk9oYWxtUjdDRWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi81NTJlNjgtNjExZC00YWQ4LWE3ZTEtNDhiZmFjMmNkYzcy
LzEvTHRmN3dkOEFjS3oxczZaODVPSVMyOUE2LXRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSl4MA0E
AgACMAcDBQAqAU3gMA0GCSqGSIb3DQEBCwUAA4IBAQCQZFIMICglt6Hcl+ACsobx
Wo9bmMr7t2dKSRNnSc04DQPfudw+Ik7fTXOYDKmw/ScnKMIsQR2BMXqkE0k6uuQF
JVKGK6col3bJf95pNo4chlvnJsEJlypTRyf7fsewDp1tT1JUZ2s1OvHDlF8mEmiM
6Q16k1H9K4EicM3+V9fu8io8tQJDwcsQ/gAoVF1gWY9QKwi6EMkPXTgfoUSnPggL
JpIjRgFcyCIV90lL79NxQlbM/YTqRaZwozMvSWHkl7TiU9twD14/fGg63r55JeOT
/8Qsd+MOhIxz7pSr4ezhYh8NZhGfkYfz3jdmzPt59Qvde/zeuO2UU4/vqMttsJuv
-----END CERTIFICATE-----