Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bZ4TUfdAotA_6u5S11apYp0kLlA.roa
File:                     bZ4TUfdAotA_6u5S11apYp0kLlA.roa (raw, json)
Hash identifier:          JCKZLha+Ptv6CMWSzbR7i024ZE2RyYSWhWHIgSKSBjg=
Subject key identifier:   6D:9E:13:51:F7:40:A2:D0:3F:EA:EE:52:D7:56:A9:62:9D:24:2E:50
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198236AD418019E0FE6563A7E4AD1ADFF58
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bZ4TUfdAotA_6u5S11apYp0kLlA.roa
Signing time:             Sat 19 Jul 2025 16:01:00 +0000
ROA not before:           Sat 19 Jul 2025 16:01:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        194.50.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 08:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:23:6a:d4:18:01:9e:0f:e6:56:3a:7e:4a:d1:ad:ff:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 19 16:01:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d9e1351f740a2d03feaee52d756a9629d242e50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:34:04:84:28:67:e4:eb:5c:16:e8:ff:18:0b:
                    72:b6:ac:83:97:6d:e3:e3:ca:0c:ae:02:f7:ab:6f:
                    80:a6:ad:12:02:41:f6:95:a7:6c:b3:b2:9a:00:a6:
                    35:ed:d8:37:f8:6d:af:ac:9c:29:7a:03:3b:7c:cd:
                    a0:0b:f3:a8:bb:58:e3:77:0e:94:a1:df:4d:cd:e8:
                    7c:d5:53:7d:7a:e7:d7:1b:84:92:80:4b:33:29:55:
                    bb:9e:1c:23:c9:4c:28:de:2c:65:47:0c:72:95:32:
                    9b:d2:8e:82:c8:fb:df:70:e2:f8:3e:e0:4e:60:24:
                    7d:21:57:5a:24:92:da:da:cb:b8:14:f0:c1:58:64:
                    e6:a4:94:64:73:83:f5:fd:10:28:26:04:18:3c:06:
                    90:f6:2d:2b:36:37:24:18:47:25:56:a1:1f:53:04:
                    c3:05:c1:2e:16:42:4f:62:f9:b5:0a:3a:6e:83:79:
                    be:af:f3:d7:93:59:89:b9:dd:9c:5a:e7:5a:99:71:
                    53:c3:b0:3d:ce:18:ae:1d:9f:e3:d7:3c:38:d6:58:
                    b9:9c:a3:01:3f:d0:f4:52:0d:91:be:7d:d7:37:9e:
                    68:62:0b:e6:11:33:52:62:10:c0:08:fc:5e:d9:0a:
                    36:ab:03:f2:25:1f:a3:8b:87:3c:45:6b:0a:b1:cf:
                    5b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:9E:13:51:F7:40:A2:D0:3F:EA:EE:52:D7:56:A9:62:9D:24:2E:50
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bZ4TUfdAotA_6u5S11apYp0kLlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:51:59:c1:46:93:49:d9:14:8e:f3:45:00:05:d6:35:a3:2a:
         f9:75:68:2e:7a:94:35:95:14:cf:84:c1:21:94:a1:9d:d2:b7:
         34:0b:13:7f:b4:d1:ca:5a:34:7d:58:10:26:1a:14:a5:56:52:
         2d:e7:1a:b7:ce:ca:e1:77:fd:dd:f4:32:e7:dd:6a:7f:6d:4c:
         25:b5:11:91:db:6b:cb:37:04:fb:8b:99:6b:f5:6d:02:af:74:
         33:98:09:b9:db:95:ab:3c:1a:c6:59:4e:e7:ac:30:d1:69:f4:
         c2:91:4e:a2:8d:b7:3a:32:da:62:0a:3a:1c:15:8c:23:fe:cd:
         c9:99:ee:03:e5:51:d6:be:44:25:f1:d9:61:c1:6d:ff:52:7c:
         0f:bb:42:29:a8:e8:b4:89:6c:ac:45:0f:14:c1:8e:78:67:4a:
         a0:7a:21:eb:81:91:2e:53:b9:e0:1c:b7:cb:41:91:c3:68:f5:
         38:91:16:59:8d:66:94:0c:fd:63:5a:56:80:ce:b1:69:79:50:
         96:1b:98:4c:ab:c1:e6:12:97:a8:0b:53:2c:07:21:b7:89:a7:
         7a:fd:3d:ed:ef:55:55:8f:7d:9a:5c:63:a5:d2:ab:3a:de:1c:
         3b:0a:ce:0c:af:82:6b:22:73:76:aa:08:be:a2:c8:6b:80:7c:
         5d:a0:8b:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgjatQYAZ4P5lY6fkrRrf9YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNzE5MTYwMTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDllMTM1MWY3NDBhMmQwM2ZlYWVlNTJkNzU2YTk2MjlkMjQyZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jQEhChn5OtcFuj/GAtytqyDl23j
48oMrgL3q2+Apq0SAkH2ladss7KaAKY17dg3+G2vrJwpegM7fM2gC/Oou1jjdw6U
od9Nzeh81VN9eufXG4SSgEszKVW7nhwjyUwo3ixlRwxylTKb0o6CyPvfcOL4PuBO
YCR9IVdaJJLa2su4FPDBWGTmpJRkc4P1/RAoJgQYPAaQ9i0rNjckGEclVqEfUwTD
BcEuFkJPYvm1Cjpug3m+r/PXk1mJud2cWudamXFTw7A9zhiuHZ/j1zw41li5nKMB
P9D0Ug2Rvn3XN55oYgvmETNSYhDACPxe2Qo2qwPyJR+ji4c8RWsKsc9bdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2eE1H3QKLQP+ruUtdWqWKdJC5QMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYlo0VFVmZEFvdEFfNnU1UzExYXBZcDBrTGxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJvMA0G
CSqGSIb3DQEBCwUAA4IBAQBXUVnBRpNJ2RSO80UABdY1oyr5dWguepQ1lRTPhMEh
lKGd0rc0CxN/tNHKWjR9WBAmGhSlVlIt5xq3zsrhd/3d9DLn3Wp/bUwltRGR22vL
NwT7i5lr9W0Cr3QzmAm525WrPBrGWU7nrDDRafTCkU6ijbc6MtpiCjocFYwj/s3J
me4D5VHWvkQl8dlhwW3/UnwPu0IpqOi0iWysRQ8UwY54Z0qgeiHrgZEuU7ngHLfL
QZHDaPU4kRZZjWaUDP1jWlaAzrFpeVCWG5hMq8HmEpeoC1MsByG3iad6/T3t71VV
j32aXGOl0qs63hw7Cs4Mr4JrInN2qgi+oshrgHxdoIuH
-----END CERTIFICATE-----