Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/BPGj00puF4RcdDpjFL5NrOfcKsY.roa
File:                     BPGj00puF4RcdDpjFL5NrOfcKsY.roa (raw, json)
Hash identifier:          OoPZ6YlyMs0JZaRISacMwAV3jVkrILlO7qTFxCT0jBA=
Subject key identifier:   04:F1:A3:D3:4A:6E:17:84:5C:74:3A:63:14:BE:4D:AC:E7:DC:2A:C6
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019730A39AE789BF7205A373002C6F518E1B
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/BPGj00puF4RcdDpjFL5NrOfcKsY.roa
Signing time:             Mon 02 Jun 2025 12:35:17 +0000
ROA not before:           Mon 02 Jun 2025 12:35:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200023
IP address blocks:        202.49.92.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 13:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:30:a3:9a:e7:89:bf:72:05:a3:73:00:2c:6f:51:8e:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  2 12:35:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04f1a3d34a6e17845c743a6314be4dace7dc2ac6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9c:5f:7e:e1:a3:91:0b:bb:07:62:53:e5:df:
                    d3:99:50:49:21:4e:7c:5a:f4:32:4d:9d:28:ee:87:
                    3a:79:2c:34:8d:67:0f:85:4c:85:10:9a:db:ec:c7:
                    4d:10:dd:2c:cb:f8:15:3c:97:7b:e2:21:15:92:ae:
                    b7:8f:2c:38:5a:85:5b:d9:3e:30:ea:4b:55:64:24:
                    12:87:86:d4:89:6c:91:5a:1e:cf:98:e9:ef:82:d7:
                    a5:45:1b:36:71:c0:4f:8c:c5:b4:ad:90:8c:34:cc:
                    27:f2:0c:2a:e1:96:0d:49:1f:39:ec:d1:c6:59:c3:
                    6f:f7:7f:47:78:16:52:3c:40:1b:c8:c9:5e:95:d9:
                    0a:a7:d5:07:d9:28:75:7d:19:6c:60:d4:b9:dc:eb:
                    64:14:88:fa:f0:8a:ac:fe:bd:d0:89:83:d2:61:74:
                    bb:5a:19:d0:c2:44:80:aa:56:71:5d:72:52:76:98:
                    8d:f1:7f:5e:73:d9:87:4e:70:45:42:78:de:40:a2:
                    c9:23:73:21:22:33:1a:77:79:7a:65:f4:aa:05:c5:
                    1e:64:0a:7f:be:84:7e:c3:60:ca:88:dd:41:8d:26:
                    7a:9e:94:75:14:fa:c4:35:c4:8b:b5:99:ad:48:78:
                    f7:13:8d:d9:18:c1:59:a4:b0:2a:b7:be:42:f6:ef:
                    09:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:F1:A3:D3:4A:6E:17:84:5C:74:3A:63:14:BE:4D:AC:E7:DC:2A:C6
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/BPGj00puF4RcdDpjFL5NrOfcKsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.49.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:09:26:48:08:db:31:c5:04:ec:8c:e1:74:9e:65:95:04:69:
         13:be:10:5c:57:f1:32:50:43:d1:d5:91:4d:62:ae:25:74:7c:
         4b:ba:70:0b:b8:1f:69:67:d3:2a:6e:6e:fa:ba:e6:8d:b7:1c:
         a5:ff:b2:a2:fa:37:69:3d:a4:51:11:07:b9:95:8a:c5:ef:db:
         f6:af:32:db:cf:3c:df:e9:ba:fb:5a:4d:14:80:9b:81:d5:9f:
         6a:5d:02:69:52:c7:36:fc:4a:74:d3:b1:0a:1d:12:aa:81:b8:
         8e:96:04:fd:ce:db:63:60:13:15:95:62:7b:37:74:c2:6d:90:
         46:3e:7d:9a:a3:a1:0a:2d:64:bb:97:25:98:41:c1:da:c8:ca:
         e9:ed:8b:9d:5e:11:94:7a:0b:6d:eb:5c:1d:56:dc:3d:49:78:
         94:80:71:a3:9a:26:65:1c:c9:0a:73:12:0a:cf:5f:b9:c7:62:
         c7:0f:40:b8:1f:47:75:ab:ea:1c:e1:d1:ea:c4:7a:36:38:fd:
         aa:34:3a:be:0b:00:b7:78:19:2f:89:92:f1:36:d5:86:51:f4:
         26:af:c5:70:92:52:1a:91:6c:46:6d:ee:9a:1a:83:fe:d4:97:
         b3:6c:19:4c:6a:94:c7:0a:09:de:76:6f:e8:b7:27:46:f6:f8:
         a0:4c:1d:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcwo5rnib9yBaNzACxvUY4bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNjAyMTIzNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGYxYTNkMzRhNmUxNzg0NWM3NDNhNjMxNGJlNGRhY2U3ZGMyYWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5xffuGjkQu7B2JT5d/TmVBJIU58
WvQyTZ0o7oc6eSw0jWcPhUyFEJrb7MdNEN0sy/gVPJd74iEVkq63jyw4WoVb2T4w
6ktVZCQSh4bUiWyRWh7PmOnvgtelRRs2ccBPjMW0rZCMNMwn8gwq4ZYNSR857NHG
WcNv939HeBZSPEAbyMleldkKp9UH2Sh1fRlsYNS53OtkFIj68Iqs/r3QiYPSYXS7
WhnQwkSAqlZxXXJSdpiN8X9ec9mHTnBFQnjeQKLJI3MhIjMad3l6ZfSqBcUeZAp/
voR+w2DKiN1BjSZ6npR1FPrENcSLtZmtSHj3E43ZGMFZpLAqt75C9u8JjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATxo9NKbheEXHQ6YxS+Tazn3CrGMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvQlBHajAwcHVGNFJjZERwakZMNU5yT2ZjS3NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCyjFcMA0G
CSqGSIb3DQEBCwUAA4IBAQAtCSZICNsxxQTsjOF0nmWVBGkTvhBcV/EyUEPR1ZFN
Yq4ldHxLunALuB9pZ9Mqbm76uuaNtxyl/7Ki+jdpPaRREQe5lYrF79v2rzLbzzzf
6br7Wk0UgJuB1Z9qXQJpUsc2/Ep007EKHRKqgbiOlgT9zttjYBMVlWJ7N3TCbZBG
Pn2ao6EKLWS7lyWYQcHayMrp7YudXhGUegtt61wdVtw9SXiUgHGjmiZlHMkKcxIK
z1+5x2LHD0C4H0d1q+oc4dHqxHo2OP2qNDq+CwC3eBkviZLxNtWGUfQmr8VwklIa
kWxGbe6aGoP+1JezbBlMapTHCgnedm/otydG9vigTB0v
-----END CERTIFICATE-----