Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/BCe51wdJdatnD_yWIP7PwaIdEjQ.roa
File:                     BCe51wdJdatnD_yWIP7PwaIdEjQ.roa (raw, json)
Hash identifier:          2T6H89EN0+t3yWpgUzWNrNOkAOHQ+BKEtdze6Uw6EqQ=
Subject key identifier:   04:27:B9:D7:07:49:75:AB:67:0F:FC:96:20:FE:CF:C1:A2:1D:12:34
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0197640B9C70012F2C9B50208EDF63221FDE
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/BCe51wdJdatnD_yWIP7PwaIdEjQ.roa
Signing time:             Thu 12 Jun 2025 12:09:31 +0000
ROA not before:           Thu 12 Jun 2025 12:09:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200216
IP address blocks:        2001:3181::/32 maxlen: 32
                          2a13:b640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 14:25:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:64:0b:9c:70:01:2f:2c:9b:50:20:8e:df:63:22:1f:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jun 12 12:09:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0427b9d7074975ab670ffc9620fecfc1a21d1234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d4:d5:c7:96:00:f0:24:60:59:43:d4:b4:d8:
                    e6:af:a7:d1:df:2b:7c:f6:72:4c:cc:9a:5a:cd:04:
                    40:b9:c8:3a:dc:ad:a1:ce:5f:3b:45:c0:ec:aa:52:
                    4c:71:98:d0:84:c9:04:9b:74:25:0e:01:39:f3:86:
                    fc:cd:91:26:c7:87:74:89:64:2c:76:a6:7b:a1:90:
                    f9:4c:09:7e:80:07:f8:46:a9:9d:fd:f8:fc:90:d6:
                    89:31:bd:77:c3:f2:4c:ac:15:8e:67:65:9b:ac:36:
                    91:5c:92:7f:be:5b:95:4e:dc:d3:5c:7c:70:9e:36:
                    fd:88:7e:f8:26:96:cf:d8:95:63:4a:86:77:d3:26:
                    a3:d6:01:21:a3:3a:1a:d5:62:f6:2a:64:1d:f6:ea:
                    ad:3d:b4:89:4d:9e:93:7a:b5:fd:2e:ce:e1:c1:12:
                    7b:8b:ba:cb:63:e5:d5:26:94:92:93:d8:43:17:d6:
                    93:43:0b:64:2b:45:1d:14:91:e0:5a:fc:23:40:47:
                    c3:7d:97:fb:81:9b:15:d4:02:bf:e4:69:f6:42:5d:
                    28:b4:7f:bd:e0:41:f7:b2:e8:e9:e3:73:f4:be:be:
                    e9:48:d6:31:6d:f0:4a:39:b0:cb:1d:7e:b6:bb:82:
                    77:35:09:55:59:e0:00:bd:8c:8b:e4:0e:b5:da:04:
                    ce:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:27:B9:D7:07:49:75:AB:67:0F:FC:96:20:FE:CF:C1:A2:1D:12:34
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/BCe51wdJdatnD_yWIP7PwaIdEjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3181::/32
                  2a13:b640::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:20:ec:7b:b6:5b:6d:91:49:9c:f6:f4:01:45:a9:ca:f9:b7:
         ec:4a:9d:80:fb:69:7a:58:c0:b8:dc:f2:d6:67:21:8c:f1:b1:
         6d:a1:c1:39:ee:be:2c:ac:c0:c1:f4:99:19:30:71:0e:5d:71:
         4e:0d:28:05:d9:0c:6a:a8:a6:9e:0e:e2:6f:50:08:52:28:b0:
         33:13:4f:88:93:2c:fe:f5:a8:4c:2c:c3:6a:3f:53:8d:b0:c0:
         44:e3:8d:3f:4b:f3:b1:f7:89:fd:43:9d:7e:24:39:43:8d:5b:
         a3:10:d7:57:6d:1d:1c:da:d6:64:1d:2d:bc:bb:37:5b:4a:5e:
         24:ad:0d:2b:38:b1:07:86:15:90:89:6a:81:99:93:bd:8d:7c:
         b3:bb:a0:7a:98:92:5f:19:cf:55:ff:43:f7:e2:d5:49:86:24:
         f2:da:dd:a0:15:c6:88:e2:90:47:1b:2d:3f:0e:a4:72:4a:be:
         75:c9:a2:a0:c6:e8:a1:26:85:45:cd:cc:4f:d1:65:6e:4f:fd:
         0c:94:e5:d7:a5:59:4c:40:69:20:3a:40:bb:d5:fa:fe:1e:69:
         c5:fd:df:ea:9f:16:cc:fa:ad:20:a5:b9:b6:dc:74:b1:e7:c6:
         a9:60:e3:9a:2c:58:7b:70:5b:ce:11:55:9e:2b:eb:a5:b2:33:
         0f:e5:c6:6b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZdkC5xwAS8sm1Agjt9jIh/eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwNjEyMTIwOTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDI3YjlkNzA3NDk3NWFiNjcwZmZjOTYyMGZlY2ZjMWEyMWQxMjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dTVx5YA8CRgWUPUtNjmr6fR3yt8
9nJMzJpazQRAucg63K2hzl87RcDsqlJMcZjQhMkEm3QlDgE584b8zZEmx4d0iWQs
dqZ7oZD5TAl+gAf4Rqmd/fj8kNaJMb13w/JMrBWOZ2WbrDaRXJJ/vluVTtzTXHxw
njb9iH74JpbP2JVjSoZ30yaj1gEhozoa1WL2KmQd9uqtPbSJTZ6TerX9Ls7hwRJ7
i7rLY+XVJpSSk9hDF9aTQwtkK0UdFJHgWvwjQEfDfZf7gZsV1AK/5Gn2Ql0otH+9
4EH3sujp43P0vr7pSNYxbfBKObDLHX62u4J3NQlVWeAAvYyL5A612gTOLQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAQnudcHSXWrZw/8liD+z8GiHRI0MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvQkNlNTF3ZEpkYXRuRF95V0lQN1B3YUlkRWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAIAExgQMF
AyoTtkAwDQYJKoZIhvcNAQELBQADggEBAHIg7Hu2W22RSZz29AFFqcr5t+xKnYD7
aXpYwLjc8tZnIYzxsW2hwTnuviyswMH0mRkwcQ5dcU4NKAXZDGqopp4O4m9QCFIo
sDMTT4iTLP71qEwsw2o/U42wwETjjT9L87H3if1DnX4kOUONW6MQ11dtHRza1mQd
Lby7N1tKXiStDSs4sQeGFZCJaoGZk72NfLO7oHqYkl8Zz1X/Q/fi1UmGJPLa3aAV
xojikEcbLT8OpHJKvnXJoqDG6KEmhUXNzE/RZW5P/QyU5delWUxAaSA6QLvV+v4e
acX93+qfFsz6rSClubbcdLHnxqlg45osWHtwW84RVZ4r66WyMw/lxms=
-----END CERTIFICATE-----